docker-container: Remove /etc symlink

The system output usually contains a symlink from /etc to the static
configuration for the benefit of the stage-1 script in the initrd. The stage-2
script is usually started in the real root without such a symlink. In a
container, there is no stage-1 and the system output is used directly as a real
root. If the symlink is present, setup-etc.pl will create a symlink cycle and
the system cannot boot. There is no reason for the /etc link to exist in a
container because setup-etc.pl will create the necessary files. The container
module will now remove the /etc symlink and create an empty directory. The empty
/etc is for container managers to populate it with site-specific settings; for
example, to set the hostname. This is required to boot NixOS in an LXC container
on another host.

See also: #9735

1 files changed, 8 insertions, 1 deletions

diff --git a/nixos/modules/profiles/docker-container.nix b/nixos/modules/profiles/docker-container.nix
index 5d6b11498b5..183645de36f 100644
--- a/nixos/modules/profiles/docker-container.nix
+++ b/nixos/modules/profiles/docker-container.nix
@@ -2,6 +2,8 @@
 
 with lib;
 
+let inherit (pkgs) writeScript; in
+
 let
  pkgs2storeContents = l : map (x: { object = x; symlink = "none"; }) l;
 
@@ -30,7 +32,12 @@ in {
     ];
 
     # Some container managers like lxc need these
-    extraCommands = "mkdir -p proc sys dev";
+    extraCommands =
+      let script = writeScript "extra-commands.sh" ''
+            rm etc
+            mkdir -p proc sys dev etc
+          '';
+      in script;
   };
 
   boot.isContainer = true;