nixos/postgresql: MemoryDenyWriteExecute must be off when doing JIT

The test breaks like this otherwise: machine # WARNING: error during JITing: Permission denied machine # [ 14.012280] postgres[913]: [913] WARNING: error during JITing: Permission denied machine # ERROR: failed to look up symbol "evalexpr_0_1": Failed to materialize symbols: { (main, { evalexpr_0_1, evalexpr_0_0 }) }
NixOS · Oct 1, 2024 · 4083be3 · 4083be3
1 parent f800d8e
commit 4083be3
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix
@@ -630,7 +630,7 @@ in
             PrivateTmp = true;
             ProtectHome = true;
             ProtectSystem = "strict";
-            MemoryDenyWriteExecute = true;
+            MemoryDenyWriteExecute = lib.mkDefault (config.services.postgresql.settings.jit == "off");
             NoNewPrivileges = true;
             LockPersonality = true;
             PrivateDevices = true;