[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] systemd as pid 1 in an unprivileged container.

On 09/14/2016 05:26 AM, Muayyad AlSadi wrote:

Nice article.

I would like to stress that docker is intended to be process container not system container.

In adeal (aka. Fictional unicorn) containers you would have a single process. Your start.sh should exec (to replace the shell) the application ("exec node ." Or "exec java -jar start.jar")

Many applications does not fit such restrictions. People end up using things like supervisord (a python script that manage multiple processes ) but of course it won't work out of the box. One need to rewrite services into its .ini format.

We have seen many fake systemds that are not 100% compatible.

Having real systemd would make dockerizing such apps a trivial job.

I would love if real systemd that just work. that fail gracefully for example when it does not have cgroups mounted it would just ignore cgroups-related directives.

I wish if I just run

docker run -dt fedora-systemd

Without any -v

How far are we from this?

We have it now, that is what is  talked about in the end of the article, oci-systemd--hook.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]