It does not seem necessary to create /var/log/journal volume.

We drive the journal to /run/log (and via symlink to /data/var/log).

With podman run in systemd mode, the /var/log/journal volume gets
created automatially anyway. That's why we have to have the directory
on the image even if we do not plan to actually use it -- we avoid
the podman diff reports.

Dockerfile.almalinux-8

@@ -21,7 +21,6 @@ RUN echo "DefaultLimitNOFILE=1024" >> /etc/systemd/system.conf
 
 ENTRYPOINT [ "/usr/sbin/init" ]
 STOPSIGNAL RTMIN+3
-# test-addon: VOLUME [ "/var/log/journal" ]
 # test: systemd-container-failed.sh var-lib-nfs-rpc_pipefs.mount
 
 # Minimize the systemd setup
@@ -36,11 +35,12 @@ RUN systemctl set-default container-ipa.target
 RUN rmdir -v /etc/systemd/system/multi-user.target.wants \
  && mkdir /etc/systemd/system/container-ipa.target.wants \
  && ln -s /etc/systemd/system/container-ipa.target.wants /etc/systemd/system/multi-user.target.wants
+# podman in systemd mode mounts /var/log/journal volume which creates
+# the directory anyway and pollutes podman diff, just pre-create it
 RUN mkdir /var/log/journal
 # debug: RUN ! test -f /var/lib/systemd/random-seed
 RUN systemd-tmpfiles --remove --create
 # debug: RUN ! test -f /var/lib/systemd/random-seed
-# test-addon: VOLUME [ "/var/log/journal" ]
 # test: systemd-container-diff.sh list-dependencies-rhel-8.out /dev/null docker-diff-minimal-rhel-8.out
 
 # Prepare for basic ipa-server-install in container
@@ -51,7 +51,6 @@ ADD hostnamectl-wrapper /usr/bin/nisdomainname
 COPY patches/ipa-rhel-8.patch /root
 RUN set -o pipefail ; patch --verbose -p0 --fuzz=0 < /root/ipa-rhel-8.patch | tee /dev/stderr | sed -n 's/^patching file //;T;/\.py$/p' | xargs /usr/libexec/platform-python -m compileall
 
-# test-addon: VOLUME [ "/var/log/journal" ]
 ## # test: systemd-container-ipa-server-install.sh
 
 # Move configuration and data to data volume
@@ -75,7 +74,7 @@ RUN /usr/local/bin/prepare-volume-template /etc/volume-tmp-list /tmp
 RUN /usr/local/bin/extract-rpm-upgrade-scriptlets
 
 RUN echo 2.0 > /etc/volume-version
-VOLUME [ "/tmp", "/run", "/data", "/var/log/journal" ]
+VOLUME [ "/tmp", "/run", "/data" ]
 
 COPY init-data-minimal /usr/local/sbin/init
 ENTRYPOINT [ "/usr/local/sbin/init" ]

Dockerfile.almalinux-9

@@ -24,7 +24,6 @@ RUN echo "DefaultLimitNOFILE=1024" >> /etc/systemd/system.conf
 
 ENTRYPOINT [ "/usr/sbin/init" ]
 STOPSIGNAL RTMIN+3
-# test-addon: VOLUME [ "/var/log/journal" ]
 # test: systemd-container-failed.sh
 
 # Minimize the systemd setup
@@ -40,11 +39,13 @@ RUN systemctl set-default container-ipa.target
 RUN rmdir -v /etc/systemd/system/multi-user.target.wants \
  && mkdir /etc/systemd/system/container-ipa.target.wants \
  && ln -s /etc/systemd/system/container-ipa.target.wants /etc/systemd/system/multi-user.target.wants
+# podman in systemd mode mounts /var/log/journal volume which creates
+# the directory anyway and pollutes podman diff, just pre-create it
 RUN mkdir /var/log/journal
 # debug: RUN ! test -f /var/lib/systemd/random-seed
 RUN systemd-tmpfiles --remove --create
 # debug: RUN ! test -f /var/lib/systemd/random-seed
-# test-addon: VOLUME [ "/var/log/journal", "/var/tmp" ]
+# test-addon: VOLUME [ "/var/tmp" ]
 # test: systemd-container-diff.sh list-dependencies-rhel-9.out /dev/null docker-diff-minimal-fedora-23.out
 
