3
0
Fork 0
forked from mirrors/nixpkgs

audit: Disable in containers

This barfs:

Jan 18 12:46:32 machine 522i0x9l80z7gw56iahxjjsdjp0xi10q-audit-start[506]: The audit system is disabled
This commit is contained in:
Eelco Dolstra 2016-01-18 13:57:27 +01:00
parent 981e8d5582
commit 2352e2589e
2 changed files with 6 additions and 1 deletions

View file

@ -93,9 +93,11 @@ in {
config = mkIf (cfg.enable == "lock" || cfg.enable) {
systemd.services.audit = {
description = "pseudo-service representing the kernel audit state";
description = "Kernel Auditing";
wantedBy = [ "basic.target" ];
unitConfig.ConditionVirtualization = "!container";
path = [ pkgs.audit ];
serviceConfig = {

View file

@ -19,6 +19,9 @@ with lib;
# Shut up warnings about not having a boot loader.
system.build.installBootLoader = "${pkgs.coreutils}/bin/true";
# Not supported in systemd-nspawn containers.
security.audit.enable = false;
};
}