init / supervisor in jail

I played a little bit with OCI containers and podman.
I had a hiccup with one specific container created for Docker / Linux.
Its difference from other containers is that it uses multiple daemons and a 
supervisor process to take care of them.  That particular supervisor is another 
variation of "advanced init", it's called s6.  Apparently, it is relatively 
popular for container use (not sure about host systems).  Probably other 
alternatives can be / are used for that purpose as well.

I think that this is what a supervisor in a container needs:
1. its PID is 1;
2. orphaned processes get re-parented to it.

I think that (1) is not a hard requirement, but it's an easy way to check if the 
process would be able to work as init.
Also, some other processes might expect to find init at PID 1, but I am not sure 
about that.

(2) is important for doing the supervising (at least, when procctl(PROC_REAP*) 
is not used) .

I think that on Linux they have separate PID namespace per container, so the 
first process to run naturally gets PID 1.

I think that per-container PID namespace may be an overkill.
Maybe there is a way to make PID 1 special without going that way.

E.g., a jail could record the first process it runs.
We can patch up getpid() to return 1 for that process.
Also, we could patch up the process lookup to return the first process in the 
jail for PID 1.

Re-parenting to the "jail init" sounds harder but should be possible as well 
(e.g., using PROC_REAP).

Not sure what to do if the "jail init" dies... should all processes in the jail 
get killed and the jail should die as well (unless persistent)?

This proposal sounds like a kludge but it could be a shortcut to support more 
Linux containers and to allow similar FreeBSD jails / containers with 
alternative init-s / supervisors.

Links:
- https://skarnet.org/software/s6/overview.html
- https://github.com/just-containers/s6-overlay
- https://man7.org/linux/man-pages/man7/pid_namespaces.7.html

-- 
Andriy Gapon