From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 9 May 2013 13:32:27 +0000 (+0200)
Subject: man: document that the kernel's audit subsystem is currently incompatible with nspawn... 
X-Git-Tag: v204~1
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=2aba426ffb345408a461ed0ff6fba46e63ae625b

man: document that the kernel's audit subsystem is currently incompatible with nspawn containers
---

diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index cab5990a5..d9fb89989 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -142,6 +142,16 @@
                 might be necessary to add this file to the container
                 tree manually if the OS of the container is too old to
                 contain this file out-of-the-box.</para>
+
+                <para>Note that the kernel auditing subsystem is
+                currently broken when used together with
+                containers. We hence recommend turning it off entirely
+                when using <command>systemd-nspawn</command> by
+                booting with <literal>audit=0</literal> on the kernel
+                command line, or by turning it off at kernel build
+                time. If auditing is enabled in the kernel operating
+                systems booted in an nspawn container might refuse
+                log-in attempts.</para>
         </refsect1>
 
         <refsect1>