pyrox.dev
nixos/netdata: Disable PrivateTmp setting for Netdata service (#127382)
* Add patch to put IPC socket into /run/netdata
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
* Update pkgs/tools/system/netdata/default.nix
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
authored by Leo Gaskin Jörg Thalheim Jörg Thalheim and committed by GitHub 8bc3e5aa 0d1186eb
+5
pkgs/tools/system/netdata/default.nix
+5
pkgs/tools/system/netdata/default.nix
···
42
# required to prevent plugins from relying on /etc
43
# and /var
44
./no-files-in-etc-and-var.patch
45
+
# The current IPC location is unsafe as it writes
46
+
# a fixed path in /tmp, which is world-writable.
47
+
# Therefore we put it into `/run/netdata`, which is owned
48
+
# by netdata only.
49
+
./ipc-socket-in-run.patch
50
];
51
52
NIX_CFLAGS_COMPILE = optionalString withDebug "-O1 -ggdb -DNETDATA_INTERNAL_CHECKS=1";
+13
pkgs/tools/system/netdata/ipc-socket-in-run.patch
+13
pkgs/tools/system/netdata/ipc-socket-in-run.patch
···
···
1
+
diff --git a/daemon/commands.h b/daemon/commands.h
2
+
index bd4aabfe1cbe4..ce7eb3c730228 100644
3
+
--- a/daemon/commands.h
4
+
+++ b/daemon/commands.h
5
+
@@ -6,7 +6,7 @@
6
+
#ifdef _WIN32
7
+
# define PIPENAME "\\\\?\\pipe\\netdata-cli"
8
+
#else
9
+
-# define PIPENAME "/tmp/netdata-ipc"
10
+
+# define PIPENAME "/run/netdata/ipc"
11
+
#endif
12
+
13
+
#define MAX_COMMAND_LENGTH 4096