mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-06-27 11:36:29 +03:00
f551d91f2e
Containers did not have *systemd-journald-audit.socket* in *additionalUpstreamSystemUnits*, which meant that the unit was not provided.
However the *wantedBy* was added without any additional check, therefore creating an empty unit with just the *WantedBy* on *boot.isContainer* machines.
This caused `systemd-analyze verify` to fail:
```text
systemd-journald-audit.socket: Unit has no Listen setting (ListenStream=, ListenDatagram=, ListenFIFO=, ...). Refusing.
systemd-journald-audit.socket: Cannot add dependency job, ignoring: Unit systemd-journald-audit.socket has a bad unit file setting.
systemd-journald-audit.socket: Cannot add dependency job, ignoring: Unit systemd-journald-audit.socket has a bad unit file setting.
```
The upstream unit already contains the following, which should make it safe to include regardless:
```ini
[Unit]
ConditionSecurity=audit
ConditionCapability=CAP_AUDIT_READ
```
For reference, this popped up in the context of #[360426](https://redirect.github.com/NixOS/nixpkgs/issues/360426) as well as #[407696](https://redirect.github.com/NixOS/nixpkgs/pull/407696).
Co-authored-by: Bruce Toll <4109762+tollb@users.noreply.github.com>
Signed-off-by: benaryorg <binary@benary.org>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| coredump.nix | ||
| dm-verity.nix | ||
| fido2.nix | ||
| homed.nix | ||
| initrd-secrets.nix | ||
| initrd.nix | ||
| journald-gateway.nix | ||
| journald-remote.nix | ||
| journald-upload.nix | ||
| journald.nix | ||
| logind.nix | ||
| nspawn.nix | ||
| oomd.nix | ||
| repart.nix | ||
| shutdown.nix | ||
| sysupdate.nix | ||
| sysusers.nix | ||
| tmpfiles.nix | ||
| tpm2.nix | ||
| user.nix | ||
| userdbd.nix | ||