-
-
Notifications
You must be signed in to change notification settings - Fork 13.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/dhcpcd: don't assert for hardened malloc, use scudo instead #157430
Conversation
I don't think it's your problem but
at least we can now see that failure though. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"works" for me, x86_64
yeah, that's the test failure noted up top. looks like the test doesn't like nix >=2.4. |
Yes I should read things... |
to be clear: we're very unsure this is the right solution. other memory allocators are also broken, so falling back to scudo can still cause some systems to fail to build. the mechanism by which this overrides the malloc implementation is also pretty ad-hoc and should probably be formalized somewhat, but no idea how that would even look (just adding it as an option to |
Perhaps we could do with an environment variable that causes |
we could achieve the same thing localized to dhcpcd by bind mounting an empty file over |
Since 831024e ("nixos/dhcpcd: assert if privSep && alternative malloc"), this test has an assertion failure because dhcpcd (with privsep enabled) is not compatible with the allocator used by the hardened profile. Since it's unclear[1] what to do about this for the hardened profile, I propose doing the simplest thing possible to make the test eval, which is to just disable dhcpcd privsep. It's very inconvenient when trying to refactor the NixOS test infrastructure to have a test that doesn't evaluate. Once the correct solution is found for using dhcpcd with privsep with the hardened profile, this patch can be reverted. [1]: NixOS#157430
@pennae Do you know if this is still relevant? |
no idea. |
Motivation for this change
#151795 broke the hardened test (see #151696 (comment)). not sure this is a good solution, but it is a solution. the hardened test still fails with this applied, but apparently not due to dhcpcd:
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)nixos/doc/manual/md-to-db.sh
to update generated release notes