Systemd will only start correctly after mounting cgroups rw once

Docker Desktop for Mac
1

Expected behavior

Docker container with cgroup mounted ro with these setting should start systemd correctly.

docker run -d \ --cap-add SYS_ADMIN \ --volume /sys/fs/cgroup:/sys/fs/cgroup:ro \ --security-opt seccomp:unconfined \ --name systemdtest3 \ maci0/systemd 2390633595c9767017157e9820e17832b5afd6ab9717295c67ccd3eb7dc5bb12

docker exec -it systemdtest3 /bin/bash -c "ps -e -o uid,pid,cmd" UID PID CMD 0 1 /usr/lib/systemd/systemd 0 14 /usr/lib/systemd/systemd-journald 81 22 /bin/dbus-daemon --system --fork 0 23 ps -e -o uid,pid,cmd

Actual behavior

docker run -d \ --cap-add SYS_ADMIN \ --volume /sys/fs/cgroup:/sys/fs/cgroup:ro \ --security-opt seccomp:unconfined \ --name systemdtest \ maci0/systemd 28f3afdd7cac625805c72b1ec44a6823c0b3fae7a4ae8b70c47ab9b918587d10

docker exec -it systemdtest /bin/bash -c "ps -e -o uid,pid,cmd" UID PID CMD 0 1 /usr/lib/systemd/systemd 0 12 ps -e -o uid,pid,cmd

then if you mount cgroups with “rw”

`docker run -d
–cap-add SYS_ADMIN
–volume /sys/fs/cgroup:/sys/fs/cgroup:rw
–security-opt seccomp:unconfined
–name systemdtest2
maci0/systemd
8da9ab4501298b5529d2f3905e6ad23e9f4a01a2cc5b1b04156fb06aabd0d80f``

docker exec -it systemdtest2 /bin/bash -c "ps -e -o uid,pid,cmd" UID PID CMD 0 1 /usr/lib/systemd/systemd 0 14 /usr/lib/systemd/systemd-journald 81 22 /bin/dbus-daemon --system --fork 0 23 ps -e -o uid,pid,cmd

Systemd full starts up.

Then if you switch back to “ro” for all future containers it doesn’t need it anymore

docker run -d \ --cap-add SYS_ADMIN \ --volume /sys/fs/cgroup:/sys/fs/cgroup:ro \ --security-opt seccomp:unconfined \ --name systemdtest3 \ maci0/systemd 2390633595c9767017157e9820e17832b5afd6ab9717295c67ccd3eb7dc5bb12

docker exec -it systemdtest3 /bin/bash -c "ps -e -o uid,pid,cmd" UID PID CMD 0 1 /usr/lib/systemd/systemd 0 14 /usr/lib/systemd/systemd-journald 81 22 /bin/dbus-daemon --system --fork 0 23 ps -e -o uid,pid,cmd

Information

Docker for Mac: version: mac-v1.11.2-beta15 OS X: version 10.11.5 (build: 15F34) logs: /tmp/20160612-173824.tar.gz failure: No error was detected [OK] docker-cli [OK] app [OK] menubar [OK] virtualization [OK] system [OK] osxfs [OK] db [OK] slirp [OK] moby-console [OK] logs [OK] vmnetd [OK] env [OK] moby [OK] driver.amd64-linux

2

Anybody else have this problem?