<html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> </head> <body> <div> This fixes an issue within journald aborting when running inside archlinux container via systemd-nspawn on a debian host with audit enabled kernel. The journald binary in the archlinux container would try to bind an audit netlink socket which isn't allowed from within containers. The failed bind call then leads to a abort of journald which in turn disables logging for the whole container. This commit fixes this by logging and ignoring the EPERM error raised from the kernel after the bind call if it detects that it's running inside a container. --- src/journal/journald-audit.c | 8 +++++++- src/journal/journald-server.c | 2 ++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/journal/journald-audit.c b/src/journal/journald-audit.c index 46eb82f..1b36984 100644 --- a/src/journal/journald-audit.c +++ b/src/journal/journald-audit.c @@ -20,6 +20,7 @@ ***/ #include "missing.h" +#include "virt.h" #include "journald-audit.h" typedef struct MapField { @@ -533,8 +534,13 @@ int server_open_audit(Server *s) { } r = bind(s->audit_fd, &<a href="http://sa.sa" target="_blank">http://sa.sa</a>, sizeof(<a href="http://sa.nl)" target="_blank">http://sa.nl)</a>); - if (r < 0) + if (r < 0) { + if (errno == EPERM && detect_container(NULL) > 0) { + log_debug("Audit not supported in containers."); + return 0; + } return log_error_errno(errno, "Failed to join audit multicast group: %m"); + } } else fd_nonblock(s->audit_fd, 1); diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c index 5e07ce3..21f383a 100644 --- a/src/journal/journald-server.c +++ b/src/journal/journald-server.c @@ -1585,9 +1585,11 @@ int server_init(Server *s) { if (r < 0) return r; +#ifdef HAVE_AUDIT r = server_open_audit(s); if (r < 0) return r; +#endif r = server_open_kernel_seqnum(s); if (r < 0) -- 2.3.5 </div> </body> </html>