postgresql: Move socket dir to /run/postgresql

The default, which is /tmp, has a few issues associated with it:

One being that it makes it easy for users on the system to spoof a
PostgreSQL server if it's not running, causing applications to connect
to their provided sockets instead of just failing to connect.

Another one is that it makes sandboxing of PostgreSQL and other services
unnecessarily difficult. This is already the case if only PrivateTmp is
used in a systemd service, so in order for such a service to be able to
connect to PostgreSQL, a bind mount needs to be done from /tmp to some
other path, so the service can access it. This pretty much defeats the
whole purpose of PrivateTmp.

We regularily run into issues with this in the past already (one example
would be https://github.com/NixOS/nixpkgs/pull/24317) and with the new
systemd-confinement mode upcoming in
https://github.com/NixOS/nixpkgs/pull/57519, it makes it even more
tedious to sandbox services.

I've tested this change against all the postgresql NixOS VM tests and
they still succeed and I also grepped through the source tree to replace
other occasions where we might have /tmp hardcoded. Luckily there were
very few occasions.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @ocharles, @thoughtpolice, @danbst
This commit is contained in:
aszlig 2019-03-15 04:52:35 +01:00
parent b703c4d998
commit ef553788d0
No known key found for this signature in database
GPG key ID: 684089CE67EBB691
5 changed files with 17 additions and 2 deletions

View file

@ -238,6 +238,7 @@ in
User = "postgres";
Group = "postgres";
PermissionsStartOnly = true;
RuntimeDirectory = "postgresql";
Type = if lib.versionAtLeast cfg.package.version "9.6"
then "notify"
else "simple";

View file

@ -172,7 +172,7 @@ in {
Database host.
Note: for using Unix authentication with PostgreSQL, this should be
set to <literal>/tmp</literal>.
set to <literal>/run/postgresql</literal>.
'';
};
dbport = mkOption {

View file

@ -31,7 +31,7 @@
config = {
<link linkend="opt-services.nextcloud.config.dbtype">dbtype</link> = "pgsql";
<link linkend="opt-services.nextcloud.config.dbuser">dbuser</link> = "nextcloud";
<link linkend="opt-services.nextcloud.config.dbhost">dbhost</link> = "/tmp"; # nextcloud will add /.s.PGSQL.5432 by itself
<link linkend="opt-services.nextcloud.config.dbhost">dbhost</link> = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
<link linkend="opt-services.nextcloud.config.dbname">dbname</link> = "nextcloud";
<link linkend="opt-services.nextcloud.config.adminpassFile">adminpassFile</link> = "/path/to/admin-pass-file";
<link linkend="opt-services.nextcloud.config.adminuser">adminuser</link> = "root";

View file

@ -60,6 +60,7 @@ let
(if atLeast "9.6" then ./patches/less-is-more-96.patch else ./patches/less-is-more.patch)
(if atLeast "9.6" then ./patches/hardcode-pgxs-path-96.patch else ./patches/hardcode-pgxs-path.patch)
./patches/specify_pkglibdir_at_runtime.patch
./patches/socketdir-in-run.patch
];
installTargets = [ "install-world" ];

View file

@ -0,0 +1,13 @@
diff --git a/src/include/pg_config_manual.h b/src/include/pg_config_manual.h
index 743401cb96..be5c5f61d2 100644
--- a/src/include/pg_config_manual.h
+++ b/src/include/pg_config_manual.h
@@ -179,7 +179,7 @@
* here's where to twiddle it. You can also override this at runtime
* with the postmaster's -k switch.
*/
-#define DEFAULT_PGSOCKET_DIR "/tmp"
+#define DEFAULT_PGSOCKET_DIR "/run/postgresql"
/*
* This is the default event source for Windows event log.