| 2 Jan 2026 |
 delroth | starting ~now | 19:59:33 |
| delroth | should now be back up | 20:11:03 |
| delroth | bonus: it should now be faster, I'm saying that because now you're primed to notice it even if it's not actually faster /s | 20:14:03 |
| 3 Jan 2026 |
 aloisw | These syscalls were marked as "dangerous" because modifying xattrs was one of the operations the seccomp filter tried to block at that time. I am not aware of any immediate security dangers in allowing them, but I am also not sure how safe it is from that perspective, since they are basically arbitrary data and get used for quite a bunch of purposes (including ACLs, and I think SELinux labels, although I'm not aware of any bypass related to either of them). | 05:33:56 |
| aloisw | In any case, the canonicalization is quite sketchy to begin with (but I'm also not really sure how to fix it without rewriting everything). Some xattrs are actually set automatically on new files (see the ignored-acls setting, there is also some btrfs compression one that gets set in some cases but I forgot the details). There are also ioctls like FS_IOC_SETFLAGS that set additional non-xattr metadata, and horrors indicated at some point in the past that there might actually be an ioctl setting xattrs under some circumstances but I didn't find details about that. | 05:40:26 |
|  Janik (they/them) changed their profile picture. | 13:17:06 |
| delroth | dear lix folks: it's me again, I'm going to take wiki.lix.systems down shortly for a host migration - I expect it will not take more than 30min | 13:39:32 |
| delroth | it took a bit longer than expected due to 1.5 years of version updates and bugs in the nixos version migration logic, but I think we're back up and running | 14:29:09 |
 raitobezarius | and it's up to date! | 14:31:40 |
| 4 Jan 2026 |
| raitobezarius | fwiw, https://gerrit.lix.systems/c/lix/+/4856/6 | 11:23:24 |
| raitobezarius | i need to look at those ioctl things | 11:23:36 |
| raitobezarius | XFS_IOC_FSSETXATTR | 11:23:52 |
| raitobezarius | but that's XFS specific | 11:24:10 |
| raitobezarius | btrfs reuses these ioctls | 11:24:18 |
| raitobezarius | so we need something that tries to exploit these APIs if the target fs supports them | 11:24:56 |
| aloisw | Confusingly, that's neither XFS specific (like so many things having XFS in their name) nor does it set xattr (it appears to be more an extension of FS_IOC_SETFLAGS). | 11:43:04 |
| raitobezarius | yep | 12:09:20 |
| raitobezarius | actually | 12:10:48 |
| raitobezarius |
This API is implemented by the ext4, xfs, btrfs, and f2fs
filesystems on the Linux kernel. Not all fields may be understood
by filesystems other than xfs.
| 12:10:49 |
| 6 Jan 2026 |
 Rutile (rootile) | Can we get a "im on vacation" button in gerrit to temporarily block mails?
I do not want to look at gerrit from the hospital | 16:00:45 |
| Rutile (rootile) | cc @raitobezarius:matrix.org | 16:01:30 |
| raitobezarius | i think this is the button | 16:28:54 |
| raitobezarius | 
Download clipboard.png | 16:28:55 |
| 8 Jan 2026 |
|  dahs joined the room. | 02:41:24 |
|  TGRCDev changed their display name from TGRCDev to Flotsam. | 16:28:31 |
| TGRCDev changed their display name from Flotsam to TGRCDev. | 16:31:44 |
 K900 | bananya | warning: error: unable to download 'https://cache.nixos.org/a11yib1m2xz8yspcx2nqc8i6b1zzgxh7.narinfo': Connection timed out after 5006 milliseconds (curl error code=28); retrying in 1985ms ms (attempt 3/5)
| 17:06:02 |
| K900 | Can someone explain to me how it's getting "1985ms ms" | 17:06:10 |
| K900 | 
Download image.png | 17:06:24 |
| raitobezarius | :D | 17:11:16 |
