diff options
| author | Vladimír Čunát <v@cunat.cz> | 2020-10-07 11:15:18 +0200 |
|---|---|---|
| committer | Vladimír Čunát <v@cunat.cz> | 2020-10-07 12:22:18 +0200 |
| commit | 420f89ceb267b461eed5d025b6c3c0e57703cc5c (patch) | |
| tree | 373179c02e9fd698fdb9c2b6fa1f4fd9b9a2dc87 /nixos/modules/virtualisation | |
| parent | 3b0886c9af7fadcb46fc04c28cf5b79280d38371 (diff) | |
Revert "apparmor: fix and improve the service"
This reverts commit fb6d63f3fdd95a5468d43a0693c8ca7c1894363f. I really hope this finally fixes #99236: evaluation on Hydra. This time I really did check basically the same commit on Hydra: https://hydra.nixos.org/eval/1618011 Right now I don't have energy to find what exactly is wrong in the commit, and it doesn't seem important in comparison to nixos-unstable channel being stuck on a commit over one week old.
Diffstat (limited to 'nixos/modules/virtualisation')
| -rw-r--r-- | nixos/modules/virtualisation/lxc.nix | 12 | ||||
| -rw-r--r-- | nixos/modules/virtualisation/lxd.nix | 12 |
2 files changed, 8 insertions, 16 deletions
diff --git a/nixos/modules/virtualisation/lxc.nix b/nixos/modules/virtualisation/lxc.nix index 0f8b22a45df0c..f484d5ee59a88 100644 --- a/nixos/modules/virtualisation/lxc.nix +++ b/nixos/modules/virtualisation/lxc.nix @@ -74,13 +74,9 @@ in systemd.tmpfiles.rules = [ "d /var/lib/lxc/rootfs 0755 root root -" ]; security.apparmor.packages = [ pkgs.lxc ]; - security.apparmor.policies = { - "bin.lxc-start".profile = '' - include ${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start - ''; - "lxc-containers".profile = '' - include ${pkgs.lxc}/etc/apparmor.d/lxc-containers - ''; - }; + security.apparmor.profiles = [ + "${pkgs.lxc}/etc/apparmor.d/lxc-containers" + "${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start" + ]; }; } diff --git a/nixos/modules/virtualisation/lxd.nix b/nixos/modules/virtualisation/lxd.nix index 876956f654bb0..3958fc2c1d7c5 100644 --- a/nixos/modules/virtualisation/lxd.nix +++ b/nixos/modules/virtualisation/lxd.nix @@ -93,15 +93,11 @@ in security.apparmor = { enable = true; + profiles = [ + "${cfg.lxcPackage}/etc/apparmor.d/usr.bin.lxc-start" + "${cfg.lxcPackage}/etc/apparmor.d/lxc-containers" + ]; packages = [ cfg.lxcPackage ]; - policies = { - "bin.lxc-start".profile = '' - include ${cfg.lxcPackage}/etc/apparmor.d/usr.bin.lxc-start - ''; - "lxc-containers".profile = '' - include ${cfg.lxcPackage}/etc/apparmor.d/lxc-containers - ''; - }; }; systemd.services.lxd = { |