--- Linux-PAM-1_2_0/libpam/pam_audit.c.omv~	2015-06-11 17:17:49.768740173 +0200
+++ Linux-PAM-1_2_0/libpam/pam_audit.c	2015-06-11 17:18:27.654412940 +0200
@@ -70,9 +70,10 @@ _pam_audit_open(pam_handle_t *pamh)
   audit_fd = audit_open();
   if (audit_fd < 0) {
     /* You get these error codes only when the kernel doesn't have
-     * audit compiled in. */
+     * audit compiled in. EPERM happens when running inside a container
+     * (e.g. systemd-nspawn, docker) */
     if (errno == EINVAL || errno == EPROTONOSUPPORT ||
-        errno == EAFNOSUPPORT)
+        errno == EAFNOSUPPORT || errno == EPERM)
         return -2;
 
     /* this should only fail in case of extreme resource shortage,
--- Linux-PAM-1_2_0/modules/pam_loginuid/pam_loginuid.c.omv~	2015-06-11 17:19:12.543025498 +0200
+++ Linux-PAM-1_2_0/modules/pam_loginuid/pam_loginuid.c	2015-06-11 17:19:44.274751787 +0200
@@ -117,9 +117,10 @@ static int check_auditd(void)
 		/* This is here to let people that build their own kernel
 		   and disable the audit system get in. You get these error
 		   codes only when the kernel doesn't have audit
-		   compiled in. */
+		   compiled in. EPERM is when running inside systemd-nspawn
+		   or docker. */
 		if (errno == EINVAL || errno == EPROTONOSUPPORT ||
-		    errno == EAFNOSUPPORT)
+		    errno == EAFNOSUPPORT || errno == EPERM)
 			return PAM_SUCCESS;
 		return PAM_SESSION_ERR;
 	}
--- Linux-PAM-1_2_0/modules/pam_tally2/pam_tally2.c.omv~	2015-06-11 17:18:49.540224003 +0200
+++ Linux-PAM-1_2_0/modules/pam_tally2/pam_tally2.c	2015-06-11 17:19:05.000090583 +0200
@@ -517,7 +517,7 @@ tally_check (tally_t oldcnt, time_t oldt
     audit_fd = audit_open();
     /* If there is an error & audit support is in the kernel report error */
     if ((audit_fd < 0) && !(errno == EINVAL || errno == EPROTONOSUPPORT ||
-                            errno == EAFNOSUPPORT))
+                            errno == EAFNOSUPPORT || errno == EPERM))
          return PAM_SYSTEM_ERR;
     (void)pam_get_item(pamh, PAM_TTY, &tty);
     (void)pam_get_item(pamh, PAM_RHOST, &rhost);
--- Linux-PAM-1_2_0/modules/pam_unix/unix_chkpwd.c.omv~	2015-06-11 17:20:06.152563149 +0200
+++ Linux-PAM-1_2_0/modules/pam_unix/unix_chkpwd.c	2015-06-11 17:20:29.964357904 +0200
@@ -66,9 +66,10 @@ static int _audit_log(int type, const ch
 	audit_fd = audit_open();
 	if (audit_fd < 0) {
 		/* You get these error codes only when the kernel doesn't have
-		 * audit compiled in. */
+		 * audit compiled in. EPERM is when running inside docker or
+		 * systemd-nspawn. */
 		if (errno == EINVAL || errno == EPROTONOSUPPORT ||
-			errno == EAFNOSUPPORT)
+			errno == EAFNOSUPPORT || errno == EPERM)
 			return PAM_SUCCESS;
 
 		helper_log_err(LOG_CRIT, "audit_open() failed: %m");