This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
running systemd inside containers #7649
Comments
{{ message }}
You can continue the conversation there. Go to discussion →
Is your feature request related to a problem? Please describe.
There are some cases of multi-service containers, derived from applications extracted from VMs, where it would be useful to allow running systemd inside the container, without requiring the privileged flag for security reasons.
Support for systemd inside containers has been extremely tricky and fragile for years. It is also dependent on OS features, like the presence of cgroup v2, and on the underlying container engine. Only podman declares official support, and regarding kubernetes distributions the situation is still fragmented and unclear.
Latest workarounds (like this one related to openshift) seem to be based on the recent introduction of user-namespaces, in addition to the presence of cgroup v2.
Describe the solution you'd like
This is more of a question: is there some kind of support for pods that run systemd as PID 1, without requiring full privileges ?
Has anyone successfully run such kind of pods in rke2 ?
The text was updated successfully, but these errors were encountered: