Unverified Commit 0f1e2a1c authored by Maximilian Bosch's avatar Maximilian Bosch Committed by Martin Weinelt
Browse files

nixos/postgresql: MemoryDenyWriteExecute must be off when doing JIT 

The test breaks like this otherwise:

    machine # WARNING:  error during JITing: Permission denied
    machine # [   14.012280] postgres[913]: [913] WARNING:  error during JITing: Permission denied
    machine # ERROR:  failed to look up symbol "evalexpr_0_1": Failed to materialize symbols: { (main, { evalexpr_0_1, evalexpr_0_0 }) }
parent f800d8e4

nixos/modules/services/databases/postgresql.nix

+1 −1
Original line number Diff line number Diff line
@@ -630,7 +630,7 @@ in 
            PrivateTmp = true;

            ProtectHome = true;

            ProtectSystem = "strict";

            MemoryDenyWriteExecute = true;

            MemoryDenyWriteExecute = lib.mkDefault (cfg.settings.jit == "off");

            NoNewPrivileges = true;

            LockPersonality = true;

            PrivateDevices = true;