From a927709a35cee56f878f0f57a932e1a6e2ebe23b Mon Sep 17 00:00:00 2001
From: Rickard Nilsson <rickynils@gmail.com>
Date: Thu, 14 Jul 2016 20:54:06 +0200
Subject: [PATCH] openssh: Use the default privilege separation dir
 (/var/empty)

If running NixOS inside a container where the host's root-owned files
and directories have been mapped to some other uid (like nobody), the
ssh daemon fails to start, producing this error message:

fatal: /nix/store/...-openssh-7.2p2/empty must be owned by root and not group or world-writable.

The reason for this is that when openssh is built, we explicitly set
`--with-privsep-path=$out/empty`. This commit removes that flag which
causes the default directory /var/empty to be used instead. Since NixOS'
activation script correctly sets up that directory, the ssh daemon now
also works within containers that have a non-root-owned nix store.
---
 pkgs/tools/networking/openssh/default.nix | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix
index 64b9fe98278b..8d893c6a57fa 100644
--- a/pkgs/tools/networking/openssh/default.nix
+++ b/pkgs/tools/networking/openssh/default.nix
@@ -66,11 +66,6 @@ stdenv.mkDerivation rec {
     ++ optional stdenv.isDarwin "--disable-libutil"
     ++ optional (!linkOpenssl) "--without-openssl";
 
-  preConfigure = ''
-    configureFlagsArray+=("--with-privsep-path=$out/empty")
-    mkdir -p $out/empty
-  '';
-
   enableParallelBuilding = true;
 
   postInstall = ''