Skip to content

Commit

Permalink
nixosTests.postgresql: test hardening gets relaxed
Browse files Browse the repository at this point in the history
The plv8 plugin requires access to pkey syscalls. The execution will
crash hard when it is not allowed by the syscall filter.

Co-Authored-By: Jan Tojnar <[email protected]>
  • Loading branch information
2 people authored and Ma27 committed Nov 13, 2024
1 parent bbddb96 commit ecff738
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions nixos/tests/postgresql/postgresql.nix
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,16 @@ let
INSERT INTO sth (id) VALUES (1);
CREATE TABLE xmltest ( doc xml );
INSERT INTO xmltest (doc) VALUES ('<test>ok</test>'); -- check if libxml2 enabled
-- check if hardening gets relaxed
CREATE EXTENSION plv8;
-- try to trigger the V8 JIT, which requires MemoryDenyWriteExecute
DO $$
let xs = [];
for (let i = 0, n = 400000; i < n; i++) {
xs.push(Math.round(Math.random() * n))
}
console.log(xs.reduce((acc, x) => acc + x, 0));
$$ LANGUAGE plv8;
'';

makeTestForWithBackupAll =
Expand All @@ -43,6 +53,7 @@ let
inherit package;
enable = true;
enableJIT = lib.hasInfix "-jit-" package.name;
extensions = ps: with ps; [ plv8 ];
};

services.postgresqlBackup = {
Expand Down

0 comments on commit ecff738

Please sign in to comment.