From a3c769fef617eb47d0f2b6eaf552d5f17b889b2a Mon Sep 17 00:00:00 2001 From: Izorkin Date: Mon, 23 Mar 2020 10:27:29 +0300 Subject: [PATCH] nixos/netdata: fix permissions for slabinfo.plugin --- nixos/modules/services/monitoring/netdata.nix | 9 +++++++++ pkgs/tools/system/netdata/default.nix | 4 +++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/monitoring/netdata.nix b/nixos/modules/services/monitoring/netdata.nix index 7589fd0e67b0..621d686512df 100644 --- a/nixos/modules/services/monitoring/netdata.nix +++ b/nixos/modules/services/monitoring/netdata.nix @@ -9,6 +9,7 @@ let mkdir -p $out/libexec/netdata/plugins.d ln -s /run/wrappers/bin/apps.plugin $out/libexec/netdata/plugins.d/apps.plugin ln -s /run/wrappers/bin/freeipmi.plugin $out/libexec/netdata/plugins.d/freeipmi.plugin + ln -s /run/wrappers/bin/slabinfo.plugin $out/libexec/netdata/plugins.d/slabinfo.plugin ''; plugins = [ @@ -181,6 +182,14 @@ in { permissions = "u+rx,g+rx,o-rwx"; }; + security.wrappers."slabinfo.plugin" = { + source = "${cfg.package}/libexec/netdata/plugins.d/slabinfo.plugin.org"; + capabilities = "cap_dac_override+ep"; + owner = cfg.user; + group = cfg.group; + permissions = "u+rx,g+rx,o-rx"; + }; + security.pam.loginLimits = [ { domain = "netdata"; type = "soft"; item = "nofile"; value = "10000"; } { domain = "netdata"; type = "hard"; item = "nofile"; value = "30000"; } diff --git a/pkgs/tools/system/netdata/default.nix b/pkgs/tools/system/netdata/default.nix index 9abadd383560..1179db00e522 100644 --- a/pkgs/tools/system/netdata/default.nix +++ b/pkgs/tools/system/netdata/default.nix @@ -52,13 +52,15 @@ in stdenv.mkDerivation rec { # rename this plugin so netdata will look for setuid wrapper mv $out/libexec/netdata/plugins.d/apps.plugin \ $out/libexec/netdata/plugins.d/apps.plugin.org + mv $out/libexec/netdata/plugins.d/slabinfo.plugin \ + $out/libexec/netdata/plugins.d/slabinfo.plugin.org ${optionalString withIpmi '' mv $out/libexec/netdata/plugins.d/freeipmi.plugin \ $out/libexec/netdata/plugins.d/freeipmi.plugin.org ''} ''; - preConfigure = optionalString (!stdenv.isDarwin) '' + preConfigure = optionalString (!stdenv.isDarwin) '' substituteInPlace collectors/python.d.plugin/python_modules/third_party/lm_sensors.py \ --replace 'ctypes.util.find_library("sensors")' '"${lm_sensors.out}/lib/libsensors${stdenv.hostPlatform.extensions.sharedLibrary}"' '';