From 060a47e1e45cd09849d20e72b465405ac4ef8c1a Mon Sep 17 00:00:00 2001 From: DDoSolitary Date: Sat, 5 Aug 2023 17:52:52 +0800 Subject: netdata: set NETDATA_PIPENAME to /run/netdata/ipc Netdata creates its control socket at /tmp/netdata-ipc by default, which is insecure and actually inaccessible with systemd's PrivateTmp enabled. Originally we patched its source code to move the socket to /run/netdata/ipc. However, it was removed due to incompatibility when upgrading to v1.41.0: 1d2a2dc7d0396495e2bb3878dc62eab620425c85 Fortunately, this new version of netdata adds support for setting the location of the control socket via the environment variable NETDATA_PIPENAME. So let's set it for the netdata service and the command line utility so that they can communicate properly. --- pkgs/tools/system/netdata/default.nix | 1 + pkgs/tools/system/netdata/ipc-socket-in-run.patch | 13 ------------- 2 files changed, 1 insertion(+), 13 deletions(-) delete mode 100644 pkgs/tools/system/netdata/ipc-socket-in-run.patch (limited to 'pkgs/tools/system/netdata') diff --git a/pkgs/tools/system/netdata/default.nix b/pkgs/tools/system/netdata/default.nix index 6c89a3d2e559..c99151299eac 100644 --- a/pkgs/tools/system/netdata/default.nix +++ b/pkgs/tools/system/netdata/default.nix @@ -103,6 +103,7 @@ stdenv.mkDerivation rec { postFixup = '' wrapProgram $out/bin/netdata-claim.sh --prefix PATH : ${lib.makeBinPath [ openssl ]} wrapProgram $out/libexec/netdata/plugins.d/cgroup-network-helper.sh --prefix PATH : ${lib.makeBinPath [ bash ]} + wrapProgram $out/bin/netdatacli --set NETDATA_PIPENAME /run/netdata/ipc ''; enableParallelBuild = true; diff --git a/pkgs/tools/system/netdata/ipc-socket-in-run.patch b/pkgs/tools/system/netdata/ipc-socket-in-run.patch deleted file mode 100644 index a117955af095..000000000000 --- a/pkgs/tools/system/netdata/ipc-socket-in-run.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/daemon/commands.h b/daemon/commands.h -index bd4aabfe1cbe4..ce7eb3c730228 100644 ---- a/daemon/commands.h -+++ b/daemon/commands.h -@@ -6,7 +6,7 @@ - #ifdef _WIN32 - # define PIPENAME "\\\\?\\pipe\\netdata-cli" - #else --# define PIPENAME "/tmp/netdata-ipc" -+# define PIPENAME "/run/netdata/ipc" - #endif - - #define MAX_COMMAND_LENGTH 4096 -- cgit 1.4.1