| 17 Nov 2025 |
 WeetHet | Maybe we should just add these to allow list of the sandbox for FODs? | 18:47:06 |
 Alyssa Ross | we had it in the past | 18:49:07 |
| Alyssa Ross | it wasn't upstreamed and wasn't maintained | 18:49:16 |
| Alyssa Ross | https://gitlab.freedesktop.org/wayland/wayland/-/merge_requests/481 | 18:49:47 |
| WeetHet | cc raitobezarius | 18:49:59 |
 raitobezarius | Can you send a CL with the context? | 18:50:28 |
| WeetHet | Yep | 18:50:38 |
| raitobezarius | Thanks! | 18:50:41 |
| WeetHet | Working on it | 18:50:42 |
| WeetHet | Tangentially there's also /usr/share/icu | 18:51:25 |
| WeetHet | Which is the biggest offender for sandboxProfile in nixpkgs | 18:51:49 |
 Randy Eckenrode | Is that because of system frameworks? | 18:56:28 |
 spewdins | Thanks for letting me know about this | 18:56:38 |
| WeetHet | Might be | 18:56:50 |
| Randy Eckenrode | Because otherwise they should be using darwin.ICU for data. | 18:56:57 |
| WeetHet | Redacted or Malformed Event | 18:57:03 |
| WeetHet | Oh, it's about /usr/share/icu | 18:57:19 |
| spewdins | I know / communicated with Torrekie! In like 2018 or something | 18:57:27 |
| WeetHet | Redacted or Malformed Event | 18:57:43 |
| Alyssa Ross | realistically this work needs to go upstream | 18:57:58 |
| spewdins | Well, in any case I’m building a compositor and needed wayland running so here we go | 18:58:05 |
| Alyssa Ross | it's the only way it's going to keep working | 18:58:05 |
| WeetHet | It's dotnet stuff I prefer to not touch that | 18:58:07 |
| WeetHet | They also need
(allow file-read* (subpath "/private/var/db/mds/system"))
(allow mach-lookup (global-name "com.apple.SecurityServer")
(global-name "com.apple.system.opendirectoryd.membership"))
| 18:59:29 |
| WeetHet | For some reason | 18:59:32 |
| Randy Eckenrode | The .NET stuff should be using darwin.ICU. That’s one of the reasons why it exists. Packages can use DYLD_LIBRARY_PATH. I don’t think we should be weakening the sandbox for convenience. | 19:01:12 |
| WeetHet | https://gerrit.lix.systems/c/lix/+/4572 | 19:35:37 |
| raitobezarius | WeetHet how much urgent is this? | 19:36:34 |
| raitobezarius | we are literally doing 2.94.0 release engineering right now | 19:36:43 |
| WeetHet | Not very urgent but I would prefer if it was in 2.94 | 19:37:01 |
