Docker – Running systemd inside a docker container (arch linux)

arch-linuxdockersystemd

I am trying to see if I can run systemd inside a docker container (which is running arch linux in the container).

I start docker with all capabilities, and bind mount in cgroups: 

docker run -it --rm --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro ..

however, if I try to run the systemd binary: 

Trying to run as user instance, but the system has not been booted with systemd.

Trying to find out how to init things correctly to systemd starts.

Best Answer

Here my master pice :D running systemd inside a docker container with ubuntu :D I Got Ubuntu working with systemd inside docker

GitHub Repo for my docker-systemd container

$ docker run -it --cap-add SYS_ADMIN -v /sys/fs/cgroup:/sys/fs/cgroup:ro dockerimages/docker-systemd

Output:

systemd 218 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT -GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID -ELFUTILS +KMOD -IDN)
Detected virtualization 'docker'.
Detected architecture 'x86-64'.

Welcome to Ubuntu Vivid Vervet (development branch)!

Set hostname to <502ec40509a5>.
[  OK  ] Created slice Root Slice.
[  OK  ] Created slice System Slice.
         Starting Emergency Shell...
[  OK  ] Started Emergency Shell.
Startup finished in 5ms.
Welcome to emergency mode! After logging in, type "journalctl -xb" to view
system logs, "systemctl reboot" to reboot, "systemctl default" or ^D to
try again to boot into default mode.
root@502ec40509a5:~# exit

Update 2021

A lot of Patches got Submitted to diffrent Projects like the docker upstream repos by REDHAT. To be More clear my frind David Walsh @ REDHAT did also post a lot about that. https://developers.redhat.com/blog/author/rhatdan/.

Running SystemD Without additional Privileges requires

/run as a tmpfs. /sys/fs/cgroup read/only. /sys/fs/cgroup/systemd read/write. /etc/machine-id Needs to Contain a Uniqe MachineID SIGRTMIN+3 as stopsignal as sigterm will not work /var/log/journal If it does not exist it will write to memory

docker run -d \ 
    --tmpfs /tmp \
    --tmpfs /run \
    -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
    --stop-signal SIGRTMIN+3 \
    httpd /sbin/init

Note: The Stopsignal flag can be droped when your dockerfile contains STOPSIGNAL SIGRTMIN+3

See the full Post. https://developers.redhat.com/blog/2016/09/13/running-systemd-in-a-non-privileged-container/

Note: Today with Podman this would be even more simple read about it here: https://developers.redhat.com/blog/2019/04/24/how-to-run-systemd-in-a-container/

Related Topic