On Sun, 16.02.14 17:40, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote:
> > On Sun, Feb 16, 2014 at 12:03:21AM +0100, Djalal Harouni wrote: > > Currently systemd-nspawn will call reset_audit_loginuid() and check > > if audit is enabled in the kernel even if it was invoked without the > > --boot argument. This makes systemd-nspawn print the audit error message > > and sleep(5) on every execution. > > > > This was introduced by commit db999e0f923ca6. Fix it by checking if > > arg_boot is set before before calling reset_audit_loginuid(). > I'd argue that reset_audit_loginuid() should be called always, and the > loginuid reset if possible. One might execute the real init later > anyway. > > But later after db999e0f923ca6 Lennart added the seccomp wrapper, when > it turned out that resetting the audit loginuid is not enough. So > maybe with that additional change audit doesn't break containers even > with older kernels and the message and the delay could be done away > with altogether? We only generate the warning now if we cannot reset the loginuid, i.e. on kernels < 0.3.14, which should be the right thing to do? Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
