nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-01 15:11:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

audit: Disable in containers

Browse Source 
This barfs:

Jan 18 12:46:32 machine 522i0x9l80z7gw56iahxjjsdjp0xi10q-audit-start[506]: The audit system is disabled
This commit is contained in:
Eelco Dolstra 2016-01-18 13:57:27 +01:00
parent 981e8d5582
commit 2352e2589e
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/modules/security/audit.nix
View File

@ -93,9 +93,11 @@ in {
config = mkIf (cfg.enable == "lock" || cfg.enable) { config = mkIf (cfg.enable == "lock" || cfg.enable) {
systemd.services.audit = { systemd.services.audit = {
description = "pseudo-service representing the kernel audit state"; description = "Kernel Auditing";
wantedBy = [ "basic.target" ]; wantedBy = [ "basic.target" ];
unitConfig.ConditionVirtualization = "!container";
path = [ pkgs.audit ]; path = [ pkgs.audit ];
serviceConfig = { serviceConfig = {

3
nixos/modules/virtualisation/container-config.nix
View File

@ -19,6 +19,9 @@ with lib;
# Shut up warnings about not having a boot loader. # Shut up warnings about not having a boot loader.
system.build.installBootLoader = "${pkgs.coreutils}/bin/true"; system.build.installBootLoader = "${pkgs.coreutils}/bin/true";
# Not supported in systemd-nspawn containers.
security.audit.enable = false;
}; };
} }