 # Prepare for basic ipa-server-install in container
@@ -55,7 +56,6 @@ ADD hostnamectl-wrapper /usr/bin/nisdomainname
 COPY patches/ipa-rhel-9.patch /root
 RUN set -o pipefail ; patch --verbose -p0 --fuzz=0 < /root/ipa-rhel-9.patch | tee /dev/null | sed -n 's/^patching file //;T;/\.py$/p' | xargs /usr/libexec/platform-python -m compileall
 
-# test-addon: VOLUME [ "/var/log/journal" ]
 ## # test: systemd-container-ipa-server-install.sh
 
 # Move configuration and data to data volume
@@ -79,7 +79,7 @@ RUN /usr/local/bin/prepare-volume-template /etc/volume-tmp-list /tmp
 RUN /usr/local/bin/extract-rpm-upgrade-scriptlets
 
 RUN echo 2.0 > /etc/volume-version
-VOLUME [ "/tmp", "/run", "/data", "/var/log/journal" ]
+VOLUME [ "/tmp", "/run", "/data" ]
 
 COPY init-data-minimal /usr/local/sbin/init
 ENTRYPOINT [ "/usr/local/sbin/init" ]

Dockerfile.centos-7

@@ -27,7 +27,6 @@ RUN echo "DefaultLimitNOFILE=1024" >> /etc/systemd/system.conf
 
 ENTRYPOINT [ "/usr/sbin/init" ]
 STOPSIGNAL RTMIN+3
-# test-addon: VOLUME [ "/var/log/journal" ]
 # test: systemd-container-failed.sh network.service sys-fs-fuse-connections.mount var-lib-nfs-rpc_pipefs.mount
 
 # Minimize the systemd setup
@@ -43,8 +42,8 @@ RUN rmdir -v /etc/systemd/system/multi-user.target.wants \
  && ln -s /etc/systemd/system/container-ipa.target.wants /etc/systemd/system/multi-user.target.wants
 RUN rm /var/lib/systemd/random-seed
 RUN echo 0123456789abcdef0000000000000000 > /etc/machine-id && systemd-tmpfiles --remove --create && echo -n > /etc/machine-id
+# debug: RUN test -d /var/log/journal
 # debug: RUN ! test -f /var/lib/systemd/random-seed
-# test-addon: VOLUME [ "/var/log/journal" ]
 # test: systemd-container-diff.sh list-dependencies-centos-7.out docker-diff-minimal-centos-7.exceptions docker-diff-minimal-centos-7.out
 
 # Prepare for basic ipa-server-install in container
@@ -54,7 +53,6 @@ ADD hostnamectl-wrapper /usr/bin/domainname
 
 COPY patches/ipa-rhel-7.patch /root
 RUN set -o pipefail ; patch --verbose -p0 --fuzz=0 < /root/ipa-rhel-7.patch | tee /dev/stderr | sed -n 's/^patching file //;T;/\.py$/p' | xargs python -m compileall
-# test-addon: VOLUME [ "/var/log/journal" ]
 ## # test: systemd-container-ipa-server-install.sh
 
 # Move configuration and data to data volume
@@ -71,7 +69,7 @@ RUN /usr/local/bin/prepare-volume-template /etc/volume-tmp-list /tmp
 RUN /usr/local/bin/extract-rpm-upgrade-scriptlets
 
 RUN echo 2.0 > /etc/volume-version
-VOLUME [ "/tmp", "/run", "/data", "/var/log/journal" ]
+VOLUME [ "/tmp", "/run", "/data" ]
 
 COPY init-data-minimal /usr/local/sbin/init
 ENTRYPOINT [ "/usr/local/sbin/init" ]

Dockerfile.centos-8-stream

@@ -21,7 +21,6 @@ RUN echo "DefaultLimitNOFILE=1024" >> /etc/systemd/system.conf
 
 ENTRYPOINT [ "/usr/sbin/init" ]
 STOPSIGNAL RTMIN+3
-# test-addon: VOLUME [ "/var/log/journal" ]
 # test: systemd-container-failed.sh systemd-hostnamed.service var-lib-nfs-rpc_pipefs.mount
 
