coderbirju · coderbirju · Oct 4, 2025 · Oct 4, 2025 · Oct 4, 2025
diff --git a/Dockerfile b/Dockerfile
@@ -286,7 +286,7 @@ RUN apt-get update -qq && apt-get install -qq -y --no-install-recommends \
   bash-completion \
   ca-certificates curl \
   iproute2 iptables \
-  dbus dbus-user-session systemd systemd-sysv \
+  dbus dbus-user-session dbus-x11 systemd systemd-sysv \
   fuse3
 COPY --from=build-full /docker-entrypoint.sh /docker-entrypoint.sh
 COPY --from=out-full / /usr/local/
@@ -363,6 +363,8 @@ RUN apt-get update -qq && apt-get install -qq --no-install-recommends \
   uidmap \
   openssh-server \
   openssh-client
+# Enable D-Bus user session for systemd healthcheck timers in rootless mode
+RUN systemctl --global enable dbus.socket dbus.service
 # TODO: update containerized-systemd to enable sshd by default, or allow `systemctl wants <TARGET> ssh` here
 RUN ssh-keygen -q -t rsa -f /root/.ssh/id_rsa -N '' && \
   useradd -m -s /bin/bash rootless && \

diff --git a/Dockerfile.d/test-integration-rootless.sh b/Dockerfile.d/test-integration-rootless.sh
@@ -34,6 +34,22 @@ if [[ "$(id -u)" = "0" ]]; then
 	systemctl start ssh
 	exec ssh -o StrictHostKeyChecking=no rootless@localhost "$0" "$@"
 else
+	# Ensure XDG_RUNTIME_DIR is set and create it if needed
+	export XDG_RUNTIME_DIR="/run/user/$(id -u)"
+	mkdir -p "$XDG_RUNTIME_DIR"
+	chmod 700 "$XDG_RUNTIME_DIR"
+
+	# Start systemd user session and D-Bus for healthcheck timers
+	systemctl --user daemon-reload || true
+	systemctl --user start dbus.socket || true
+	systemctl --user start dbus.service || true
+
+	# Set D-Bus session address
+	export DBUS_SESSION_BUS_ADDRESS="unix:path=$XDG_RUNTIME_DIR/bus"
+
+	# Wait a moment for D-Bus to be ready
+	sleep 1
+
 	containerd-rootless-setuptool.sh install
 	if grep -q "options use-vc" /etc/resolv.conf; then
 		containerd-rootless-setuptool.sh nsenter -- sh -euc 'echo "options use-vc" >>/etc/resolv.conf'

diff --git a/cmd/nerdctl/container/container_health_check_linux_test.go b/cmd/nerdctl/container/container_health_check_linux_test.go
@@ -32,7 +32,6 @@ import (
 	"github.com/containerd/nerdctl/mod/tigron/tig"
 
 	"github.com/containerd/nerdctl/v2/pkg/healthcheck"
-	"github.com/containerd/nerdctl/v2/pkg/rootlessutil"
 	"github.com/containerd/nerdctl/v2/pkg/testutil"
 	"github.com/containerd/nerdctl/v2/pkg/testutil/nerdtest"
 )
@@ -44,9 +43,9 @@ func TestContainerHealthCheckBasic(t *testing.T) {
 	testCase.Require = require.Not(nerdtest.Docker)
 
 	// Skip systemd tests in rootless environment to bypass dbus permission issues
-	if rootlessutil.IsRootless() {
-		t.Skip("systemd healthcheck tests are skipped in rootless environment")
-	}
+	// if rootlessutil.IsRootless() {
+	// 	t.Skip("systemd healthcheck tests are skipped in rootless environment")
+	// }
 
 	testCase.SubTests = []*test.Case{
 		{
@@ -146,9 +145,9 @@ func TestContainerHealthCheckAdvance(t *testing.T) {
 	testCase.Require = require.Not(nerdtest.Docker)
 
 	// Skip systemd tests in rootless environment to bypass dbus permission issues
-	if rootlessutil.IsRootless() {
-		t.Skip("systemd healthcheck tests are skipped in rootless environment")
-	}
+	// if rootlessutil.IsRootless() {
+	// 	t.Skip("systemd healthcheck tests are skipped in rootless environment")
+	// }
 
 	testCase.SubTests = []*test.Case{
 		{
@@ -618,9 +617,9 @@ func TestHealthCheck_SystemdIntegration_Basic(t *testing.T) {
 	testCase := nerdtest.Setup()
 	testCase.Require = require.Not(nerdtest.Docker)
 	// Skip systemd tests in rootless environment to bypass dbus permission issues
-	if rootlessutil.IsRootless() {
-		t.Skip("systemd healthcheck tests are skipped in rootless environment")
-	}
+	// if rootlessutil.IsRootless() {
+	// 	t.Skip("systemd healthcheck tests are skipped in rootless environment")
+	// }
 
