diff options
| author | Dominique Martinet <asmadeus@codewreck.org> | 2020-09-06 17:56:44 +0200 |
|---|---|---|
| committer | Dominique Martinet <asmadeus@codewreck.org> | 2020-09-06 18:55:10 +0200 |
| commit | fd196452f03f77aea5f2cd5babda21534e3c7f2d (patch) | |
| tree | eee06967c614228e8aaab7401a356e14e439eca4 | |
| parent | ebd2e632d613b1e42a3ca35c9dd495693f93e706 (diff) | |
| download | nixpkgs-fd196452f03f77aea5f2cd5babda21534e3c7f2d.tar nixpkgs-fd196452f03f77aea5f2cd5babda21534e3c7f2d.tar.gz nixpkgs-fd196452f03f77aea5f2cd5babda21534e3c7f2d.tar.bz2 nixpkgs-fd196452f03f77aea5f2cd5babda21534e3c7f2d.tar.lz nixpkgs-fd196452f03f77aea5f2cd5babda21534e3c7f2d.tar.xz nixpkgs-fd196452f03f77aea5f2cd5babda21534e3c7f2d.tar.zst nixpkgs-fd196452f03f77aea5f2cd5babda21534e3c7f2d.zip | |
systemd-confinement: handle ExecStarts etc being lists
systemd-confinement's automatic package extraction does not work correctly if ExecStarts ExecReload etc are lists. Add an extra flatten to make things smooth. Fixes #96840.
| -rw-r--r-- | nixos/modules/security/systemd-confinement.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/security/systemd-confinement.nix b/nixos/modules/security/systemd-confinement.nix index 0a400f1d535..2927d424a8a 100644 --- a/nixos/modules/security/systemd-confinement.nix +++ b/nixos/modules/security/systemd-confinement.nix @@ -135,7 +135,7 @@ in { ]; execPkgs = lib.concatMap (opt: let isSet = config.serviceConfig ? ${opt}; - in lib.optional isSet config.serviceConfig.${opt}) execOpts; + in lib.flatten (lib.optional isSet config.serviceConfig.${opt})) execOpts; unitAttrs = toplevelConfig.systemd.units."${name}.service"; allPkgs = lib.singleton (builtins.toJSON unitAttrs); unitPkgs = if fullUnit then allPkgs else execPkgs; |