 # Minimize the systemd setup
@@ -36,11 +35,12 @@ RUN systemctl set-default container-ipa.target
 RUN rmdir -v /etc/systemd/system/multi-user.target.wants \
  && mkdir /etc/systemd/system/container-ipa.target.wants \
  && ln -s /etc/systemd/system/container-ipa.target.wants /etc/systemd/system/multi-user.target.wants
+# podman in systemd mode mounts /var/log/journal volume which creates
+# the directory anyway and pollutes podman diff, just pre-create it
 RUN mkdir /var/log/journal
 # debug: RUN ! test -f /var/lib/systemd/random-seed
 RUN systemd-tmpfiles --remove --create
 # debug: RUN ! test -f /var/lib/systemd/random-seed
-# test-addon: VOLUME [ "/var/log/journal" ]
 # test: systemd-container-diff.sh list-dependencies-rhel-8.out /dev/null docker-diff-minimal-rhel-8.out
 
 # Prepare for basic ipa-server-install in container
@@ -51,7 +51,6 @@ ADD hostnamectl-wrapper /usr/bin/nisdomainname
 COPY patches/ipa-rhel-8.patch /root
 RUN set -o pipefail ; patch --verbose -p0 --fuzz=0 < /root/ipa-rhel-8.patch | tee /dev/stderr | sed -n 's/^patching file //;T;/\.py$/p' | xargs /usr/libexec/platform-python -m compileall
 
-# test-addon: VOLUME [ "/var/log/journal" ]
 ## # test: systemd-container-ipa-server-install.sh
 
 # Move configuration and data to data volume
@@ -75,7 +74,7 @@ RUN /usr/local/bin/prepare-volume-template /etc/volume-tmp-list /tmp
 RUN /usr/local/bin/extract-rpm-upgrade-scriptlets
 
 RUN echo 2.0 > /etc/volume-version
-VOLUME [ "/tmp", "/run", "/data", "/var/log/journal" ]
+VOLUME [ "/tmp", "/run", "/data" ]
 
 COPY init-data-minimal /usr/local/sbin/init
 ENTRYPOINT [ "/usr/local/sbin/init" ]

Dockerfile.centos-9-stream

@@ -24,7 +24,6 @@ RUN echo "DefaultLimitNOFILE=1024" >> /etc/systemd/system.conf
 
 ENTRYPOINT [ "/usr/sbin/init" ]
 STOPSIGNAL RTMIN+3
-# test-addon: VOLUME [ "/var/log/journal" ]
 # test: systemd-container-failed.sh
 
 # Minimize the systemd setup
@@ -40,11 +39,13 @@ RUN systemctl set-default container-ipa.target
 RUN rmdir -v /etc/systemd/system/multi-user.target.wants \
  && mkdir /etc/systemd/system/container-ipa.target.wants \
  && ln -s /etc/systemd/system/container-ipa.target.wants /etc/systemd/system/multi-user.target.wants
+# podman in systemd mode mounts /var/log/journal volume which creates
+# the directory anyway and pollutes podman diff, just pre-create it
 RUN mkdir /var/log/journal
 # debug: RUN ! test -f /var/lib/systemd/random-seed
 RUN systemd-tmpfiles --remove --create
 # debug: RUN ! test -f /var/lib/systemd/random-seed
-# test-addon: VOLUME [ "/var/log/journal", "/var/tmp" ]
+# test-addon: VOLUME [ "/var/tmp" ]
 # test: systemd-container-diff.sh list-dependencies-rhel-9.out /dev/null docker-diff-minimal-fedora-23.out
 
 # Prepare for basic ipa-server-install in container
@@ -55,7 +56,6 @@ ADD hostnamectl-wrapper /usr/bin/nisdomainname
 COPY patches/ipa-rhel-9.patch /root
 RUN set -o pipefail ; patch --verbose -p0 --fuzz=0 < /root/ipa-rhel-9.patch | tee /dev/null | sed -n 's/^patching file //;T;/\.py$/p' | xargs /usr/libexec/platform-python -m compileall
 
