Running systemd unprivileged in Docker container

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I can run a full Arch system (with systemd as PID 1) in a Docker container in Docker privileged mode:
    sudo docker run -i -t --privileged archlinux /usr/lib/systemd/systemd

but privileged mode is, well, a bit privileged. I believe used to be able to tone this down with something like:

    sudo docker run -i -t --cap-add=ALL -v /sys/fs/cgroup:/sys/fs/cgroup:ro archlinux /usr/lib/systemd/systemd

or even less capabilities than "all". But now I'm getting:

    systemd 248.3-2-arch running in system mode. (+PAM +AUDIT -SELINUX -APPARMOR -IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +XKBCOMMON +UTMP -SYSVINIT default-hierarchy=unified)
    Detected virtualization docker.
    Detected architecture x86-64.
    Detected first boot.

    Welcome to Arch Linux!

    Initializing machine ID from random generator.
    Failed to create /init.scope control group: Read-only file system
    Failed to allocate manager object: Read-only file system
    [!!!!!!] Failed to allocate manager object.
    Exiting PID 1...

I don't understand what that means. (Somebody likes exclamation marks.) What's the "manager object", and who is trying to allocate it?

Assuming that the "Read-only filesystem" in question is that /sys/fs/cgroup, when binding it into the container as read-write I get that instead:

    Failed to create /init.scope control group: No such file or directory
    Failed to allocate manager object: No such file or directory

This long Serverfault thread may be related? Are they saying it's broken? Can it be done?

Posted this earlier in the Arch forum, lots of views, no answers.

Thanks,



Johannes.
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux