nixos/systemd-nspawn: accept all Exec and Files options
See: https://www.freedesktop.org/software/systemd/man/systemd.nspawn.html Closes #49712
This commit is contained in:
parent
61c3169a0e
commit
53218d4a39
@ -10,8 +10,13 @@ let
|
||||
checkExec = checkUnitConfig "Exec" [
|
||||
(assertOnlyFields [
|
||||
"Boot" "ProcessTwo" "Parameters" "Environment" "User" "WorkingDirectory"
|
||||
"Capability" "DropCapability" "KillSignal" "Personality" "MachineId"
|
||||
"PrivateUsers" "NotifyReady"
|
||||
"PivotRoot" "Capability" "DropCapability" "NoNewPrivileges" "KillSignal"
|
||||
"Personality" "MachineId" "PrivateUsers" "NotifyReady" "SystemCallFilter"
|
||||
"LimitCPU" "LimitFSIZE" "LimitDATA" "LimitSTACK" "LimitCORE" "LimitRSS"
|
||||
"LimitNOFILE" "LimitAS" "LimitNPROC" "LimitMEMLOCK" "LimitLOCKS"
|
||||
"LimitSIGPENDING" "LimitMSGQUEUE" "LimitNICE" "LimitRTPRIO" "LimitRTTIME"
|
||||
"OOMScoreAdjust" "CPUAffinity" "Hostname" "ResolvConf" "Timezone"
|
||||
"LinkJournal"
|
||||
])
|
||||
(assertValueOneOf "Boot" boolValues)
|
||||
(assertValueOneOf "ProcessTwo" boolValues)
|
||||
@ -20,8 +25,8 @@ let
|
||||
|
||||
checkFiles = checkUnitConfig "Files" [
|
||||
(assertOnlyFields [
|
||||
"ReadOnly" "Volatile" "Bind" "BindReadOnly" "TemporaryFileSystems"
|
||||
"PrivateUsersChown"
|
||||
"ReadOnly" "Volatile" "Bind" "BindReadOnly" "TemporaryFileSystem"
|
||||
"Overlay" "OverlayReadOnly" "PrivateUsersChown"
|
||||
])
|
||||
(assertValueOneOf "ReadOnly" boolValues)
|
||||
(assertValueOneOf "Volatile" (boolValues ++ [ "state" ]))
|
||||
|
Loading…
Reference in New Issue
Block a user