From ef553788d01cd513ed620a4e2969919145989dfe Mon Sep 17 00:00:00 2001 From: aszlig Date: Fri, 15 Mar 2019 04:52:35 +0100 Subject: [PATCH] postgresql: Move socket dir to /run/postgresql The default, which is /tmp, has a few issues associated with it: One being that it makes it easy for users on the system to spoof a PostgreSQL server if it's not running, causing applications to connect to their provided sockets instead of just failing to connect. Another one is that it makes sandboxing of PostgreSQL and other services unnecessarily difficult. This is already the case if only PrivateTmp is used in a systemd service, so in order for such a service to be able to connect to PostgreSQL, a bind mount needs to be done from /tmp to some other path, so the service can access it. This pretty much defeats the whole purpose of PrivateTmp. We regularily run into issues with this in the past already (one example would be https://github.com/NixOS/nixpkgs/pull/24317) and with the new systemd-confinement mode upcoming in https://github.com/NixOS/nixpkgs/pull/57519, it makes it even more tedious to sandbox services. I've tested this change against all the postgresql NixOS VM tests and they still succeed and I also grepped through the source tree to replace other occasions where we might have /tmp hardcoded. Luckily there were very few occasions. Signed-off-by: aszlig Cc: @ocharles, @thoughtpolice, @danbst --- nixos/modules/services/databases/postgresql.nix | 1 + nixos/modules/services/web-apps/nextcloud.nix | 2 +- nixos/modules/services/web-apps/nextcloud.xml | 2 +- pkgs/servers/sql/postgresql/default.nix | 1 + .../sql/postgresql/patches/socketdir-in-run.patch | 13 +++++++++++++ 5 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 pkgs/servers/sql/postgresql/patches/socketdir-in-run.patch diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index aeab445a9983..87b236dd5fd1 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -238,6 +238,7 @@ in User = "postgres"; Group = "postgres"; PermissionsStartOnly = true; + RuntimeDirectory = "postgresql"; Type = if lib.versionAtLeast cfg.package.version "9.6" then "notify" else "simple"; diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 5ad241ace5c8..eedcccac723c 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -172,7 +172,7 @@ in { Database host. Note: for using Unix authentication with PostgreSQL, this should be - set to /tmp. + set to /run/postgresql. ''; }; dbport = mkOption { diff --git a/nixos/modules/services/web-apps/nextcloud.xml b/nixos/modules/services/web-apps/nextcloud.xml index 9600d1be7c88..ed0b434de6f1 100644 --- a/nixos/modules/services/web-apps/nextcloud.xml +++ b/nixos/modules/services/web-apps/nextcloud.xml @@ -31,7 +31,7 @@ config = { dbtype = "pgsql"; dbuser = "nextcloud"; - dbhost = "/tmp"; # nextcloud will add /.s.PGSQL.5432 by itself + dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself dbname = "nextcloud"; adminpassFile = "/path/to/admin-pass-file"; adminuser = "root"; diff --git a/pkgs/servers/sql/postgresql/default.nix b/pkgs/servers/sql/postgresql/default.nix index 44559885850f..eb203c1e36c1 100644 --- a/pkgs/servers/sql/postgresql/default.nix +++ b/pkgs/servers/sql/postgresql/default.nix @@ -60,6 +60,7 @@ let (if atLeast "9.6" then ./patches/less-is-more-96.patch else ./patches/less-is-more.patch) (if atLeast "9.6" then ./patches/hardcode-pgxs-path-96.patch else ./patches/hardcode-pgxs-path.patch) ./patches/specify_pkglibdir_at_runtime.patch + ./patches/socketdir-in-run.patch ]; installTargets = [ "install-world" ]; diff --git a/pkgs/servers/sql/postgresql/patches/socketdir-in-run.patch b/pkgs/servers/sql/postgresql/patches/socketdir-in-run.patch new file mode 100644 index 000000000000..969f80ff8fc7 --- /dev/null +++ b/pkgs/servers/sql/postgresql/patches/socketdir-in-run.patch @@ -0,0 +1,13 @@ +diff --git a/src/include/pg_config_manual.h b/src/include/pg_config_manual.h +index 743401cb96..be5c5f61d2 100644 +--- a/src/include/pg_config_manual.h ++++ b/src/include/pg_config_manual.h +@@ -179,7 +179,7 @@ + * here's where to twiddle it. You can also override this at runtime + * with the postmaster's -k switch. + */ +-#define DEFAULT_PGSOCKET_DIR "/tmp" ++#define DEFAULT_PGSOCKET_DIR "/run/postgresql" + + /* + * This is the default event source for Windows event log.