diff options
author | Lennart Poettering <lennart@poettering.net> | 2013-05-09 15:32:27 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2013-05-09 15:33:02 +0200 |
commit | 2aba426ffb345408a461ed0ff6fba46e63ae625b (patch) | |
tree | dd0826ee9336775c6518e9ff1c204e12be046299 /man | |
parent | b62ee5249da92ff8960322eab770f742425831e3 (diff) |
man: document that the kernel's audit subsystem is currently incompatible with nspawn containers
Diffstat (limited to 'man')
-rw-r--r-- | man/systemd-nspawn.xml | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index cab5990a56..d9fb899895 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -142,6 +142,16 @@ might be necessary to add this file to the container tree manually if the OS of the container is too old to contain this file out-of-the-box.</para> + + <para>Note that the kernel auditing subsystem is + currently broken when used together with + containers. We hence recommend turning it off entirely + when using <command>systemd-nspawn</command> by + booting with <literal>audit=0</literal> on the kernel + command line, or by turning it off at kernel build + time. If auditing is enabled in the kernel operating + systems booted in an nspawn container might refuse + log-in attempts.</para> </refsect1> <refsect1> |