[systemd-devel] [PATCH] nspawn: do not check audit if --boot argument is not set
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Sun Feb 16 08:40:25 PST 2014
On Sun, Feb 16, 2014 at 12:03:21AM +0100, Djalal Harouni wrote:
> Currently systemd-nspawn will call reset_audit_loginuid() and check
> if audit is enabled in the kernel even if it was invoked without the
> --boot argument. This makes systemd-nspawn print the audit error message
> and sleep(5) on every execution.
>
> This was introduced by commit db999e0f923ca6. Fix it by checking if
> arg_boot is set before before calling reset_audit_loginuid().
I'd argue that reset_audit_loginuid() should be called always, and the
loginuid reset if possible. One might execute the real init later
anyway.
But later after db999e0f923ca6 Lennart added the seccomp wrapper, when
it turned out that resetting the audit loginuid is not enough. So
maybe with that additional change audit doesn't break containers even
with older kernels and the message and the delay could be done away
with altogether?
Zbyszek
More information about the systemd-devel
mailing list