mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-06-27 03:26:50 +03:00
e434130d0b
Containers did not have *systemd-journald-audit.socket* in *additionalUpstreamSystemUnits*, which meant that the unit was not provided. However the *wantedBy* was added without any additional check, therefore creating an empty unit with just the *WantedBy* on *boot.isContainer* machines. This caused `systemd-analyze verify` to fail: ```text systemd-journald-audit.socket: Unit has no Listen setting (ListenStream=, ListenDatagram=, ListenFIFO=, ...). Refusing. systemd-journald-audit.socket: Cannot add dependency job, ignoring: Unit systemd-journald-audit.socket has a bad unit file setting. systemd-journald-audit.socket: Cannot add dependency job, ignoring: Unit systemd-journald-audit.socket has a bad unit file setting. ``` The upstream unit already contains the following, which should make it safe to include regardless: ```ini [Unit] ConditionSecurity=audit ConditionCapability=CAP_AUDIT_READ ``` For reference, this popped up in the context of #[360426](https://redirect.github.com/NixOS/nixpkgs/issues/360426) as well as #[407696](https://redirect.github.com/NixOS/nixpkgs/pull/407696). Co-authored-by: Bruce Toll <4109762+tollb@users.noreply.github.com> Signed-off-by: benaryorg <binary@benary.org> |
||
|---|---|---|
| .. | ||
| coredump.nix | ||
| dm-verity.nix | ||
| fido2.nix | ||
| homed.nix | ||
| initrd-secrets.nix | ||
| initrd.nix | ||
| journald-gateway.nix | ||
| journald-remote.nix | ||
| journald-upload.nix | ||
| journald.nix | ||
| logind.nix | ||
| nspawn.nix | ||
| oomd.nix | ||
| repart.nix | ||
| shutdown.nix | ||
| sysupdate.nix | ||
| sysusers.nix | ||
| tmpfiles.nix | ||
| tpm2.nix | ||
| user.nix | ||
| userdbd.nix | ||