[systemd-commits] man/systemd-nspawn.xml
Lennart Poettering
lennart at kemper.freedesktop.org
Thu May 9 06:40:22 PDT 2013
man/systemd-nspawn.xml | 10 ++++++++++
1 file changed, 10 insertions(+)
New commits:
commit 2aba426ffb345408a461ed0ff6fba46e63ae625b
Author: Lennart Poettering <lennart at poettering.net>
Date: Thu May 9 15:32:27 2013 +0200
man: document that the kernel's audit subsystem is currently incompatible with nspawn containers
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index cab5990..d9fb899 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -142,6 +142,16 @@
might be necessary to add this file to the container
tree manually if the OS of the container is too old to
contain this file out-of-the-box.</para>
+
+ <para>Note that the kernel auditing subsystem is
+ currently broken when used together with
+ containers. We hence recommend turning it off entirely
+ when using <command>systemd-nspawn</command> by
+ booting with <literal>audit=0</literal> on the kernel
+ command line, or by turning it off at kernel build
+ time. If auditing is enabled in the kernel operating
+ systems booted in an nspawn container might refuse
+ log-in attempts.</para>
</refsect1>
<refsect1>
More information about the systemd-commits
mailing list