From 16f801cba91862fd1db4857f1015607e54631303 Mon Sep 17 00:00:00 2001
From: Jaka Hudoklin <jakahudoklin@gmail.com>
Date: Fri, 27 Jun 2014 10:52:01 +0200
Subject: [PATCH] nixos/pam: make pam_loginuid optional if in container

---
 nixos/modules/security/pam.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix
index 02340fd78e8..b1b75a0068d 100644
--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@@ -189,7 +189,9 @@ let
           session required pam_env.so envfile=${config.system.build.pamEnvironment}
           session required pam_unix.so
           ${optionalString cfg.setLoginUid
-              "session required pam_loginuid.so"}
+              "session ${
+                if config.boot.isContainer then "optional" else "required"
+              } pam_loginuid.so"}
           ${optionalString cfg.updateWtmp
               "session required ${pkgs.pam}/lib/security/pam_lastlog.so silent"}
           ${optionalString config.users.ldap.enable