doesn't do clean shutdown at all.

[kundeng]

Followed the instruction to test clean shutdown. When I run docker stop systemd, the other terminal basically just quit instantly and I'm not seeing any logs for graceful shutdown.

[kundeng]

See the log:
splunk@splunkapp-preprod02:~/docker-splunk-cluster> docker logs systemd
systemd 229 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN)
Detected virtualization docker.
Detected architecture x86-64.

Welcome to Ubuntu 16.04.4 LTS!

Set hostname to <598c908ab533>.
Initializing machine ID from D-Bus machine ID.
Failed to install release agent, ignoring: File exists
[ OK ] Listening on Journal Socket.
[ OK ] Created slice System Slice.
[ OK ] Reached target Paths.
[ OK ] Reached target Swap.
[ OK ] Reached target Local File Systems.
[ OK ] Reached target Slices.
Starting Create Volatile Files and Directories...
[ OK ] Listening on Journal Socket (/dev/log).
Starting Journal Service...
[ OK ] Started Create Volatile Files and Directories.
[ OK ] Started Journal Service.
systemd 229 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN)
Detected virtualization docker.
Detected architecture x86-64.

Welcome to Ubuntu 16.04.4 LTS!

Set hostname to <598c908ab533>.
Failed to install release agent, ignoring: File exists
[ OK ] Listening on Journal Socket (/dev/log).
[ OK ] Reached target Swap.
[ OK ] Reached target Local File Systems.
[ OK ] Listening on Journal Socket.
[ OK ] Reached target Paths.
[ OK ] Created slice System Slice.
[ OK ] Reached target Slices.
Starting Create Volatile Files and Directories...
Starting Journal Service...
[ OK ] Started Create Volatile Files and Directories.
[ OK ] Started Journal Service.
systemd 229 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN)
Detected virtualization docker.
Detected architecture x86-64.

Welcome to Ubuntu 16.04.4 LTS!

Set hostname to <598c908ab533>.
Failed to install release agent, ignoring: File exists
[ OK ] Created slice System Slice.
[ OK ] Reached target Slices.
[ OK ] Listening on Journal Socket (/dev/log).
[ OK ] Reached target Swap.
[ OK ] Reached target Local File Systems.
[ OK ] Listening on Journal Socket.
[ OK ] Reached target Paths.
Starting Create Volatile Files and Directories...
Starting Journal Service...
[ OK ] Started Create Volatile Files and Directories.
[ OK ] Started Journal Service.

[kundeng]

I shutdown and restart the container 2 twice, and it didn't log any graceful shutdown

[kundeng]

no one can speak to this??

[noidi]

I could not reproduce the problem.

Here are the exact commands I ran:

# Remove my pre-existing image to make sure I'm testing the latest image up
# on Docker Hub.
docker rmi solita/ubuntu-systemd

# Set up the Docker host.
docker run --rm --privileged -v /:/host solita/ubuntu-systemd setup

# Start a new container.
docker run -d --name systemd --security-opt seccomp=unconfined \
  --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
  -t solita/ubuntu-systemd

# Check the logs.
docker logs systemd

# The logs show normal systemd startup and end with
#
#   [  OK  ] Reached target Multi-User System.

# Check that journald works.
docker exec systemd journalctl

# The last line in the journal is:
#
#   Mar 31 06:35:02 59db11863abc systemd[1]: Startup finished in 46ms.

# In a second terminal, follow Docker logs. Hit enter a couple of times to
# see where new output begins.
docker logs -f systemd

# In a third terminal, follow the journal. Hit enter a couple of times to
# see where new output begins.
docker exec systemd journalctl -f

# In the first terminal, stop the container.
docker stop systemd

# The second terminal (Docker logs) shows systemd shutdown beginning with
#
#   [  OK  ] Stopped target Multi-User System.
#
# and ending with
#
#   [  OK  ] Reached target Shutdown.
#
# There are a couple of "Permission denied" errors as systemd tries to
# shut down parts of the Docker host it has no access to.

# The third terminal (the journal) shows systemd shutdown beginning with
#
#   Mar 31 06:40:02 59db11863abc systemd[1]: Received SIGRTMIN+3.
#   Mar 31 06:40:02 59db11863abc systemd[1]: Stopped target Multi-User System.
#
# and ending with
#
#   Mar 31 06:40:02 59db11863abc systemd[1]: Reached target Final Step.
#   Mar 31 06:40:02 59db11863abc systemd[1]: Starting Halt...
#   Mar 31 06:40:02 59db11863abc systemd[1]: Shutting down.
#   Mar 31 06:40:02 59db11863abc systemd-journald[19]: Journal stopped 
#
# Again, there are some errors when systemd tries to make changes that it's
# not allowed to make, but all in all it shuts down cleanly.

Do you get a clean shutdown if you follow these steps exactly?

[kundeng]

yes. just tested again, using both self build and remote images from Docker Hub.

log stopped at Started Journal Service. By the way, I ended up having to use a debian 8 base image anyway, and what worked for me is to pass --tty in docker run

docker logs systemd
systemd 229 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIB
CRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN)
Detected virtualization docker.
Detected architecture x86-64.

Welcome to Ubuntu 16.04.4 LTS!

Set hostname to <7b7ad8365852>.
Initializing machine ID from D-Bus machine ID.
Failed to install release agent, ignoring: File exists
[ OK ] Created slice System Slice.
[ OK ] Reached target Slices.
[ OK ] Reached target Swap.
[ OK ] Reached target Local File Systems.
[ OK ] Listening on Journal Socket (/dev/log).
[ OK ] Reached target Paths.
[ OK ] Listening on Journal Socket.
Starting Journal Service...
Starting Create Volatile Files and Directories...
[ OK ] Started Journal Service.

[kundeng]

Host is sles 12 sp3.

Client:
Version: 17.09.1-ce
API version: 1.32
Go version: go1.8.5
Git commit: f4ffd2511ce9
Built: Tue Dec 19 03:46:40 2017
OS/Arch: linux/amd64

Server:
Version: 17.09.1-ce
API version: 1.32 (minimum version 1.12)
Go version: go1.8.5
Git commit: f4ffd2511ce9
Built: Sat Oct 21 17:27:07 2017
OS/Arch: linux/amd64
Experimental: false

[thaJeztah]

This may be due to a bug in older versions of RunC, which prevented SIGRTMIN signals to be used as stop signal (see moby/moby#36787, moby/moby#36219). That issue was resolved through opencontainers/runc#1706, and pulled into moby/docker through moby/moby#36222).

Make sure you're running a current version of Docker, which will include a version of RunC that has the fix