<para>As a safety check
<command>systemd-nspawn</command> will verify the
- existance of <filename>/etc/os-release</filename> in
+ existence of <filename>/etc/os-release</filename> in
the container tree before starting the container (see
<citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry>). It
might be necessary to add this file to the container
contain this file out-of-the-box.</para>
</refsect1>
+ <refsect1>
+ <title>Incompatibility with Auditing</title>
+
+ <para>Note that the kernel auditing subsystem is
+ currently broken when used together with
+ containers. We hence recommend turning it off entirely
+ by booting with <literal>audit=0</literal> on the
+ kernel command line, or by turning it off at kernel
+ build time. If auditing is enabled in the kernel
+ operating systems booted in an nspawn container might
+ refuse log-in attempts.</para>
+ </refsect1>
+
<refsect1>
<title>Options</title>
<varlistentry>
<term><option>--uuid=</option></term>
- <listitem><para>Set the specified uuid
+ <listitem><para>Set the specified UUID
for the container. The init system
will initialize
<filename>/etc/machine-id</filename>
<term><option>--read-only</option></term>
<listitem><para>Mount the root file
- system read only for the
+ system read-only for the
container.</para></listitem>
</varlistentry>
<listitem><para>List one or more
additional capabilities to grant the
- container. Takes a comma separated
+ container. Takes a comma-separated
list of capability names, see
<citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for more information. Note that the
~ianmdlvl / elogind.git / blobdiff