summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--config-joey.hs1
-rw-r--r--src/Propellor/Property/Docker.hs11
2 files changed, 12 insertions, 0 deletions
diff --git a/config-joey.hs b/config-joey.hs
index c363110d..c2c2c878 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -362,6 +362,7 @@ standardContainer name suite arch = Docker.container name (dockerImage system)
& Apt.installed ["systemd"]
& Apt.unattendedUpgrades
& Apt.cacheCleaned
+ & Docker.tweaked
where
system = System (Debian suite) arch
diff --git a/src/Propellor/Property/Docker.hs b/src/Propellor/Property/Docker.hs
index 4307b850..003b7f5b 100644
--- a/src/Propellor/Property/Docker.hs
+++ b/src/Propellor/Property/Docker.hs
@@ -13,6 +13,7 @@ module Propellor.Property.Docker (
docked,
memoryLimited,
garbageCollected,
+ tweaked,
Image,
ContainerName,
-- * Container configuration
@@ -176,6 +177,16 @@ garbageCollected = propertyList "docker garbage collected"
gcimages = property "docker images garbage collected" $ do
liftIO $ report <$> (mapM removeImage =<< listImages)
+-- | Tweaks a container to work well with docker.
+--
+-- Currently, this consists of making pam_loginuid lines optional in
+-- the pam config, to work around https://github.com/docker/docker/issues/5663
+-- which affects docker 1.2.0.
+tweaked :: Property
+tweaked = trivial $
+ cmdProperty "sh" ["-c", "sed -ri 's/^session\\s+required\\s+pam_loginuid.so$/session optional pam_loginuid.so/' /etc/pam.d/*"]
+ `describe` "tweaked for docker"
+
-- | Configures the kernel to respect docker memory limits.
--
-- This assumes the system boots using grub 2. And that you don't need any