diff options
| author | benaryorg <binary@benary.org> | 2025-05-17 13:02:22 +0000 |
|---|---|---|
| committer | benaryorg <binary@benary.org> | 2025-05-18 19:58:59 +0000 |
| commit | e434130d0baea01c94270dd2589a2bd811c42116 (patch) | |
| tree | 8139b8272bfd1a2a92cfdd398d5a6a45d26f30fa /pkgs/development/python-modules/python-mapnik/python-mapnik_std_optional.patch | |
| parent | 22d51e08cf1fb1af0c01b1a40edc5a6b7330a91b (diff) | |
nixos/systemd: unconditional systemd-journald-audit.socket
Containers did not have *systemd-journald-audit.socket* in *additionalUpstreamSystemUnits*, which meant that the unit was not provided.
However the *wantedBy* was added without any additional check, therefore creating an empty unit with just the *WantedBy* on *boot.isContainer* machines.
This caused `systemd-analyze verify` to fail:
```text
systemd-journald-audit.socket: Unit has no Listen setting (ListenStream=, ListenDatagram=, ListenFIFO=, ...). Refusing.
systemd-journald-audit.socket: Cannot add dependency job, ignoring: Unit systemd-journald-audit.socket has a bad unit file setting.
systemd-journald-audit.socket: Cannot add dependency job, ignoring: Unit systemd-journald-audit.socket has a bad unit file setting.
```
The upstream unit already contains the following, which should make it safe to include regardless:
```ini
[Unit]
ConditionSecurity=audit
ConditionCapability=CAP_AUDIT_READ
```
For reference, this popped up in the context of #[360426](https://redirect.github.com/NixOS/nixpkgs/issues/360426) as well as #[407696](https://redirect.github.com/NixOS/nixpkgs/pull/407696).
Co-authored-by: Bruce Toll <4109762+tollb@users.noreply.github.com>
Signed-off-by: benaryorg <binary@benary.org>
Diffstat (limited to 'pkgs/development/python-modules/python-mapnik/python-mapnik_std_optional.patch')
0 files changed, 0 insertions, 0 deletions