forked from mirrors/nixpkgs
6dc3ef5e1a
Using PHP with PCRE2 built with the JIT SEAlloc is known to be
problematic [0] and it may crashes apps using pcntl to process a
workload in parallel like Psalm or PHPCS.
Another solution would be to disable `pcre.jit` but this is likely to
have a noticeable performance impact.
PCRE2 JIT SEAlloc was enabled in order to make possible to use
`MemoryDenyWriteExecute=true` in the NixOS Gitea module [1]. Doing
something similar for a PHP module is likely to involve more steps as
you will also need to disable PHP's JIT. Not building PCRE2 with the JIT
SEAlloc is however not really blocking for someone wanting to build an
hardened PHP module as they likely will disable `pcre.jit` and make sure
`opcache.jit` is disabled.
It should also be noted that OpenSUSE did try to enable PCRE2 JIT
SEAlloc by default in the past but recently reverted the change [2].
[0] https://bugs.php.net/bug.php?id=78630
[1]
|
||
---|---|---|
.. | ||
default.nix |