In reply to @hubofeverything:bark.lgbt
Heya! (reposted from Nix/NixOS room)
I'm having trouble with tracker-extract-3.service on nixos. It's been crashing since nixos 23.05.20231011.bd1cde (October 12th).
https://gist.github.com/the-furry-hubofeverything/97e6dbbca82bcdfb6325626e7b88b40a
Looking at the time that it happened, and comparing that to the closest system profile change, I ran a diff-closure between unproblematic and the problematic system, and it resulted with:
[hubble@Gulo-Laptop:~]$ nix store diff-closures /nix/var/nix/profiles/system-395-link /nix/var/nix/profiles/system-396-link
nixos-system-Gulo-Laptop: 23.05.20231007.5a237ae → 23.05.20231011.bd1cde4
source: +417.8 KiB
tracker-miners: 3.5.0 → 3.5.3, -41.0 KiB
And looking at the latest commits at that time, tracker-miners was updated to patch CVE-2023-43641.
Is this related to the CVE? Is this a nixos bug or upstream?
Hi, the security sandbox whitelists allowed system calls so if some dependency is updated it might start using one not on the whitelist 
Jan Tojnar