Use arguments JSON notation for CMD and ENTRYPOINT arguments
1FROM ubuntu:16.04
2
3CMD bash
Description
When using the plain text version of passing arguments, signals from the OS are not correctly passed to the executables, which is in the majority of the cases what you would expect.
These points shall always be taken care of:
CMD
should almost always be used in the form ofCMD [“executable”, “param1”, “param2”…]
- The shell form prevents any CMD or run command line arguments from being used, but has the disadvantage that your ENTRYPOINT will be started as a subcommand of /bin/sh -c, which does not pass signals. This means that the executable will not be the container’s PID 1 - and will not receive Unix signals - so your executable will not receive a SIGTERM from docker stop
.
Read more about these best practices here.
Bad Practice
FROM debian:buster
ENTRYPOINT s3cmd
FROM debian:buster
CMD my-service server
Recommended
FROM debian:buster
CMD ["my-service", "server"]
Note
- Docker
CMD
does not process$ENVIRONMENT_VARIABLE
s, that’s a side-effect of usingsh -c
as the default entry-point. Using the JSON notation means that you have to figure out how to handle environment variables yourself. - The CMD exec form is parsed as a JSON array, so you MUST use double quotes (
"
) instead of single quote ('
). See https://docs.docker.com/v17.09/engine/reference/builder/#cmd for more info.