lix-project/lix

Fork 31

Commit graph

Author	SHA1	Message	Date
Eelco Dolstra	7349f257da	Only mount /sys in uid-range builds Maybe this should be a separate system feature... /sys exposes a lot of impure info about the host system.	2020-07-06 13:50:33 +02:00
Eelco Dolstra	8c4cce553c	Fix macOS build	2020-07-06 13:50:33 +02:00
Eelco Dolstra	ba50c3efa3	Add "uid-range" and "systemd-cgroup" system features "uid-range" provides 65536 UIDs to a build and runs the build as root in its user namespace. "systemd-cgroup" allows the build to mount the systemd cgroup controller (needed for running systemd-nspawn and NixOS containers). Also, add a configuration option "auto-allocate-uids" which is needed to enable these features, and some experimental feature gates. So to enable support for containers you need the following in nix.conf: experimental-features = auto-allocate-uids systemd-cgroup auto-allocate-uids = true system-features = uid-range systemd-cgroup	2020-07-06 13:50:33 +02:00

Author

SHA1

Message

Date

Eelco Dolstra

7349f257da

Only mount /sys in uid-range builds

Maybe this should be a separate system feature... /sys exposes a lot
of impure info about the host system.

2020-07-06 13:50:33 +02:00

Eelco Dolstra

8c4cce553c

Fix macOS build

2020-07-06 13:50:33 +02:00

Eelco Dolstra

ba50c3efa3

Add "uid-range" and "systemd-cgroup" system features

"uid-range" provides 65536 UIDs to a build and runs the build as root
in its user namespace. "systemd-cgroup" allows the build to mount the
systemd cgroup controller (needed for running systemd-nspawn and NixOS
containers).

Also, add a configuration option "auto-allocate-uids" which is needed
to enable these features, and some experimental feature gates.

So to enable support for containers you need the following in
nix.conf:

  experimental-features = auto-allocate-uids systemd-cgroup
  auto-allocate-uids = true
  system-features = uid-range systemd-cgroup

2020-07-06 13:50:33 +02:00

3 commits