| 8 Apr 2026 |
 zoë (she/her) | okay but how does that work exactly? do you have any example of a cve/attack or some ressource i could check out to understand how that might be a vulnerability? i don't know much about abstract domain sockets so i'm having a hard time seeing how a socket could be a vulnerability ;-; | 06:27:25 |
 K900 | Basically, abstract domain sockets are global in a netns | 06:29:53 |
| K900 | As in, two things can just bind and connect to a socket by name | 06:30:17 |
| K900 | And talk to each other | 06:30:20 |
 aloisw | And send file descriptors to each other, which is what happened in multiple Nix/Lix vulnerabilities. | 07:15:22 |
 emily | one of the 2025 CVEs involved abstract domain sockets | 11:41:07 |
 KFears& 🏳️⚧️ (they/them) | For someone not familiar with abstract domain sockets: why are they a thing and why not just use network sockets?.. | 11:49:11 |
 Lotte (it/its)/Cinny (she/her) θΔ& | you can have however many you need of them (instead of a system-wide limit of 64511 per ip address for network sockets) and you can use them to transport file handles | 11:54:51 |
 delroth | peer credentials is another big reason | 11:57:23 |
| Lotte (it/its)/Cinny (she/her) θΔ& | oh that too | 11:57:58 |
|  lord_fomo joined the room. | 17:04:02 |
| lord_fomo | woo y'all actually discussing the undelying issue. me likey B) | 17:06:10 |
|  Epic Eric joined the room. | 17:12:09 |
| aloisw | AF_UNIX sockets are nice, yes, but filesystem-bound ones and socketpair ones have the same advantages and don't weirdly live in the network namespace where no one expects them. | 17:31:48 |
 llakala | In reply to @llakala:matrix.org
you have to use a lot of pwd nonsense bc when executing, ./. is defined as the path of the repl-overlay, not your current path btw it would be wonderful if I didn't have to use $PWD to get the current path in a repl-overlay | 18:00:03 |
| llakala | feels like a bug to me that the ./. isn't the current path in that context | 18:00:46 |
| llakala | I can make an issue if core team agreess | 18:00:53 |
| llakala | * I can make an issue if core team agrees | 18:01:06 |
|  Acid Bong joined the room. | 18:35:56 |
| Acid Bong | evening. now that since 2.95 log format is configurable in nix.conf, it's also no longer possible to switch to with-logs version with -L (e.g., if multiline is used, appending -L would turn it into multiline-with-logs).
was that a desired change? is there maybe a move to a more symmetric switch, such that --log-format bar --log equals --log-format bar-with-logs and --log-format multiline-with-logs --no-log equals --log-format multiline? | 18:49:43 |
|  mall0c joined the room. | 18:54:15 |
| mall0c | Is there a comparison of features or incompatibilities between CppNix and Lix? | 18:55:18 |
| K900 | The Lix release notes are the closest thing we have tbh | 19:00:45 |
|  Amboss_Mann joined the room. | 21:00:02 |
|  Neil Mayhew joined the room. | 23:34:26 |
| Neil Mayhew | I've switched my NixOS system to use lix and I'd like to have cachix use lix. However, it has a hardcoded dependency on nix-store, via a pkgconfig-depends. I've created https://github.com/cachix/cachix/issues/727 to ask if anything can be done about this. | 23:38:15 |
| Neil Mayhew | Has anyone here been able to make cachix use lix? | 23:38:45 |
| Neil Mayhew | Is a client using the nix-store library compatible with a lix daemon? | 23:39:24 |
| lord_fomo | the overlay approach doesn't solve this? | 23:54:20 |
| 9 Apr 2026 |
| Neil Mayhew | No. As I show in the issue, I tried
cachix = hsuper.cachix.override (old: {
nix = super.lix.dev;
});
and I get
The pkg-config package 'nix-store' is required but it could not be found.
| 00:03:40 |
