movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-13 13:15:30 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixos/postgresql/citus: fix syscall filter and add test

Browse source
This commit is contained in:
Julien Langlois 2025-02-06 01:40:10 -05:00
parent 9a9ab6b924
commit 37372eb227
No known key found for this signature in database
GPG key ID: 37B05BA8EDF67299
3 changed files with 84 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

14
nixos/modules/services/databases/postgresql.nix
View file

@ -727,10 +727,16 @@ in
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@privileged @resources"
] ++ lib.optionals (any extensionInstalled [ "plv8" ]) [ "@pkey" ];
SystemCallFilter =
[
"@system-service"
"~@privileged @resources"
]
++ lib.optionals (any extensionInstalled [ "plv8" ]) [ "@pkey" ]
++ lib.optionals (any extensionInstalled [ "citus" ]) [
"getpriority"
"setpriority"
];
UMask = if groupAccessAvailable then "0027" else "0077";
}
(mkIf (cfg.dataDir != "/var/lib/postgresql/${cfg.package.psqlSchema}") {