Docker (CentOS 7 with SYSTEMCTL) : Failed to mount tmpfs & cgroup

try to run your container in privileged mode:

docker run -ti --privileged=true -v /sys/fs/cgroup:/sys/fs/cgroup:ro -p 80:80 local/centos7-systemd

this should solve your problem

The more modern approach to this, after Daniel Walsh contributed a series of patches, is this...

docker run -ti --tmpfs /tmp --tmpfs /run -v /sys/fs/cgroup:/sys/fs/cgroup:ro -p 80:80 local/centos7-systemd

Essentially starting in a privileged container is a bad idea for security reasons. Since Daniel contributed patches to make it unnecessary we are able to start without escalating privileges.

While it's true that we should maintain the "single service/process per container" principle in general, some people want to run RedHat supported containers, which means the use of systemd.

See https://developers.redhat.com/blog/2016/09/13/running-systemd-in-a-non-privileged-container/ for more information

To demonstrate a stripped down systemd container, something like this would have an apache and tomcat running; not the single service/process principle, but just an example. You'd obviously need to do more to this image, but this is the basic idea. I think I got this from one of Daniel's posts somewhere, but I don't recall now.

FROM centos:7ENV container dockerRUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \systemd-tmpfiles-setup.service ] || rm -f $i; done); \rm -f /lib/systemd/system/multi-user.target.wants/*;\rm -f /etc/systemd/system/*.wants/*;\rm -f /lib/systemd/system/local-fs.target.wants/*; \rm -f /lib/systemd/system/sockets.target.wants/*udev*; \rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \rm -f /lib/systemd/system/basic.target.wants/*;\rm -f /lib/systemd/system/anaconda.target.wants/*;RUN yum -y install httpd tomcat tomcat-javadoc.noarch \    tomcat-docs-webapp.noarch tomcat-admin-webapps.noarch ; \    yum clean allRUN systemctl enable tomcat.serviceRUN systemctl enable httpd.serviceVOLUME [ "/sys/fs/cgroup" ]EXPOSE 80 8080CMD ["/usr/sbin/init"]docker build -t apache ./docker run --tmpfs /tmp --tmpfs /run -it -v /sys/fs/cgroup:/sys/fs/cgroup:ro -p 8081:80 -p 8080:8080 --name apache apache

I got the same problem with Docker for Windows (1.12.3)...

$ docker logs bareossystemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN)Detected virtualization docker.Detected architecture x86-64.Welcome to CentOS Linux 7 (Core)!Set hostname to <bareos>.Failed to install release agent, ignoring: No such file or directoryFailed to create root cgroup hierarchy: No such file or directoryFailed to allocate manager object: No such file or directory[!!!!!!] Failed to allocate manager object, freezing.

The latest boot2docker doesn't have systemd. We can't have systemd in a Docker container, if the host doesn't have it. Since the important folder for that is /sys/fs/cgroup/systemd.

So finally, I create a default vm in VitualBox based on Alpine Linux and a default docker-machine with the generic driver.