From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: Re: Regarding Auditd fails to start Date: Wed, 3 Feb 2016 12:16:19 +0100 Message-ID: <20160203121619.5b293913@ivy-bridge> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Sowndarya K Cc: Linux-audit@redhat.com List-Id: linux-audit@redhat.com On Wed, 3 Feb 2016 15:34:09 +0530 Sowndarya K wrote: > I am running docker container without privileges and now service > auditd start fails to execute even I add capabilities to docker. > please try to help me as early as possible If auditd is being run inside a container, then it has problems because the audit subsystem inside the kernel isn't container aware/namespaced. I have recently made changes to auditd in svn for the next release which allows auditd to run as a log _aggregator_ inside a container. This means it has no knowledge of events coming from within the container but can act as an aggregator for systems doing remote logging. -Steve