nixos/couchdb: Prevent it from chowning /var/log to couchdb:couchdb
The default for logFile is /var/log/couchdb.log, and the tmpfile rules chown ${dirOf cfg.logFile}, which is just /var/log, to couchdb:couchdb. This was found by Edes' report on IRC, which looked like Detected unsafe path transition /var/log → /var/log/journal during canonicalization of /var/log/journal While this bug has been present since the initial couchdb module in 62438c09f7cc811f994510550614c9265b3b1d18 by @garbas, this wasn't a problem, because the initial module only created and chowned /var/log if it didn't exist yet, which can't occur because this gets created in the initial phases of NixOS startup. However with the recent move from manual preStart chown scripts to systemd.tmpfiles.rules in 062efe018d571b1daa9c37b8c99eb39ad47d7342 (#59389), this chown is suddenly running unconditionally at every system activation, therefore triggering the above error.
This commit is contained in:
parent
4ec8edaa6a
commit
5e974362be
@ -160,7 +160,7 @@ in {
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${dirOf cfg.uriFile}' - ${cfg.user} ${cfg.group} - -"
|
||||
"d '${dirOf cfg.logFile}' - ${cfg.user} ${cfg.group} - -"
|
||||
"f '${cfg.logFile}' - ${cfg.user} ${cfg.group} - -"
|
||||
"d '${cfg.databaseDir}' - ${cfg.user} ${cfg.group} - -"
|
||||
"d '${cfg.viewIndexDir}' - ${cfg.user} ${cfg.group} - -"
|
||||
];
|
||||
@ -169,11 +169,9 @@ in {
|
||||
description = "CouchDB Server";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
preStart =
|
||||
''
|
||||
preStart = ''
|
||||
touch ${cfg.configFile}
|
||||
touch -a ${cfg.logFile}
|
||||
'';
|
||||
'';
|
||||
|
||||
environment = mkIf useVersion2 {
|
||||
# we are actually specifying 4 configuration files:
|
||||
|
Loading…
x
Reference in New Issue
Block a user