nixos/containers: add catatonit / init_path

https://github.com/containers/common/blob/master/docs/containers.conf.5.md - Also drop unneeded true from ociSeccompBpfHook
author: zowoq <59103226+zowoq@users.noreply.github.com> 2021-03-21 15:49:52 +1000
committer: Andrey Golovizin <ag@sologoc.com> 2021-03-21 20:57:28 +0100
commit: 4b11122749d7b0ce41a0a39e19d33eb6406e45dc (patch)
tree: ddaeabf59e5a8fa8338868a14110c07d5b5b5b66 /nixos
parent: be38dc44f38b7bc3ee7caa743564d5233339d569 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix
index 997edf77ba99f..148d0221998fb 100644
--- a/nixos/modules/virtualisation/containers.nix
+++ b/nixos/modules/virtualisation/containers.nix
@@ -118,8 +118,9 @@ in
       [network]
       cni_plugin_dirs = ["${pkgs.cni-plugins}/bin/"]
 
-      ${lib.optionalString (cfg.ociSeccompBpfHook.enable == true) ''
       [engine]
+      init_path = "${pkgs.catatonit}/bin/catatonit"
+      ${lib.optionalString (cfg.ociSeccompBpfHook.enable) ''
       hooks_dir = [
         "${config.boot.kernelPackages.oci-seccomp-bpf-hook}",
       ]
author	zowoq <59103226+zowoq@users.noreply.github.com>	2021-03-21 15:49:52 +1000
committer	Andrey Golovizin <ag@sologoc.com>	2021-03-21 20:57:28 +0100
commit	4b11122749d7b0ce41a0a39e19d33eb6406e45dc (patch)
tree	ddaeabf59e5a8fa8338868a14110c07d5b5b5b66 /nixos
parent	be38dc44f38b7bc3ee7caa743564d5233339d569 (diff)