Start a systemd service inside chroot from a non systemd based rootfs

unix systemd chroot sysvinit openrc

101,082

Solution 1

Several years later I must admit there is only one solution to most Systemd practical problems. Because the error is Systemd itself

I am really fed up with Systemd as I had problems that I never faced with things like Upstart or Openrc :

The enforcing of a kernel requiring cgroups support (instead of being made optional but enabled by default inside a config file) even for embedded systems with only 24Mb of ram and no writable storage.
While proponents argue that not being able to use it in such case is the wanted behavior since it wasn’t designed for such case, the reality is the other init systems also don’t care while in systemd such feature isn’t a separate project which highlights once again the consequences of not following kiss.
Despite the claim of being modular, at runtime the dependency hell makes it a strong god object : want to boot over a single reiser4 rootfs ? It’s not possible because many programs requires systemd-udevd which requires systemd-init which requires the systemd-boot package which can’t be installed at the same time than grub2 nor can read kernel images from a reiser4 partition.
Want to connect to the internet through Bluetooth dialup ? If it doesn’t work with your Samsung java me phone, then you aren’t able to run the scripts and command line software that previously worked manually because of networkd.
Though I recognize the biggest problem is if you are building and maintaining your own Linux distribution : the systemd init module itself has so many dependencies that you can’t propose to choose another init system through different install packages.
The default use of Google dns for systemd if no resolver is defined in terms of privacy.
The inability to launch a background non service process and log out as there are no simple ways to do it in a new systemd scope.
Good luck for viewing logs if you can’t chroot in your system or if you upgraded from libdb4.8 (whereas at least, in worst case Microsoft has it’s log files in xml format).

The only solution :

Systemd is unnecessary complex for solving problems : like alsa instead of ossv4. So if you have something that uses systemd just wipe all the data :

dd if=/dev/urandom of=/dev/dm−0 bs=1M

and install something that doesn’t use it at all while solving problems of SysV Init like Gentoo with Openrc.
Concerning my question systemd makes things like the Windows® registry : if a part of it gets screwed up, then it’s over.

Solution 2

A well-known problem in systemd distros (Arch Linux, OpenSUSE, Fedora).

Systemd replaces sysvinit, and provides one great advantage over this. In sysvinit, when you ask a service to start, it inherits the execution context of the person invoking the script, which includes environment variables, ulimits, and so on. Systemd improves on this at the contrary by notifying a daemon, which will start the service in a well-defined, healthy, constant environment, where of course the performances of the services are much easier to predict, since the environment is always the same.

This implies that, when I call systemctl from within the chroot, it is irrelevant that I am inside chroot, the environment that will be inherited is still that of PID 1, not my current one. But it gets worse than this: since communication sockets are placed inside /run/systemd, a process in a chroot will not even be able to talk to the init system!

So how do you go about chroot'ing in systemd distros?

If all you want to do is have a Linux container, this Arch Wiki page will tell you how to set up a Linux container in less than 30 seconds, thanks to systemd-nspawn.
If instead you really want a chroot environment, this beautiful and crystal clear Web page will provide you with two working solutions (the second one is a modified version of the one offered at point #1).

Solution 3

systemd only ignores "services", so I just run the daemon commands manually.

So instead of

service sshd start

I use

/usr/sbin/sshd -D &

Solution 4

No. Services are executed by systemd (pid 1), not by systemctl directly (which only sends a start request), and since systemd runs outside the chroot, so will the service.

Although technically it could be possible to implement this (by making systemctl somehow pass its root to systemd), it is somewhat unlikely to happen since there already is a tool for creating full containers (systemd-nspawn /somepath/to_root). You could always contact the mailing list though.

Solution 5

Faced this problem once tried to bring up network in rescue mode using network configuration from chroot. Finally this works for me:

service --skip-redirect <service> restart

or:

SYSTEMCTL_SKIP_REDIRECT=_ /etc/init.d/<service> restart

View more solutions

101,082

user2284570

Currently spending my spare time in Ethereum security. Was rewarded by GitHub and Google.

Updated on September 18, 2022

Comments

user2284570 almost 2 years
With init scripts (or with openrc) I alway could run services from a different installation root.
but when I run chroot /somepath/to_root /usr/bin/systemctl start someservice I got:
```
Running in chroot, ignoring request.
```
Is there a way to force systemd run the service?

