Docker bash shell script does not catch SIGINT or SIGTERM

Question

I have the following two files in a directory:

Dockerfile

FROM debian

WORKDIR /app
COPY start.sh /app/

CMD ["/app/start.sh"]

start.sh (with permissions 755 using chmod +x start.sh)

#!/bin/bash
trap "echo SIGINT; exit" SIGINT
trap "echo SIGTERM; exit" SIGTERM
echo Starting script
sleep 100000

I then run the following commands:

$ docker build . -t tmp
$ docker run --name tmp tmp

I then expect that pressing Ctrl+C would send a SIGINT to the program, which would print SIGINT to the screen then exit, but that doesn't happen.

I also try running $ docker stop tmp, which I expect would send a SIGTERM to the program, but checking $ docker logs tmp after shows that SIGTERM was not caught.

Why are SIGINT and SIGTERM not being caught by the bash script?

Answer 1

Actually, your Dockerfile and start.sh entrypoint script work as is for me with Ctrl+C, provided you run the container with one of the following commands:

• docker run --name tmp -it tmp
• docker run --rm -it tmp

Documentation details

As specified in docker run --help:

• the --interactive = -i CLI flag asks to keep STDIN open even if not attached
  (typically useful for an interactive shell, or when also passing the --detach = -d CLI flag)
• the --tty = -t CLI flag asks to allocate a pseudo-TTY
  (which notably forwards signals to the shell entrypoint, especially useful for your use case)

Related remarks

For completeness, note that there are several related issues that can make docker stop take too much time and "fall back" to docker kill, which can arise when the shell entrypoint starts some other process(es):

• First, when the last line of the shell entrypoint runs another, main program, don't forget to prepend this line with the exec builtin:
  exec prog arg1 arg2 ...
• But when the shell entrypoint is intended to run for a long time, trapping signals (at least INT / TERM, but not KILL) is very important;
  {see also this SO question: Docker Run Script to catch interruption signal}
• Otherwise, if the signals are not forwarded to the children processes, we run the risk of hitting the "PID 1 zombie reaping problem", for instance
  {see also this SO question for details: Speed up docker-compose shutdown}

Answer 2

The solution I found was to just use the --init flag.

docker run --init [MORE OPTIONS] IMAGE [COMMAND] [ARG...]

Per their docs...

Answer 3

The reason is that bash will not handle signals until the foreground process terminates, the sleep 10000 in your case. Your traps do work, but you would have to wait 10000 seconds first.

Your fix is

#!/bin/bash
pid=
trap "echo SIGINT; [[ $pid ]] && kill $pid; exit" SIGINT
trap "echo SIGTERM; [[ $pid ]] && kill $pid; exit" SIGTERM
echo Starting script
sleep 10000 & pid=$!
wait
pid=

Also you probably want to replace trapping specific signals with trapping any exit

trap "echo EXIT; [[ $pid ]] && kill $pid; exit" EXIT

These and more are very well explained at http://mywiki.wooledge.org/SignalTrap#When_is_the_signal_handled.3F

Answer 4

CTRL+C sends a signal to docker running on that console.
To send a signal to the script you could use

docker exec -it <containerId> /bin/sh -c "pkill -INT -f 'start\.sh'"

Or include echo "my PID: $$" on your script and send

docker exec -it <containerId> /bin/sh -c "kill -INT <script pid>"

Some shell implementations in docker might ignore the signal. This script will correctly react to pkill -15. Please note that signals are specified without the SIG prefix.

#!/bin/sh
trap "touch SIGINT.tmp; ls -l; exit" INT TERM
trap "echo 'really exiting'; exit" EXIT
echo Starting script
while true; do sleep 1; done

The long sleep command was replaced by an infinite loop of short ones since sleep may ignore some signals.