kookie
/
nomicon
1
0
Fork 0
Code Issues Projects Releases 1 Activity

nixos/systemd-nspawn: accept all Exec and Files options

Browse Source 
See: https://www.freedesktop.org/software/systemd/man/systemd.nspawn.html
Closes #49712
wip/yesman
Renaud 6 years ago committed by GitHub
parent 61c3169a0e
commit 53218d4a39
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 4 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 13
      nixos/modules/system/boot/systemd-nspawn.nix

13
nixos/modules/system/boot/systemd-nspawn.nix
Unescape View File

@ -10,8 +10,13 @@ let
checkExec = checkUnitConfig "Exec" [
(assertOnlyFields [
"Boot" "ProcessTwo" "Parameters" "Environment" "User" "WorkingDirectory"
"Capability" "DropCapability" "KillSignal" "Personality" "MachineId"
"PrivateUsers" "NotifyReady"
"PivotRoot" "Capability" "DropCapability" "NoNewPrivileges" "KillSignal"
"Personality" "MachineId" "PrivateUsers" "NotifyReady" "SystemCallFilter"
"LimitCPU" "LimitFSIZE" "LimitDATA" "LimitSTACK" "LimitCORE" "LimitRSS"
"LimitNOFILE" "LimitAS" "LimitNPROC" "LimitMEMLOCK" "LimitLOCKS"
"LimitSIGPENDING" "LimitMSGQUEUE" "LimitNICE" "LimitRTPRIO" "LimitRTTIME"
"OOMScoreAdjust" "CPUAffinity" "Hostname" "ResolvConf" "Timezone"
"LinkJournal"
])
(assertValueOneOf "Boot" boolValues)
(assertValueOneOf "ProcessTwo" boolValues)
@ -20,8 +25,8 @@ let
checkFiles = checkUnitConfig "Files" [
(assertOnlyFields [
"ReadOnly" "Volatile" "Bind" "BindReadOnly" "TemporaryFileSystems"
"PrivateUsersChown"
"ReadOnly" "Volatile" "Bind" "BindReadOnly" "TemporaryFileSystem"
"Overlay" "OverlayReadOnly" "PrivateUsersChown"
])
(assertValueOneOf "ReadOnly" boolValues)
(assertValueOneOf "Volatile" (boolValues ++ [ "state" ]))

Write Preview
Loading…
Cancel
Save