public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #31157 from sorki/lxcfs_pam_related

Browse Source 
[wip] lxcfs,pam: disable cgmanager, enable pam_cgfs, lxcfs 2.0.7 -> 2.0.8
This commit is contained in:
Jörg Thalheim 2018-01-01 15:42:03 +01:00 committed by GitHub
commit 0bbf671b5a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/security/pam.nix
View File

@ -351,6 +351,8 @@ let
${optionalString (cfg.enableKwallet) ${optionalString (cfg.enableKwallet)
("session optional ${pkgs.plasma5.kwallet-pam}/lib/security/pam_kwallet5.so" + ("session optional ${pkgs.plasma5.kwallet-pam}/lib/security/pam_kwallet5.so" +
" kwalletd=${pkgs.libsForQt5.kwallet.bin}/bin/kwalletd5")} " kwalletd=${pkgs.libsForQt5.kwallet.bin}/bin/kwalletd5")}
${optionalString (config.virtualisation.lxc.lxcfs.enable)
"session optional ${pkgs.lxcfs}/lib/security/pam_cgfs.so -c freezer,memory,name=systemd,unified,cpuset"}
''); '');
}; };

4
nixos/modules/virtualisation/lxcfs.nix
View File

@ -28,13 +28,9 @@ in {
###### implementation ###### implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.cgmanager.enable = true;
systemd.services.lxcfs = { systemd.services.lxcfs = {
description = "FUSE filesystem for LXC"; description = "FUSE filesystem for LXC";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
requires = [ "cgmanager.service" ];
after = [ "cgmanager.service" ];
before = [ "lxc.service" ]; before = [ "lxc.service" ];
restartIfChanged = false; restartIfChanged = false;
serviceConfig = { serviceConfig = {

11
pkgs/os-specific/linux/lxcfs/default.nix
View File

@ -1,19 +1,24 @@
{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, help2man, fuse, pam }: { stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, help2man, fuse, pam
, enableDebugBuild ? false }:
with stdenv.lib; with stdenv.lib;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "lxcfs-2.0.7"; name = "lxcfs-2.0.8";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "lxc"; owner = "lxc";
repo = "lxcfs"; repo = "lxcfs";
rev = name; rev = name;
sha256 = "1z6d52dc12rcplgc9jdgi3lbxm6ahlsjgs1k8v8kvn261xsq1m0a"; sha256 = "04dzn6snqgw0znf7a7qdm64400jirip6q8amcx5fmz4705qdqahc";
}; };
nativeBuildInputs = [ pkgconfig help2man autoreconfHook ]; nativeBuildInputs = [ pkgconfig help2man autoreconfHook ];
buildInputs = [ fuse pam ]; buildInputs = [ fuse pam ];
preConfigure = stdenv.lib.optionalString enableDebugBuild ''
sed -i 's,#AM_CFLAGS += -DDEBUG,AM_CFLAGS += -DDEBUG,' Makefile.am
'';
configureFlags = [ configureFlags = [
"--with-init-script=systemd" "--with-init-script=systemd"
"--sysconfdir=/etc" "--sysconfdir=/etc"

4
pkgs/top-level/all-packages.nix
View File

@ -3289,7 +3289,9 @@ with pkgs;
ltris = callPackage ../games/ltris { }; ltris = callPackage ../games/ltris { };
lxc = callPackage ../os-specific/linux/lxc { }; lxc = callPackage ../os-specific/linux/lxc { };
lxcfs = callPackage ../os-specific/linux/lxcfs { }; lxcfs = callPackage ../os-specific/linux/lxcfs {
enableDebugBuild = config.lxcfs.enableDebugBuild or false;
};
lxd = callPackage ../tools/admin/lxd { }; lxd = callPackage ../tools/admin/lxd { };
lzfse = callPackage ../tools/compression/lzfse { }; lzfse = callPackage ../tools/compression/lzfse { };