--net=host prevents su to jovyan user

[parente]

To overcome the problem in the title, need to set --pid=host as a workaround to moby/moby#5899. But then, tini reports:

[WARN ] Tini is not running as PID 1 and isn't registered as a child subreaper.
       Zombie processes will not be re-parented to Tini, so zombie reaping won't work.
       To fix the problem, use -s or set the environment variable TINI_SUBREAPER to register Tini as a child subreaper, or run Tini as PID 1.

To overcome this problem, tini needs to be started with -s. Maybe tini should always be started with -s in minimal-notebook?

[parente]

Actually, I prefer not changing the tini default since the consequences are somewhat unknown. (The tini doc mentions a kernel version requirement, but maybe there's more?)

At any rate, this can be solved by simply setting the env var mentioned in the log message at docker run time:

docker run -it --rm --net=host --pid=host -e TINI_SUBREAPER=true jupyter/minimal-notebook

I think simply documenting this in the spark stacks that recommend running with --net=host is a good enough answer.

@jtyberg, you hit this. What do you think?

[jtyberg]

I want the reaping for sure, so if it's a choice between "-s" in the tini cmd and setting the TINI_SUBREAPER environment variable, I think I prefer the latter. It's more explicit, and clearer to the user what is going on.

[parente]

I added the doc to pyspark and all-spark READMEs. Pushed directly to master since it's a doc only change.

[dhinojosa]

Seven years later, I tried reading the documentation and this ticket and can't make sense of it. I created a topic here: https://discourse.jupyter.org/t/integrating-docker-stacks-with-spark-and-minio-as-s3/15958