Regarding Auditd fails to start
Steve Grubb
sgrubb at redhat.com
Wed Feb 3 11:16:19 UTC 2016
On Wed, 3 Feb 2016 15:34:09 +0530
Sowndarya K <sowndaryak18 at gmail.com> wrote:
> I am running docker container without privileges and now service
> auditd start fails to execute even I add capabilities to docker.
> please try to help me as early as possible
If auditd is being run inside a container, then it has problems because
the audit subsystem inside the kernel isn't container aware/namespaced.
I have recently made changes to auditd in svn for the next release which
allows auditd to run as a log _aggregator_ inside a container. This
means it has no knowledge of events coming from within the container
but can act as an aggregator for systems doing remote logging.
-Steve
More information about the Linux-audit
mailing list