Docker engine 20.10.6 recently moved its cgroup v2 support out of experimental, but it does not support hybrid hierarchies. Most modern systemd packages for Linux distributions are compiled and shipped with the hybrid hierarchy which is a systemd recommended default.

You can view your host systemd environment with:

systemctl show -all | grep default-hierarchy

If the default hierarchy is listed as hybrid default-hierarchy=hybrid there will likely be issues (regardless of read/write permissions) when running systemd as an init system inside a Docker container.

Example

Running the following litmusimage/ubuntu container fails to start.

docker run -it --privileged --volume /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /tmp:exec litmusimage/ubuntu:20.04

Example init errors returned:

Failed to create /init.scope control group: Read-only file system
Failed to allocate manager object: Read-only file system
[!!!!!!] Failed to allocate manager object.
Exiting PID 1...

Workaround

Disable the hybrid hierarchy by setting the kernel parameter systemd.unified_cgroup_hierarchy=0 from your bootloader or during kernel compilation.

GRUB Example

Kernel parameters can be set in GRUB 2 by appending the GRUB_CMDLINE_LINUX or GRUB_CMDLINE_LINUX_DEFAULT options.

# /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX="quiet systemd.unified_cgroup_hierarchy=0"

Regenerate the GRUB configuration with:

grub-mkconfig -o /boot/grub/grub.cfg