diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix
index e1cad03e66e2..f2bdfcf885ee 100644
--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@@ -386,7 +386,7 @@ let
           ${optionalString (cfg.enableGnomeKeyring)
               "session optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start"}
           ${optionalString (config.virtualisation.lxc.lxcfs.enable)
-               "session optional ${pkgs.lxcfs}/lib/security/pam_cgfs.so -c freezer,memory,name=systemd,unified,cpuset"}
+               "session optional ${pkgs.lxc}/lib/security/pam_cgfs.so -c all"}
         '');
     };
 
diff --git a/pkgs/os-specific/linux/lxc/default.nix b/pkgs/os-specific/linux/lxc/default.nix
index 62c9e60bbdd1..1b15edcc923c 100644
--- a/pkgs/os-specific/linux/lxc/default.nix
+++ b/pkgs/os-specific/linux/lxc/default.nix
@@ -1,14 +1,11 @@
 { stdenv, fetchurl, fetchpatch, autoreconfHook, pkgconfig, perl, docbook2x
-, docbook_xml_dtd_45, python3Packages
+, docbook_xml_dtd_45, python3Packages, pam
 
 # Optional Dependencies
 , libapparmor ? null, gnutls ? null, libselinux ? null, libseccomp ? null
-, cgmanager ? null, libnih ? null, dbus ? null, libcap ? null, systemd ? null
+, libcap ? null, systemd ? null
 }:
 
-let
-  enableCgmanager = cgmanager != null && libnih != null && dbus != null;
-in
 with stdenv.lib;
 stdenv.mkDerivation rec {
   name = "lxc-${version}";
@@ -23,7 +20,7 @@ stdenv.mkDerivation rec {
     autoreconfHook pkgconfig perl docbook2x python3Packages.wrapPython
   ];
   buildInputs = [
-    libapparmor gnutls libselinux libseccomp cgmanager libnih dbus libcap
+    pam libapparmor gnutls libselinux libseccomp libcap
     python3Packages.python python3Packages.setuptools systemd
   ];
 
@@ -37,15 +34,8 @@ stdenv.mkDerivation rec {
 
   XML_CATALOG_FILES = "${docbook_xml_dtd_45}/xml/dtd/docbook/catalog.xml";
 
-  # FIXME
-  # glibc 2.25 moved major()/minor() to <sys/sysmacros.h>.
-  # this commit should detect this: https://github.com/lxc/lxc/pull/1388/commits/af6824fce9c9536fbcabef8d5547f6c486f55fdf
-  # However autotools checks if mkdev is still defined in <sys/types.h> runs before
-  # checking if major()/minor() is defined there. The mkdev check succeeds with
-  # a warning and the check which should set MAJOR_IN_SYSMACROS is skipped.
-  NIX_CFLAGS_COMPILE = [ "-DMAJOR_IN_SYSMACROS" ];
-
   configureFlags = [
+    "--enable-pam"
     "--localstatedir=/var"
     "--sysconfdir=/etc"
     "--disable-api-docs"
diff --git a/pkgs/os-specific/linux/lxcfs/default.nix b/pkgs/os-specific/linux/lxcfs/default.nix
index 8c381877fdc9..6f7dd2f56ff7 100644
--- a/pkgs/os-specific/linux/lxcfs/default.nix
+++ b/pkgs/os-specific/linux/lxcfs/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, help2man, fuse, pam
+{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, help2man, fuse
 , enableDebugBuild ? false }:
 
 with stdenv.lib;
@@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
   };
 
   nativeBuildInputs = [ pkgconfig help2man autoreconfHook ];
-  buildInputs = [ fuse pam ];
+  buildInputs = [ fuse ];
 
   preConfigure = stdenv.lib.optionalString enableDebugBuild ''
     sed -i 's,#AM_CFLAGS += -DDEBUG,AM_CFLAGS += -DDEBUG,' Makefile.am