7

In order to debug why this issue occurs the following command is run on a container:

docker run -it <dockerImageName> dmesg

results in:

dmesg: read kernel buffer failed: Permission denied

Attempts

  1. Running docker run -it <dockerImageName> sudo dmesg returns the same issue
Community
  • 1
030
  • 5,731
  • 12
  • 61
  • 107

1 Answers1

4

as Michael Hampton mentioned, containers are meant to run only single atomic service. As a matter of fact, one should understand that containers are not virtual machines but a single process by itself on your localhost.

Nevertheless, I got to know that, its a bit more harder to get SystemD working inside a container from here

I was able to get SystemD working inside an image built FROM centos:centos7 with:

docker run --privileged -ti -e "container=docker" -v /sys/fs/cgroup:/sys/fs/cgroup trinitronx/ansible-base:stable-centos7 /usr/sbin/init

For some undocumented reason the variable container=docker is apparently required. /sys/fs/cgroup is also required, as SystemD needs cgroups to work properly according to RedHat Bug 1033604.

After doing this, try to login to the container using docker exec -it <container> /bin/bash and then you could execute your systemctl commands.

Community
  • 1
Maniankara
  • 386
  • 2
  • 5
  • Would this be safe enough to run in production? I will try to run the binary instead of using systemd. – 030 Feb 04 '16 at 23:29
  • No, I suppose as its using "privileged" and also mouting /sys directories into the container. I thought this was just for debugging temporarily. Services should not be started with `systemctl` after containers are up. It should be part of CMD. e.g. [This is how httpd is started](https://github.com/docker-library/httpd/blob/1f1f7d39d5fe5aebeedea6872786b4e3ce0ebcc9/2.4/Dockerfile). However, have you every thought, how do you automate the starting of those processes after the container has started? – Maniankara Feb 05 '16 at 09:36
  • 3
    So the solution is to use `--privileged` :) . Helped me viewing `dmesg` and mounting using CIFS! Thanks. – yair Feb 12 '19 at 06:42
  • the `--privileged` should be highlighted IMO, this helped _a lot_ while testing things locally as I have no plan to run like this in production. – Eugene May 17 '20 at 21:31