Running systemd inside a docker container (arch linux)
Solution 1
I was able to work backwards from this: https://registry.hub.docker.com/u/codekoala/arch/
Docker 1.1 makes this easier as groups (ro) is already provided in containers - I still currently need priv access so it can create PrivateTmp mounts, but otherwise, as long as you specify the cmd to run as the systemd binary - it works nicely.
Solution 2
Here my master pice :D running systemd inside a docker container with ubuntu :D I Got Ubuntu working with systemd inside docker
GitHub Repo for my docker-systemd container
$ docker run -it --cap-add SYS_ADMIN -v /sys/fs/cgroup:/sys/fs/cgroup:ro dockerimages/docker-systemd
Output:
systemd 218 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT -GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID -ELFUTILS +KMOD -IDN)
Detected virtualization 'docker'.
Detected architecture 'x86-64'.
Welcome to Ubuntu Vivid Vervet (development branch)!
Set hostname to <502ec40509a5>.
[ OK ] Created slice Root Slice.
[ OK ] Created slice System Slice.
Starting Emergency Shell...
[ OK ] Started Emergency Shell.
Startup finished in 5ms.
Welcome to emergency mode! After logging in, type "journalctl -xb" to view
system logs, "systemctl reboot" to reboot, "systemctl default" or ^D to
try again to boot into default mode.
root@502ec40509a5:~# exit
Update 2021
A lot of Patches got Submitted to diffrent Projects like the docker upstream repos by REDHAT. To be More clear my frind David Walsh @ REDHAT did also post a lot about that. https://developers.redhat.com/blog/author/rhatdan/.
Running SystemD Without additional Privileges requires
/run
as a tmpfs.
/sys/fs/cgroup
read/only.
/sys/fs/cgroup/systemd
read/write.
/etc/machine-id
Needs to Contain a Uniqe MachineID
SIGRTMIN+3
as stopsignal as sigterm will not work
/var/log/journal
If it does not exist it will write to memory
docker run -d \
--tmpfs /tmp \
--tmpfs /run \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro \
--stop-signal SIGRTMIN+3 \
httpd /sbin/init
Note: The Stopsignal flag can be droped when your dockerfile contains STOPSIGNAL SIGRTMIN+3
See the full Post. https://developers.redhat.com/blog/2016/09/13/running-systemd-in-a-non-privileged-container/
Note: Today with Podman this would be even more simple read about it here: https://developers.redhat.com/blog/2019/04/24/how-to-run-systemd-in-a-container/
Solution 3
To run systemd in a Docker container, the host system must also run systemd. This means you cannot use Ubuntu < 16.04 as the host.
Solution 4
Currently systemd does not run correctly within a docker container, due to a whole set of reasons, i.e. the lack of the correct privileges. You can read up on that in a variety of github issues on the docker project like running systemd inside docker arch container hangs or segfaults and related issues regarding init/process monitoring. (I would like to link more issues here, but I can't as I apparently don't have enough reputation).
As you can see, this is a topic that is currently being worked on and a few patches have been merged already to improve behavior, so that we can expect this to work quite soon.
Apparently some developers already managed to get it to run on fedora systems, as they have documented in their blog.
Solution 5
Found this question while trying to do this in the debian:8 official container. For anyone else trying to do this on the official debian:8 (debian:jessie) container, @Frank-from-DSPEED's answer works with a slight modification as described in an older git hub post:
docker run -d \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro \
--cap-add SYS_ADMIN \
debian:jessie /sbin/init
docker exec -it <your-new-container-name-or-ID> bash
Then from in the container:
systemctl show-environment
This works perfectly for me and since this is only a development environment, the security issue does not matter to me.
Note: The /sbin/init command gets /sbin/init to be Process 1, which is a key part of making this work.
Related videos on Youtube
Michael Neale
Work on cloudbees - scala, erlang, ruby, java - linux, nginx and more.
Updated on September 18, 2022Comments
-
Michael Neale over 1 year
I am trying to see if I can run systemd inside a docker container (which is running arch linux in the container).
I start docker with all capabilities, and bind mount in cgroups:
docker run -it --rm --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro ..
however, if I try to run the systemd binary:
Trying to run as user instance, but the system has not been booted with systemd.
Trying to find out how to init things correctly to systemd starts.
-
user2751502 almost 10 yearsThe
systemd
man page would be a good place to start. Google also yields several articles about running systemd under docker. -
030 almost 7 yearsCould you explain why you need systemd?
-
-
Michael Hampton over 9 yearsTechnically this works, but you had to break the container's security to do it. This is not appropriate for a production deployment.
-
Andrew Schulman about 9 yearsWelcome to ServerFault. Instead of linking to an solution, please include the essentials points of it here in your answer. That way your answer will still be useful if the link target goes away.
-
czerasz about 7 years
systemctl show-environment
reutrns for meFailed to get D-Bus connection: Unknown error -1
. When I start the container with an--privileged
flag instead of--cap-add SYS_ADMIN
(docker run -d --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro --name=ubuntu_systemd_test debian:jessie /sbin/init
) systemctl responds like usual -
Vivek Kodira over 6 years@twildfarmer thank you. Also for anyone else who tries this. Another Dockerfile that this has been implemented in is: syslog.me/2016/03/31/an-init-system-in-a-docker-container
-
frank-dspeed over 5 yearsToday thuis is possible more easy with less security flags
-
Codebling over 4 yearsCan you give details on what image you're using for this? I've tried Ubuntu, Debian, Arch, Alpine and OpenSUSE and none of them work. Either the binary doesn't exist or init fails to open resources.
-
Mark Stosberg almost 4 yearsThis answer is outdated. systemd can run Docker containers now: developers.redhat.com/blog/2019/04/24/…
-
Mark Stosberg almost 4 yearsTry a systemd-enabled Docker image: github.com/defn/docker-systemd
-
Michael Hampton almost 4 yearsOf course the link is broken now, so this answer is no longer useful. This is why you need to put the essential bits directly into your answers.
-
Jonathan Komar over 3 yearsCool masterpiece. Consider this other answer, because it is more secure and explains things (
SYS_ADMIN
is probably overkill): unix.stackexchange.com/a/499585/33386 -
Nemo about 3 years@MarkStosberg You're both right. That article is about running systemd inside podman containers, not the original Docker, but it should be easy enough to switch. Thanks for the link!
-
Jonathan Komar about 3 yearsYou really should be citing the source you copied from in your answer (my comment above does not count): unix.stackexchange.com/a/499585/33386.
-
frank-dspeed about 3 years@JonathanKomar Your probally right i will write it complet new with the current state of 2021 thanks for pointing that out do not forget to mention my name every where when you should use that.