This is a funny thing that could be made into a rule. Turns out Linux is handling PID 1 one specially. This is since normally the init process will have PID 1, and it is supposed to not be killable by default, not even with SIGKILL. In Linux, this process also has additional responsibilities, for example to assume responsibility for orphaned processes. This means that if a process has PID 1, and it gets SIGSEV, the signal handler will not be run. In containers, it seems that people sometimes end up with the Java process having PID 1. We should have a rule discover this and provide some best practice recommendations.

For example, docker run --init image your_process will run tini as PID 1, and run your process as PID2, which will make your process handle signals properly, and tini will handle zombie processes properly.