BC is the answer.
A is wrong, https://cloud.google.com/architecture/best-practices-for-building-containers#solution_1_run_as_pid_1_and_register_signal_handlers
To add to my previous comment
"A process running as PID 1 inside a container is treated specially by Linux: it ignores any signal with the default action. So, the process will not terminate on SIGINT or SIGTERM unless it is coded to do so."
Looks like this could be an issue when talking about security, a malicious coder can write a piece of code to eat all resources on the host with this one bad PID#1
What do you think guys??
You don't usually want your container to get killed instantly - you want to see the SIGINT or SIGTERM command and respond. For example, in a webserver you may stop accepting connections, and respond to the remaining open ones, before calling exit()
To add to my previous comment
"A process running as PID 1 inside a container is treated specially by Linux: it ignores any signal with the default action. So, the process will not terminate on SIGINT or SIGTERM unless it is coded to do so."
Really??? Wat about (A)
When the process with pid 1 die for any reason, all other processes are killed with KILL signal.
Shouldnt A be one of the biggest risk when we talk about container security???
I don't think this is a valid action to do to improve security perhaps it helps more to improve operational excellence. Imagine you are running production application in a container and it is signalled by container run time to terminate. In this case you don't have the running container to understand what would be issue ( though you can look at the events in modern container orchestration platform but imagine you are running a simple container ). Coming back to your concern. you don't generally run some rubbish container images in your container platform and this build process is very deliberate one.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
tzKhalil
Highly Voted 2 years, 5 months agoRaz0r
Most Recent 9 months, 2 weeks agoGCP72
1 year, 2 months agoSuperDevops
1 year, 12 months agoJane111
2 years, 6 months agoWakandaF
2 years, 6 months agobluetaurianbull
2 years, 7 months agolollo1234
2 years, 6 months agobluetaurianbull
2 years, 7 months agobluetaurianbull
2 years, 7 months agobadrik
1 year, 5 months agokubosuke
2 years, 7 months agosaurabh1805
3 years agoMohitA
3 years, 2 months agoArizonaClassics
3 years, 3 months agoKILLMAD
3 years, 7 months ago