On 5/3/21 5:13 PM, Dagfinn Ilmari Mannsåker wrote: > Tom Lane <t...@sss.pgh.pa.us> writes: > > >> Maybe we should put in a startup-time check, analogous to the >> can't-run-as-root test, that the postmaster mustn't be PID 1. > Given that a number of minimal `init`s already exist specifically for > the case of running a single application in a container, I don't think > Postgres should to reinvent that wheel. A quick eyball of the output of > `apt search container init` on a Debian Bullseyse system reveals at > least four: > > - https://github.com/Yelp/dumb-init > - https://github.com/krallin/tini > - https://github.com/fpco/pid1 > - https://github.com/openSUSE/catatonit > > The first one also explains why there's more to being PID 1 than just > handling reparented children. >
I looked at the first of these, and it seems perfectly sensible. So I agree all we really need to do is refuse to run as PID 1. cheers andrew -- Andrew Dunstan EDB: https://www.enterprisedb.com