Update:
I forgot to say my host system run init scripts or openrc, but never systemd, and that I use chroot to troubleshot Unix systems which can't even launch a minimal shell.
- neofutur almost 10 years
  
  I also need to run services into a chroot, it always worked before openrc2, seems impossible now ;(
- Daniel B over 9 years
  
  You’re trying to solve the wrong problem. If you have OpenRC, you need to convert the systemd service into an OpenRC service. There’s really no way around that.
- user2284570 over 9 years
  
  @DanielB : NO! Did you ever heard of systemrescuecd?
- Daniel B over 9 years
  
  No. I also don't see how it relates to your question.
user2284570 over 10 years

Nice, But I need to use systemctl since My host system use oepnrc. I want full independent solution
user2284570 over 10 years

I've looked for systemd-nspawn but I can't run it. And No this is not for a container since the service need to be used by both the host and the target architecture.
MariusMatutiae over 10 years

@user2284570 What do you mean exactly by I can't run it?
JdeBP over 10 years

I'll muddy the waters yet further by saying: Psst! Mention RootDirectory= as well since you are so dangerously short of upvotes. (-:
user2284570 over 10 years

@JdeBP : What is the difference (in term of results) beetween the variable RootDirectoryand the chrootcommand?
user2284570 over 10 years

@grawity : So What append if the pid 1 is init?
TwoD about 10 years

It should be located right next to systemctl and the other systemd binaries (from your host: /somepath/to_root/usr/bin/systemd-nspawn)
hvd almost 9 years

@TwoD That won't work. Running systemd-nspawn fails with "Not running on a systemd system." unless the host is using systemd as well.
TwoD almost 9 years

@hvd See the other answers for actually having systemd itself run in the chroot. I was just answering where to find the binary as it sounded to me like user2284570 was looking for it.
hvd almost 9 years

@TwoD And I responded because it doesn't sound like that at all to me. :) "I can't run it" is an odd thing to say if you're having trouble finding the executable, which is why I suspect that the problem is what I put in my comment: running it gives that error message and doesn't do anything useful. But even if it turns out the problem really was where to find systemd-nspawn, then pointing into the new root won't help. Either the host already has it (because it's running systemd), in which case the host version can be used, or the host doesn't have it, but the new root's version won't work.
user2284570 almost 9 years

no it's about things like d-bus. I do it in order to diagnose problems on the target chroot.
user2284570 over 8 years

This doesn’t work for all services. Some require to be started as part of the system service starter like Xorg.
user2284570 about 8 years

What about services like Dbus that can only be started by the installed binary systemd script ?
ellooku about 8 years

You can start such services from its directory with start command.
user2284570 about 8 years

Which is a symlink against systemctl. So it doesn’t work.
ellooku about 8 years

I do this all the time on Fedora running on my Android. May be I don't know what your problem is.
user2284570 about 8 years

The consequence is this message :Running in chroot, ignoring request.. I don’t think you do it all the time though chroot. Indeed, the startup script requires systemd.
Erkin Alp Güney over 7 years

startx will work for Xorg.
Erkin Alp Güney over 7 years

systemd will refuse to be run in chroot
user2284570 almost 7 years

Part of the problem is I sometimes need for the chroot services to ineract with those of the main root, so jailing based solutions cannot work.
user2284570 over 6 years

Nice. But it works only with legacy Init compatible services (won’t work for networking in Fedora rawhide). As I said in my answer, the real solution is to screw up anything that use systemd.
user2284570 about 6 years

@ErkinAlpGüney : not in chroot… Because of Dbus.
Craig Hicks almost 6 years

After setting up with debootstrap and schrooting into the directory to apt install things (specifically postgresql) I had the same problem as the OP. But following the web page link to pid eins, installing systemd-container both outside and inside the target directory, and finally invoking systemd-spawn -b -D <my dir> success was achieved.
Tim almost 6 years

It should be possible to use systemd-nspawn in a traditional init system. If you would read the whole arch wiki article posted in this answer, you'll come across this link: wiki.archlinux.org/index.php/Init#systemd-nspawn.
user2284570 over 5 years

