CONFIG_PSI
CONFIG_MEMCG
- Note that kernel auditing is broken when used with systemd's container
- code. When using systemd in conjunction with containers, please make
- sure to either turn off auditing at runtime using the kernel command
- line option "audit=0", or turn it off at kernel compile time using:
- CONFIG_AUDIT=n
-
- If systemd is compiled with libseccomp support on architectures which do
- not use socketcall() and where seccomp is supported (this effectively
- means x86-64 and ARM, but excludes 32-bit x86!), then nspawn will now
- install a work-around seccomp filter that makes containers boot even
- with audit being enabled. This works correctly only on kernels 3.14 and
- newer though. TL;DR: turn audit off, still.
-
glibc >= 2.31
libxcrypt >= 4.4.0 (optional)
libmount >= 2.30 (from util-linux)
return 0;
r = write_string_file("/proc/self/loginuid", "4294967295", WRITE_STRING_FILE_DISABLE_BUFFER);
- if (r < 0) {
- log_error_errno(r,
- "Failed to reset audit login UID. This probably means that your kernel is too\n"
- "old and you have audit enabled. Note that the auditing subsystem is known to\n"
- "be incompatible with containers on old kernels. Please make sure to upgrade\n"
- "your kernel or to off auditing with 'audit=0' on the kernel command line before\n"
- "using systemd-nspawn. Sleeping for 5s... (%m)");
-
- sleep(5);
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to reset audit login UID: %m");
return 0;
}
projects / thirdparty / systemd.git / commitdiff
