README: document that we still encourage people to turn off audit when they want to use containers
This commit is contained in:
parent
236af516b8
commit
a7b1c3971a
7
README
7
README
|
@ -89,6 +89,13 @@ REQUIREMENTS:
|
||||||
runtime using the kernel command line option "audit=0", or
|
runtime using the kernel command line option "audit=0", or
|
||||||
turn it off at kernel compile time using:
|
turn it off at kernel compile time using:
|
||||||
CONFIG_AUDIT=n
|
CONFIG_AUDIT=n
|
||||||
|
If systemd is compiled with libseccomp support on
|
||||||
|
architectures which do not use socketcall() and where seccomp
|
||||||
|
is supported (this effectively means x86-64 and ARM, but
|
||||||
|
excludes 32bit x86!), then nspawn will now install a
|
||||||
|
work-around seccomp filter that makes containers boot even
|
||||||
|
with audit being enabled. This works correctly only on kernels
|
||||||
|
3.14 and newer though. TL;DR: turn audit off, still.
|
||||||
|
|
||||||
glibc >= 2.14
|
glibc >= 2.14
|
||||||
libcap
|
libcap
|
||||||
|
|
Loading…
Reference in New Issue