From ecff738c597b861406b289c0d9c82a862f0935f0 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Sun, 10 Nov 2024 22:46:47 +0100
Subject: [PATCH] nixosTests.postgresql: test hardening gets relaxed

The plv8 plugin requires access to pkey syscalls. The execution will
crash hard when it is not allowed by the syscall filter.

Co-Authored-By: Jan Tojnar <jtojnar@gmail.com>
---
 nixos/tests/postgresql/postgresql.nix | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/nixos/tests/postgresql/postgresql.nix b/nixos/tests/postgresql/postgresql.nix
index 55f61cc972272..bc782b7158f9f 100644
--- a/nixos/tests/postgresql/postgresql.nix
+++ b/nixos/tests/postgresql/postgresql.nix
@@ -26,6 +26,16 @@ let
     INSERT INTO sth (id) VALUES (1);
     CREATE TABLE xmltest ( doc xml );
     INSERT INTO xmltest (doc) VALUES ('<test>ok</test>'); -- check if libxml2 enabled
+    -- check if hardening gets relaxed
+    CREATE EXTENSION plv8;
+    -- try to trigger the V8 JIT, which requires MemoryDenyWriteExecute
+    DO $$
+      let xs = [];
+      for (let i = 0, n = 400000; i < n; i++) {
+          xs.push(Math.round(Math.random() * n))
+      }
+      console.log(xs.reduce((acc, x) => acc + x, 0));
+    $$ LANGUAGE plv8;
   '';
 
   makeTestForWithBackupAll =
@@ -43,6 +53,7 @@ let
             inherit package;
             enable = true;
             enableJIT = lib.hasInfix "-jit-" package.name;
+            extensions = ps: with ps; [ plv8 ];
           };
 
           services.postgresqlBackup = {