chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
audit: since audit is apparently never going to be fixed for containers tell the...
[elogind.git]
/
src
/
nspawn
/
nspawn.c
diff --git
a/src/nspawn/nspawn.c
b/src/nspawn/nspawn.c
index 09153c87ce2694de46835467aa19f99838ae75b8..b91b0b8a91f4bccc9011028e20a101bb9506fbf7 100644
(file)
--- a/
src/nspawn/nspawn.c
+++ b/
src/nspawn/nspawn.c
@@
-1219,6
+1219,18
@@
finish:
return r;
}
return r;
}
+static bool audit_enabled(void) {
+ int fd;
+
+ fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_AUDIT);
+ if (fd >= 0) {
+ close_nointr_nofail(fd);
+ return true;
+ }
+
+ return false;
+}
+
int main(int argc, char *argv[]) {
pid_t pid = 0;
int r = EXIT_FAILURE, k;
int main(int argc, char *argv[]) {
pid_t pid = 0;
int r = EXIT_FAILURE, k;
@@
-1284,6
+1296,13
@@
int main(int argc, char *argv[]) {
goto finish;
}
goto finish;
}
+ if (audit_enabled()) {
+ log_warning("The kernel auditing subsystem is known to be incompatible with containers.\n"
+ "Please make sure to turn off auditing with 'audit=0' on the kernel command\n"
+ "line before using systemd-nspawn. Sleeping for 5s...\n");
+ sleep(5);
+ }
+
if (path_equal(arg_directory, "/")) {
log_error("Spawning container on root directory not supported.");
goto finish;
if (path_equal(arg_directory, "/")) {
log_error("Spawning container on root directory not supported.");
goto finish;