On Sun, Feb 16, 2014 at 10:14:00PM +0100, Lennart Poettering wrote: > On Sun, 16.02.14 17:40, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote: > > > > > On Sun, Feb 16, 2014 at 12:03:21AM +0100, Djalal Harouni wrote: > > > Currently systemd-nspawn will call reset_audit_loginuid() and check > > > if audit is enabled in the kernel even if it was invoked without the > > > --boot argument. This makes systemd-nspawn print the audit error message > > > and sleep(5) on every execution. > > > > > > This was introduced by commit db999e0f923ca6. Fix it by checking if > > > arg_boot is set before before calling reset_audit_loginuid(). > > I'd argue that reset_audit_loginuid() should be called always, and the > > loginuid reset if possible. One might execute the real init later > > anyway. > > > > But later after db999e0f923ca6 Lennart added the seccomp wrapper, when > > it turned out that resetting the audit loginuid is not enough. So > > maybe with that additional change audit doesn't break containers even > > with older kernels and the message and the delay could be done away > > with altogether? > > We only generate the warning now if we cannot reset the loginuid, > i.e. on kernels < 0.3.14, which should be the right thing to do? Yes, but the proposed patch would completely avoid resetting the uid in some cases, which is what I don't think is right.
OK, I now tested, and login works with kernel 3.14, and not with lower ones. So current code with the warning is fine. Zbyszek _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
