On Sun, 12.04.15 20:51, frank.thalb...@tuta.io (frank.thalb...@tuta.io) wrote:
> This fixes an issue within journald aborting when running inside > archlinux container via systemd-nspawn on a debian host with audit > enabled kernel. What kind of containers are these? LXC? docker? nspawn at least grants audit caps to containers. If you don't grant audit caps you cannot boot distros like Fedora at all, since much of the PAM audit code in Fedora is written to fail completely if audit is on in the kernel, but cannot be used. > +#ifdef HAVE_AUDIT > r = server_open_audit(s); > if (r < 0) > return r; > +#endif Hmm, exluding the audit code from the build if HAVE_AUDIT is not set is certainly a good idea, but we generally try to keep #ifdeffery out of .c files. More specifically, the journald-audit.c file should not be compiled and linked at all on non-audit builds, and journald-audit.h should contain the #ifdeffery that causes server_open_audit() to become a NOP on such builds. Would be happy to take a patch for that. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
