Merge pull request #34803 from mt-caret/lxd-partial-fix

nixos/lxd: partial fix for lxd breakage

1 files changed, 13 insertions, 0 deletions

diff --git a/nixos/modules/virtualisation/lxd.nix b/nixos/modules/virtualisation/lxd.nix
index b1ff0337994e..4988886baf60 100644
--- a/nixos/modules/virtualisation/lxd.nix
+++ b/nixos/modules/virtualisation/lxd.nix
@@ -38,6 +38,15 @@ in
     environment.systemPackages =
       [ pkgs.lxd ];
 
+    security.apparmor = {
+      enable = true;
+      profiles = [
+        "${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start"
+        "${pkgs.lxc}/etc/apparmor.d/lxc-containers"
+      ];
+      packages = [ pkgs.lxc ];
+    };
+
     systemd.services.lxd =
       { description = "LXD Container Management Daemon";
 
@@ -47,6 +56,10 @@ in
         # TODO(wkennington): Add lvm2 and thin-provisioning-tools
         path = with pkgs; [ acl rsync gnutar xz btrfs-progs gzip dnsmasq squashfsTools iproute iptables ];
 
+        preStart = ''
+          mkdir -m 0755 -p /var/lib/lxc/rootfs
+        '';
+
         serviceConfig.ExecStart = "@${pkgs.lxd.bin}/bin/lxd lxd --syslog --group lxd";
         serviceConfig.Type = "simple";
         serviceConfig.KillMode = "process"; # when stopping, leave the containers alone