gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos-containers: fix enableTun option

Browse Source 
When using private users, `mknod /dev/net/tun` is run from the guest and therefor needs the `m` modifier.
This commit is contained in:
Paul Grandperrin
2024-11-19 14:43:02 +01:00
committed by GitHub
parent d10efaffc5
commit 853d34898d
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/modules/virtualisation/nixos-containers.nix
View File

@@ -705,7 +705,7 @@ in
allowedDevices = mkOption { allowedDevices = mkOption {
type = with types; listOf (submodule allowedDeviceOpts); type = with types; listOf (submodule allowedDeviceOpts);
default = []; default = [];
example = [ { node = "/dev/net/tun"; modifier = "rw"; } ]; example = [ { node = "/dev/net/tun"; modifier = "rwm"; } ];
description = '' description = ''
A list of device nodes to which the containers has access to. A list of device nodes to which the containers has access to.
''; '';
@@ -835,7 +835,7 @@ in
optionalAttrs cfg.enableTun optionalAttrs cfg.enableTun
{ {
allowedDevices = cfg.allowedDevices allowedDevices = cfg.allowedDevices
++ [ { node = "/dev/net/tun"; modifier = "rw"; } ]; ++ [ { node = "/dev/net/tun"; modifier = "rwm"; } ];
additionalCapabilities = cfg.additionalCapabilities additionalCapabilities = cfg.additionalCapabilities
++ [ "CAP_NET_ADMIN" ]; ++ [ "CAP_NET_ADMIN" ];
} }