diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-03-11 05:40:36 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-03-11 05:40:36 +0100 |
commit | a7b1c3971a30546fe633e320d45033aba8b2ca3c (patch) | |
tree | e247dc4cc5234eee372079acd7dad27c2ff6210b | |
parent | 236af516b866473c22f980b556a2d7535cef4d9b (diff) |
README: document that we still encourage people to turn off audit when they want to use containers
-rw-r--r-- | README | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -89,6 +89,13 @@ REQUIREMENTS: runtime using the kernel command line option "audit=0", or turn it off at kernel compile time using: CONFIG_AUDIT=n + If systemd is compiled with libseccomp support on + architectures which do not use socketcall() and where seccomp + is supported (this effectively means x86-64 and ARM, but + excludes 32bit x86!), then nspawn will now install a + work-around seccomp filter that makes containers boot even + with audit being enabled. This works correctly only on kernels + 3.14 and newer though. TL;DR: turn audit off, still. glibc >= 2.14 libcap |