DEV Community: Bogdan The latest articles on DEV Community by Bogdan (@bogdan_75c1dac33c215a1ba6). https://dev.to/bogdan_75c1dac33c215a1ba6 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1960390%2F7a9cf6ae-e185-421e-83dd-d4768d9854d5.png DEV Community: Bogdan https://dev.to/bogdan_75c1dac33c215a1ba6 en Writing a tiny PID 1 for containers in pure assembly (x86-64 + ARM64) Bogdan Sat, 06 Dec 2025 18:43:18 +0000 https://dev.to/bogdan_75c1dac33c215a1ba6/writing-a-tiny-pid-1-for-containers-in-pure-assembly-x86-64-arm64-2h2i https://dev.to/bogdan_75c1dac33c215a1ba6/writing-a-tiny-pid-1-for-containers-in-pure-assembly-x86-64-arm64-2h2i <h3> Most of us don't think much about <code>PID 1</code> when building Docker images. We just slap a <code>CMD</code> on the Dockerfile, run the container, and move on </h3> <p>Until one day:</p> <ul> <li> <code>docker stop</code> hangs forever,</li> <li> <code>ctrl+c</code> doesn't terminate your container,</li> <li>or you discover a pile of zombie processes inside.</li> </ul> <p>All of these symptoms point to the same root cause: <strong>your application is running as PID 1 and doesn't behave like an init process.</strong> In Linux, PID 1 has special semantics around signal handling and zombie reaping, and normal apps rarely implement those correctly.</p> <p>Tools like <a href="https://github.com/krallin/tini" rel="noopener noreferrer">Tini</a> solved this brilliantly: a tiny process that runs as PID 1, forwards signals to your app, and reaps zombies. Docker even ships with Tini built in via <code>--init</code>.</p> <p>In this post, I'll walk through an alternative implementation: <strong><code>mini-init-asm</code></strong>, a small PID 1 designed for containers, written entirely in <strong>x86-64 NASM</strong> and <strong>ARM64 GAS</strong>.</p> <p>It's not meant to replace Tini everywhere. Instead, it's:</p> <ul> <li> <strong>PGID-first init</strong> for containers (always uses a separate session and process group),</li> <li> <strong>pure-assembly implementation</strong> of the same core ideas,</li> <li> <strong>a few extra tricks</strong> like <strong>restart-on-crash</strong>.</li> </ul> <h2> Design goals </h2> <p>Before writing a single line of assembly, I set a few constraints:</p> <p><strong>Behave like a responsible PID 1.</strong></p> <ul> <li>Forward termination signals to the <em>whole process group</em>.</li> <li>Reap zombies, including grandchildren if needed (subreaper mode).</li> <li>Exit with a meaningful status (child exit code or <code>128+signal</code> style).</li> </ul> <p><strong>Be small and auditable.</strong></p> <ul> <li>No libc, no runtime, no hidden magic.</li> <li>A single statically-linked binary per architecture.</li> <li>Clear, reviewable control flow.</li> </ul> <p><strong>Be container-friendly.</strong></p> <ul> <li>Easy to drop into <code>FROM scratch</code> images.</li> <li>Explicit support for graceful shutdown (grace period + <code>SIGKILL</code> escalation).</li> <li>Optional restart logic, but not a full-blown process manager.</li> </ul> <p><strong>Support amd64 and arm64 from day one.</strong></p> <ul> <li>x86-64 NASM for the "normal" Docker host.</li> <li>ARM64 GAS for modern ARM servers and SBCs.</li> </ul> <h2> The container PID 1 problem in one picture </h2> <p>When your app runs directly as PID 1, everything inside the container hangs off it:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuiq8ogmjozothbroq5tw.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuiq8ogmjozothbroq5tw.png" alt="Container PID 1 problem" width="800" height="486"></a></p> <p>If <code>your-app</code>:</p> <ul> <li>ignores <code>SIGTERM</code>, <code>SIGINT</code>, etc., <strong><code>docker stop</code> won't work properly</strong>, and k8s will eventually send <code>SIGKILL</code>;</li> <li>never calls <code>wait()</code> / <code>waitpid()</code>, then exited children become <strong>zombies</strong> until PID 1 cleans them up.</li> </ul> <p>An init like Tini or <code>mini-init-asm</code> inserts itself as PID 1 and makes your app "just another process" with a normal parent:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsdh52j4h87aq7u19ulca.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsdh52j4h87aq7u19ulca.png" alt="An init like Tini or raw `mini-init-asm` endraw inserts itself as PID 1 and makes your app " width="379" height="692"></a></p> <p>PID 1 now:</p> <ul> <li>forwards signals to a <strong>process group</strong>,</li> <li>reaps zombies,</li> <li>decides when to exit and with what status.</li> </ul> <h2> High-level architecture of mini-init-asm </h2> <p><code>mini-init-asm</code> follows a PGID-centric design:</p> <ul> <li> <strong>Block signals</strong> in PID 1.