[systemd-devel] systemd 231 and /dev/console in a docker container Update

Mon Sep 19 18:13:13 UTC 2016

I also found that when i start

docker run --rm -it  --security-opt=seccomp:unconfined --cap-add
SYS_ADMIN --cap-add MKNOD  -v /sys/fs/cgroup:/sys/fs/cgroup:ro  
fedora-25-image   bash

and then run the systemd (so that it is not pid 1)

/lib/systemd/systemd --system --show-status=true --log-level=debug

==> then systemd starts normally (as pid 2) and the /dev/console node is
_not_ deleted and it works as expected!

So still puzzled what is happening, then run this as described below.

docker --version
Docker version 1.12.1, build 23cf638
cat /proc/version
Linux version 4.7.3-200.fc24.x86_64
(mockbuild at bkernel01.phx2.fedoraproject.org) (gcc version 6.1.1 20160621
(Red Hat 6.1.1-3) (GCC) ) #1 SMP Wed Sep 7 17:31:21 UTC 2016

Am 18.09.2016 um 14:30 schrieb baldur at email.de:
>
> Hello,
>
> i hope this is the right list to ask this, if not it would be kind if
> you would point me to the right forum. Currently i have systemd
> running in a docker container, which works well in version 229 
> (fedora 24 image).  I have configured journald there to log to
> console, so that i can see the logs via a simple docker logs -f
> <containername>. Everything works fine with this.
>
> Recently i decided to to to run systemd 231 on fedora 25 beta and
> rebuild my Dockerfile for fedora 25. After starting the container it
> turned out that nothing was shown in docker logs -f <containername >
> and after some investigation, that journald was terribly slow with
> logging. After some strace sessions in the container i found that
> writing to /dev/console was failing with "EIO" (-1).   So i did
> another test if this was docker problem and run simply a bash shell
> with the container. To my surprise this worked fine.
>
> With a "docker exec run -it fedora-25-image bash"  i could write to
> console without any problems, when i did run a 'echo "Hello world"
> >/dev/console" in the container. So i came to the conclusion that the
> problem lies within systemd 231 and not withing Docker, as this worked
> fine for fedora-24 based systemd 229 and also the simple bash test.
>
> At this point i investiged what was the difference.  Basically it
> turned out that on bash (and also on systemd 229 on fedora 24) the is
> shown when i do a
>
> cat /proc/1/mountinfo |grep console   ( /33 varies if you run more
> than one container)
>
> 2769 2749 0:20 /33 /dev/console rw,nosuid,noexec,relatime - devpts
> devpts rw,gid=5,mode=620,ptmxmode=0
>
> when i do this with a fedora 25 image, where systemd is started as
> process 1 i get  for
>
> cat /proc/1/mountinfo |grep console 
> 2769 2749 0:20 */33//deleted */dev/console rw,nosuid,noexec,relatime -
> devpts devpts rw,gid=5,mode=620,ptmxmode=000
>
>
> It seems that systemd somehow has deleted the /dev/console device, and
> therefore a journald which wants to log to /dev/console in the
> container gets an EIO  . 
>
>
> In general i have started the systemd runs with the following options
> (24 or 25)
> docker run --rm -it  --security-opt=seccomp:unconfined --cap-add
> SYS_ADMIN -v /sys/fs/cgroup:/sys/fs/cgroup:ro  fedora-25-image
> /lib/systemd/systemd
>
>
> My question is now is this a bug, or is this some kind of new feature,
> where i need to set a special flag in systemd 231  (which one?)
>
>
> Hope the description was sufficient.
>
>
>
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20160919/9e2e174e/attachment.html>