diff options
author | Thomas Gerbet <thomas@gerbet.me> | 2022-11-29 18:36:38 +0100 |
---|---|---|
committer | Thomas Gerbet <thomas@gerbet.me> | 2022-11-30 13:22:39 +0100 |
commit | 622f4ee35426c6933b8a36ce5266f03884d1ed05 (patch) | |
tree | 2d6b791700cf6e5e41432340f409ee01a9cfd619 /nixos/tests/php | |
parent | ed4a7faf43c35d35f144baede6644c1ae382729c (diff) |
php8*: disable PCRE2 JIT SEAlloc to avoid crashes when forking
This is a follow up to #200815 and #184634. The PCRE2 JIT SEAlloc does not support the `fork()` as announced in their README [0]: > If you are enabling JIT under SELinux environment you may also want to add > --enable-jit-sealloc, which enables the use of an executable memory allocator > that is compatible with SELinux. Warning: this allocator is experimental! > It does not support fork() operation and may crash when no disk space is > available. This option has no effect if JIT is disabled. As a result using it in PHP can break apps and tools, it can only be enabled under very specific context where you have a full picture of what the PHP code is doing. This contribution disables again the PCRE2 JIT SEAlloc and extends the existing PHP/PCRE2 tests to make sure we do not enable it again by mistake. [0] https://www.pcre.org/readme.txt
Diffstat (limited to 'nixos/tests/php')
-rw-r--r-- | nixos/tests/php/pcre.nix | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/nixos/tests/php/pcre.nix b/nixos/tests/php/pcre.nix index 57407477f4b8e..8e37d5dcf97be 100644 --- a/nixos/tests/php/pcre.nix +++ b/nixos/tests/php/pcre.nix @@ -1,7 +1,7 @@ let testString = "can-use-subgroups"; in -import ../make-test-python.nix ({ lib, php, ... }: { +import ../make-test-python.nix ({ pkgs, lib, php, ... }: { name = "php-${php.version}-httpd-pcre-jit-test"; meta.maintainers = lib.teams.php.members; @@ -31,12 +31,22 @@ import ../make-test-python.nix ({ lib, php, ... }: { ''; }; }; - testScript = { ... }: - '' + testScript = let + # PCRE JIT SEAlloc feature does not play well with fork() + # The feature needs to either be disabled or PHP configured correctly + # More information in https://bugs.php.net/bug.php?id=78927 and https://bugs.php.net/bug.php?id=78630 + pcreJitSeallocForkIssue = pkgs.writeText "pcre-jit-sealloc-issue.php" '' + <?php + preg_match('/nixos/', 'nixos'); + $pid = pcntl_fork(); + pcntl_wait($pid); + ''; + in '' machine.wait_for_unit("httpd.service") # Ensure php evaluation by matching on the var_dump syntax response = machine.succeed("curl -fvvv -s http://127.0.0.1:80/index.php") expected = 'string(${toString (builtins.stringLength testString)}) "${testString}"' assert expected in response, "Does not appear to be able to use subgroups." + machine.succeed("${php}/bin/php -f ${pcreJitSeallocForkIssue}") ''; }) |