tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom

audit: Disable in containers

This barfs:

Jan 18 12:46:32 machine 522i0x9l80z7gw56iahxjjsdjp0xi10q-audit-start[506]: The audit system is disabled

Eelco Dolstra 2352e258 981e8d55

+6 -1
unified split
+3 -1
nixos/modules/security/audit.nix
··· 93 93 94 94 config = mkIf (cfg.enable == "lock" || cfg.enable) { 95 95 systemd.services.audit = { 96 - description = "pseudo-service representing the kernel audit state"; 96 + description = "Kernel Auditing"; 97 97 wantedBy = [ "basic.target" ]; 98 + 99 + unitConfig.ConditionVirtualization = "!container"; 98 100 99 101 path = [ pkgs.audit ]; 100 102
+3
nixos/modules/virtualisation/container-config.nix
··· 19 19 # Shut up warnings about not having a boot loader. 20 20 system.build.installBootLoader = "${pkgs.coreutils}/bin/true"; 21 21 22 + # Not supported in systemd-nspawn containers. 23 + security.audit.enable = false; 24 + 22 25 }; 23 26 24 27 }