From 0810111cedde02d499059d33b8f29498520ff118 Mon Sep 17 00:00:00 2001 From: Richard Marko Date: Thu, 2 Nov 2017 01:15:37 +0100 Subject: [PATCH 1/5] lxcfs: don't enable cgmanager Related to #30023 --- nixos/modules/virtualisation/lxcfs.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/nixos/modules/virtualisation/lxcfs.nix b/nixos/modules/virtualisation/lxcfs.nix index 48462dc66da..5f256e37781 100644 --- a/nixos/modules/virtualisation/lxcfs.nix +++ b/nixos/modules/virtualisation/lxcfs.nix @@ -28,8 +28,6 @@ in { ###### implementation config = mkIf cfg.enable { - services.cgmanager.enable = true; - systemd.services.lxcfs = { description = "FUSE filesystem for LXC"; wantedBy = [ "multi-user.target" ]; From 4e26054ff541cd9903fd00600ca85bab9131df62 Mon Sep 17 00:00:00 2001 From: Richard Marko Date: Thu, 2 Nov 2017 01:35:00 +0100 Subject: [PATCH 2/5] pam, lxcfs: enable pam_cgfs Related to #30023 --- nixos/modules/security/pam.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 5ded36329f3..dfc3246a735 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -351,6 +351,8 @@ let ${optionalString (cfg.enableKwallet) ("session optional ${pkgs.plasma5.kwallet-pam}/lib/security/pam_kwallet5.so" + " kwalletd=${pkgs.libsForQt5.kwallet.bin}/bin/kwalletd5")} + ${optionalString (config.virtualisation.lxc.lxcfs.enable) + "session optional ${pkgs.lxcfs}/lib/security/pam_cgfs.so -c freezer,memory,name=systemd,unified,cpuset"} ''); }; From c75c99f42e5a4d77839374e2a64977efd9590206 Mon Sep 17 00:00:00 2001 From: Richard Marko Date: Thu, 2 Nov 2017 02:38:39 +0100 Subject: [PATCH 3/5] lxcfs: 2.0.7 -> 2.0.8, add debugBuild option --- pkgs/os-specific/linux/lxcfs/default.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/lxcfs/default.nix b/pkgs/os-specific/linux/lxcfs/default.nix index c23457c6b5f..8a6b2f8ca8a 100644 --- a/pkgs/os-specific/linux/lxcfs/default.nix +++ b/pkgs/os-specific/linux/lxcfs/default.nix @@ -1,19 +1,24 @@ -{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, help2man, fuse, pam }: +{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, help2man, fuse, pam, + debugBuild ? false }: with stdenv.lib; stdenv.mkDerivation rec { - name = "lxcfs-2.0.7"; + name = "lxcfs-2.0.8"; src = fetchFromGitHub { owner = "lxc"; repo = "lxcfs"; rev = name; - sha256 = "1z6d52dc12rcplgc9jdgi3lbxm6ahlsjgs1k8v8kvn261xsq1m0a"; + sha256 = "04dzn6snqgw0znf7a7qdm64400jirip6q8amcx5fmz4705qdqahc"; }; nativeBuildInputs = [ pkgconfig help2man autoreconfHook ]; buildInputs = [ fuse pam ]; + preConfigure = stdenv.lib.optionalString debugBuild '' + sed -i 's,#AM_CFLAGS += -DDEBUG,AM_CFLAGS += -DDEBUG,' Makefile.am + ''; + configureFlags = [ "--with-init-script=systemd" "--sysconfdir=/etc" From 84f40186b2c55ac28b2ab6e40e618d412f042b95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 7 Nov 2017 11:01:42 +0000 Subject: [PATCH 4/5] lxcfs: do not inherit enableDebugBuild from global namespace --- pkgs/os-specific/linux/lxcfs/default.nix | 6 +++--- pkgs/top-level/all-packages.nix | 4 +++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/pkgs/os-specific/linux/lxcfs/default.nix b/pkgs/os-specific/linux/lxcfs/default.nix index 8a6b2f8ca8a..4f62b7eb128 100644 --- a/pkgs/os-specific/linux/lxcfs/default.nix +++ b/pkgs/os-specific/linux/lxcfs/default.nix @@ -1,5 +1,5 @@ -{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, help2man, fuse, pam, - debugBuild ? false }: +{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, help2man, fuse, pam +, enableDebugBuild ? false }: with stdenv.lib; stdenv.mkDerivation rec { @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig help2man autoreconfHook ]; buildInputs = [ fuse pam ]; - preConfigure = stdenv.lib.optionalString debugBuild '' + preConfigure = stdenv.lib.optionalString enableDebugBuild '' sed -i 's,#AM_CFLAGS += -DDEBUG,AM_CFLAGS += -DDEBUG,' Makefile.am ''; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 8fd266caa5f..ce8041cab65 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -3204,7 +3204,9 @@ with pkgs; ltris = callPackage ../games/ltris { }; lxc = callPackage ../os-specific/linux/lxc { }; - lxcfs = callPackage ../os-specific/linux/lxcfs { }; + lxcfs = callPackage ../os-specific/linux/lxcfs { + enableDebugBuild = config.lxcfs.enableDebugBuild or false; + }; lxd = callPackage ../tools/admin/lxd { }; lzfse = callPackage ../tools/compression/lzfse { }; From ea78f0f06ca9a63c1e89e5b82e638977a7942c6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 7 Nov 2017 11:02:57 +0000 Subject: [PATCH 5/5] lxcfs: remove cgmanager dependency --- nixos/modules/virtualisation/lxcfs.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/nixos/modules/virtualisation/lxcfs.nix b/nixos/modules/virtualisation/lxcfs.nix index 5f256e37781..b2457403463 100644 --- a/nixos/modules/virtualisation/lxcfs.nix +++ b/nixos/modules/virtualisation/lxcfs.nix @@ -31,8 +31,6 @@ in { systemd.services.lxcfs = { description = "FUSE filesystem for LXC"; wantedBy = [ "multi-user.target" ]; - requires = [ "cgmanager.service" ]; - after = [ "cgmanager.service" ]; before = [ "lxc.service" ]; restartIfChanged = false; serviceConfig = {