Docker - Override or remove ENTRYPOINT from a base image
Master System Design with Codemia
Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.
Introduction
A Docker base image may define an ENTRYPOINT that runs a specific executable when the container starts. To override or remove it, use --entrypoint at runtime with docker run, or reset it in a child Dockerfile with ENTRYPOINT []. Understanding the difference between ENTRYPOINT and CMD is key to controlling container behavior.
ENTRYPOINT vs CMD
ENTRYPOINT cannot be overridden by appending arguments to docker run. CMD can be overridden by appending arguments.
Override ENTRYPOINT at Runtime
The --entrypoint flag replaces the image's ENTRYPOINT entirely. Any arguments after the image name become the new CMD.
Remove ENTRYPOINT Completely
Override in a Dockerfile
When building a child image from a base that has an ENTRYPOINT:
Setting ENTRYPOINT [] in the child Dockerfile clears the parent's entrypoint. Then CMD runs directly.
Shell Form vs Exec Form
The key differences:
Always use exec form (["cmd", "arg"]) for ENTRYPOINT to ensure proper signal handling.
Combining ENTRYPOINT with docker-compose
Common Patterns
Wrapper Script ENTRYPOINT
The exec "$@" pattern passes CMD arguments through and replaces the shell process with the command, making the CMD process PID 1.
Inspecting a Base Image's ENTRYPOINT
Common Pitfalls
- Confusing
ENTRYPOINTandCMDoverride behavior: Arguments afterdocker run myimagereplaceCMDbut notENTRYPOINT. To replaceENTRYPOINT, you must use--entrypoint. Appendingbashtodocker run myimage bashonly changesCMD. - Shell form ENTRYPOINT ignoring signals: Shell form (
ENTRYPOINT python app.py) wraps the command in/bin/sh -c, makingshPID 1.docker stopsends SIGTERM tosh, not your app, causing a 10-second timeout and force kill. Always use exec form. - Forgetting
exec "$@"in entrypoint scripts: Withoutexec, the entrypoint shell script remains PID 1 and your app runs as a child process. This breaks signal handling and health checks. Always end entrypoint scripts withexec "$@". ENTRYPOINT []does not resetCMD: Clearing the entrypoint withENTRYPOINT []still preserves the base image'sCMD. If the base'sCMDwas arguments to the now-removed entrypoint, the container may fail. Set bothENTRYPOINT []and a newCMD.- Not using
--entrypoint ""(with empty string): Runningdocker run --entrypoint myimage bashtries to usemyimageas the entrypoint. The correct syntax isdocker run --entrypoint "" myimage bashto clear the entrypoint and runbash.
Summary
- Override at runtime:
docker run --entrypoint /bin/bash myimage - Remove at runtime:
docker run --entrypoint "" myimage /bin/bash - Override in Dockerfile:
ENTRYPOINT []clears the parent's entrypoint - Always use exec form (
["cmd", "arg"]) for proper signal handling - Use
exec "$@"at the end of entrypoint scripts to pass CMD as the main process - Inspect base images with
docker inspect --format='{{json .Config.Entrypoint}}' image

