[systemd-devel] systemd 231 and /dev/console in a docker container

baldur at email.de baldur at email.de
Sun Sep 18 12:30:10 UTC 2016 

Hello,

i hope this is the right list to ask this, if not it would be kind if
you would point me to the right forum. Currently i have systemd running
in a docker container, which works well in version 229  (fedora 24
image).  I have configured journald there to log to console, so that i
can see the logs via a simple docker logs -f <containername>. Everything
works fine with this.

Recently i decided to to to run systemd 231 on fedora 25 beta and
rebuild my Dockerfile for fedora 25. After starting the container it
turned out that nothing was shown in docker logs -f <containername > and
after some investigation, that journald was terribly slow with logging.
After some strace sessions in the container i found that writing to
/dev/console was failing with "EIO" (-1).   So i did another test if
this was docker problem and run simply a bash shell with the container.
To my surprise this worked fine.

With a "docker exec run -it fedora-25-image bash"  i could write to
console without any problems, when i did run a 'echo "Hello world"
>/dev/console" in the container. So i came to the conclusion that the
problem lies within systemd 231 and not withing Docker, as this worked
fine for fedora-24 based systemd 229 and also the simple bash test.

At this point i investiged what was the difference.  Basically it turned
out that on bash (and also on systemd 229 on fedora 24) the is shown
when i do a

cat /proc/1/mountinfo |grep console   ( /33 varies if you run more than
one container)

2769 2749 0:20 /33 /dev/console rw,nosuid,noexec,relatime - devpts
devpts rw,gid=5,mode=620,ptmxmode=0

when i do this with a fedora 25 image, where systemd is started as
process 1 i get  for

cat /proc/1/mountinfo |grep console 
2769 2749 0:20 */33//deleted */dev/console rw,nosuid,noexec,relatime -
devpts devpts rw,gid=5,mode=620,ptmxmode=000


It seems that systemd somehow has deleted the /dev/console device, and
therefore a journald which wants to log to /dev/console in the container
gets an EIO  . 


In general i have started the systemd runs with the following options
(24 or 25)
docker run --rm -it  --security-opt=seccomp:unconfined --cap-add
SYS_ADMIN -v /sys/fs/cgroup:/sys/fs/cgroup:ro  fedora-25-image
/lib/systemd/systemd


My question is now is this a bug, or is this some kind of new feature,
where i need to set a special flag in systemd 231  (which one?)


Hope the description was sufficient.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20160918/37f174fc/attachment.html>

More information about the systemd-devel mailing list