Bug#959921: systemd: ConditionVirtualization=!private-users in systemd-journald-audit.socket

[Michael Biebl]

Control: tags -1 + moreinfo

Am 07.05.20 um 05:04 schrieb Ryutaroh Matsumoto:

> When Debian runs in an unprivileged LXC container, we have an error message
> 
> systemd-journald-audit.socket: Failed to create listening socket (audit 1): Operation not permitted
> systemd-journald-audit.socket: Failed to listen on sockets: Operation not permitted
> systemd-journald-audit.socket: Failed with result 'resources'.
> [FAILED] Failed to listen on Journal Audit Socket.
> 
> Ubuntu does not have the above issue.
> The difference is that Ubuntu's /lib/systemd/system/systemd-journald-audit.socket has
> ConditionVirtualization=!private-users.
> 
> Could you consider to inlude ConditionVirtualization=!private-users?
> 

This change was upstream but explicitly reverted.
Please ask for clarification why that was done:
https://github.com/systemd/systemd/pull/6513

I don't really want to carry a downstream patch for that (as Ubuntu
apparently does).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20200507/3ef290be/attachment.sig>