running systemd inside containers #7651
Unanswered
marco-a-itl
asked this question in
Q&A
Replies: 1 comment 1 reply
-
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Thanks, can you share this pod manifest, to understand how it's started ? Without additional settings (like mounting of /sys/fs/cgroup with cgroup v1, etc.) or privileged flag, systemd as PID 1 shouldn't be able to start. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Is your feature request related to a problem? Please describe.
There are some cases of multi-service containers, derived from applications extracted from VMs, where it would be useful to allow running systemd inside the container, without requiring the privileged flag for security reasons.
Support for systemd inside containers has been extremely tricky and fragile for years. It is also dependent on OS features, like the presence of cgroup v2, and on the underlying container engine. Only podman declares official support, and regarding kubernetes distributions the situation is still fragmented and unclear.
Latest workarounds (like this one related to openshift) seem to be based on the recent introduction of user-namespaces, in addition to the presence of cgroup v2.
Describe the solution you'd like
This is more of a question: is there some kind of support for pods that run systemd as PID 1, without requiring full privileges ?
Has anyone successfully run such kind of pods in rke2 ?
Beta Was this translation helpful? Give feedback.
All reactions