nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-11-24 03:09:35 +01:00
Code Activity

Add "uid-range" and "systemd-cgroup" system features

Browse source 
"uid-range" provides 65536 UIDs to a build and runs the build as root
in its user namespace. "systemd-cgroup" allows the build to mount the
systemd cgroup controller (needed for running systemd-nspawn and NixOS
containers).

Also, add a configuration option "auto-allocate-uids" which is needed
to enable these features, and some experimental feature gates.

So to enable support for containers you need the following in
nix.conf:

  experimental-features = auto-allocate-uids systemd-cgroup
  auto-allocate-uids = true
  system-features = uid-range systemd-cgroup
This commit is contained in:
Eelco Dolstra 2020-05-19 23:25:44 +02:00
parent 570c443f56
commit ba50c3efa3
5 changed files with 340 additions and 205 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/libstore/globals.hh
View file

@ -149,10 +149,13 @@ public:
"The Unix group that contains the build users."};
#if __linux__
Setting<bool> autoAllocateUids{this, false, "auto-allocate-uids",
"Whether to allocate UIDs for builders automatically."};
const uint32_t idsPerBuild = 1 << 16;
Setting<uint32_t> startId{this, 872415232, "start-id",
"The first UID and GID to use for dynamic ID allocation. (0 means disable.)"};
"The first UID and GID to use for dynamic ID allocation."};
Setting<uint32_t> uidCount{this, idsPerBuild * 128, "id-count",
"The number of UIDs/GIDs to use for dynamic ID allocation."};