| 24 Oct 2022 |
 Arian | odd | 08:32:13 |
| Arian | seems both minica and lego dumped core | 08:33:26 |
| Arian | this is really odd. maybe the go package broke? | 08:34:10 |
| Arian | aaah wait | 08:34:45 |
| Arian | We have a whitelist of syscalls here: | 08:35:15 |
| Arian | https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/security/acme/default.nix#L63-L70 | 08:35:16 |
| Arian | so maybe lego and minica are doing new syscalls that aren't in this list | 08:35:27 |
| Arian | lego seems to be calling setrlimit (which tbh is a weird thing for a process to do themselves) and idk if that one is allowed by default | 08:36:04 |
| Arian | minica stacktrace is very... uninformative | 08:36:14 |
| Arian | anyhow this means that the acme module is properly broken. this is a release blocker | 08:36:44 |
| Arian | Andreas Schrägle: could you please open an issue so we can add it to the release blocker list? | 08:37:07 |
 Andreas Schrägle | In reply to @arianvp:matrix.org
Andreas Schrägle: could you please open an issue so we can add it to the release blocker list? does this not block the (non -small) channel anyways? | 08:38:39 |
| Arian | idk if this VM test is in the list. | 08:38:57 |
| Arian | if it is then we're good :) | 08:39:00 |
| Andreas Schrägle | looks like it isn't. I'll open an issue. | 08:41:04 |
