systemd を haconiwa 上で動かしてみた https://twitter.com/minimum2scp/status/758268900958101504

systemd-on-haco.log

tsuyoshi@mira% docker create --name systemd minimum2scp/systemd:latest
tsuyoshi@mira% sudo mkdir /var/tmp/systemd
tsuyoshi@mira% docker export systemd | sudo tar xf - -C /var/tmp/systemd
tsuyoshi@mira% vi systemd.haco
tsuyoshi@mira% sudo haconiwa run systemd.haco
Failed to mount sysfs at /sys: Operation not permitted
Failed to mount devtmpfs at /dev: Operation not permitted
Freezing execution.

systemd.haco

# vim: set ft=ruby :
Haconiwa::Base.define do |config|
  config.init_command = "/sbin/init"
  config.name = "systemd"

  config.cgroup["cpu.shares"] = 2048
  config.cgroup["memory.limit_in_bytes"] = 256 * 1024 * 1024
  config.cgroup["pids.max"] = 1024

  #config.add_mount_point "/var/another/root/etc", to: "/var/your_rootfs/etc", readonly: true
  #config.add_mount_point "/var/another/root/home", to: "/var/your_rootfs/home"
  config.mount_independent_procfs
  config.chroot_to "/var/tmp/systemd"

  config.namespace.unshare "ipc"
  config.namespace.unshare "uts"
  config.namespace.unshare "mount"
  config.namespace.unshare "pid"

  config.capabilities.allow :all
  config.capabilities.drop "cap_sys_admin"
end

Haconiwa::Base.define do |config|
  config.init_command = "/sbin/init"
  config.name = "systemd001"

  config.cgroup["cpu.shares"] = 2048
  config.cgroup["memory.limit_in_bytes"] = 256 * 1024 * 1024
  config.cgroup["pids.max"] = 1024

  root = Pathname.new "/var/tmp/systemd"
  config.mount_independent_procfs
  config.add_mount_point "devtmpfs", to: root.join("dev"), fs: "devtmpfs" # added
  config.add_mount_point "sysfs", to: root.join("sys"), fs: "sysfs" #added
  config.chroot_to root

  config.namespace.unshare "ipc"
  config.namespace.unshare "uts"
  config.namespace.unshare "mount"
  config.namespace.unshare "pid"

  config.capabilities.allow :all
  config.capabilities.drop "cap_sys_admin"
end