Docker engine 20.10.6 recently moved its cgroup v2 support out of experimental, but it does not support hybrid hierarchies. Most modern systemd packages for Linux distributions are compiled and shipped with the hybrid hierarchy which is a systemd recommended default.
You can view your host systemd environment with:
systemctl show -all | grep default-hierarchy
If the default hierarchy is listed as hybrid
default-hierarchy=hybrid there will likely be issues (regardless of read/write permissions) when running systemd as an init system inside a Docker container.
Running the following
litmusimage/ubuntu container fails to start.
docker run -it --privileged --volume /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /tmp:exec litmusimage/ubuntu:20.04
Example init errors returned:
Failed to create /init.scope control group: Read-only file system
Failed to allocate manager object: Read-only file system
[!!!!!!] Failed to allocate manager object.
Exiting PID 1...
Disable the hybrid hierarchy by setting the kernel parameter
systemd.unified_cgroup_hierarchy=0 from your bootloader or during kernel compilation.
Kernel parameters can be set in GRUB 2 by appending the
Regenerate the GRUB configuration with:
grub-mkconfig -o /boot/grub/grub.cfg