• Lennart Poettering's avatar
    nspawn: add audit caps to default set to keep · 88d04e31
    Lennart Poettering authored
    Due to the brokeness of much of the userspace audit code we cannot
    really start too many systems without the audit caps set. To make nspawn
    easier to use just add the audit caps by default.
    To boot up containers successfully the kernel's auditing needs to be
    turned off still (use "audit=0" on the kernel command line), but at
    least no manual caps have to be passed anymore.
    In the long run auditing will be fixed for containers and ve virtualized
    properly at which time it should be safe to enable these caps anyway.
systemd-nspawn.xml 16.1 KB