forked from mirrors/nixpkgs
audit: Disable in containers
This barfs: Jan 18 12:46:32 machine 522i0x9l80z7gw56iahxjjsdjp0xi10q-audit-start[506]: The audit system is disabled
This commit is contained in:
parent
981e8d5582
commit
2352e2589e
|
@ -93,9 +93,11 @@ in {
|
|||
|
||||
config = mkIf (cfg.enable == "lock" || cfg.enable) {
|
||||
systemd.services.audit = {
|
||||
description = "pseudo-service representing the kernel audit state";
|
||||
description = "Kernel Auditing";
|
||||
wantedBy = [ "basic.target" ];
|
||||
|
||||
unitConfig.ConditionVirtualization = "!container";
|
||||
|
||||
path = [ pkgs.audit ];
|
||||
|
||||
serviceConfig = {
|
||||
|
|
|
@ -19,6 +19,9 @@ with lib;
|
|||
# Shut up warnings about not having a boot loader.
|
||||
system.build.installBootLoader = "${pkgs.coreutils}/bin/true";
|
||||
|
||||
# Not supported in systemd-nspawn containers.
|
||||
security.audit.enable = false;
|
||||
|
||||
};
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue