Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

phpfpm service: don't use private /tmp #24317

Merged
merged 1 commit into from Mar 25, 2017
Merged

phpfpm service: don't use private /tmp #24317

merged 1 commit into from Mar 25, 2017

Conversation

abbradar
Copy link
Member

Motivation for this change

This breaks local PostgreSQL connections.

Things done
  • Tested using sandboxing
    (nix.useSandbox on NixOS,
    or option build-use-sandbox in nix.conf
    on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@abbradar
phpfpm service: don't use private /tmp
4f84ac0 
This breaks local PostgreSQL connections.
@abbradar abbradar added this to the 17.03 milestone Mar 25, 2017
@mention-bot
Copy link

@abbradar, thanks for your PR! By analyzing the history of the files in this pull request, we identified @rickynils, @fpletz and @ericsagnes to be potential reviewers.

fpletz
fpletz approved these changes Mar 25, 2017
View reviewed changes
Copy link
Member

@fpletz fpletz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. Didn't think of postgres.

@globin globin merged commit 417844b into NixOS:master Mar 25, 2017
aszlig added a commit to aszlig/nixpkgs that referenced this pull request Mar 15, 2019
@aszlig
postgresql: Move socket dir to /run/postgresql
ef55378 
The default, which is /tmp, has a few issues associated with it:

One being that it makes it easy for users on the system to spoof a
PostgreSQL server if it's not running, causing applications to connect
to their provided sockets instead of just failing to connect.

Another one is that it makes sandboxing of PostgreSQL and other services
unnecessarily difficult. This is already the case if only PrivateTmp is
used in a systemd service, so in order for such a service to be able to
connect to PostgreSQL, a bind mount needs to be done from /tmp to some
other path, so the service can access it. This pretty much defeats the
whole purpose of PrivateTmp.

We regularily run into issues with this in the past already (one example
would be NixOS#24317) and with the new
systemd-confinement mode upcoming in
NixOS#57519, it makes it even more
tedious to sandbox services.

I've tested this change against all the postgresql NixOS VM tests and
they still succeed and I also grepped through the source tree to replace
other occasions where we might have /tmp hardcoded. Luckily there were
very few occasions.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @ocharles, @thoughtpolice, @danbst
@aszlig aszlig mentioned this pull request Mar 15, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fpletz fpletz fpletz approved these changes

Assignees
No one assigned
Labels
0.kind: bug
Projects
None yet
Milestone
17.03
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@abbradar @mention-bot @fpletz @globin