man: document that the kernel's audit subsystem is currently incompatible with nspawn containers

author: Lennart Poettering <lennart@poettering.net> 2013-05-09 15:32:27 +0200
committer: Lennart Poettering <lennart@poettering.net> 2013-05-09 15:33:02 +0200
commit: 2aba426ffb345408a461ed0ff6fba46e63ae625b (patch)
tree: dd0826ee9336775c6518e9ff1c204e12be046299
parent: b62ee5249da92ff8960322eab770f742425831e3 (diff)
download: systemd-2aba426ffb345408a461ed0ff6fba46e63ae625b.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index cab5990a56..d9fb899895 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -142,6 +142,16 @@
                 might be necessary to add this file to the container
                 tree manually if the OS of the container is too old to
                 contain this file out-of-the-box.</para>
+
+                <para>Note that the kernel auditing subsystem is
+                currently broken when used together with
+                containers. We hence recommend turning it off entirely
+                when using <command>systemd-nspawn</command> by
+                booting with <literal>audit=0</literal> on the kernel
+                command line, or by turning it off at kernel build
+                time. If auditing is enabled in the kernel operating
+                systems booted in an nspawn container might refuse
+                log-in attempts.</para>
         </refsect1>
 
         <refsect1>
author	Lennart Poettering <lennart@poettering.net>	2013-05-09 15:32:27 +0200
committer	Lennart Poettering <lennart@poettering.net>	2013-05-09 15:33:02 +0200
commit	2aba426ffb345408a461ed0ff6fba46e63ae625b (patch)
tree	dd0826ee9336775c6518e9ff1c204e12be046299
parent	b62ee5249da92ff8960322eab770f742425831e3 (diff)
download	systemd-2aba426ffb345408a461ed0ff6fba46e63ae625b.tar.gz