| 23 Apr 2025 |
|  @slamphear:matrix.org left the room. | 12:40:10 |
 Martin Schwaighofer | In reply to @puck:puck.moe
it's for calculating the length of the final string, post-substitution, so it can be properly seated into the tarball Ok, I see. Thanks. 😊 | 13:04:10 |
 Mic92 | In reply to @aleksana:mozilla.org
Idea: We should detect a "minimum syscall permission set" that allows Nix to work and make both hydra and ofborg follow this specification. Currently nested containers (for example, nix-build in systemd-nspawn) cannot pass the checkPhase of some packages, but we don't fix it because CI isn't set up as such. The nix sandbox with seccomp defines the minimum set of syscalls already. | 13:24:18 |
| Mic92 | Issue is that your containers syscall set is smaller than set | 13:24:56 |
