Many must run as root, and the reasons not to do that are discussed in the article this HN thread is discussing.
Systemd is particularly tricky because it needs to be able to control the cgroups of its child processes, which means the container needs to be granted that capability. See https://developers.redhat.com/blog/2019/04/24/how-to-run-sys... about how to run systemd in a container via Podman, and is a follow up to https://developers.redhat.com/blog/2016/09/13/running-system... which discusses why the Docker case is even more difficult.
That said, if you just want a process supervisor for a multi process container, there are several more minimal init systems that will work well, for example, supervisord.
Many must run as root, and the reasons not to do that are discussed in the article this HN thread is discussing.
Systemd is particularly tricky because it needs to be able to control the cgroups of its child processes, which means the container needs to be granted that capability. See https://developers.redhat.com/blog/2019/04/24/how-to-run-sys... about how to run systemd in a container via Podman, and is a follow up to https://developers.redhat.com/blog/2016/09/13/running-system... which discusses why the Docker case is even more difficult.
That said, if you just want a process supervisor for a multi process container, there are several more minimal init systems that will work well, for example, supervisord.