[systemd-devel] [PATCH] nspawn: do not check audit if --boot argument is not set

Zbigniew Jędrzejewski-Szmek zbyszek at in.waw.pl
Sun Feb 16 08:40:25 PST 2014

On Sun, Feb 16, 2014 at 12:03:21AM +0100, Djalal Harouni wrote:
> Currently systemd-nspawn will call reset_audit_loginuid() and check
> if audit is enabled in the kernel even if it was invoked without the
> --boot argument. This makes systemd-nspawn print the audit error message
> and sleep(5) on every execution.
> This was introduced by commit db999e0f923ca6. Fix it by checking if
> arg_boot is set before before calling reset_audit_loginuid().
I'd argue that reset_audit_loginuid() should be called always, and the
loginuid reset if possible. One might execute the real init later

But later after db999e0f923ca6 Lennart added the seccomp wrapper, when
it turned out that resetting the audit loginuid is not enough. So
maybe with that additional change audit doesn't break containers even
with older kernels and the message and the delay could be done away
with altogether?


More information about the systemd-devel mailing list