Skip to content

Commit

Permalink
nixosTests.postgresql: test hardening gets relaxed
Browse files Browse the repository at this point in the history
The plv8 plugin requires access to pkey syscalls. The execution will
crash hard when it is not allowed by the syscall filter.

Co-Authored-By: Jan Tojnar <[email protected]>
  • Loading branch information
mweinelt and jtojnar committed Nov 12, 2024
1 parent 34c6015 commit 6100305
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions nixos/tests/postgresql/postgresql.nix
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,16 @@ let
INSERT INTO sth (id) VALUES (1);
CREATE TABLE xmltest ( doc xml );
INSERT INTO xmltest (doc) VALUES ('<test>ok</test>'); -- check if libxml2 enabled
-- check if hardening gets relaxed
CREATE EXTENSION plv8;
-- try to trigger the V8 JIT, which requires MemoryDenyWriteExecute
DO $$
let xs = [];
for (let i = 0, n = 400000; i < n; i++) {
xs.push(Math.round(Math.random() * n))
}
console.log(xs.reduce((acc, x) => acc + x, 0));
$$ LANGUAGE plv8;
'';

makeTestForWithBackupAll =
Expand All @@ -42,6 +52,7 @@ let
services.postgresql = {
inherit (package) ;
enable = true;
extensions = ps: with ps; [ plv8 ];
};

services.postgresqlBackup = {
Expand Down

0 comments on commit 6100305

Please sign in to comment.