New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stricter PIDfile handling breaks all non-root services running in docker #11752
Comments
what does my educated guess is that docker doesn't set up cgroups correctly and /sys/fs/cgroup and /proc/$PID/cgroup do not match. |
Looks like this is not the case:
and /proc/1251/cgroup reports:
and in turn
so they do match |
No, this is broken:
it's the one line that matters... where does the duplicate hex thing comes from? Not sure what is going on there, but this almost definitely borkage in docker how they set up cgroupfs and cgroup ns. See: https://systemd.io/CGROUP_DELEGATION If docker doesnt' implement the above it's always going to remain a frickin' mess... |
Issues trucking on GitHub is switched off for Docker, so I have no idea how to report this back to docker. |
Reported it to Moby as well: moby/moby#38749. |
Sorry, but systemd is not the place to add work-arounds for borkages in docker... We have to make certain requirements on the environment we run in, and this is well documented, and not trivial nor obvious how to work around this at all... Let's close this here, this needs to be fixed in docker. Sorry. |
systemd version the issue has been seen with
systemd 237
Used distribution
ubuntu-18.04
Expected behaviour you didn't see
services that create a pid file as non-root which run fine when in VM should also run executed in docker container
Unexpected behaviour you saw
Service, that runs fine in normal VM (let say opendkim) failing to start when executed in docker container:
Steps to reproduce the problem
The text was updated successfully, but these errors were encountered: