Proposal: container start hook #14542
Description
I frequently see a lot of requests to extend the docker daemon with lots of little minutiae. I know there are lots of things I would like to see added, but I also don't want to see docker bogged down with feature bloat (and I think it's already got a lot).
I think a lot of these requests could be satisfied if users were able to run a custom command before the container is started.
Therefore I propose a single hook that executes immediately after the container is created. Once the container is created, but before the exec of the init process, the user specified command would be run. After it exits, if exit code is 0, continue normally, otherwise kill the container.
This custom command is either a path to an executable, or a script (determination is made by doing a simple file existence/executable check). If a script, the docker daemon writes the contents to a file, sets the executable bit, and executes it. This will allow users to pass in shell scripts via the remote API.
The hook will execute within the context of the host. If the hook wishes to execute something within the context of the container, it can use docker exec to do so.
A single environment variable will be provided (aside from those inherited from the docker daemon): CONTAINER_ID.
The hook would be stored in the container configuration, so any time the container is started, the hook would be run. If the user wishes to modify the hook, a new container must be created.
This should be very simple to implement, and I'd be willing to code it up.