When I run with ubuntu 14.04 or centos 6.4,
docker run -it --net=host -v /dev:/dev ubuntu:latest /bin/bash or
docker run -it --net=host centos:6.4 /bin/bash

then attach into container, execute su - user -s /bin/sh ....., system throw error like the following:
System error
detailed log in /var/log/syslog (in hostOS):
May 18 07:53:44 i-ikneuftx su[10]: PAM audit_log_acct_message() failed: Operation not permitted
May 18 07:53:44 i-ikneuftx su[10]: pam_authenticate: System error
May 18 07:53:44 i-ikneuftx su[10]: FAILED su for root by root May 18 07:53:44 i-ikneuftx su[10]: - /dev/pts/9 root:root

Many linux scripts contain "su" to run some service in non root user, such as initscript of mysql5.6 in ubuntu:
su - mysql -s /bin/sh -c "/usr/bin/mysqld_safe > /dev/null 2>&1 &"

When I run docker in bridged network, all are OK.

I think this is bug of docker host network