Bug 1278661 - journal should not fail if it is not allowed to read audit data.
Summary: journal should not fail if it is not allowed to read audit data.
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: systemd
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: systemd-maint
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-11-06 05:54 UTC by Daniel Walsh
Modified: 2015-11-07 04:40 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2015-11-07 04:40:32 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Daniel Walsh 2015-11-06 05:54:31 UTC
When running docker inside of a container, journald is failing because we have removed AUDIT_READ.  We don't want to allow containers to read audit data, so journald should fail this check and continue.  

Perhaps it could check if AUDIT_READ capability is missing and not report an error.

Comment 1 Daniel Walsh 2015-11-07 04:40:32 UTC
This was blowing up on systemd in fedora 22 container, seems to work in fedora 23.


Note You need to log in before you can comment on or make changes to this bug.