I can run a full Arch system (with systemd as PID 1) in a Docker container in
Docker privileged mode:
sudo docker run -i -t --privileged archlinux /usr/lib/systemd/systemd
but privileged mode is, well, a bit privileged. I believe used to be able to
tone this down with something like:
sudo docker run -i -t --cap-add=ALL -v /sys/fs/cgroup:/sys/fs/cgroup:ro
archlinux /usr/lib/systemd/systemd
or even less capabilities than "all". But now I'm getting:
systemd 248.3-2-arch running in system mode. (+PAM +AUDIT -SELINUX
-APPARMOR -IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL
+ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2
-PWQUALITY +P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +XKBCOMMON +UTMP
-SYSVINIT default-hierarchy=unified)
Detected virtualization docker.
Detected architecture x86-64.
Detected first boot.
Welcome to Arch Linux!
Initializing machine ID from random generator.
Failed to create /init.scope control group: Read-only file system
Failed to allocate manager object: Read-only file system
[!!!!!!] Failed to allocate manager object.
Exiting PID 1...
I don't understand what that means. (Somebody likes exclamation marks.) What's
the "manager object", and who is trying to allocate it?
Assuming that the "Read-only filesystem" in question is that /sys/fs/cgroup,
when binding it into the container as read-write I get that instead:
Failed to create /init.scope control group: No such file or directory
Failed to allocate manager object: No such file or directory
This long Serverfault thread
<https://serverfault.com/questions/1053187/systemd-fails-to-run-in-a-docker-container-when-using-cgroupv2-cgroupns-priva>
may be related? Are they saying it's broken? Can it be done?
Posted this earlier <https://bbs.archlinux.org/viewforum.php?id=23> in the Arch
forum, lots of views, no answers.
Thanks,
Johannes._______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
