[systemd-devel] Systemd 215 cannot start journald 219 inside systemd-nspawn

Lennart Poettering lennart at poettering.net
Fri May 15 03:31:37 PDT 2015

On Sun, 10.05.15 11:20, Felipe Sateler (fsateler at debian.org) wrote:

> Hi,
> I'm having a problem with a systemd-nspawn'ed container. The guest
> journal will not start and thus I have no logs.
> The host is a 215 Debian Jessie system. The guest is a 219 Debian Sid system.
> The nspawn unit is at http://paste.debian.net/173849/
> The host journal log for the systemd process is at
> http://paste.debian.net/173848/
> Trying to run systemd-journald manually yields the following error:
> Failed to join audit multicast group: Operation not permitted

Hmm, what kernel version is this?

Note that auditing is generally broken with containers. Due to that,
we ask users to either disable it completely on the kernel command
line via audit=0. (see README for details) Optionally, on x86-64 (but
nox i386) we try to work around this by making audit netlink sockets
unavailable in containers via seccomp.

You appear to be using a systemd version without seccomp compiled in,
hence you won't get the container behaviour described, and you need to
disable audit in the kernel instead.


Lennart Poettering, Red Hat

More information about the systemd-devel mailing list