nixos/systemd-nspawn: accept all Exec and Files options
See: https://www.freedesktop.org/software/systemd/man/systemd.nspawn.html Closes #49712
This commit is contained in:
parent
61c3169a0e
commit
53218d4a39
@ -10,8 +10,13 @@ let
|
|||||||
checkExec = checkUnitConfig "Exec" [
|
checkExec = checkUnitConfig "Exec" [
|
||||||
(assertOnlyFields [
|
(assertOnlyFields [
|
||||||
"Boot" "ProcessTwo" "Parameters" "Environment" "User" "WorkingDirectory"
|
"Boot" "ProcessTwo" "Parameters" "Environment" "User" "WorkingDirectory"
|
||||||
"Capability" "DropCapability" "KillSignal" "Personality" "MachineId"
|
"PivotRoot" "Capability" "DropCapability" "NoNewPrivileges" "KillSignal"
|
||||||
"PrivateUsers" "NotifyReady"
|
"Personality" "MachineId" "PrivateUsers" "NotifyReady" "SystemCallFilter"
|
||||||
|
"LimitCPU" "LimitFSIZE" "LimitDATA" "LimitSTACK" "LimitCORE" "LimitRSS"
|
||||||
|
"LimitNOFILE" "LimitAS" "LimitNPROC" "LimitMEMLOCK" "LimitLOCKS"
|
||||||
|
"LimitSIGPENDING" "LimitMSGQUEUE" "LimitNICE" "LimitRTPRIO" "LimitRTTIME"
|
||||||
|
"OOMScoreAdjust" "CPUAffinity" "Hostname" "ResolvConf" "Timezone"
|
||||||
|
"LinkJournal"
|
||||||
])
|
])
|
||||||
(assertValueOneOf "Boot" boolValues)
|
(assertValueOneOf "Boot" boolValues)
|
||||||
(assertValueOneOf "ProcessTwo" boolValues)
|
(assertValueOneOf "ProcessTwo" boolValues)
|
||||||
@ -20,8 +25,8 @@ let
|
|||||||
|
|
||||||
checkFiles = checkUnitConfig "Files" [
|
checkFiles = checkUnitConfig "Files" [
|
||||||
(assertOnlyFields [
|
(assertOnlyFields [
|
||||||
"ReadOnly" "Volatile" "Bind" "BindReadOnly" "TemporaryFileSystems"
|
"ReadOnly" "Volatile" "Bind" "BindReadOnly" "TemporaryFileSystem"
|
||||||
"PrivateUsersChown"
|
"Overlay" "OverlayReadOnly" "PrivateUsersChown"
|
||||||
])
|
])
|
||||||
(assertValueOneOf "ReadOnly" boolValues)
|
(assertValueOneOf "ReadOnly" boolValues)
|
||||||
(assertValueOneOf "Volatile" (boolValues ++ [ "state" ]))
|
(assertValueOneOf "Volatile" (boolValues ++ [ "state" ]))
|
||||||
|
Loading…
Reference in New Issue
Block a user