</li> <li> <strong>Spawn a child</strong> under a new session + process group (PGID = child PID).</li> <li> <p>Create:</p> <ul> <li>a <code>signalfd</code> listening to <code>HUP, INT, QUIT, TERM, CHLD</code> plus optional extra signals;</li> <li>a <code>timerfd</code> for the graceful shutdown window;</li> <li>an <code>epoll</code> instance watching both fds.</li> </ul> </li> <li> <p>Run an <strong>event loop</strong> on <code>epoll_wait</code>:</p> <ul> <li>on <strong>soft signals</strong> (<code>TERM/INT/HUP/QUIT</code>): forward to the whole process group and start the grace timer;</li> <li>on <strong><code>SIGCHLD</code></strong>: reap children with <code>waitpid(-1, WNOHANG)</code> and track the main child;</li> <li>on <strong>timer expiry</strong>: if the child is still alive, send <code>SIGKILL</code> to the process group.</li> </ul> </li> </ul> <p>On exit, <code>mini-init-asm</code> returns:</p> <ul> <li>the child's exit status (normal exit), or</li> <li> <code>BASE + signal_number</code> if the child died by a signal.</li> </ul> <p>The base is customizable via <code>EP_EXIT_CODE_BASE</code>, defaulting to <strong>128</strong> (POSIX shell convention).</p> <h2> Sequence: from <code>docker run</code> to graceful shutdown </h2> <p>Here's the "happy path" when running:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>mini-init-amd64 <span class="nt">--</span> ./your-app <span class="nt">--flag</span> </code></pre> </div> <p>from <code>docker run</code> to graceful shutdown:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkbzfu2ro1c2oyi7nyr9h.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkbzfu2ro1c2oyi7nyr9h.png" alt="from raw `docker run` endraw to graceful shutdown" width="800" height="795"></a></p> <p>If the child <strong>ignores</strong> <code>SIGTERM</code> and is still alive when the timer expires, <code>mini-init-asm</code> escalates:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fejpgqo2w3g8ul6w76gax.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fejpgqo2w3g8ul6w76gax.png" alt="If the child **ignores** raw `SIGTERM` endraw and is still alive when the timer expires, raw `mini-init-asm` endraw escalates" width="800" height="705"></a></p> <h2> Pure-assembly implementation: structure </h2> <p>The repo is organized to keep the assembly readable and reviewable:</p> <ul> <li> <code>src/amd64/</code> - NASM sources (SysV ABI, x86-64).</li> <li> <code>src/arm64/</code> - GAS sources (AArch64).</li> <li> <code>include/syscalls_*.inc</code> - syscall numbers per arch.</li> <li> <code>include/macros*.inc</code> - small helpers for syscalls / logging.</li> </ul> <p>A typical syscall wrapper in NASM looks like (simplified):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>; rax = syscall number ; rdi, rsi, rdx, r10, r8, r9 = args %macro SYSCALL 0 syscall cmp rax, 0 jge .ok ; handle -errno in rax if needed... .ok: %endmacro </code></pre> </div> <p>Spawning the child in PGID mode is essentially:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>; 1) Fork/clone a child mov eax, SYS_clone mov rdi, SIGCHLD ; flags xor rsi, rsi ; child_stack (unused for simple clone) xor rdx, rdx ; ... xor r10, r10 xor r8, r8 xor r9, r9 syscall cmp rax, 0 je .in_child jl .fork_error ; ----- Parent (PID 1) ----- ; rax = child_pid mov [child_pid], rax ; continue with signalfd/epoll setup... jmp .parent_after_fork .in_child: ; 2) Create new session and PGID mov eax, SYS_setsid syscall ; Optionally setpgid(0, 0) xor rdi, rdi xor rsi, rsi mov eax, SYS_setpgid syscall ; 3) execve() target program ; (argv/envp prepared before jump to child) mov eax, SYS_execve mov rdi, [target_path] mov rsi, [target_argv] mov rdx, [target_envp] syscall ; If execve returns, it's an error -&gt; exit(127) mov edi, 127 mov eax, SYS_exit syscall </code></pre> </div> <p>On the ARM64 side, the logic is analogous, just with different calling conventions (<code>x8</code> for syscall number, <code>x0-x5</code> for arguments).</p> <h2> The epoll + signalfd + timerfd loop </h2> <p>The main event loop is where most of the logic lives. In pseudo-C, the gist is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="k">for</span> <span class="p">(;;)</span> <span class="p">{</span> <span class="kt">int</span> <span class="n">n</span> <span class="o">=</span> <span class="n">epoll_wait</span><span class="p">(</span><span class="n">epfd</span><span class="p">,</span> <span class="n">events</span><span class="p">,</span> <span class="n">MAX_EVENTS</span><span class="p">,</span> <span class="o">-</span><span class="mi">1</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="n">n</span> <span class="o">&lt;</span> <span class="mi">0</span> <span class="o">&amp;&amp;</span> <span class="n">errno</span> <span class="o">==</span> <span class="n">EINTR</span><span class="p">)</span> <span class="k">continue</span><span class="p">;</span> <span class="k">for</span> <span class="p">(</span><span class="kt">int</span> <span class="n">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="n">n</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="n">events</span><span class="p">[</span><span class="n">i</span><span class="p">].