qbit/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixosTests.postgresql: test hardening gets relaxed

Browse Source 
The plv8 plugin requires access to pkey syscalls. The execution will
crash hard when it is not allowed by the syscall filter.

Co-Authored-By: Jan Tojnar <jtojnar@gmail.com>
This commit is contained in:
Martin Weinelt 2024-11-10 22:46:47 +01:00 committed by Maximilian Bosch
parent d370af0785
commit e198536d26
No known key found for this signature in database
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
nixos/tests/postgresql/postgresql.nix
View File

@ -26,6 +26,16 @@ let
INSERT INTO sth (id) VALUES (1); INSERT INTO sth (id) VALUES (1);
CREATE TABLE xmltest ( doc xml ); CREATE TABLE xmltest ( doc xml );
INSERT INTO xmltest (doc) VALUES ('<test>ok</test>'); -- check if libxml2 enabled INSERT INTO xmltest (doc) VALUES ('<test>ok</test>'); -- check if libxml2 enabled
-- check if hardening gets relaxed
CREATE EXTENSION plv8;
-- try to trigger the V8 JIT, which requires MemoryDenyWriteExecute
DO $$
let xs = [];
for (let i = 0, n = 400000; i < n; i++) {
xs.push(Math.round(Math.random() * n))
}
console.log(xs.reduce((acc, x) => acc + x, 0));
$$ LANGUAGE plv8;
''; '';
makeTestForWithBackupAll = makeTestForWithBackupAll =
@ -43,6 +53,7 @@ let
inherit package; inherit package;
enable = true; enable = true;
enableJIT = lib.hasInfix "-jit-" package.name; enableJIT = lib.hasInfix "-jit-" package.name;
extensions = ps: with ps; [ plv8 ];
}; };
services.postgresqlBackup = { services.postgresqlBackup = {