Apparently Docker are aware of this problem, but putting a huge Python init process in there is just evil.<p><a href="https://github.com/docker/docker/issues/11529" rel="nofollow">https://github.com/docker/docker/issues/11529</a><p>And the problem appears in such edge cases that it is doubtfully worthy of so much attention. When a pid-1 process spawns daemons, that in turn leave orphaned zombies - this pid-1 will get assigned with them. (described in 'man 7 pid_namespaces')<p>Supposedly this non-init pid1 is not reaping orphaned zombies, which might get the namespace to pid_max (33k default) and run out of pids to use.
What I find most appaling about this, is that Phusion invented their own problem (PID1 reaping) that doesn't even exist in reality - and they keep banging that drum to create as much FUD as possible around something that is completely wrong and against the actual intent of Docker (the company, the community, the tool, the best practice, the ecosystem).