| Summary: | The wget applet leaks defunct ssl_client processes when requesting https pages | ||
|---|---|---|---|
| Product: | Busybox | Reporter: | aleskandro <mail> |
| Component: | Other | Assignee: | unassigned |
| Status: | NEW --- | ||
| Severity: | normal | CC: | busybox-cvs |
| Priority: | P5 | ||
| Version: | 1.31.x | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Host: | Target: | ||
| Build: | |||
This is the docker pid 1 and zombies problem. In linux pid 1 is special and is expected to reap orphaned child processes. The pid 1 (bin/sleep) is not doing this. The fix is to add --init to docker run: $ docker run --init --name mycontainer -it --rm alpine:3.19 /bin/sleep inf Isn't adding --init, i.e., having a parent process with reaping "capabilities", a workaround? Yes, it solves, but shouldn't the wget applet be able to join the ssl_client before it becomes an orphaned process? |
When running busybox wget in a docker container to request an SSL page, there is a leak of defunct ssl_client processes. Version: amd64 v1.31.1 tested in the alpine:3.19,3.18.3.16 and ubuntu:latest images from Docker Hub arm64 v1.31.1 tested in the alpine:3.19 Steps to reproduce 1. docker run --name mycontainer -it --rm alpine:3.19 /bin/sleep inf 2. docker exec -it mycontainer ps aux PID USER TIME COMMAND 1 root 0:00 /bin/sleep inf 7 root 0:00 ps aux 3. docker exec -it mycontainer wget https://google.com 4. docker exec -it mycontainer ps aux PID USER TIME COMMAND 1 root 0:00 /bin/sleep inf 19 root 0:00 [ssl_client] 20 root 0:00 [ssl_client] 21 root 0:00 ps aux Additional info: If the container's PID1 is /bin/sh (i.e., docker run -it --name mycontainer alpine:3.19 /bin/sh), the issue is not reproducible (because it handles SIGCHLD?).