From: Mike Yuan <me@yhndnzj.com>
Date: Sun, 18 Jan 2026 21:32:20 +0000 (+0100)
Subject: nspawn: drop compat glue for kernel < 3.14
X-Git-Tag: v260-rc1~363^2~12
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=742308cabaed143dc397dfd886020847948ec0df;p=thirdparty%2Fsystemd.git

nspawn: drop compat glue for kernel < 3.14
---

diff --git a/README b/README
index 2b19d2f21b5..56361f5eef3 100644
--- a/README
+++ b/README
@@ -199,19 +199,6 @@ REQUIREMENTS:
           CONFIG_PSI
           CONFIG_MEMCG
 
-        Note that kernel auditing is broken when used with systemd's container
-        code. When using systemd in conjunction with containers, please make
-        sure to either turn off auditing at runtime using the kernel command
-        line option "audit=0", or turn it off at kernel compile time using:
-          CONFIG_AUDIT=n
-
-        If systemd is compiled with libseccomp support on architectures which do
-        not use socketcall() and where seccomp is supported (this effectively
-        means x86-64 and ARM, but excludes 32-bit x86!), then nspawn will now
-        install a work-around seccomp filter that makes containers boot even
-        with audit being enabled. This works correctly only on kernels 3.14 and
-        newer though. TL;DR: turn audit off, still.
-
         glibc >= 2.31
         libxcrypt >= 4.4.0 (optional)
         libmount >= 2.30 (from util-linux)
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index a7b43cba910..851454dafa6 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -2767,16 +2767,8 @@ static int reset_audit_loginuid(void) {
                 return 0;
 
         r = write_string_file("/proc/self/loginuid", "4294967295", WRITE_STRING_FILE_DISABLE_BUFFER);
-        if (r < 0) {
-                log_error_errno(r,
-                                "Failed to reset audit login UID. This probably means that your kernel is too\n"
-                                "old and you have audit enabled. Note that the auditing subsystem is known to\n"
-                                "be incompatible with containers on old kernels. Please make sure to upgrade\n"
-                                "your kernel or to off auditing with 'audit=0' on the kernel command line before\n"
-                                "using systemd-nspawn. Sleeping for 5s... (%m)");
-
-                sleep(5);
-        }
+        if (r < 0)
+                return log_error_errno(r, "Failed to reset audit login UID: %m");
 
         return 0;
 }