Use exec form instead of shell form in docker files #3202
Conversation
This is reported by Sonar: "Using the shell form instead of the exec form for CMD and ENTRYPOINT instructions in Dockerfiles can lead to several issues. When you use the shell form, the executable runs as a child process to a shell, which does not pass OS signals. This can cause problems when trying to gracefully stop containers because the main process will not receive the signal intended to terminate it. Moreover, the exec form provides more control and predictability over the execution of the command. It does not invoke a command shell, which means it does not have the potential side effects of shell processing." Signed-off-by: Tom Pantelis <[email protected]>
tpantelis
requested review from
mkolesnik,
Oats87,
skitt,
sridhargaddam,
vthapar and
yboaron
as code owners
|
🤖 Created branch: z_pr3202/tpantelis/docker_exec_form |
|
This is a false positive — the entrypoints are all shell scripts, so running them using a shell or directly ends up doing the same thing, with the same number of processes (unless |
Ok - I'll mark the Sonar issues as false positives. |
|
🤖 Closed branches: [z_pr3202/tpantelis/docker_exec_form] |
This is reported by Sonar:
"Using the shell form instead of the exec form for CMD and ENTRYPOINT instructions in Dockerfiles can lead to several issues. When you use the shell form, the executable runs as a child process to a shell, which does not pass OS signals. This can cause problems when trying to gracefully stop containers because the main process will not receive the signal intended to terminate it. Moreover, the exec form provides more control and predictability over the execution of the command. It does not invoke a command shell, which means it does not have the potential side effects of shell processing."