X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fnspawn%2Fnspawn.c;h=b91b0b8a91f4bccc9011028e20a101bb9506fbf7;hp=e907a1daa7f31549d45bca1747fc4523e3990780;hb=77b6e19458f37cfde127ec6aa9494c0ac45ad890;hpb=a5f5f8a07743bb9aa31fa361c90fce8d4a62388e

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index e907a1daa..b91b0b8a9 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -22,7 +22,6 @@
 #include <signal.h>
 #include <sched.h>
 #include <unistd.h>
-#include <attr/xattr.h>
 #include <sys/types.h>
 #include <sys/syscall.h>
 #include <sys/mount.h>
@@ -43,6 +42,10 @@
 #include <sys/un.h>
 #include <sys/socket.h>
 
+#ifdef HAVE_XATTR
+#include <attr/xattr.h>
+#endif
+
 #include <systemd/sd-daemon.h>
 
 #include "log.h"
@@ -928,6 +931,7 @@ static int setup_cgroup(const char *path) {
 }
 
 static int save_attributes(const char *cgroup, pid_t pid, const char *uuid, const char *directory) {
+#ifdef HAVE_XATTR
         _cleanup_free_ char *path = NULL;
         char buf[DECIMAL_STR_MAX(pid_t)];
         int r = 0, k;
@@ -936,7 +940,6 @@ static int save_attributes(const char *cgroup, pid_t pid, const char *uuid, cons
         assert(pid >= 0);
         assert(arg_directory);
 
-#ifdef HAVE_XATTR
         assert_se(snprintf(buf, sizeof(buf), "%lu", (unsigned long) pid) < (int) sizeof(buf));
 
         r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, cgroup, NULL, &path);
@@ -964,8 +967,10 @@ static int save_attributes(const char *cgroup, pid_t pid, const char *uuid, cons
                 if (r == 0)
                         r = k;
         }
-#endif
         return r;
+#else
+        return 0;
+#endif
 }
 
 static int drop_capabilities(void) {
@@ -1214,6 +1219,18 @@ finish:
         return r;
 }
 
+static bool audit_enabled(void) {
+        int fd;
+
+        fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_AUDIT);
+        if (fd >= 0) {
+                close_nointr_nofail(fd);
+                return true;
+        }
+
+        return false;
+}
+
 int main(int argc, char *argv[]) {
         pid_t pid = 0;
         int r = EXIT_FAILURE, k;
@@ -1262,7 +1279,7 @@ int main(int argc, char *argv[]) {
                         goto finish;
                 }
 
-                hostname_cleanup(arg_machine);
+                hostname_cleanup(arg_machine, false);
                 if (isempty(arg_machine)) {
                         log_error("Failed to determine machine name automatically, please use -M.");
                         goto finish;
@@ -1279,13 +1296,20 @@ int main(int argc, char *argv[]) {
                 goto finish;
         }
 
+        if (audit_enabled()) {
+                log_warning("The kernel auditing subsystem is known to be incompatible with containers.\n"
+                            "Please make sure to turn off auditing with 'audit=0' on the kernel command\n"
+                            "line before using systemd-nspawn. Sleeping for 5s...\n");
+                sleep(5);
+        }
+
         if (path_equal(arg_directory, "/")) {
                 log_error("Spawning container on root directory not supported.");
                 goto finish;
         }
 
         if (path_is_os_tree(arg_directory) <= 0) {
-                log_error("Directory %s doesn't look like an OS root directory. Refusing.", arg_directory);
+                log_error("Directory %s doesn't look like an OS root directory (/etc/os-release is missing). Refusing.", arg_directory);
                 goto finish;
         }