Merge commit '83cbad92d73216bb0d9187c56cce0b91f9121d5a' into main

author: Mx Kookie <kookie@spacekookie.de> 2020-12-09 18:55:19 +0000
committer: Mx Kookie <kookie@spacekookie.de> 2020-12-09 18:55:19 +0000
commit: 80d90d9b204f7c17912740f9f414fe5d59f293ba (patch)
tree: 5f2065a06e724270610760d59d01c6888b375a46 /infra/libkookie/nixpkgs/nixos/modules/security/hidepid.nix
parent: 3a31a84c7d3e589035ad08499206aac44a81f424 (diff)
parent: 83cbad92d73216bb0d9187c56cce0b91f9121d5a (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/infra/libkookie/nixpkgs/nixos/modules/security/hidepid.nix b/infra/libkookie/nixpkgs/nixos/modules/security/hidepid.nix
index 55a48ea3c9c6..4953f517e93b 100644
--- a/infra/libkookie/nixpkgs/nixos/modules/security/hidepid.nix
+++ b/infra/libkookie/nixpkgs/nixos/modules/security/hidepid.nix
@@ -23,5 +23,9 @@ with lib;
 
     boot.specialFileSystems."/proc".options = [ "hidepid=2" "gid=${toString config.ids.gids.proc}" ];
     systemd.services.systemd-logind.serviceConfig.SupplementaryGroups = [ "proc" ];
+
+    # Disable cgroupsv2, which doesn't work with hidepid.
+    # https://github.com/NixOS/nixpkgs/pull/104094#issuecomment-729996203
+    systemd.enableUnifiedCgroupHierarchy = false;
   };
 }
author	Mx Kookie <kookie@spacekookie.de>	2020-12-09 18:55:19 +0000
committer	Mx Kookie <kookie@spacekookie.de>	2020-12-09 18:55:19 +0000
commit	80d90d9b204f7c17912740f9f414fe5d59f293ba (patch)
tree	5f2065a06e724270610760d59d01c6888b375a46 /infra/libkookie/nixpkgs/nixos/modules/security/hidepid.nix
parent	3a31a84c7d3e589035ad08499206aac44a81f424 (diff)
parent	83cbad92d73216bb0d9187c56cce0b91f9121d5a (diff)