Revert "nixos/containers: add unprivileged option"

author: Marek Mahut <marek.mahut@gmail.com> 2019-08-23 08:24:06 +0200
committer: GitHub <noreply@github.com> 2019-08-23 08:24:06 +0200
commit: 4aef2212eea0da66843328da839487744537356d (patch)
tree: 2716b92c6d83f04ca821527febbe29287ec641f4 /nixos/modules/virtualisation
parent: 611fbf7206aa86dc595befb90f395a37ed6a0336 (diff)
download: nixlib-4aef2212eea0da66843328da839487744537356d.tar
nixlib-4aef2212eea0da66843328da839487744537356d.tar.gz
nixlib-4aef2212eea0da66843328da839487744537356d.tar.bz2
nixlib-4aef2212eea0da66843328da839487744537356d.tar.lz
nixlib-4aef2212eea0da66843328da839487744537356d.tar.xz
nixlib-4aef2212eea0da66843328da839487744537356d.tar.zst
nixlib-4aef2212eea0da66843328da839487744537356d.zip
1 files changed, 2 insertions, 14 deletions
diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix
index 97325847bd1a..b65374c92577 100644
--- a/nixos/modules/virtualisation/containers.nix
+++ b/nixos/modules/virtualisation/containers.nix
@@ -139,7 +139,6 @@ let
         --bind="/nix/var/nix/profiles/per-container/$INSTANCE:/nix/var/nix/profiles" \
         --bind="/nix/var/nix/gcroots/per-container/$INSTANCE:/nix/var/nix/gcroots" \
         ${optionalString (!cfg.ephemeral) "--link-journal=try-guest"} \
-        ${optionalString (cfg.unprivileged) "-U"} \
         --setenv PRIVATE_NETWORK="$PRIVATE_NETWORK" \
         --setenv HOST_BRIDGE="$HOST_BRIDGE" \
         --setenv HOST_ADDRESS="$HOST_ADDRESS" \
@@ -239,8 +238,8 @@ let
     ExecReload = pkgs.writeScript "reload-container"
       ''
         #! ${pkgs.runtimeShell} -e
-        ${pkgs.systemd}/bin/machinectl shell "$INSTANCE" \
-          ''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/bin/switch-to-configuration test
+        ${pkgs.nixos-container}/bin/nixos-container run "$INSTANCE" -- \
+          bash --login -c "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/bin/switch-to-configuration test"
       '';
 
     SyslogIdentifier = "container %i";
@@ -424,7 +423,6 @@ let
       extraVeths = {};
       additionalCapabilities = [];
       ephemeral = false;
-      unprivileged = false;
       allowedDevices = [];
       hostAddress = null;
       hostAddress6 = null;
@@ -518,16 +516,6 @@ in
               '';
             };
 
-            unprivileged = mkOption {
-              type = types.bool;
-              default = false;
-              description = ''
-                Run container in unprivileged mode using private users feature of <command>systemd-nspawn</command>.
-                This option is eqvivalent of adding -U parameter to <command>systemd-nspawn</command> command.
-                See <literal>systemd-nspawn(1)</literal> man page for more information.
-              '';
-            };
-
             ephemeral = mkOption {
               type = types.bool;
               default = false;
author	Marek Mahut <marek.mahut@gmail.com>	2019-08-23 08:24:06 +0200
committer	GitHub <noreply@github.com>	2019-08-23 08:24:06 +0200
commit	4aef2212eea0da66843328da839487744537356d (patch)
tree	2716b92c6d83f04ca821527febbe29287ec641f4 /nixos/modules/virtualisation
parent	611fbf7206aa86dc595befb90f395a37ed6a0336 (diff)
download	nixlib-4aef2212eea0da66843328da839487744537356d.tar nixlib-4aef2212eea0da66843328da839487744537356d.tar.gz nixlib-4aef2212eea0da66843328da839487744537356d.tar.bz2 nixlib-4aef2212eea0da66843328da839487744537356d.tar.lz nixlib-4aef2212eea0da66843328da839487744537356d.tar.xz nixlib-4aef2212eea0da66843328da839487744537356d.tar.zst nixlib-4aef2212eea0da66843328da839487744537356d.zip