summaryrefslogtreecommitdiff
path: root/man
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2013-05-09 15:32:27 +0200
committerLennart Poettering <lennart@poettering.net>2013-05-09 15:33:02 +0200
commit2aba426ffb345408a461ed0ff6fba46e63ae625b (patch)
treedd0826ee9336775c6518e9ff1c204e12be046299 /man
parentb62ee5249da92ff8960322eab770f742425831e3 (diff)
man: document that the kernel's audit subsystem is currently incompatible with nspawn containers
Diffstat (limited to 'man')
-rw-r--r--man/systemd-nspawn.xml10
1 files changed, 10 insertions, 0 deletions
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index cab5990a56..d9fb899895 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -142,6 +142,16 @@
might be necessary to add this file to the container
tree manually if the OS of the container is too old to
contain this file out-of-the-box.</para>
+
+ <para>Note that the kernel auditing subsystem is
+ currently broken when used together with
+ containers. We hence recommend turning it off entirely
+ when using <command>systemd-nspawn</command> by
+ booting with <literal>audit=0</literal> on the kernel
+ command line, or by turning it off at kernel build
+ time. If auditing is enabled in the kernel operating
+ systems booted in an nspawn container might refuse
+ log-in attempts.</para>
</refsect1>
<refsect1>