Running systemd inside a docker container (arch linux)

arch-linux docker systemd

41,061

Solution 1

I was able to work backwards from this: https://registry.hub.docker.com/u/codekoala/arch/

Docker 1.1 makes this easier as groups (ro) is already provided in containers - I still currently need priv access so it can create PrivateTmp mounts, but otherwise, as long as you specify the cmd to run as the systemd binary - it works nicely.

Solution 2

Here my master pice :D running systemd inside a docker container with ubuntu :D I Got Ubuntu working with systemd inside docker

GitHub Repo for my docker-systemd container

$ docker run -it --cap-add SYS_ADMIN -v /sys/fs/cgroup:/sys/fs/cgroup:ro dockerimages/docker-systemd

Output:

systemd 218 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT -GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID -ELFUTILS +KMOD -IDN)
Detected virtualization 'docker'.
Detected architecture 'x86-64'.

Welcome to Ubuntu Vivid Vervet (development branch)!

Set hostname to <502ec40509a5>.
[  OK  ] Created slice Root Slice.
[  OK  ] Created slice System Slice.
         Starting Emergency Shell...
[  OK  ] Started Emergency Shell.
Startup finished in 5ms.
Welcome to emergency mode! After logging in, type "journalctl -xb" to view
system logs, "systemctl reboot" to reboot, "systemctl default" or ^D to
try again to boot into default mode.
root@502ec40509a5:~# exit

Update 2021

A lot of Patches got Submitted to diffrent Projects like the docker upstream repos by REDHAT. To be More clear my frind David Walsh @ REDHAT did also post a lot about that. https://developers.redhat.com/blog/author/rhatdan/.

Running SystemD Without additional Privileges requires

/run as a tmpfs. /sys/fs/cgroup read/only. /sys/fs/cgroup/systemd read/write. /etc/machine-id Needs to Contain a Uniqe MachineID SIGRTMIN+3 as stopsignal as sigterm will not work /var/log/journal If it does not exist it will write to memory

docker run -d \ 
    --tmpfs /tmp \
    --tmpfs /run \
    -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
    --stop-signal SIGRTMIN+3 \
    httpd /sbin/init

Note: The Stopsignal flag can be droped when your dockerfile contains STOPSIGNAL SIGRTMIN+3

See the full Post. https://developers.redhat.com/blog/2016/09/13/running-systemd-in-a-non-privileged-container/

Note: Today with Podman this would be even more simple read about it here: https://developers.redhat.com/blog/2019/04/24/how-to-run-systemd-in-a-container/

Solution 3

To run systemd in a Docker container, the host system must also run systemd. This means you cannot use Ubuntu < 16.04 as the host.

Solution 4

Currently systemd does not run correctly within a docker container, due to a whole set of reasons, i.e. the lack of the correct privileges. You can read up on that in a variety of github issues on the docker project like running systemd inside docker arch container hangs or segfaults and related issues regarding init/process monitoring. (I would like to link more issues here, but I can't as I apparently don't have enough reputation).

As you can see, this is a topic that is currently being worked on and a few patches have been merged already to improve behavior, so that we can expect this to work quite soon.

Apparently some developers already managed to get it to run on fedora systems, as they have documented in their blog.

Solution 5

Found this question while trying to do this in the debian:8 official container. For anyone else trying to do this on the official debian:8 (debian:jessie) container, @Frank-from-DSPEED's answer works with a slight modification as described in an older git hub post:

docker run -d \
    -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
    --cap-add SYS_ADMIN \
    debian:jessie  /sbin/init
docker exec -it <your-new-container-name-or-ID> bash

Then from in the container:

systemctl show-environment

This works perfectly for me and since this is only a development environment, the security issue does not matter to me.

Note: The /sbin/init command gets /sbin/init to be Process 1, which is a key part of making this work.

View more solutions

41,061

Michael Neale

Work on cloudbees - scala, erlang, ruby, java - linux, nginx and more.

Updated on September 18, 2022

Comments

Michael Neale over 1 year
I am trying to see if I can run systemd inside a docker container (which is running arch linux in the container).

I start docker with all capabilities, and bind mount in cgroups:
```
docker run -it --rm --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro ..
```
however, if I try to run the systemd binary:
```
Trying to run as user instance, but the system has not been booted with systemd.
```
Trying to find out how to init things correctly to systemd starts.
- user2751502 almost 10 years
  
  The systemd man page would be a good place to start. Google also yields several articles about running systemd under docker.
- 030 almost 7 years
  
  Could you explain why you need systemd?
Michael Hampton over 9 years

Technically this works, but you had to break the container's security to do it. This is not appropriate for a production deployment.
Andrew Schulman about 9 years

Welcome to ServerFault. Instead of linking to an solution, please include the essentials points of it here in your answer. That way your answer will still be useful if the link target goes away.
czerasz about 7 years

systemctl show-environment reutrns for me Failed to get D-Bus connection: Unknown error -1. When I start the container with an --privileged flag instead of --cap-add SYS_ADMIN (docker run -d --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro --name=ubuntu_systemd_test debian:jessie /sbin/init) systemctl responds like usual
Vivek Kodira over 6 years

@twildfarmer thank you. Also for anyone else who tries this. Another Dockerfile that this has been implemented in is: syslog.me/2016/03/31/an-init-system-in-a-docker-container
frank-dspeed over 5 years

Today thuis is possible more easy with less security flags
Codebling over 4 years

Can you give details on what image you're using for this? I've tried Ubuntu, Debian, Arch, Alpine and OpenSUSE and none of them work. Either the binary doesn't exist or init fails to open resources.
Mark Stosberg almost 4 years

This answer is outdated. systemd can run Docker containers now: developers.redhat.com/blog/2019/04/24/…
Mark Stosberg almost 4 years

Try a systemd-enabled Docker image: github.com/defn/docker-systemd
Michael Hampton almost 4 years

Of course the link is broken now, so this answer is no longer useful. This is why you need to put the essential bits directly into your answers.
Jonathan Komar over 3 years

Cool masterpiece. Consider this other answer, because it is more secure and explains things (SYS_ADMIN is probably overkill): unix.stackexchange.com/a/499585/33386
Nemo about 3 years

@MarkStosberg You're both right. That article is about running systemd inside podman containers, not the original Docker, but it should be easy enough to switch. Thanks for the link!
Jonathan Komar about 3 years

You really should be citing the source you copied from in your answer (my comment above does not count): unix.stackexchange.com/a/499585/33386.
frank-dspeed about 3 years

@JonathanKomar Your probally right i will write it complet new with the current state of 2021 thanks for pointing that out do not forget to mention my name every where when you should use that.