nixos/postgresql: MemoryDenyWriteExecute must be off when doing JIT

The test breaks like this otherwise: machine # WARNING: error during JITing: Permission denied machine # [ 14.012280] postgres[913]: [913] WARNING: error during JITing: Permission denied machine # ERROR: failed to look up symbol "evalexpr_0_1": Failed to materialize symbols: { (main, { evalexpr_0_1, evalexpr_0_0 }) }
2024-10-01 09:20:15 +02:00 · 2024-10-01 09:20:15 +02:00 · 0f1e2a1cd8
commit 0f1e2a1cd8
parent f800d8e42b
1 changed files with 1 additions and 1 deletions
--- a/nixos/modules/services/databases/postgresql.nix
+++ b/nixos/modules/services/databases/postgresql.nix
@ -630,7 +630,7 @@ in
            PrivateTmp = true;
            ProtectHome = true;
            ProtectSystem = "strict";
-            MemoryDenyWriteExecute = true;
+            MemoryDenyWriteExecute = lib.mkDefault (cfg.settings.jit == "off");
            NoNewPrivileges = true;
            LockPersonality = true;
            PrivateDevices = true;