diff --git a/Dockerfile b/Dockerfile
index b2544bf2a6c13f0a8af22d965f17243529f5b25f..e322d490e9cd10f29b8fd84845108b5a992ac70a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -27,12 +27,12 @@ COPY --from=base /opt/spark/python/lib /opt/spark/python/lib
 # This is from the current version, not the version this container is based on
 # be warned there may be issues.
 COPY scripts/entrypoint.sh /opt/entrypoint.sh
-
+COPY tini /usr/bin/
 
 ENV SPARK_HOME /opt/spark
 
 WORKDIR /opt/spark/work-dir
-RUN chmod g+w /opt/spark/work-dir
+RUN chmod g+w /opt/spark/work-dir && chmod a+x /opt/entrypoint.sh && chmod a+x /usr/bin/tini
 
 ENTRYPOINT [ "/opt/entrypoint.sh" ]
 
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 0c420ac774290518aeb91eb7e2d2e6d7ae5784dd..c1c0a7848c7698767cde8b1e3c1e54018456da51 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -49,6 +49,11 @@ resources:
     validation:
       type: sha256
       value: 0e86620d658c5ca87a71a283bd308fcaeb4c33e17792ef6f081aec17c171347f
+  - filename: tini
+    url: https://github.com/krallin/tini/releases/download/v0.19.0/tini
+    validation:
+      type: sha512
+      value: 8053cc21a3a9bdd6042a495349d1856ae8d3b3e7664c9654198de0087af031f5d41139ec85a2f5d7d2febd22ec3f280767ff23b9d5f63d490584e2b7ad3c218c
 
 # List of project maintainers
 maintainers: