Repository files navigation

Tini is the simplestinit you could think of.

All Tini does is spawn a single child (Tini is meant to be run in a container),and wait for it to exit all the while reaping zombies and performingsignal forwarding.

Using Tini has several benefits:

• It protects you from software that accidentally creates zombie processes,which can (over time!) starve your entire system for PIDs (and make itunusable).
• It ensures that thedefault signal handlers work for the software you runin your Docker image. For example, with Tini,SIGTERM properly terminatesyour process even if you didn't explicitly install a signal handler for it.
• It does so completely transparently! Docker images that work without Tiniwill work with Tini without any changes.

If you'd like more detail on why this is useful, review this issue discussion:What is advantage of Tini?.

NOTE: If you are using Docker 1.13 or greater, Tini is included in Dockeritself. This includes all versions of Docker CE. To enable Tini, justpass the--init flag todocker run.

NOTE: There arepre-built Docker images available for Tini. Ifyou're currently using an Ubuntu or CentOS image as your base, you can useone of those as a drop-in replacement.

NOTE: There are Tini packages for Alpine Linux and NixOS. See below forinstallation instructions.

Add Tini to your container, and make it executable. Then, just invoke Tiniand pass your program and its arguments as arguments to Tini.

In Docker, you will want to use an entrypoint so you don't have to rememberto manually invoke Tini:

# Add TiniENV TINI_VERSION=v0.19.0ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tiniRUN chmod +x /tiniENTRYPOINT ["/tini", "--"]# Run your program under TiniCMD ["/your/program", "-and", "-its", "arguments"]# or docker run your-image /your/program ...

Note that youcan skip the-- under certain conditions, but you mightas well always include it to be safe. If you see an error message thatlooks liketini: invalid option -- 'c', then youneed to add the--.

Arguments for Tini itself should be passed like-v in the following example:/tini -v -- /your/program.

NOTE: The binary linked above is a 64-bit dynamically-linked binary.

Thetini andtini-static binaries are signed using the key595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7.

You can verify their signatures usinggpg (which you may install usingyour package manager):

ENV TINI_VERSION v0.19.0ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tiniADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc /tini.ascRUN gpg --batch --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \ && gpg --batch --verify /tini.asc /tiniRUN chmod +x /tini

Thetini andtini-static binaries have generated checksums (SHA1 andSHA256).

You can verify their checksums usingsha1sum andsha256sum (which you may install usingyour package manager):

ENV TINI_VERSION v0.19.0RUN wget --no-check-certificate --no-cookies --quiet https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-amd64 \    && wget --no-check-certificate --no-cookies --quiet https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-amd64.sha256sum \    && echo "$(cat tini-amd64.sha256sum)" | sha256sum -c

On Alpine Linux, you can use the following command to install Tini:

RUN apk add --no-cache tini# Tini is now available at /sbin/tiniENTRYPOINT ["/sbin/tini", "--"]

Using Nix, you can use the following command to install Tini:

nix-env --install tini

On Debian (Buster or newer), you can use the following command to install Tini:

apt-get install tini

Note that this installs/usr/bin/tini (and/usr/bin/tini-static), not/tini.

On Arch Linux, there is a package available on theAUR.Install using theofficial instructionsor use anAUR helper:

pacaur -S tini

ARM and 32-bit binaries are available! You can find the complete list ofavailable binaries underthe releases tab.

The-v argument can be used for extra verbose output (you can pass it up to3 times, e.g.-vvv).

By default, Tini needs to run as PID 1 so that it can reap zombies (byrunning as PID 1, zombies get re-parented to Tini).

If for some reason, you cannot run Tini as PID 1, you should register Tini asa process subreaper instead (only in Linux >= 3.4), by either:

• Passing the-s argument to Tini (tini -s -- ...)
• Setting the environment variableTINI_SUBREAPER(e.g.export TINI_SUBREAPER=).

This will ensure that zombies get re-parented to Tini despite Tini not runningas PID 1.

NOTE: Tini will issue a warning if it detects that it isn't running as PID 1and isn't registered as a subreaper. If you don't see a warning, you're fine.

Tini will reuse the child's exit code when exiting, but occasionally, this maynot be exactly what you want (e.g. if your child exits with 143 after receivingSIGTERM). Notably, this can be an issue with Java apps.

In this case, you can use the-e flag to remap an arbitrary exit code to 0.You can pass the flag multiple times if needed.

For example:

tini -e 143 -- ...

By default, Tini only kills its immediate child process. This can beinconvenient if sending a signal to that process does not have the desiredeffect. For example, if you do

docker run --rm krallin/ubuntu-tini sh -c 'sleep 10'

and ctrl-C it, nothing happens: SIGINT is sent to the 'sh' process,but that shell won't react to it while it is waiting for the 'sleep'to finish.

You can configure Tini to kill the child process group, so that every processin the group gets the signal, by either:

• Passing the-g argument to Tini (tini -g -- ...)
• Setting the environment variableTINI_KILL_PROCESS_GROUP(e.g.export TINI_KILL_PROCESS_GROUP=).

This corresponds more closely to what happens when you do ctrl-C etc. in aterminal: The signal is sent to the foreground process group.

docker run --rm --entrypoint tini krallin/ubuntu-tini -g -- sh -c 'sleep 10'

Tini can set its parent death signal, which is the signal Tini should receivewhenits parent exits. To set the parent death signal, use the-p flag withthe name of the signal Tini should receive when its parent exits:

tini -p SIGTERM -- ...

NOTE: Seethis PR discussion to learn more about the parent death signaland use cases.

Tini can also be used with an existing entrypoint in your container!

Assuming your entrypoint was/docker-entrypoint.sh, then you would use:

ENTRYPOINT ["/tini", "--", "/docker-entrypoint.sh"]

Tini has very few dependencies (it only depends on libc), but if yourcontainer fails to start, you might want to consider using the statically-builtversion instead:

ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-static /tini

Tini is a very small file (in the 10KB range), so it doesn't add much weightto your container.

The statically-linked version is bigger, but still < 1M.

If you'd rather not download the binary, you can build Tini by runningcmake . && make.

Before building, you probably also want to run:

export CFLAGS="-DPR_SET_CHILD_SUBREAPER=36 -DPR_GET_CHILD_SUBREAPER=37"

This ensure that even if you're building on a system that has old Linux Kernelheaders (< 3.4), Tini will be built with child subreaper support. This isusually what you want if you're going to use Tini with Docker (if your hostKernel supports Docker, it should also support child subreapers).

After spawning your process, Tini will wait for signals and forward thoseto the child process, and periodically reap zombie processes that may becreated within your container.

When the "first" child process exits (/your/program in the examples above),Tini exits as well, with the exit code of the child process (so you cancheck your container's exit code to know whether the child exitedsuccessfully).

If something isn't working just like you expect, consider increasing theverbosity level (up to 3):

tini -v    -- bash -c 'exit 1'tini -vv   -- truetini -vvv  -- pwd

Maintainer:

• Thomas Orozco

Contributors:

• Tianon Gravi
• David Wragg
• Michael Crosby
• Wyatt Preul
• Patrick Steinhardt

Special thanks to:

• Danilo Bürger for packaging Tini for Alpine
• Asko Soukka for packaging Tini for Nix
• nfnty for packaging Tini for Arch Linux