diff options
author | pennae <github@quasiparticle.net> | 2021-12-22 18:23:48 +0100 |
---|---|---|
committer | pennae <github@quasiparticle.net> | 2022-01-03 22:32:13 +0100 |
commit | 831024e2b93782519b3b5a998473434a0eb5d401 (patch) | |
tree | 14ab99c25052c026a3b01727a8297aaca5bf5df1 /nixos/modules/services/networking/dhcpcd.nix | |
parent | 800151e6afc43fa7fdce28df1638411fb65c79cb (diff) | |
download | nixpkgs-831024e2b93782519b3b5a998473434a0eb5d401.tar nixpkgs-831024e2b93782519b3b5a998473434a0eb5d401.tar.gz nixpkgs-831024e2b93782519b3b5a998473434a0eb5d401.tar.bz2 nixpkgs-831024e2b93782519b3b5a998473434a0eb5d401.tar.lz nixpkgs-831024e2b93782519b3b5a998473434a0eb5d401.tar.xz nixpkgs-831024e2b93782519b3b5a998473434a0eb5d401.tar.zst nixpkgs-831024e2b93782519b3b5a998473434a0eb5d401.zip |
nixos/dhcpcd: assert if privSep && alternative malloc
dhcpcd does not run properly with some of the hardened system mallocs that are currently available. assert when an incompatible configuration is detected, as a switch into such a config from eg auto-update can take hosts offline.
Diffstat (limited to 'nixos/modules/services/networking/dhcpcd.nix')
-rw-r--r-- | nixos/modules/services/networking/dhcpcd.nix | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix index 2c339350acd..3eb7ca99eaf 100644 --- a/nixos/modules/services/networking/dhcpcd.nix +++ b/nixos/modules/services/networking/dhcpcd.nix @@ -183,6 +183,20 @@ in config = mkIf enableDHCP { + assertions = [ { + # dhcpcd doesn't start properly with malloc ∉ [ libc scudo ] + # see https://github.com/NixOS/nixpkgs/issues/151696 + assertion = + dhcpcd.enablePrivSep + -> elem config.environment.memoryAllocator.provider [ "libc" "scudo" ]; + message = '' + dhcpcd with privilege separation is incompatible with chosen system malloc. + Currently only the `libc` and `scudo` allocators are known to work. + To disable dhcpcd's privilege separation, overlay Nixpkgs and override dhcpcd + to set `enablePrivSep = false`. + ''; + } ]; + systemd.services.dhcpcd = let cfgN = config.networking; hasDefaultGatewaySet = (cfgN.defaultGateway != null && cfgN.defaultGateway.address != "") |