Article ID: 121587, created on May 15, 2014, last review on May 15, 2014

  • Applies to:
  • Virtuozzo
  • Virtuozzo containers for Linux
  • Virtuozzo hypervisor

Symptoms

auditd service doesn't start inside any container:

[root@ct ~]# /etc/init.d/auditd start
Starting auditd:                                           [FAILED]

The following messages appear inside /var/log/messages in the container:

May 16 02:14:11 ct auditd[828]: Started dispatcher: /sbin/audispd pid: 830
May 16 02:14:11 ct audispd: No plugins found, exiting
May 16 02:14:11 ct auditd[828]: Unable to set audit pid, exiting
May 16 02:14:12 ct auditd[828]: The audit daemon is exiting.
May 16 02:14:12 ct auditd: Cannot daemonize (Success)
May 16 02:14:12 ct auditd: The audit daemon is exiting.

Cause

Kernel Audit is prohibited inside containers by design.

Resolution

It's not possible to use audit daemon inside containers.

Search Words

auditd

d02f9caf3e11b191a38179103495106f 2897d76d56d2010f4e3a28f864d69223 a26b38f94253cdfbf1028d72cf3a498b e8e50b42231236b82df27684e7ec0beb 0dd5b9380c7d4884d77587f3eb0fa8ef

Email subscription for changes to this article
Save as PDF