</span><span class="n">data</span><span class="p">.</span><span class="n">fd</span> <span class="o">==</span> <span class="n">signalfd_fd</span><span class="p">)</span> <span class="p">{</span> <span class="k">struct</span> <span class="n">signalfd_siginfo</span> <span class="n">si</span><span class="p">;</span> <span class="n">read</span><span class="p">(</span><span class="n">signalfd_fd</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">si</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">si</span><span class="p">));</span> <span class="kt">int</span> <span class="n">sig</span> <span class="o">=</span> <span class="n">si</span><span class="p">.</span><span class="n">ssi_signo</span><span class="p">;</span> <span class="k">if</span> <span class="p">(</span><span class="n">is_soft_shutdown</span><span class="p">(</span><span class="n">sig</span><span class="p">))</span> <span class="p">{</span> <span class="n">forward_to_pgid</span><span class="p">(</span><span class="n">sig</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="n">grace_timer_armed</span><span class="p">)</span> <span class="p">{</span> <span class="n">arm_timerfd</span><span class="p">(</span><span class="n">grace_seconds</span><span class="p">);</span> <span class="n">grace_timer_armed</span> <span class="o">=</span> <span class="nb">true</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="n">sig</span> <span class="o">==</span> <span class="n">SIGCHLD</span><span class="p">)</span> <span class="p">{</span> <span class="n">reap_children</span><span class="p">();</span> <span class="k">if</span> <span class="p">(</span><span class="n">main_child_exited</span><span class="p">)</span> <span class="p">{</span> <span class="n">exit_with_child_status</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="n">forward_to_pgid</span><span class="p">(</span><span class="n">sig</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="n">events</span><span class="p">[</span><span class="n">i</span><span class="p">].</span><span class="n">data</span><span class="p">.</span><span class="n">fd</span> <span class="o">==</span> <span class="n">timerfd_fd</span><span class="p">)</span> <span class="p">{</span> <span class="kt">uint64_t</span> <span class="n">expirations</span><span class="p">;</span> <span class="n">read</span><span class="p">(</span><span class="n">timerfd_fd</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">expirations</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">expirations</span><span class="p">));</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="n">main_child_exited</span><span class="p">)</span> <span class="p">{</span> <span class="n">kill_process_group</span><span class="p">(</span><span class="n">SIGKILL</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The actual code is assembly, but the state machine is very close to this.</p> <h2> Configuration knobs </h2> <p>To keep the CLI surface minimal, <code>mini-init-asm</code> pushes configuration into environment variables:</p> <ul> <li> <p><strong>Shutdown behavior</strong></p> <ul> <li> <code>EP_GRACE_SECONDS</code> - window between first soft signal and <code>SIGKILL</code> (default <code>10</code>).</li> <li> <code>EP_EXIT_CODE_BASE</code> - base for "killed-by-signal" exit codes (default <code>128</code>).</li> </ul> </li> <li> <p><strong>Signal fan-out</strong></p> <ul> <li> <code>EP_SIGNALS</code> - CSV of extra signals to monitor and forward (e.g. <code>USR1,RT1,RT5</code>).</li> </ul> </li> <li> <p><strong>Reaping and supervision</strong></p> <ul> <li> <code>EP_SUBREAPER=1</code> - enable <code>PR_SET_CHILD_SUBREAPER</code>.</li> <li> <code>EP_RESTART_ENABLED=1</code> - restart-on-crash mode.</li> <li> <code>EP_MAX_RESTARTS</code> - max restarts (0 = unlimited).</li> <li> <code>EP_RESTART_BACKOFF_SECONDS</code> - backoff between restarts.</li> </ul> </li> </ul> <p>On top of that, there are only two CLI flags:</p> <ul> <li> <code>-v</code> / <code>--verbose</code> - log more details.</li> <li> <code>-V</code> / <code>--version</code> - print version.