I like to have indipendent softwares isolated from the main system and <a href="/tag/docker">Docker</a> helps very much.
Currently I've a Ubuntu 12.04.5 LTS host which use Upstart as init system but in the future I plan to migrate to systemd everywhere, in the meanwhile I ported some Docker Apps* to Docker + systemd. I know you should use one process per container but I think there are acceptable exceptions to this rule.
<h4>
Docker + systemd (easy)</h4>
<code>docker run --privileged -ti -v /sys/fs/cgroup grigio/archlinux-systemd</code>
This should work in any host Linux distro, with any systemd enabled container, but it isn't nice because you allow to the container to read and write on `/sys/fs/cgroup` on the host.
<h4>
Docker + systemd (better)</h4>
<code>docker run --privileged -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro grigio/archlinux-systemd</code>
Now is better, because the container can't write in cgroup, but it still have the `--privileged` option.
To make it work you need a systemd distro as host or as alternative:
<code>mkdir -p /sys/fs/cgroup/systemd/</code>
If you want it persistent add it to `/etc/init/docker.conf` in the "pre-start script" section
<h4>
Docker + systemd (best)</h4>
<code>docker run -ti -v grigio/archlinux-systemd</code>
To have a very isolated container with systemd you shouldn't use the special flags, but unfortunatly I'm not able to run it in a non-systemd host base. I get various errors:
<code>Failed to get D-Bus connection: Unknown error -1</code>
<code>Failed to mount tmpfs at /run: Operation not permitted</code>
<code>Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied</code>
<code>...</code>
But <a href="http://maci0.wordpress.com/2014/07/23/run-systemd-in-an-unprivileged-docker-container/">Docker + unpriviledged systemd</a> should work, at least on a systemd Linux distribution.
I've put some useful apps in this <a href="https://github.com/grigio/docker-apps">Docker repository</a>, let me know what you think.
Here is a minimal, systemd session inside a docker container:
<code>$ docker run --privileged -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /tmp/$(mktemp -d):/run grigio/archlinux-systemd</code>
<code>systemd 216 running in system mode. (+PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID -ELFUTILS +KMOD -IDN )</code>
<code>Detected virtualization 'other'.</code>
<code>Detected architecture 'x86-64'.</code>
<code>Welcome to Arch Linux!</code>
<code>Set hostname to <316939cdcb4e>.</code>
<code>[ OK ] Reached target Paths.</code>
<code>[ OK ] Created slice Root Slice.</code>
<code>[ OK ] Listening on Device-mapper event daemon FIFOs.</code>
<code>[ OK ] Listening on Delayed Shutdown Socket.</code>
<code>[ OK ] Listening on Journal Socket (/dev/log).</code>
<code>[ OK ] Listening on Journal Socket.</code>
<code>[ OK ] Created slice System Slice.</code>
<code>[ OK ] Reached target Slices.</code>
<code>[ OK ] Reached target Swap.</code>
<code>[ OK ] Reached target Local File Systems.</code>
<code> Starting Create Volatile Files and Directories...</code>
<code> Starting Journal Service...</code>
<code>[ OK ] Started Journal Service.</code>
<code>[ OK ] Started Create Volatile Files and Directories.</code>
<code>[ OK ] Reached target System Initialization.</code>
<code>[ OK ] Listening on D-Bus System Message Bus Socket.</code>
<code>[ OK ] Reached target Sockets.</code>
<code>[ OK ] Reached target Timers.</code>
<code>[ OK ] Reached target Basic System.</code>
<code>[ OK ] Reached target Multi-User System.</code>
<code>[root@316939cdcb4e /]# systemctl status</code>
<code>* 316939cdcb4e</code>
<code> State: running</code>
<code> Jobs: 0 queued</code>
<code> Failed: 0 units</code>
<code> Since: Mon 2014-09-15 08:41:58 UTC; 3min 20s ago</code>
<code> CGroup: /</code>
<code> |- 1 /usr/bin/init</code>
<code> |-18 -bash</code>
<code> |-19 systemctl status</code>
<code> `-system.slice</code>
<code> `-systemd-journald.service</code>
<code> `-16 /usr/lib/systemd/systemd-journald</code>