dumb-init
systemd
dumb-init | systemd | |
---|---|---|
10 | 518 | |
6,700 | 12,516 | |
0.5% | 1.6% | |
0.0 | 10.0 | |
26 days ago | 2 days ago | |
Python | C | |
MIT License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
dumb-init
-
Fargate: catching docker stopping
I think you are on the right track in thinking it’s a signal handling issue. You mentioned using some “bash scripts”, have you tried something like dumb-init?
-
"systemd doesn't follow Unix philosophy "
At the other extreme, there's dumb-init - it implements the special pid-1 behaviors and acts as a wrapper around the one script you want to run. It's ideal for containers or virtual machines that don't need user logins or more than one service.
-
What should readiness & liveness probe actually check for?
Oh, and another thing. Many containers launch their main process from a shell script. When this happens, the shell script receives the SIGTERM event, not the application. Your shell script MUST relay SIGTERM events back to the main process, and it doesn’t happen by default. You can use a shell script wrapper, like dumb-init (https://github.com/yelp/dumb-init), as your entry point if you need to use a shell script on container startup.
-
Distro balls
It's a plus because Gentoo fully supports the choice of Systemd or OpenRC. It also has minit, dumb-init, sysvinit, cinit in tree for the more adventurous. No one was calling the AUR bloat, the parent comment just mentions that Gentoo has an equivalent project, GURU.
- How to make containers handle the SIGTERM signal which makes K8s terminate application gracefully?
- Show HN: EnvKey 2.0 – End-To-End Encrypted Environments (now open source)
-
`COPY –chmod` reduced the size of my container image by 35%
, but I prefer to not have to make this assumption and use an init system instead.
[1]: https://github.com/Yelp/dumb-init
-
Systemd by Example
> It has no init system.
Apologies that I can't link directly to the "--init" flag but docker actually does have an init, it's just (err, was?) compiled into the binary: https://docs.docker.com/engine/reference/commandline/run/#op...
My recollection is that it either adopted, or inspired, https://github.com/Yelp/dumb-init#readme which folks used to put into their Dockerfile as the init system back in the day
Folks (ahem, I'm looking at you, eks-anywhere[0]) who bundle systemd into a docker container are gravely misguided, and the ones which do so for the ability to launch sshd alongside the actual container's main process are truly, truly lost
0: https://github.com/aws/eks-anywhere/issues/838#issuecomment-...
-
Question: How to handle events to safely terminate a Node.js inside Docker container
You can use something like dumb-init which is designed to correctly handle signals
- Docker e Nodejs - Dockerizando sua aplicação com boas praticas
systemd
-
PoC to demonstrate root permission hijacking by exploiting "systemd-run"
No, the OP was not sent any harassment, the OP _did_ the harassment as it can be seen in the tweets. I mean, they are right there, just click on the links you shared. One of the OP's followers even openly called for the assassination of the project maintainer, and you have the galls to defend him? This is truly deranged stuff.
And again, there is no "vulnerability", there is simply a person that doesn't know how Linux works and has learned something new. Which again it's fine, nobody knows everything and we all learn new things everyday, it's just that normal and sensible people don't use that to make grand claims on social media and start harassment campaigns culminating in death threats.
Professional security researchers responsibly report real issues using the appropriate channels, such as defined at: https://github.com/systemd/systemd/security/policy this is not the work of a researcher, this is a grifter looking for self-promotion on social media.
-
Run0 – systemd based alternative to sudo announced
> 3. even `adduser` will not allow it by default
5. useradd does allow it (as noted in a comment). 6. Local users are not the only source, there things like LDAP and AD.
7. POSIX allows it:
* https://github.com/systemd/systemd/issues/6237#issuecomment-...
-
Systemd Rolling Out "run0" As sudo Alternative
> I for one love to type out 13 extra characters
FWIW, systemd is normally pretty good at providing autocomplete suggestions, so even if you don't want to set up an alias you'll probably just have to type `--b ` to set it.
> I wonder what random ASCII escape sequences we can send.
According to the man page source[0]:
> The color specified should be an ANSI X3.64 SGR background color, i.e. strings such as `40`, `41`, …, `47`, `48;2;…`, `48;5;…`
and a link to the relevant Wikipedia page[1]. Given systemd's generally decent track record wrt defects and security issues, and the simplicity of valid colour values, I expect there's a fairly robust parameter verifier in there.
In fact, given the focus on starting the elevated command in a highly controlled environment, I'd expect the colour codes to be output to the originating terminal, not forwarded to the secure pty. That way, the only thing malformed escapes can affect is your own process, which you already have full control over anyway.
(Happy to be shown if that's a mistaken expectation though.)
[0] https://github.com/systemd/systemd/blob/main/man/run0.xml
[1] https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_(Select_G...
- Crash-only software: More than meets the eye
-
Systemd Wants to Expand to Include a Sudo Replacement
bash & zsh are supported by upstream: https://github.com/systemd/systemd/tree/main/shell-completio...
-
"Run0" as a Sudo Replacement
the right person to replace sudo, not: https://github.com/systemd/systemd/issues/6237
PS: https://pwnies.com/systemd-bugs/
-
Linux fu: getting started with systemd
https://github.com/systemd/systemd/issues/32028#issuecomment...
There are some very compelling arguments made there if you care to read them
-
Ubuntu 24.04 (and Debian) removed libsystemd from SSH server dependencies
Maybe it was because you weren't pointing out anything new?
There was a pull request to stop linking libzma to systemd before the attack even took place
https://github.com/systemd/systemd/pull/31550
This was likely one of many things that pushed the attackers to work faster, and forced them into making mistakes.
-
Systemd minimizing required dependencies for libsystemd
The PR for changing compression libraries to use dlopen() was opened several weeks before the xz-utils backdoor was revealed.
https://github.com/systemd/systemd/pull/31550
- Going in circles without a real-time clock
What are some alternatives?
tini - A tiny but valid `init` for containers
openrc - The OpenRC init system
docker-centos7-systemd-unpriv - Dockerfile for CentOS7 with Systemd in unprivileged mode
eks-anywhere - Run Amazon EKS on your own infrastructure 🚀
inotify-tools - inotify-tools is a C library and a set of command-line programs providing a simple interface to inotify.
compiling-containers
s6 - The s6 supervision suite.
ko - Build and deploy Go applications
earlyoom - earlyoom - Early OOM Daemon for Linux
vault-exfiltrate - proof-of-concept for recovering the master key from a Hashicorp Vault process
supervisor - Supervisor process control system for Unix (supervisord)