Description of problem: On Fedora 30 with docker-1.13.1-67.git1185cfd.fc30.x86_64, it is possible to run systemd in container with docker run --rm -t registry.fedoraproject.org/fedora /usr/sbin/init It does not show the systemd status due to other bugs but it runs and docker exec <container-id> systemctl confirms that. The only thing needed to get this working is setsebool container_manage_cgroup 1 With moby-engine instead of docker, that very same command fails. Version-Release number of selected component (if applicable): moby-engine-18.06.3-2.ce.gitd7080c1.fc30.x86_64 How reproducible: Deterministic. Steps to Reproduce: 1. dnf install -y moby-engine 2. setsebool container_manage_cgroup 1 3. systemctl start docker 4. docker run --rm -t registry.fedoraproject.org/fedora /usr/sbin/init Actual results: Failed to mount tmpfs at /run: Operation not permitted [!!!!!!] Failed to mount API filesystems. Exiting PID 1... Expected results: Nothing printed out to terminal but container running like with docker, or systemd v241-9.gitb67ecf2.fc30 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid) Detected virtualization container-other. Detected architecture x86-64. Welcome to Fedora 30 (Container Image)! Set hostname to <cbd53991ddce>. Initializing machine ID from random generator. File /usr/lib/systemd/system/systemd-journald.service:12 configures an IP firewall (IPAddressDeny=any), but the local system does not support BPF/cgroup based firewalling. Proceeding WITHOUT firewalling in effect! (This warning is only shown for the first loaded unit using IP firewalling.) [ OK ] Reached target Swap. [ OK ] Listening on initctl Compatibility Named Pipe. [ OK ] Listening on Journal Socket. [...] Additional info:
I'd expect the behaviour to match the old docker package, given that in Fedora rawhide, moby-engine acts as docker replacement: # rpm -q --provides moby-engine config(moby-engine) = 18.09.8-1.ce.git0dd43dd.fc31 docker = 18.09.8-1.ce.git0dd43dd.fc31 docker-latest = 18.09.8-1.ce.git0dd43dd.fc31 moby-engine = 18.09.8-1.ce.git0dd43dd.fc31 moby-engine(x86-64) = 18.09.8-1.ce.git0dd43dd.fc31
I notice that moby-engine does not pull in any of the oci-* hook packages. However, even installing oci-systemd-hook manually does not help.
It seems that moby-engine not running OCI hooks was reported in bug 1634148.
It seems that it's necessary to use the --tmpfs /run -v /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /tmp options with moby-engine, like it was necessary with the old docker package before oci-systemd-hook was introduced: # docker run --tmpfs /run -v /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /tmp --rm -ti registry.fedoraproject.org/fedora /usr/sbin/init systemd v241-9.gitb67ecf2.fc30 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid) Detected virtualization container-other. Detected architecture x86-64. Welcome to Fedora 30 (Container Image)! Set hostname to <c86bea7740b2>. Initializing machine ID from random generator. File /usr/lib/systemd/system/systemd-journald.service:12 configures an IP firewall (IPAddressDeny=any), but the local system does not support BPF/cgroup based firewalling. Proceeding WITHOUT firewalling in effect! (This warning is only shown for the first loaded unit using IP firewalling.) [ OK ] Reached target Slices. [ OK ] Listening on Journal Socket (/dev/log). [ OK ] Reached target Swap. [ OK ] Reached target Remote File Systems. [ OK ] Started Dispatch Password …ts to Console Directory Watch. [ OK ] Started Forward Password R…uests to Wall Directory Watch. [ OK ] Reached target Local File Systems. [ OK ] Reached target Paths. [ OK ] Listening on Process Core Dump Socket. [ OK ] Listening on initctl Compatibility Named Pipe. [ OK ] Listening on Journal Socket. Starting Rebuild Dynamic Linker Cache... Starting Journal Service... Starting Create System Users... [ OK ] Started Create System Users. [ OK ] Started Rebuild Dynamic Linker Cache. [ OK ] Started Journal Service. Starting Flush Journal to Persistent Storage... [ OK ] Started Flush Journal to Persistent Storage. Starting Create Volatile Files and Directories... [...]
Hello, any idea about the situation?
This message is a reminder that Fedora 30 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora 30 on 2020-05-26. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '30'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 30 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
This message is a reminder that Fedora 32 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora 32 on 2021-05-25. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '32'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 32 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
This message is a reminder that Fedora Linux 34 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 34 on 2022-06-07. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '34'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, change the 'version' to a later Fedora Linux version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora Linux 34 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora Linux, you are encouraged to change the 'version' to a later version prior to this bug being closed.
Fedora Linux 34 entered end-of-life (EOL) status on 2022-06-07. Fedora Linux 34 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. Thank you for reporting this bug and we are sorry it could not be fixed.
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 365 days