Fixing the 'Failed to get D-Bus connection' Error in Docker

intermediate🐳 Docker2026-07-10| Docker Engine, CentOS 7/8, Ubuntu 18.04+, Debian, and other systemd-based containers.

Error Message

Failed to get D-Bus connection: Operation not permitted
#docker#systemd#devops#linux-admin

The Problem: Why systemctl FailsYou’re likely trying to fire up a service—like Nginx, Apache, or a database—inside a CentOS or Ubuntu container. You run systemctl start, but instead of a running service, you hit a wall. The terminal spits out a blunt error: Failed to get D-Bus connection: Operation not permitted.

This happens because Docker containers are designed to be lightweight and isolated. By default, they don't have the permissions to talk to the host's systemd or manage their own systemd instance. Systemd expects to be the first process (PID 1) and requires direct access to the host's control groups (cgroups) to function. Standard Docker security profiles block this access to keep your host safe.

The Quick Fix: Using Privileged ModeTo get systemd working, you need to lift Docker's default restrictions. This involves granting the container extended privileges and mounting the host's cgroup directory so systemd can manage processes correctly.

Launch your container using these specific flags:

docker run -d \  --name web-server \  --privileged \  -v /sys/fs/cgroup:/sys/fs/cgroup:ro \  centos:7 /usr/sbin/init

Breaking down the command:- --privileged: This gives the container nearly full access to the host's hardware and kernel features.- -v /sys/fs/cgroup:/sys/fs/cgroup:ro: This maps the host’s control groups into the container. Without this, systemd cannot track or limit service resources.- /usr/sbin/init: This is the most important part. You are telling Docker to start the systemd init process as PID 1 instead of just dropping you into a bash shell.## Automating with Docker ComposeManually typing long docker run commands is tedious. If you want this configuration to stick, add these parameters to your docker-compose.yml file. This is especially useful for local development environments where you frequently restart stacks.

version: '3' 
services:
  app-server:
    image: centos:7
    privileged: true
    volumes:
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
    command: /usr/sbin/init

Deploy the updated configuration with a single command:

docker-compose up -d

What’s happening under the hood?Docker is optimized to run a single application process. Systemd, on the other hand, is an entire manager designed to oversee dozens of background services. To do its job, systemd must be the "parent" process (PID 1).

When you run a standard container, the shell (bash) or your app is usually PID 1. When you try to use systemctl, it looks for a D-Bus connection to talk to PID 1. Since systemd isn't actually running as the init process, the connection fails. By using /usr/sbin/init and --privileged, you’re essentially turning your container into a lightweight virtual machine.

A Lighter Alternative: The --init FlagDo you actually need systemctl, or do you just need to manage processes? If you only want to handle signals (like SIGTERM) or clean up zombie processes, you don't need the full systemd overhead. Docker 1.13 and newer includes a built-in init process called tini.

docker run -it --init ubuntu:20.04 /bin/bash

Note: This will not fix the D-Bus error if your app strictly requires systemctl. It is, however, a much more secure way to handle process management in production.

Verifying the FixAfter starting your container with the privileged flag, verify that systemd is healthy. First, jump into the container's terminal:

docker exec -it web-server /bin/bash

Then, check the system status:

systemctl status

If everything is set up correctly, you’ll see State: running and a list of active units. You can now start your services as you normally would on a physical server:

systemctl start httpd
systemctl status httpd

Security WarningUsing --privileged is a heavy-handed approach. It grants the container root-level access to your host machine. In a production environment, this is a significant security risk. If a container is compromised, the attacker could potentially escape to the host. Always try to refactor your Dockerfile to run your application directly (using ENTRYPOINT) before resorting to systemd inside a container.

Related Error Notes