Please recognize that the design of something can really prevent from getting an answer so that the answer is to switch to something which works. And that this is a real answer.
peterh over 5 years

I had the same opinion, now I am on a little bit more balanced view. Systemd has the super-big advantage that it can really kill what should be killed. It is because it tracks all the forked sub-processes with the kernel cgroup feature. None of the older tools can do that. Furthermore, do you remember the crap of the scripts in /etc/init/*.sh?I too, but it is only a bad memory to me today. The systemd service files are clear and around 10 lines long configs. Not 200 line long scripts. These huge advantages has the systemd, I agree that its all other features are disadvantage.
peterh over 5 years

Btw, I voted your answer up because, beside its advantages, exactly this type of critics, exactly in this tone is what the systemd development requires to improve. For example, I've just tried to start a postgresql in a chroot and I had to crap my root system to do that. Many, many crappy thing is still there, right.
user2284570 over 5 years

@peterh : unfortunately not everyone share it I mean to the point of deleting post. This is not about SysV init against Systemd but more against things like Openrc or even Upstart (which allows for short startup scripts as well as parallel service start). At least I learned one thing : Darwin is mostly the ᴏꜱ of Apple™ Windows is the ᴏꜱ of Microsoft and Linux design is mostly run by red hat. Though SysV init while being slower doesn’t restrict you at what you can do at runtime.
user2284570 over 4 years

@peterh Services scripts are also very clear when you use Openrc. The problem with cgroup on Systemd is this is not an option which by the prevent Systemd running things like Darwin or NetBSD.
Luis Machuca about 4 years

After many years and at least in Debian I've found the easiest solution is to simply, in the chroot, apt purge systemd and then apt install sysvinit-core. Since in a chroot systemd is not really "running" even if it's started, uninstalling it won't cripple the chroot, and then you can operate with sysv just as you do in the outside machine. (Unfortunately, in Debian I've found no way to debootstrap chroots with sysvinit preinstalled)
user2284570 about 4 years

@LuisMachuca which is the problem of this question (but apt-get can work without Systemd). How do you manage to not have pid 1 based on a systemd binary because of packages dependencies? This is for that impossibility that devuan was started. Are you still running Jessie or older?
Luis Machuca about 4 years

I'm running Buster with Antix's nosystemd repo substituting all things that could depend on systemd. This is the setup I have for all production systems I manage. Have been using this setup since Antix started the repo back in Debian Jessie and so far the only software that has ever caused me issues with it is Samba.
user2284570 about 4 years

@LuisMachuca so much like Devuan. I know many peoples would get angry seeing things like this in production environments.
Luis Machuca about 4 years

Oh they do, but they are definitively, quantifiably less angry than back when the servers migrated to systemd and a bunch of stuff wouldn't start, including entire servers with remote mountpoints. When it's time to get paid, "it works again and just as well as before" means a lot.
user2284570 about 4 years

@LuisMachuca no I’m meaning mixing repositories of different distributions. Even if 1 of them is for that purpose. What’s can be accepted is starting from a clean way with a distrib no designed for Systemd.
Luis Machuca about 4 years

I'm no such zealot and I don't know any reasonable person who is. In the end, some people broke Debian and some other people decided to help fix it; I prefer to work with the latter than with the former. Most of the contributions Antix has done with that repo are things that can and do go well with a current Debian, if the Debian repo masters were willing to give the greenlight. For example, they provide a libpam-elogind-compat package without which a de-systemdified Buster frequently slows down or freezes because of DBus issues.
Luis Machuca about 4 years

If anything, when we asked between the Production handlers if they preferred to reformat all servers and switch to learn different distros or to work with the proven-to-work, ongoing efforts that a community is doing... one of those solutions requires exponentially less downtime and headaches than the other.
user2284570 about 4 years

@LuisMachuca I'm no such zealot and I don't know any reasonable person who is. My main teacher at my Master degree is one proof of the contrary among others. Though he is pro Systemd.
user2284570 almost 4 years

@CraigHicks Except since you set up a jail, you can’t do things like connecting wayland apps to the host’s compositing. Plain chroot isn’t a jail, but a way to change access search paths for the binaires.
user2284570 almost 4 years

It will then be run with isolation preventing it from interacting with things like udev on the host.