 	testCase.SubTests = []*test.Case{
 		{
@@ -802,9 +801,9 @@ func TestHealthCheck_SystemdIntegration_Advanced(t *testing.T) {
 	testCase := nerdtest.Setup()
 	testCase.Require = require.Not(nerdtest.Docker)
 	// Skip systemd tests in rootless environment to bypass dbus permission issues
-	if rootlessutil.IsRootless() {
-		t.Skip("systemd healthcheck tests are skipped in rootless environment")
-	}
+	// if rootlessutil.IsRootless() {
+	// 	t.Skip("systemd healthcheck tests are skipped in rootless environment")
+	// }
 
 	testCase.SubTests = []*test.Case{
 		{

diff --git a/hack/test-integration.sh b/hack/test-integration.sh
@@ -50,7 +50,7 @@ for arg in "$@"; do
 done
 
 if [ "$needsudo" == "true" ] || [ "$needsudo" == "yes" ] || [ "$needsudo" == "1" ]; then
-  gotestsum "${args[@]}" -- -timeout="$timeout" -p 1 -exec sudo -args -test.allow-kill-daemon "$@"
+  gotestsum "${args[@]}" -- -timeout="$timeout" -p 1 -exec sudo -v -run TestHealthCheck_SystemdIntegration_Advanced -args -test.allow-kill-daemon ./cmd/nerdctl/container/
 else
-  gotestsum "${args[@]}" -- -timeout="$timeout" -p 1 -args -test.allow-kill-daemon "$@"
+  gotestsum "${args[@]}" -- -timeout="$timeout" -p 1 -v -run TestHealthCheck_SystemdIntegration_Advanced -args -test.allow-kill-daemon ./cmd/nerdctl/container/
 fi
diff --git a/pkg/containerutil/containerutil.go b/pkg/containerutil/containerutil.go
@@ -293,10 +293,10 @@
 	}
 
 	// If container has health checks configured, create and start systemd timer/service files.
-	if err := healthcheck.CreateTimer(ctx, container, cfg); err != nil {
+	if err := healthcheck.CreateTimer(ctx, c, (*config.Config)(&createOpt.GOptions)); err != nil {
 		return fmt.Errorf("failed to create healthcheck timer: %w", err)
 	}
-	if err := healthcheck.StartTimer(ctx, container, cfg); err != nil {
+	if err := healthcheck.StartTimer(ctx, c, (*config.Config)(&createOpt.GOptions)); err != nil {
 		return fmt.Errorf("failed to start healthcheck timer: %w", err)
 	}
 
@@ -535,9 +535,6 @@
 	if err := healthcheck.CreateTimer(ctx, container, cfg); err != nil {
 		return fmt.Errorf("failed to create healthcheck timer: %w", err)
 	}
-	if err := healthcheck.StartTimer(ctx, container, cfg); err != nil {
-		return fmt.Errorf("failed to start healthcheck timer: %w", err)
-	}
 
 	switch status.Status {
 	case containerd.Paused:

diff --git a/pkg/healthcheck/healthcheck_manager_darwin.go b/pkg/healthcheck/healthcheck_manager_darwin.go
@@ -29,6 +29,11 @@ func CreateTimer(ctx context.Context, container containerd.Container, cfg *confi
 	return nil
 }
 
+// CreateAndStartTimer sets up the transient systemd timer and service for healthchecks.
+func CreateAndStartTimer(ctx context.Context, container containerd.Container, cfg *config.Config) error {
+	return nil
+}
+
 // StartTimer starts the healthcheck timer unit.
 func StartTimer(ctx context.Context, container containerd.Container, cfg *config.Config) error {
 	return nil

diff --git a/pkg/healthcheck/healthcheck_manager_freebsd.go b/pkg/healthcheck/healthcheck_manager_freebsd.go
@@ -34,6 +34,11 @@ func StartTimer(ctx context.Context, container containerd.Container, cfg *config
 	return nil
 }
 
+// CreateAndStartTimer sets up the transient systemd timer and service for healthchecks.
+func CreateAndStartTimer(ctx context.Context, container containerd.Container, cfg *config.Config) error {
+	return nil
+}
+
 // RemoveTransientHealthCheckFiles stops and cleans up the transient timer and service.
 func RemoveTransientHealthCheckFiles(ctx context.Context, container containerd.Container) error {
 	return nil