Restarting host from docker container

There is a detail I missed in my question above which is once I have systemd running in the container itself, the systemctl reboot is (roughly saying) connecting to systemd on the container itself which is not what I want.

On the hint of a colleague, here is what I did on a "stock" fedora image (nothing special in it):

$ docker run -ti -v /run/systemd:/run/systemd fedora /bin/bash

Then in the container:

bash-4.2# systemctl status docker
docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled)
   Active: active (running) since Tue 2014-07-01 04:57:22 UTC; 2 weeks 0 days ago
     Docs: http://docs.docker.io
 Main PID: 2589
   CGroup: /system.slice/docker.service

Here, the container is able to access systemd on the host. Then, issuing a reboot command actually reboots the host:

bash-4.2# reboot 

Thus, it is possible to reboot the host from the container.

The point to note here is that the host is running Fedora 20 and so is the container. If the host was a different distro not running systemd, this would not be possible. Generally speaking, if the host and the container are running distros which are not running systemd or incompatible versions of systemd, this will not work.

I was able to send sysrq commands to the host mounting /proc/sysrq-trigger as a volume.

This booted the host.

docker-server# docker run -i -t -v /proc/sysrq-trigger:/sysrq centos bash
docker-container# echo b > /sysrq

You can set a bit-mask permission on /proc/sys/kernel/sysrq on the host to only allow eg, sync the disks and boot. More information about this at http://en.wikipedia.org/wiki/Magic_SysRq_key but something like this (untested) should set those permissions:

echo 144 > /proc/sys/kernel/sysrq

Also remember to add kernel.sysrq = 144 to /etc/sysctl.conf to have it saved over reboots.