On Thu, 20.02.14 05:14, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote:
> > On Thu, Feb 20, 2014 at 02:53:28AM +0100, Jason A. Donenfeld wrote: > > Ever since the seccomp trick, this is no longer an issue. > > --- > > README | 7 ------- > > 1 file changed, 7 deletions(-) > > > > diff --git a/README b/README > > index b918132..df04cc9 100644 > > --- a/README > > +++ b/README > > @@ -83,13 +83,6 @@ REQUIREMENTS: > > CONFIG_EFI_VARS > > CONFIG_EFI_PARTITION > > > > - Note that kernel auditing is broken when used with systemd's > > - container code. When using systemd in conjunction with > > - containers, please make sure to either turn off auditing at > > - runtime using the kernel command line option "audit=0", or > > - turn it off at kernel compile time using: > > - CONFIG_AUDIT=n > Only for kernel >= 3.14. I think we should say that. Also, it's still broken on i386, where we the seccomp trick doesn't work on socket(), due to the i386 specific madness that is socketcall(). It works fine on all other archs though, including x86-64. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
