lxc: enable pam_cgfs and fix module

pam_cgfs was part in lxcfs before and moved here fixes #37985
2018-04-09 08:13:23 +01:00 · 2018-04-09 08:13:23 +01:00 · e8cfda7f13
commit e8cfda7f13
parent 8f9b21212d
3 changed files with 7 additions and 17 deletions
--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@ -386,7 +386,7 @@ let
          ${optionalString (cfg.enableGnomeKeyring)
              "session optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start"}
          ${optionalString (config.virtualisation.lxc.lxcfs.enable)
-               "session optional ${pkgs.lxcfs}/lib/security/pam_cgfs.so -c freezer,memory,name=systemd,unified,cpuset"}
+               "session optional ${pkgs.lxc}/lib/security/pam_cgfs.so -c all"}
        '');
    };

--- a/pkgs/os-specific/linux/lxc/default.nix
+++ b/pkgs/os-specific/linux/lxc/default.nix
@ -1,14 +1,11 @@
 { stdenv, fetchurl, fetchpatch, autoreconfHook, pkgconfig, perl, docbook2x
-, docbook_xml_dtd_45, python3Packages
+, docbook_xml_dtd_45, python3Packages, pam

 # Optional Dependencies
 , libapparmor ? null, gnutls ? null, libselinux ? null, libseccomp ? null
-, cgmanager ? null, libnih ? null, dbus ? null, libcap ? null, systemd ? null
+, libcap ? null, systemd ? null
 }:

-let
-  enableCgmanager = cgmanager != null && libnih != null && dbus != null;
-in
 with stdenv.lib;
 stdenv.mkDerivation rec {
  name = "lxc-${version}";
@ -23,7 +20,7 @@ stdenv.mkDerivation rec {
    autoreconfHook pkgconfig perl docbook2x python3Packages.wrapPython
  ];
  buildInputs = [
-    libapparmor gnutls libselinux libseccomp cgmanager libnih dbus libcap
+    pam libapparmor gnutls libselinux libseccomp libcap
    python3Packages.python python3Packages.setuptools systemd
  ];

@ -37,15 +34,8 @@ stdenv.mkDerivation rec {

  XML_CATALOG_FILES = "${docbook_xml_dtd_45}/xml/dtd/docbook/catalog.xml";

-  # FIXME
-  # glibc 2.25 moved major()/minor() to <sys/sysmacros.h>.
-  # this commit should detect this: https://github.com/lxc/lxc/pull/1388/commits/af6824fce9c9536fbcabef8d5547f6c486f55fdf
-  # However autotools checks if mkdev is still defined in <sys/types.h> runs before
-  # checking if major()/minor() is defined there. The mkdev check succeeds with
-  # a warning and the check which should set MAJOR_IN_SYSMACROS is skipped.
-  NIX_CFLAGS_COMPILE = [ "-DMAJOR_IN_SYSMACROS" ];
-
  configureFlags = [
+    "--enable-pam"
    "--localstatedir=/var"
    "--sysconfdir=/etc"
    "--disable-api-docs"
--- a/pkgs/os-specific/linux/lxcfs/default.nix
+++ b/pkgs/os-specific/linux/lxcfs/default.nix
@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, help2man, fuse, pam
+{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, help2man, fuse
 , enableDebugBuild ? false }:

 with stdenv.lib;
@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
  };

  nativeBuildInputs = [ pkgconfig help2man autoreconfHook ];
-  buildInputs = [ fuse pam ];
+  buildInputs = [ fuse ];

  preConfigure = stdenv.lib.optionalString enableDebugBuild ''
    sed -i 's,#AM_CFLAGS += -DDEBUG,AM_CFLAGS += -DDEBUG,' Makefile.am