-# test-addon: VOLUME [ "/var/log/journal" ]
 ## # test: systemd-container-ipa-server-install.sh
 
 # Move configuration and data to data volume
@@ -79,7 +79,7 @@ RUN /usr/local/bin/prepare-volume-template /etc/volume-tmp-list /tmp
 RUN /usr/local/bin/extract-rpm-upgrade-scriptlets
 
 RUN echo 2.0 > /etc/volume-version
-VOLUME [ "/tmp", "/run", "/data", "/var/log/journal" ]
+VOLUME [ "/tmp", "/run", "/data" ]
 
 COPY init-data-minimal /usr/local/sbin/init
 ENTRYPOINT [ "/usr/local/sbin/init" ]

Dockerfile.fedora-38

@@ -25,7 +25,6 @@ RUN echo "DefaultLimitNOFILE=1024" >> /etc/systemd/system.conf
 
 ENTRYPOINT [ "/usr/sbin/init" ]
 STOPSIGNAL RTMIN+3
-# test-addon: VOLUME [ "/var/log/journal" ]
 # test: systemd-container-failed.sh
 
 # Minimize the systemd setup
@@ -43,17 +42,16 @@ RUN rmdir -v /etc/systemd/system/multi-user.target.wants \
  && ln -s /etc/systemd/system/container-ipa.target.wants /etc/systemd/system/multi-user.target.wants
 RUN systemd-sysusers
 RUN systemd-tmpfiles --remove --create
-RUN mkdir -p /var/log/journal
+# debug: RUN test -d /var/log/journal
 # debug: RUN ! test -f /var/lib/systemd/random-seed
-# test-addon: VOLUME [ "/var/log/journal", "/var/tmp", "/var/lib/tpm2-tss/system/keystore" ]
+# test-addon: VOLUME [ "/var/tmp", "/var/lib/tpm2-tss/system/keystore" ]
 # test: systemd-container-diff.sh list-dependencies-fedora-38.out /dev/null docker-diff-minimal-fedora-23.out
 
 # Prepare for basic ipa-server-install in container
 # Address failing nis-domainname.service in the ipa-client-install step
 RUN mv /usr/bin/nisdomainname /usr/bin/nisdomainname.orig
 ADD hostnamectl-wrapper /usr/bin/nisdomainname
 
-# test-addon: VOLUME [ "/var/log/journal" ]
 ## # test: systemd-container-ipa-server-install.sh
 
 # Move configuration and data to data volume
@@ -73,7 +71,7 @@ RUN /usr/local/bin/prepare-volume-template /etc/volume-tmp-list /tmp
 RUN /usr/local/bin/extract-rpm-upgrade-scriptlets
 
 RUN echo 2.0 > /etc/volume-version
-VOLUME [ "/tmp", "/run", "/data", "/var/log/journal" ]
+VOLUME [ "/tmp", "/run", "/data" ]
 
 COPY init-data-minimal /usr/local/sbin/init
 ENTRYPOINT [ "/usr/local/sbin/init" ]

Dockerfile.fedora-39

@@ -25,7 +25,6 @@ RUN echo "DefaultLimitNOFILE=1024" >> /etc/systemd/system.conf
 
 ENTRYPOINT [ "/usr/sbin/init" ]
 STOPSIGNAL RTMIN+3
-# test-addon: VOLUME [ "/var/log/journal" ]
 # test: systemd-container-failed.sh
 
 # Minimize the systemd setup
@@ -43,17 +42,16 @@ RUN rmdir -v /etc/systemd/system/multi-user.target.wants \
  && ln -s /etc/systemd/system/container-ipa.target.wants /etc/systemd/system/multi-user.target.wants
 RUN systemd-sysusers
 RUN systemd-tmpfiles --remove --create
-RUN mkdir -p /var/log/journal
+# debug: RUN test -d /var/log/journal
 # debug: RUN ! test -f /var/lib/systemd/random-seed
-# test-addon: VOLUME [ "/var/log/journal", "/var/tmp" ]
+# test-addon: VOLUME [ "/var/tmp" ]
 # test: systemd-container-diff.sh list-dependencies-fedora-38.out /dev/null docker-diff-minimal-fedora-23.out
 
