|
1 | 1 | # OCI systemd hooks |
2 | 2 | ============== |
3 | | -OCI systemd hook enables running systemd in docker and [OCI](https://github.com/opencontainers/specs) |
4 | | -compatible runtimes such as runc. |
5 | | - |
6 | | -oci-systemd-hook |
7 | | -It reads state over stdin and mounts a tmpfs at /run, /tmp, links in a journal directory from the host and |
8 | | -creates /etc/machine-id file for a container. |
| 3 | +OCI systemd hook enables users to run systemd in docker and [OCI](https://github.com/opencontainers/specs) compatible runtimes such as runc without requiring `--privileged` flag. |
9 | 4 |
|
10 | 5 | This project produces a C binary that can be used with runc and Docker (with minor code changes). |
11 | | -If you clone this branch and build/install `oci-systemd-hook`, a binary will be placed in |
12 | | -`/usr/libexec/oci/hooks.d` named `oci-systemd-hook`. You can change this location by |
13 | | -editing `HOOKSDIR` in the Makefile. |
| 6 | +If you clone this branch and build/install `oci-systemd-hook`, a binary should be placed in |
| 7 | +`/usr/libexec/oci/hooks.d` named `oci-systemd-hook`. |
14 | 8 |
|
15 | | -Running Docker or OCI runc containers with this executable, oci-systemd-hook is called just before a container is started and after it is provisioned. If the CMD to run inside of the container is init or systemd, this hook will configure |
16 | | -the container image to run a systemd environment. |
| 9 | +Running Docker or OCI runc containers with this executable, oci-systemd-hook is called just before a container is started and after it is provisioned. If the CMD to run inside of the container is `init` or `systemd`, this hook will configure the container image to run a systemd environment. For all other CMD's, this hook will just exit. |
17 | 10 |
|
18 | | -oci-systemd-hook will do the following |
| 11 | +When oci-systemd-hook detects systemd inside of the container it does the following: |
19 | 12 |
|
20 | | -* Mount a tmpfs on /run and /tmp |
| 13 | +* Mounts a tmpfs on /run and /tmp |
21 | 14 | - If there is content in the container image's /run and /tmp that content will be compied onto the tmpfs. |
22 | | -* Will create a /etc/machine-id based on the the containers UUID |
23 | | -* Will mount the hosts /sys/fs/cgroups file systemd read-only into the container |
| 15 | +* Creates a /etc/machine-id based on the the containers UUID |
| 16 | +* Mounts the hosts /sys/fs/cgroups file systemd read-only into the container |
24 | 17 | - /sys/fs/cgroup/systemd will be mounted read/write into the container. |
25 | 18 |
|
26 | | -When the container stops, these file systems will be removed. |
| 19 | +When the container stops, these file systems will be umounted. |
27 | 20 |
|
28 | 21 | systemd is expected to be able to run within the container without requiring |
29 | | -the --privileged option. However you will still need to specify a special --stop signal. |
| 22 | +the `--privileged` option. However you will still need to specify a special `--stop-signal`. Standard docker containers sends SIGTERM to pid 1, but systemd |
| 23 | +does not shut down properly when it recieves a SIGTERM. systemd specified that it needs to recieve a RTMIN+3 signal to shutdown properly. |
30 | 24 |
|
31 | 25 | If you created a container image based on a dockerfile like the following: |
32 | 26 | ``` |
|
0 commit comments