From 70a4c7b1dfdb238d3729c3f71127538943a43afd Mon Sep 17 00:00:00 2001 From: Jaka Hudoklin Date: Thu, 20 Mar 2014 08:51:08 +0100 Subject: [PATCH] nixos: fix linux containers (systemd-nspawn, lxc, lxc-libvirt) - Make dhcp work, use dhcpcd without udev in container - Make login shell work, patch getty to not wait for /dev/tty0 - Make ssh work, sshd/pam do not start session --- nixos/modules/services/networking/dhcpcd.nix | 2 +- nixos/modules/services/networking/ssh/sshd.nix | 2 +- pkgs/os-specific/linux/systemd/default.nix | 1 + .../linux/systemd/fix_console_in_containers.patch | 14 ++++++++++++++ pkgs/tools/networking/dhcpcd/default.nix | 2 +- pkgs/top-level/all-packages.nix | 2 ++ 6 files changed, 20 insertions(+), 3 deletions(-) create mode 100644 pkgs/os-specific/linux/systemd/fix_console_in_containers.patch diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix index d4ec96a18f6f..37f607b08151 100644 --- a/nixos/modules/services/networking/dhcpcd.nix +++ b/nixos/modules/services/networking/dhcpcd.nix @@ -4,7 +4,7 @@ with pkgs.lib; let - inherit (pkgs) dhcpcd; + dhcpcd = if !config.boot.isContainer then pkgs.dhcpcd else pkgs.dhcpcd_without_udev; # Don't start dhcpcd on explicitly configured interfaces or on # interfaces that are part of a bridge. diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 85b6ab1efecf..537fe0848eac 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -285,7 +285,7 @@ in networking.firewall.allowedTCPPorts = cfg.ports; security.pam.services.sshd = - { startSession = true; + { startSession = !config.boot.isContainer; showMotd = true; unixAuth = cfg.passwordAuthentication; }; diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index caa69a9e3a8a..0afaf7b03703 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -22,6 +22,7 @@ stdenv.mkDerivation rec { [ # These are all changes between upstream and # https://github.com/edolstra/systemd/tree/nixos-v203. ./fixes.patch + ./fix_console_in_containers.patch ] ++ stdenv.lib.optional stdenv.isArm ./libc-bug-accept4-arm.patch; diff --git a/pkgs/os-specific/linux/systemd/fix_console_in_containers.patch b/pkgs/os-specific/linux/systemd/fix_console_in_containers.patch new file mode 100644 index 000000000000..005c00282020 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/fix_console_in_containers.patch @@ -0,0 +1,14 @@ +diff -ruN systemd-203/units/getty@.service.m4 systemd-203-patched/units/getty@.service.m4 +--- systemd-203/units/getty@.service.m4 2013-01-07 22:50:49.083315575 +0100 ++++ systemd-203-patched/units/getty@.service.m4 2014-03-18 09:54:40.002476232 +0100 +@@ -23,7 +23,9 @@ + # On systems without virtual consoles, don't start any getty. (Note + # that serial gettys are covered by serial-getty@.service, not this + # unit +-ConditionPathExists=/dev/tty0 ++ConditionPathExists=|/dev/tty0 ++ConditionVirtualization=|lxc ++ConditionVirtualization=|lxc-libvirt + + [Service] + # the VT is cleared by TTYVTDisallocate diff --git a/pkgs/tools/networking/dhcpcd/default.nix b/pkgs/tools/networking/dhcpcd/default.nix index fe683c382853..758e3fd79805 100644 --- a/pkgs/tools/networking/dhcpcd/default.nix +++ b/pkgs/tools/networking/dhcpcd/default.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { installFlags = "DBDIR=\${TMPDIR}/db SYSCONFDIR=$(out)/etc"; # Check that the udev plugin got built. - postInstall = "[ -e $out/lib/dhcpcd/dev/udev.so ]"; + postInstall = stdenv.lib.optional (udev != null) "[ -e $out/lib/dhcpcd/dev/udev.so ]"; meta = { description = "A client for the Dynamic Host Configuration Protocol (DHCP)"; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 619ea319dc4c..f21f26aaa3e0 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -823,6 +823,8 @@ let dhcpcd = callPackage ../tools/networking/dhcpcd { }; + dhcpcd_without_udev = callPackage ../tools/networking/dhcpcd { udev = null; }; + diffstat = callPackage ../tools/text/diffstat { }; diffutils = callPackage ../tools/text/diffutils { };