zombies inside of docker

Question

i have a docker container, which runs node.js application. This application runs a headless-chrome instance.

All work well, but if i kill chrome-instance, and check runned processes list, i will see 2(actually 3 + 2 cat process) zombie chrome process(defunct) still in system. I know this processes is a children (of killed parent chrome process), which was not finished correct and attached to init process.

I tried to kill it directly - rejected. Also i tried to spawn chrome with detached:true flag and again kill all child processes directly, when main chrome receives "exit" signal, anyway ps -A | grep chrome shows two defunct to me. Any ideas?

UPD: Thanks all for help. Adding --init totally solves my issue. Using another base image also works well, but i decided this approach as not neccesary. Also good description of root cause can be found here

Answer 1

larsks pretty much nails the reason, init (or systemd) on linux systems reaps zombie processes when their parent dies. The parent should cleanup its own zombie processes with the wait syscall. However, that automatic cleanup does not pass the namespace boundary of a container. So whatever process you run as your entrypoint, and that becomes pid 1, needs to handle these zombies for you.

With recent versions of docker, you can include an init process just by passing --init to your docker run command. If you are using a version 2.2 compose file, there's an option init: true you can define on your service for the same result.

In addition to dumb-init, there is also tini which is what docker uses under the covers as their own docker-init.