diff options
author | Marek Mahut <marek.mahut@gmail.com> | 2019-08-23 08:24:06 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-08-23 08:24:06 +0200 |
commit | 4aef2212eea0da66843328da839487744537356d (patch) | |
tree | 2716b92c6d83f04ca821527febbe29287ec641f4 /nixos/modules/virtualisation | |
parent | 611fbf7206aa86dc595befb90f395a37ed6a0336 (diff) | |
download | nixlib-4aef2212eea0da66843328da839487744537356d.tar nixlib-4aef2212eea0da66843328da839487744537356d.tar.gz nixlib-4aef2212eea0da66843328da839487744537356d.tar.bz2 nixlib-4aef2212eea0da66843328da839487744537356d.tar.lz nixlib-4aef2212eea0da66843328da839487744537356d.tar.xz nixlib-4aef2212eea0da66843328da839487744537356d.tar.zst nixlib-4aef2212eea0da66843328da839487744537356d.zip |
Revert "nixos/containers: add unprivileged option"
Diffstat (limited to 'nixos/modules/virtualisation')
-rw-r--r-- | nixos/modules/virtualisation/containers.nix | 16 |
1 files changed, 2 insertions, 14 deletions
diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index 97325847bd1a..b65374c92577 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -139,7 +139,6 @@ let --bind="/nix/var/nix/profiles/per-container/$INSTANCE:/nix/var/nix/profiles" \ --bind="/nix/var/nix/gcroots/per-container/$INSTANCE:/nix/var/nix/gcroots" \ ${optionalString (!cfg.ephemeral) "--link-journal=try-guest"} \ - ${optionalString (cfg.unprivileged) "-U"} \ --setenv PRIVATE_NETWORK="$PRIVATE_NETWORK" \ --setenv HOST_BRIDGE="$HOST_BRIDGE" \ --setenv HOST_ADDRESS="$HOST_ADDRESS" \ @@ -239,8 +238,8 @@ let ExecReload = pkgs.writeScript "reload-container" '' #! ${pkgs.runtimeShell} -e - ${pkgs.systemd}/bin/machinectl shell "$INSTANCE" \ - ''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/bin/switch-to-configuration test + ${pkgs.nixos-container}/bin/nixos-container run "$INSTANCE" -- \ + bash --login -c "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/bin/switch-to-configuration test" ''; SyslogIdentifier = "container %i"; @@ -424,7 +423,6 @@ let extraVeths = {}; additionalCapabilities = []; ephemeral = false; - unprivileged = false; allowedDevices = []; hostAddress = null; hostAddress6 = null; @@ -518,16 +516,6 @@ in ''; }; - unprivileged = mkOption { - type = types.bool; - default = false; - description = '' - Run container in unprivileged mode using private users feature of <command>systemd-nspawn</command>. - This option is eqvivalent of adding -U parameter to <command>systemd-nspawn</command> command. - See <literal>systemd-nspawn(1)</literal> man page for more information. - ''; - }; - ephemeral = mkOption { type = types.bool; default = false; |