ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-09-11 07:15:54 +03:00
Code Issues Projects Releases Wiki Activity

nixos/pretix: Fix pdf generation

Browse Source 
Previously, pdftk (part of the ticket, badge, ... generation pipeline)
would fail with:

```
Error occurred during initialization of VM
Failed to mark memory page as executable - check if grsecurity/PaX is enabled
```
Thise caused pdf generation to fail.

Since pdftk is a java application and, according to systemd.exec(5),

 > Note that [MemoryDenyWriteExecute=] is incompatible with programs and
 > libraries that generate program code dynamically at runtime, including
 > JIT execution engines, executable stacks, and code "trampoline" featu
 > re of various C compilers.

Disabling `MemoryDenyWriteExecute=` fixes it.
This commit is contained in:
e1mo 2024-03-21 15:41:00 +01:00 committed by Martin Weinelt
parent c08b185484
commit 6d5a6cab71
No known key found for this signature in database
GPG Key ID: 87C1E9888F856759
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/services/web-apps/pretix.nix
View File

@ -479,7 +479,7 @@ in
CapabilityBoundingSet = [ "" ];
DevicePolicy = "closed";
LockPersonality = true;
MemoryDenyWriteExecute = true;
MemoryDenyWriteExecute = false; # required by pdftk
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;