man: document that the kernel's audit subsystem is currently incompatible with nspawn...

author Lennart Poettering <lennart@poettering.net>

Thu, 9 May 2013 13:32:27 +0000 (15:32 +0200)

committer Lennart Poettering <lennart@poettering.net>

Thu, 9 May 2013 13:33:02 +0000 (15:33 +0200)
author Lennart Poettering <lennart@poettering.net>
Thu, 9 May 2013 13:32:27 +0000 (15:32 +0200)
committer Lennart Poettering <lennart@poettering.net>
Thu, 9 May 2013 13:33:02 +0000 (15:33 +0200)
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml

index cab5990a567b793f218201a3b109e71dcb0e04e4..d9fb8998952846e1c7cb0b103680d83bfdc7b859 100644 (file)
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -142,6 +142,16 @@
                  might be necessary to add this file to the container
                  tree manually if the OS of the container is too old to
                  contain this file out-of-the-box.</para>
+
+                <para>Note that the kernel auditing subsystem is
+                currently broken when used together with
+                containers. We hence recommend turning it off entirely
+                when using <command>systemd-nspawn</command> by
+                booting with <literal>audit=0</literal> on the kernel
+                command line, or by turning it off at kernel build
+                time. If auditing is enabled in the kernel operating
+                systems booted in an nspawn container might refuse
+                log-in attempts.</para>
          </refsect1>
  
          <refsect1>
author	Lennart Poettering <lennart@poettering.net>
	Thu, 9 May 2013 13:32:27 +0000 (15:32 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Thu, 9 May 2013 13:33:02 +0000 (15:33 +0200)