[systemd-devel] [PATCH] README: audit no longer breaks container
Lennart Poettering
lennart at poettering.net
Sun Mar 2 15:30:13 PST 2014
On Thu, 20.02.14 05:14, Zbigniew Jędrzejewski-Szmek (zbyszek at in.waw.pl) wrote:
>
> On Thu, Feb 20, 2014 at 02:53:28AM +0100, Jason A. Donenfeld wrote:
> > Ever since the seccomp trick, this is no longer an issue.
> > ---
> > README | 7 -------
> > 1 file changed, 7 deletions(-)
> >
> > diff --git a/README b/README
> > index b918132..df04cc9 100644
> > --- a/README
> > +++ b/README
> > @@ -83,13 +83,6 @@ REQUIREMENTS:
> > CONFIG_EFI_VARS
> > CONFIG_EFI_PARTITION
> >
> > - Note that kernel auditing is broken when used with systemd's
> > - container code. When using systemd in conjunction with
> > - containers, please make sure to either turn off auditing at
> > - runtime using the kernel command line option "audit=0", or
> > - turn it off at kernel compile time using:
> > - CONFIG_AUDIT=n
> Only for kernel >= 3.14. I think we should say that.
Also, it's still broken on i386, where we the seccomp trick doesn't work
on socket(), due to the i386 specific madness that is socketcall(). It
works fine on all other archs though, including x86-64.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list