| 1 Apr 2025 |
 K900 | In reply to @r522:matrix.org
yeah
it wouldn't be hard to make it do that, kernel-wise (or maybe LD_PRELOAD some shim that goes and asks for an already created ring that has syscall restrictions applied already)
but i guess ultimately it doesn't Particularly matter since all you lose is the ability to run tests in the sandbox There are no restrictions in io_uring | 10:47:58 |
| K900 | That's kind of the problem | 10:48:04 |
 @r522:matrix.org | there are, but it's per-ring | 10:48:33 |
| @r522:matrix.org | not globally | 10:48:38 |
| @r522:matrix.org | if there was a syscall to say "apply these restrictions to all future rings made by this process", it would be fine | 10:49:25 |
| @r522:matrix.org | (see: IORING_REGISTER_RESTRICTIONS in https://www.man7.org/linux/man-pages/man2/io_uring_register.2.html) | 10:50:32 |
 @aloisw:julia0815.de | That sounds very hard to implement correctly for a separate sandbox. | 11:09:57 |
| @r522:matrix.org | well, the point behind restrictions is to let you make a ring and then hand it off to someone less privileged than you (since it's just a fd, sending fds is easy)
for that use case, making it per-ring is correct
but for the seccomp use case of "protecting you from yourself", yeah, it has to be global
| 11:26:04 |
|  Adam Neverwas set a profile picture. | 23:15:46 |
| 3 Apr 2025 |
 Toma | After I do some basic testing on darwin I think https://github.com/NixOS/nixpkgs/pull/390171 is good to go | 08:26:19 |
|  @2xsaiko:tchncs.de changed their display name from 2xsaiko to 2xsaiko (moved! @saiko:knifepoint.net). | 12:52:01 |
| 4 Apr 2025 |
 emily | https://github.com/nix-darwin/nix-darwin/issues/1418 is this a recent breaking change in the Rust builder interface? | 11:32:39 |
| emily | wonder if it's my fault | 11:32:40 |
 antifuchs | (It wasn’t, hah) | 14:42:13 |
| 5 Apr 2025 |
|  underpantsgnome left the room. | 15:39:20 |
|  Sapphire changed their profile picture. | 20:07:27 |
|  staberinde joined the room. | 23:01:47 |
| 9 Apr 2025 |
 cleverca22 | having some trouble building a package in rust, it needs both x86-64-linux and wasm32, all of the x86 stuff seems to work with normal buildRustPackage, but then a build.rs file goes and runs cargo with --target=wasm32-unknown-unknown and it fails, how would i get both targets at once? | 01:10:12 |
| K900 | Our default compilers should have WASM targets I think? | 04:59:58 |
| K900 | At least on unstable | 05:00:01 |
| K900 | Not sure about 24.11 | 05:00:03 |
| cleverca22 | In reply to @k900:0upti.me
At least on unstable and i'm on master, so it should work... | 11:55:34 |
| K900 | How does it fail? | 11:55:49 |
| cleverca22 | In reply to @k900:0upti.me
How does it fail? https://github.com/paritytech/polkadot-sdk/blob/master/substrate/utils/wasm-builder/src/prerequisites.rs#L228-L250 | 11:56:43 |
| cleverca22 | this error is getting triggered via build.rs | 11:56:49 |
| cleverca22 | Rust WASM target for toolchain 0rn3apgrjdqrq6zpqsrh5b8dmlxbci42-rustc-1.85.0 is not properly installed; please install it! | 11:56:58 |
 Alyssa Ross | Maybe the check is wrong? | 12:37:34 |
| cleverca22 | error: failed to run custom build command for `name v0.2.2 (/build/name/runtime)`
Caused by:
process didn't exit successfully: `/build/name/target/release/build/name-aa417fbc44577df4/build-script-build` (exit status: 1)
--- stderr
Rust WASM target for toolchain 0rn3apgrjdqrq6zpqsrh5b8dmlxbci42-rustc-1.85.0 is not properly installed; please install it!
Further error information:
------------------------------------------------------------
Compiling dummy-crate v1.0.0 (/build/.tmpvBgI1g)
error: linker `lld` not found
|
= note: No such file or directory (os error 2)
error: could not compile `dummy-crate` (bin "dummy-crate") due to 1 previous error
------------------------------------------------------------
| 12:48:36 |
| cleverca22 | it looks like its trying to run the llvm linker for some reason?? | 12:48:47 |
 ghpzin | I wouldn't call it "check".
From linked code it seemingly tries to build their "dummy crate" inside and fails to output anything as a result around here (which I assume may not be expected to work properly inside buildRustPackage):
https://github.com/paritytech/polkadot-sdk/blob/65441c8199ba8c9c1fe75ba4d432352109e87d43/substrate/utils/wasm-builder/src/prerequisites.rs#L211
https://github.com/paritytech/polkadot-sdk/blob/65441c8199ba8c9c1fe75ba4d432352109e87d43/substrate/utils/wasm-builder/src/prerequisites.rs#L150-L177 | 12:49:51 |
