Docker container (Debian based) can not be stopped cleanly

[ghost]

Steps To Reproduce

1. Start the container via docker compose up --detach
2. Stop the container via docker compose down --timeout 60 or docker compose stop --timeout 60 Bitwarden or docker stop --time 60 Bitwarden

Expected Result

The container should cleanly stop by SIGTERM before the timeout.

Actual Result

The grace period expires and the container is unclean "stopped" by SIGKILL.

Screenshots or Videos

No response

Additional Context

In the "dev" Bitwarden Unified (Debian based), su-exec (Alpine image) is replaced with sudo to start the supervisor. So entrypoint.sh is still the process with ID 1 and supervisord didn't get the SIGTERM from docker stop.

A simple solution would be to add exec at the beginning of the command:
exec sudo -E -u \#$PUID /usr/bin/supervisord

"exec sudo" result:

root@Bitwarden:/app# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.7 0.0 8516 3840 pts/0 Ss+ 09:02 0:00 sudo -E -u #1000 /usr/bin/supervisord
bitward+ 41 7.8 0.2 28604 23212 pts/0 S+ 09:02 0:00 /usr/bin/python3 /usr/bin/supervisord

An even better solution would be to use setpriv:
exec setpriv --reuid=$PUID --regid=$PGID --init-groups /usr/bin/supervisord

"exec setpriv" result:

root@Bitwarden:/app# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
bitward+ 1 7.4 0.2 28600 23216 pts/0 Ss+ 09:04 0:00 /usr/bin/python3 /usr/bin/supervisord

This way it is no longer necessary to install sudo via Dockerfile, since setpriv is already included.

Githash Version

6f04298-dirty

Environment Details

• Raspberry Pi 4 (8 GB)
• Raspberry Pi OS (64-bit, bullseye)
• Docker 20.10.22
• Docker Compose 2.14.1

Database Image

sqlite:3

Issue-Link

#2480

Issue Tracking Info

• I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.