[systemd-devel] [PATCH] README: audit no longer breaks container
Lennart Poettering
lennart at poettering.net
Mon Mar 10 21:42:37 PDT 2014
On Thu, 20.02.14 05:14, Zbigniew Jędrzejewski-Szmek (zbyszek at in.waw.pl) wrote:
> > - Note that kernel auditing is broken when used with systemd's
> > - container code. When using systemd in conjunction with
> > - containers, please make sure to either turn off auditing at
> > - runtime using the kernel command line option "audit=0", or
> > - turn it off at kernel compile time using:
> > - CONFIG_AUDIT=n
>
> Only for kernel >= 3.14. I think we should say that.
I added a short text there now that clarifies that you don not have to
turn off audit if you are on an arch that does not require socketcall()
and that is supported by seccomp, and compiled your systemd with seccomp
enabled and run kernel 3.14...
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list