</li> </ul> <h2> Compared to Tini </h2> <p>If you're already using Tini, the behavior will feel familiar:</p> <ul> <li> <strong>signal forwarding</strong> and <strong>zombie reaping</strong> are table stakes for both;</li> <li>both can operate in <strong>subreaper</strong> mode when not PID 1;</li> <li>both try to be <strong>transparent</strong>: your app still sees the usual signals and exit codes.</li> </ul> <p>Where <code>mini-init-asm</code> differs:</p> <ul> <li>It's <strong>PGID-mode by design</strong> - the target process always runs in a separate session and process group, and signals are sent to the <em>group</em>, not just a single child.</li> <li>The implementation is <strong>pure assembly</strong> with direct syscalls, so there's no libc and very little hidden behavior.</li> <li>It offers a <strong>very small restart-on-crash loop</strong> controlled by env vars (<code>EP_RESTART_*</code>), which Tini intentionally doesn't provide.</li> </ul> <p>I still recommend Tini (or Docker's <code>--init</code>) as the default choice for most workloads. It's widely deployed, packaged, and battle-tested. <code>mini-init-asm</code> is for people who:</p> <ul> <li>enjoy low-level Linux,</li> <li>want a tiny, auditable PID 1 in scratch images,</li> <li>or just like reading and hacking assembly.</li> </ul> <h2> Trying it out in Docker </h2> <p>Here's a minimal Dockerfile example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="w"> </span><span class="s">debian:stable-slim</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">build</span> <span class="k">RUN </span>apt-get update <span class="o">&amp;&amp;</span> <span class="se">\ </span>apt-get <span class="nb">install</span> <span class="nt">-y</span> <span class="nt">--no-install-recommends</span> <span class="se">\ </span>nasm make binutils ca-certificates <span class="o">&amp;&amp;</span> <span class="se">\ </span><span class="nb">rm</span> <span class="nt">-rf</span> /var/lib/apt/lists/<span class="k">*</span> <span class="k">WORKDIR</span><span class="s"> /src</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span>make <span class="k">FROM</span><span class="s"> scratch</span> <span class="c"># Copy the tiny init</span> <span class="k">COPY</span><span class="s"> --from=build /src/build/mini-init-amd64 /mini-init</span> <span class="c"># Copy your app</span> <span class="k">COPY</span><span class="s"> your-app /your-app</span> <span class="k">ENTRYPOINT</span><span class="s"> ["/mini-init", "--"]</span> <span class="k">CMD</span><span class="s"> ["/your-app"]</span> </code></pre> </div> <p>Build and run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker build <span class="nt">-t</span> mini-init-asm-demo <span class="nb">.</span> docker run <span class="nt">--rm</span> <span class="nt">-it</span> mini-init-asm-demo <span class="c"># From another shell:</span> docker stop &lt;container-id&gt; </code></pre> </div> <p>You should see your app receive <code>SIGTERM</code>, run its own shutdown handlers, and exit cleanly,<br> while <code>mini-init-asm</code> reaps whatever processes it spawned.</p> <h2> Status and roadmap </h2> <p>Right now, <code>mini-init-asm</code> is meant for experimentation and early adopters:</p> <ul> <li>The core PGID + signal + timer logic is covered by a test suite (TERM fan-out, escalation, <code>EP_SIGNALS</code>, exit-code mapping, restart behavior, subreaper edge cases).</li> <li>ARM64 is supported and tested via QEMU, but native ARM64 testing will always be more deterministic.</li> <li>The focus is on <strong>keeping the code small and understandable</strong>, not on adding every feature a process supervisor could have.</li> </ul> <p>Future areas I'm interested in:</p> <ul> <li>more real-world testing under high load and high churn scenarios,</li> <li>more architectures (e.g. riscv64) if there's interest,</li> <li>tooling to visualize and debug the event loop (e.g. trace logging helpers),</li> <li>documentation around secure integration with seccomp/cgroups/AppArmor.</li> </ul> <h2> Wrap-up </h2> <p>If you:</p> <ul> <li>care about how PID 1 actually works in containers,</li> <li>want a tiny init written in assembly you can fully understand and audit,</li> <li>or just enjoy reading low-level code,</li> </ul> <p>then <code>mini-init-asm</code> might be a fun project to explore or contribute to.</p> <p>You can find the code, tests, and Docker examples here: <a href="https://github.com/roots666/mini-init-asm" rel="noopener noreferrer"><strong>GitHub - mini-init-asm</strong></a></p> <p>Feedback, issues, and PRs are very welcome - especially around tricky signal / reaping edge cases you've seen in production.</p> opensource linux assembly containers