 # Prepare for basic ipa-server-install in container
 # Address failing nis-domainname.service in the ipa-client-install step
 RUN mv /usr/bin/nisdomainname /usr/bin/nisdomainname.orig
 ADD hostnamectl-wrapper /usr/bin/nisdomainname
 
-# test-addon: VOLUME [ "/var/log/journal" ]
 ## # test: systemd-container-ipa-server-install.sh
 
 # Move configuration and data to data volume
@@ -73,7 +71,7 @@ RUN /usr/local/bin/prepare-volume-template /etc/volume-tmp-list /tmp
 RUN /usr/local/bin/extract-rpm-upgrade-scriptlets
 
 RUN echo 2.0 > /etc/volume-version
-VOLUME [ "/tmp", "/run", "/data", "/var/log/journal" ]
+VOLUME [ "/tmp", "/run", "/data" ]
 
 COPY init-data-minimal /usr/local/sbin/init
 ENTRYPOINT [ "/usr/local/sbin/init" ]

Dockerfile.fedora-rawhide

@@ -26,7 +26,6 @@ RUN echo "DefaultLimitNOFILE=1024" >> /etc/systemd/system.conf
 
 ENTRYPOINT [ "/usr/sbin/init" ]
 STOPSIGNAL RTMIN+3
-# test-addon: VOLUME [ "/var/log/journal" ]
 # test: systemd-container-failed.sh
 
 # Minimize the systemd setup
@@ -44,17 +43,16 @@ RUN rmdir -v /etc/systemd/system/multi-user.target.wants \
  && ln -s /etc/systemd/system/container-ipa.target.wants /etc/systemd/system/multi-user.target.wants
 RUN systemd-sysusers
 RUN systemd-tmpfiles --remove --create
-RUN mkdir -p /var/log/journal
+# debug: RUN test -d /var/log/journal
 # debug: RUN ! test -f /var/lib/systemd/random-seed
-# test-addon: VOLUME [ "/var/log/journal", "/var/tmp" ]
+# test-addon: VOLUME [ "/var/tmp" ]
 # test: systemd-container-diff.sh list-dependencies-fedora-38.out /dev/null docker-diff-minimal-fedora-23.out
 
 # Prepare for basic ipa-server-install in container
 # Address failing nis-domainname.service in the ipa-client-install step
 RUN mv /usr/bin/nisdomainname /usr/bin/nisdomainname.orig
 ADD hostnamectl-wrapper /usr/bin/nisdomainname
 
-# test-addon: VOLUME [ "/var/log/journal" ]
 ## # test: systemd-container-ipa-server-install.sh
 
 # Move configuration and data to data volume
@@ -74,7 +72,7 @@ RUN /usr/local/bin/prepare-volume-template /etc/volume-tmp-list /tmp
 RUN /usr/local/bin/extract-rpm-upgrade-scriptlets
 
 RUN echo 2.0 > /etc/volume-version
-VOLUME [ "/tmp", "/run", "/data", "/var/log/journal" ]
+VOLUME [ "/tmp", "/run", "/data" ]
 
 COPY init-data-minimal /usr/local/sbin/init
 ENTRYPOINT [ "/usr/local/sbin/init" ]

Dockerfile.rhel-7

@@ -22,7 +22,6 @@ RUN echo "DefaultLimitNOFILE=1024" >> /etc/systemd/system.conf
 
 ENTRYPOINT [ "/usr/sbin/init" ]
 STOPSIGNAL RTMIN+3
-# test-addon: VOLUME [ "/var/log/journal" ]
 # test: systemd-container-failed.sh network.service sys-fs-fuse-connections.mount var-lib-nfs-rpc_pipefs.mount
 
