| 2 Dec 2025 |
 emily | it's a misfeature that shouldn't have been added to the Nix sandbox profile | 19:08:54 |
| emily | please see https://git.lix.systems/lix-project/lix/issues/623 | 19:09:08 |
| emily | you can use a sandboxProfile, but better would be to fix Postgres to not need ye olde SysV IPC | 19:09:25 |
| emily | there is some linked discussion on the mailing list | 19:09:28 |
| emily | see also https://github.com/NixOS/nixpkgs/pull/431202#issuecomment-3193168883 linked from there | 19:10:13 |
 WeetHet | Redacted or Malformed Event | 19:11:16 |
| WeetHet | * Doesn't __darwinAllowLocalNetworking already allow that anyways? | 19:11:48 |
| WeetHet | __darwinAllowLocalNetworking also allows almost unrestricted communications, no? | 19:13:41 |
| emily | pf has enough juice to make that solvable in principle | 19:14:05 |
| emily | could not find anything that would let you do that with SysV IPC | 19:14:17 |
| emily | afaik it is basically only Postgres that needs this and they are open to fixes for that | 19:14:35 |
| WeetHet | postgres can build with POSIX semaphores, they just don't do that bc they need an FD per every semaphore | 19:15:08 |
| WeetHet | I guess a better option would be to add a postgres with posix semaphores to nixpkgs and just use that in tests | 19:15:43 |
| emily | see https://www.postgresql.org/message-id/flat/a90b5411-705f-4286-bd81-a26c520a6cfb%40technowledgy.de | 19:26:06 |
 niklaskorz | wow just when I found this through the postgres archive search you post the direct link... 😂 | 19:29:38 |
| emily | it's linked in the Lix issue I linked :) | 19:30:07 |
| niklaskorz | well at least I now know there is a postgres archive search | 19:30:43 |
| WeetHet | Is there an alternative to sysv shared memory on macOS? | 19:32:30 |
| WeetHet | There's POSIX but it's much more limited | 19:32:47 |
| WeetHet | And postgres is using SysV on Linux as well | 19:33:02 |
 Randy Eckenrode | The reply in the linked issue suggested Darwin futexes. | 19:33:23 |
| Randy Eckenrode | * | 19:33:31 |
| Randy Eckenrode |
The next problem will be System V semaphores. I posted a patch[4] that uses macOS futexes to implement semaphores (pretty much the same way libc does on some other systems), which would fix that version of the problem. But you could presumably already use the more wasteful
named POSIX semaphores.
| 19:34:15 |
| Randy Eckenrode | https://www.postgresql.org/message-id/flat/CA+hUKGKRQrJhVYBkmLJZsScJ434qiduWzzpB0-0_FW8z1kTjcw@mail.gmail.com#19f7d84d058a908865bafbf82233a07f | 19:34:40 |
| WeetHet | For semaphores sure but semaphores aren't the biggest problem here | 19:34:44 |
| WeetHet | Shared memory is | 19:34:48 |
| Randy Eckenrode | The issue is what they’re using it for, isn’t it? | 19:35:09 |
| Randy Eckenrode | Futexes can be shared between processes. The MSYNC patch for Wine did something similar. | 19:35:33 |
| WeetHet | https://github.com/postgres/postgres/blob/master/src/backend/port/sysv_shmem.c | 19:35:50 |
| Randy Eckenrode | https://github.com/marzent/wine-msync | 19:36:16 |
