Description of problem: Running docker run -ti --name systemd --rm registry.fedoraproject.org/fedora:28 /usr/sbin/init results in Mount failed for selinuxfs on /sys/fs/selinux: No such file or directory Failed to set up the root directory for shared mount propagation: Operation not permitted Version-Release number of selected component (if applicable): docker-1.13.1-59.gitaf6b32b.fc28.x86_64 container-selinux-2.65-1.gitbf5b26b.fc28.noarch oci-systemd-hook-0.1.17-1.git87fb61e.fc28.x86_64 How reproducible: Deterministic. Steps to Reproduce: 1. Run docker run -i --name systemd --rm registry.fedoraproject.org/fedora:28 /usr/sbin/init 2. See it say Mount failed for selinuxfs on /sys/fs/selinux: No such file or directory 3. In another terminal run docker exec systemd journalctl, see it print out some entries 4. In another terminal run docker rm -f systemd 5. Now repeat with -t option added to the docker run command: docker run -ti --name systemd --rm registry.fedoraproject.org/fedora:28 /usr/sbin/init Actual results: Mount failed for selinuxfs on /sys/fs/selinux: No such file or directory Failed to set up the root directory for shared mount propagation: Operation not permitted and docker exec systemd journalctl prints -- No entries -- No journal files were found. Expected results: The output with -ti should be the same as with -i. Additional info: The same result with registry.fedoraproject.org/fedora:rawhide. With registry.fedoraproject.org/fedora:27, the error message about "Failed to set up ..." is there but journalctl in the container actually shows services started.
*** Bug 1615081 has been marked as a duplicate of this bug. ***
Worked for me docker run -ti --name systemd --rm registry.fedoraproject.org/fedora:28 /usr/sbin/init Trying to pull registry.fedoraproject.org/fedora:28...Getting image source signatures Copying blob sha256:6b8551f02cfd71ef7b00fc994a1c573c53409552504fc0edd4cc14164e2e40d9 85.23 MB / 85.23 MB [======================================================] 4s Copying config sha256:e555121ced0fcad9197d7d0445daff0e42d8f0e0c37362b66b817b8713dcbb3a 1.27 KB / 1.27 KB [========================================================] 0s Writing manifest to image destination Storing signatures systemd 238 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid) Detected virtualization container-other. Detected architecture x86-64. Welcome to Fedora 28 (Twenty Eight)! Set hostname to <d2fd8e23a09a>. Failed to install release agent, ignoring: Read-only file system File /usr/lib/systemd/system/systemd-journald.service:35 configures an IP firewall (IPAddressDeny=any), but the local system does not support BPF/cgroup based firewalling. Proceeding WITHOUT firewalling in effect! (This warning is only shown for the first loaded unit using IP firewalling.) [ OK ] Reached target Local File Systems. [ OK ] Started Dispatch Password Requests to Console Directory Watch. [ OK ] Listening on Journal Socket. Starting Rebuild Dynamic Linker Cache... Starting Rebuild Journal Catalog... [ OK ] Reached target Slices. [ OK ] Listening on Process Core Dump Socket. [ OK ] Listening on Journal Socket (/dev/log). Starting Journal Service... [ OK ] Listening on /dev/initctl Compatibility Named Pipe. Starting Create System Users... [ OK ] Reached target Remote File Systems. [ OK ] Started Forward Password Requests to Wall Directory Watch. [ OK ] Reached target Swap. [ OK ] Reached target Paths. [ OK ] Started Rebuild Dynamic Linker Cache. [ OK ] Started Rebuild Journal Catalog. [ OK ] Started Create System Users. Starting Update is Completed... [ OK ] Started Journal Service. Starting Flush Journal to Persistent Storage... [ OK ] Started Update is Completed. [ OK ] Started Flush Journal to Persistent Storage. Starting Create Volatile Files and Directories... [ OK ] Started Create Volatile Files and Directories. Starting Update UTMP about System Boot/Shutdown... [ OK ] Started Update UTMP about System Boot/Shutdown. [ OK ] Reached target System Initialization. [ OK ] Started Daily Cleanup of Temporary Directories. [ OK ] Started dnf makecache timer. [ OK ] Reached target Timers. [ OK ] Listening on D-Bus System Message Bus Socket. [ OK ] Reached target Sockets. [ OK ] Reached target Basic System. Starting Permit User Sessions... [ OK ] Started D-Bus System Message Bus. [ OK ] Started Permit User Sessions. [ OK ] Reached target Multi-User System. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Oops accidentaly running podman.
# docker run -ti --name systemd --rm registry.fedoraproject.org/fedora:28 /usr/sbin/init Mount failed for selinuxfs on /sys/fs/selinux: No such file or directory Failed to set up the root directory for shared mount propagation: Operation not permitted
docker run -ti --env container=docker --name systemd --rm registry.fedoraproject.org/fedora:28 /usr/sbin/init I can not get it to work at all even in --privileged mode.
This message is a reminder that Fedora 28 is nearing its end of life. On 2019-May-28 Fedora will stop maintaining and issuing updates for Fedora 28. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '28'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 28 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
I'm seeing the same behaviour as in comment 0 also on Fedora 29 with docker-1.13.1-67.git1185cfd.fc29.x86_64 container-selinux-2.100-1.git3b78187.fc29.noarch oci-systemd-hook-0.2.0-1.git05e6923.fc29.x86_64 kernel-5.0.11-200.fc29.x86_64
Confirmed on f29 running f28, f29, and f30 container images. Cannot reproduce when running a RHEL image: # docker run -it --name systemd --rm registry.access.redhat.com/rhel7/rhel:latest /sbin/init ...actually gives the full systemd boot output...
This message is a reminder that Fedora 29 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora 29 on 2019-11-26. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '29'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 29 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
The issues is still present on Fedora 31 with docker-1.13.1-68.git47e2230.fc30.x86_64 and registry.fedoraproject.org/fedora:30 container.
Docker is no longer supported and this bug is unlikely to be fixed. If this is a bug in Podman then we can look at it.
Running # podman run -ti --name systemd --rm registry.fedoraproject.org/fedora:31 /usr/sbin/init works fine with podman-1.6.2-2.fc31.x86_64.