Docker with systemd on Ubuntu

    I like to have indipendent softwares isolated from the main system and <a href="/tag/docker">Docker</a> helps very much.

    Currently I've a Ubuntu 12.04.5 LTS host which use Upstart as init system but in the future I plan to migrate to systemd everywhere, in the meanwhile I ported some Docker Apps* to Docker + systemd. I know you should use one process per container but I think there are acceptable exceptions to this rule.
<h4>
    Docker + systemd (easy)</h4>

    <code>docker run &nbsp;--privileged -ti -v /sys/fs/cgroup grigio/archlinux-systemd</code>


    This should work in any host Linux distro, with any systemd enabled container, but it isn't nice because you allow to the container to read and write on `/sys/fs/cgroup` on the host.

<h4>
    Docker + systemd (better)</h4>

    <code>docker run &nbsp;--privileged -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro grigio/archlinux-systemd</code>


    Now is better, because the container can't write in cgroup, but it still have the `--privileged` option.


    To make it work you need a systemd distro as host or as alternative:


    <code>mkdir -p /sys/fs/cgroup/systemd/</code>


    If you want it persistent add it to `/etc/init/docker.conf` in the "pre-start script" section

<h4>
    Docker + systemd (best)</h4>

    <code>docker run -ti -v grigio/archlinux-systemd</code>


    To have a very isolated container with systemd you shouldn't use the special flags, but unfortunatly I'm not able to run it in a non-systemd host base. I get various errors:


    <code>Failed to get D-Bus connection: Unknown error -1</code>

    <code>Failed to mount tmpfs at /run: Operation not permitted</code>

    <code>Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied</code>

    <code>...</code>


    But <a href="http://maci0.wordpress.com/2014/07/23/run-systemd-in-an-unprivileged-docker-container/">Docker + unpriviledged systemd</a> should work, at least on a systemd Linux distribution.

    I've put some useful apps in this <a href="https://github.com/grigio/docker-apps">Docker repository</a>, let me know what you think.

    Here is a minimal, systemd session inside a docker container:

    <code>$ docker run --privileged -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /tmp/$(mktemp -d):/run grigio/archlinux-systemd</code>

    <code>systemd 216 running in system mode. (+PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID -ELFUTILS +KMOD -IDN )</code>

    <code>Detected virtualization 'other'.</code>
    <code>Detected architecture 'x86-64'.</code>
    <code>Welcome to Arch Linux!</code>
    <code>Set hostname to &lt;316939cdcb4e&gt;.</code>
    <code>[ &nbsp;OK &nbsp;] Reached target Paths.</code>
    <code>[ &nbsp;OK &nbsp;] Created slice Root Slice.</code>
    <code>[ &nbsp;OK &nbsp;] Listening on Device-mapper event daemon FIFOs.</code>
    <code>[ &nbsp;OK &nbsp;] Listening on Delayed Shutdown Socket.</code>
    <code>[ &nbsp;OK &nbsp;] Listening on Journal Socket (/dev/log).</code>
    <code>[ &nbsp;OK &nbsp;] Listening on Journal Socket.</code>
    <code>[ &nbsp;OK &nbsp;] Created slice System Slice.</code>
    <code>[ &nbsp;OK &nbsp;] Reached target Slices.</code>
    <code>[ &nbsp;OK &nbsp;] Reached target Swap.</code>
    <code>[ &nbsp;OK &nbsp;] Reached target Local File Systems.</code>
    <code>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Starting Create Volatile Files and Directories...</code>
    <code>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Starting Journal Service...</code>
    <code>[ &nbsp;OK &nbsp;] Started Journal Service.</code>
    <code>[ &nbsp;OK &nbsp;] Started Create Volatile Files and Directories.</code>
    <code>[ &nbsp;OK &nbsp;] Reached target System Initialization.</code>
    <code>[ &nbsp;OK &nbsp;] Listening on D-Bus System Message Bus Socket.</code>
    <code>[ &nbsp;OK &nbsp;] Reached target Sockets.</code>
    <code>[ &nbsp;OK &nbsp;] Reached target Timers.</code>
    <code>[ &nbsp;OK &nbsp;] Reached target Basic System.</code>
    <code>[ &nbsp;OK &nbsp;] Reached target Multi-User System.</code>
    <code>[root@316939cdcb4e /]# systemctl status</code>
    <code>* 316939cdcb4e</code>
    <code>&nbsp; &nbsp; State: running</code>
    <code>&nbsp; &nbsp; &nbsp;Jobs: 0 queued</code>
    <code>&nbsp; &nbsp;Failed: 0 units</code>
    <code>&nbsp; &nbsp; Since: Mon 2014-09-15 08:41:58 UTC; 3min 20s ago</code>
    <code>&nbsp; &nbsp;CGroup: /</code>
    <code>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;|- 1 /usr/bin/init</code>
    <code>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;|-18 -bash</code>
    <code>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;|-19 systemctl status</code>
    <code>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;`-system.slice</code>
    <code>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;`-systemd-journald.service</code>
    <code>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;`-16 /usr/lib/systemd/systemd-journald</code>

corso javascript