| 8 Feb 2026 |
 raitobezarius | In reply to @arianvp:matrix.org
Yeh for now this means running tests outside of nix right? That code uses uid-range | 19:52:49 |
| raitobezarius | So you cannot run it outside of Nix | 19:53:00 |
 Arian | Oooh | 20:01:34 |
 ma27 | fwiw I think the implementation improved quite a lot with the latest few commits and doesn't walk into a wrong direction design-wise. So, IMHO it's perfectly fine to start with this and iterate on that once we actually can use nsresourced (I've heard about ideas to implement this since ~2017). | 20:49:57 |
 K900 | I may need to skim it again | 20:50:13 |
| ma27 | excuse my ignorance, but now that I think of it, how feasible is it to have nsresourced et al. inside a sandbox? | 20:50:42 |
|  @corngood:corngood.com left the room. | 21:23:29 |
| raitobezarius | In reply to @ma27:nicht-so.sexy
excuse my ignorance, but now that I think of it, how feasible is it to have nsresourced et al. inside a sandbox? By some alignment of all the stars, we, at Lix, need uid-range stabilized to enable xattrs in the store, coincidentally, getting nspawn for our own test suite would make us happier as well, nsresourced is already mentioned in https://git.lix.systems/lix-project/lix/issues/387#issuecomment-12929 (and this is an idea that has been floating back when the systemd crew introduced it at some ASG before that comment) | 21:42:42 |
| raitobezarius | That being said, after the hard packaging (eBPF) problems are fixed, integrating nsresourced in the sandbox is fairly easy; what is not easy is to stabilize cgroups
Stabilizing UID range without cgroups is probably a bad idea albeit possible because killing process tree in Linux without cgroups is annoyingly hard, so there would be an increase of deadlocked builds if they don't terminate well in the sandbox because process group killing is well not that good | 21:45:14 |
|  Kierán joined the room. | 21:45:57 |
| raitobezarius | Obviously macOS is its own open question as it does not enjoy clear system APIs to get ranges of UIDs locked properly, but that's not my department :D | 21:46:12 |
| raitobezarius | out of completeness, artemist did the work for CppNix: https://github.com/NixOS/nix/pull/15103 | 21:57:42 |
| raitobezarius | (but i think their intent behind this is unprivileged nix-daemons) | 21:58:07 |
| 22 May 2021 |
|  @grahamc:nixos.org set the history visibility to "world_readable". | 17:01:28 |
| @grahamc:nixos.org changed the room name to "" from "". | 17:01:28 |
|  cole-h joined the room. | 17:03:05 |
|  andi- joined the room. | 17:18:59 |
|  Sandro joined the room. | 17:21:35 |
|  hexa joined the room. | 17:22:33 |
|  7c6f434c joined the room. | 17:24:51 |
|  colemickens 🏳️🌈 joined the room. | 17:26:27 |
|  Alyssa Ross joined the room. | 18:02:00 |
|  toonn joined the room. | 18:54:47 |
| 23 May 2021 |
|  lukegb (he/him) joined the room. | 00:25:48 |
|  sterni joined the room. | 00:32:36 |
| lukegb (he/him) changed their display name from lukegb to lukegb (he/him). | 01:33:07 |
|  sumner joined the room. | 04:51:52 |
|  Domen Kožar joined the room. | 11:04:44 |
|  V joined the room. | 11:26:50 |
|  danielle joined the room. | 12:06:13 |