 # Minimize the systemd setup
@@ -38,8 +37,8 @@ RUN rmdir -v /etc/systemd/system/multi-user.target.wants \
  && ln -s /etc/systemd/system/container-ipa.target.wants /etc/systemd/system/multi-user.target.wants
 RUN rm /var/lib/systemd/random-seed
 RUN echo 0123456789abcdef0000000000000000 > /etc/machine-id && systemd-tmpfiles --remove --create && echo -n > /etc/machine-id
+# debug: RUN test -d /var/log/journal
 # debug: RUN ! test -f /var/lib/systemd/random-seed
-# test-addon: VOLUME [ "/var/log/journal" ]
 # test: systemd-container-diff.sh list-dependencies-centos-7.out docker-diff-minimal-centos-7.exceptions docker-diff-minimal-centos-7.out
 
 # Prepare for basic ipa-server-install in container
@@ -49,7 +48,6 @@ ADD hostnamectl-wrapper /usr/bin/domainname
 
 COPY patches/ipa-rhel-7.patch /root
 RUN set -o pipefail ; patch --verbose -p0 --fuzz=0 < /root/ipa-rhel-7.patch | tee /dev/stderr | sed -n 's/^patching file //;T;/\.py$/p' | xargs python -m compileall
-# test-addon: VOLUME [ "/var/log/journal" ]
 ## # test: systemd-container-ipa-server-install.sh
 
 # Move configuration and data to data volume
@@ -66,7 +64,7 @@ RUN /usr/local/bin/prepare-volume-template /etc/volume-tmp-list /tmp
 RUN /usr/local/bin/extract-rpm-upgrade-scriptlets
 
 RUN echo 2.0 > /etc/volume-version
-VOLUME [ "/tmp", "/run", "/data", "/var/log/journal" ]
+VOLUME [ "/tmp", "/run", "/data" ]
 
 COPY init-data-minimal /usr/local/sbin/init
 ENTRYPOINT [ "/usr/local/sbin/init" ]

Dockerfile.rhel-8

@@ -20,7 +20,6 @@ RUN echo "DefaultLimitNOFILE=1024" >> /etc/systemd/system.conf
 
 ENTRYPOINT [ "/usr/sbin/init" ]
 STOPSIGNAL RTMIN+3
-# test-addon: VOLUME [ "/var/log/journal" ]
 # test: systemd-container-failed.sh var-lib-nfs-rpc_pipefs.mount
 
 # Minimize the systemd setup
@@ -34,10 +33,11 @@ RUN systemctl set-default container-ipa.target
 RUN rmdir -v /etc/systemd/system/multi-user.target.wants \
  && mkdir /etc/systemd/system/container-ipa.target.wants \
  && ln -s /etc/systemd/system/container-ipa.target.wants /etc/systemd/system/multi-user.target.wants
+# podman in systemd mode mounts /var/log/journal volume which creates
+# the directory anyway and pollutes podman diff, just pre-create it
 RUN mkdir /var/log/journal
 RUN systemd-tmpfiles --remove --create
 # debug: RUN ! test -f /var/lib/systemd/random-seed
-# test-addon: VOLUME [ "/var/log/journal" ]
 # test: systemd-container-diff.sh list-dependencies-rhel-8.out /dev/null docker-diff-minimal-rhel-8.out
 
 # Prepare for basic ipa-server-install in container
@@ -48,7 +48,6 @@ ADD hostnamectl-wrapper /usr/bin/nisdomainname
 COPY patches/ipa-rhel-8.patch /root
 RUN set -o pipefail ; patch --verbose -p0 --fuzz=0 < /root/ipa-rhel-8.patch | tee /dev/stderr | sed -n 's/^patching file //;T;/\.py$/p' | xargs /usr/libexec/platform-python -m compileall
 
-# test-addon: VOLUME [ "/var/log/journal" ]
 ## # test: systemd-container-ipa-server-install.sh
 
 # Move configuration and data to data volume
@@ -72,7 +71,7 @@ RUN /usr/local/bin/prepare-volume-template /etc/volume-tmp-list /tmp
 RUN /usr/local/bin/extract-rpm-upgrade-scriptlets
 
 RUN echo 2.0 > /etc/volume-version
-VOLUME [ "/tmp", "/run", "/data", "/var/log/journal" ]
+VOLUME [ "/tmp", "/run", "/data" ]
 
 COPY init-data-minimal /usr/local/sbin/init
 ENTRYPOINT [ "/usr/local/sbin/init" ]