| 24 Mar 2026 |
 hexa | we'd need use-cgroups, too | 11:12:23 |
| hexa | but your example in the PR didn't either, so 🤷 | 11:13:57 |
 Jeremy Fleischman (jfly) | Fun fact: the nspawn test container work uncovered a cgroups bug in lix (now fixed): https://git.lix.systems/lix-project/lix/issues/1143 | 11:15:28 |
| Jeremy Fleischman (jfly) | I don't think I have this enabled on my laptop where I have been running these tests | 11:15:57 |
| hexa | https://hydra.nixos.org/build/324725651 | 11:16:08 |
| hexa | i think it requires /dev/net still | 11:16:40 |
| hexa | is that safe to leak into the sandbox though? | 11:16:50 |
| Jeremy Fleischman (jfly) | Hmm. This is failing to do networking between a nspawn container and a "classic" qemu vm. @kmein added that feature after I last worked on these. Lemme try locally | 11:19:32 |
| hexa | nix.settings.sandbox-paths = [ "/dev/net" ]; # to make nspawn↔qemu networking work
| 11:20:03 |
| hexa | this is what the PR states | 11:20:09 |
| Jeremy Fleischman (jfly) | ooh ok | 11:20:38 |
| Jeremy Fleischman (jfly) | yeah, no idea if that's safe. perhaps it's a way to escape the sandbox | 11:21:16 |
| Jeremy Fleischman (jfly) | it looks like that didn't make it into the docs PR. i'll fix that right now | 11:22:29 |
| Jeremy Fleischman (jfly) | https://github.com/NixOS/nixpkgs/pull/503006 | 11:25:18 |
| Jeremy Fleischman (jfly) | how much work would it be to remove the test from the relevant jobset(s) to unbreak things? | 11:26:25 |
| hexa | if they are in the tested set that eval is rip | 11:28:01 |
| hexa | if not we can just abort them | 11:28:07 |
 leona | they are not part of tested | 11:29:32 |
| Jeremy Fleischman (jfly) | i think they're not in the tested set | 11:29:47 |
| