Admins will be upgrading ORNL GitLab Servers on Saturday, 16 May 2026, from 7 AM until 11 AM EST. Repositories will experience intermittent outages during this time.

Unverified Commit 8bc3e5aa authored Jul 01, 2021 by Leo Gaskin Committed by GitHub Jul 01, 2021

nixos/netdata: Disable PrivateTmp setting for Netdata service (#127382)



* Add patch to put IPC socket into /run/netdata

Co-authored-by: Jörg Thalheim <joerg@thalheim.io>

* Update pkgs/tools/system/netdata/default.nix

Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>

parent 0d1186eb

pkgs/tools/system/netdata/default.nix

+5 −0

Original line number	Diff line number	Diff line
		@@ -42,6 +42,11 @@ in stdenv.mkDerivation rec {
		# required to prevent plugins from relying on /etc
		# and /var
		./no-files-in-etc-and-var.patch
		# The current IPC location is unsafe as it writes
		# a fixed path in /tmp, which is world-writable.
		# Therefore we put it into `/run/netdata`, which is owned
		# by netdata only.
		./ipc-socket-in-run.patch
		];

		NIX_CFLAGS_COMPILE = optionalString withDebug "-O1 -ggdb -DNETDATA_INTERNAL_CHECKS=1";

pkgs/tools/system/netdata/ipc-socket-in-run.patch

0 → 100644

+13 −0

Original line number	Diff line number	Diff line
		diff --git a/daemon/commands.h b/daemon/commands.h
		index bd4aabfe1cbe4..ce7eb3c730228 100644
		--- a/daemon/commands.h
		+++ b/daemon/commands.h
		@@ -6,7 +6,7 @@
		#ifdef _WIN32
		# define PIPENAME "\\\\?\\pipe\\netdata-cli"
		#else
		-# define PIPENAME "/tmp/netdata-ipc"
		+# define PIPENAME "/run/netdata/ipc"
		#endif

		#define MAX_COMMAND_LENGTH 4096