diff options
author | Eelco Dolstra <edolstra@gmail.com> | 2020-05-15 00:23:28 +0200 |
---|---|---|
committer | Eelco Dolstra <edolstra@gmail.com> | 2020-05-15 00:25:27 +0200 |
commit | b7ddd316f1ba041c0d9f79973996f097708681fb (patch) | |
tree | 988f4c32cb03518a8a5db767524086fa3182c3e5 /nixos/modules | |
parent | 9943fd1a1daa270848299a1069706c7b8ede5bb1 (diff) | |
download | nixlib-b7ddd316f1ba041c0d9f79973996f097708681fb.tar nixlib-b7ddd316f1ba041c0d9f79973996f097708681fb.tar.gz nixlib-b7ddd316f1ba041c0d9f79973996f097708681fb.tar.bz2 nixlib-b7ddd316f1ba041c0d9f79973996f097708681fb.tar.lz nixlib-b7ddd316f1ba041c0d9f79973996f097708681fb.tar.xz nixlib-b7ddd316f1ba041c0d9f79973996f097708681fb.tar.zst nixlib-b7ddd316f1ba041c0d9f79973996f097708681fb.zip |
postgresql: Use runuser instead of sudo
Currently, sudo doesn't work in a NixOS container running inside a Nix build, because Nix's seccomp filter doesn't allow setuid programs. In any case, runuser is a bit lower-overhead than sudo.
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/databases/postgresql.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index 982480fbd99c..579b6a4d9c67 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -343,7 +343,7 @@ in # Wait for PostgreSQL to be ready to accept connections. postStart = '' - PSQL="${pkgs.sudo}/bin/sudo -u ${cfg.superUser} psql --port=${toString cfg.port}" + PSQL="${pkgs.utillinux}/bin/runuser -u ${cfg.superUser} -- psql --port=${toString cfg.port}" while ! $PSQL -d postgres -c "" 2> /dev/null; do if ! kill -0 "$MAINPID"; then exit 1; fi |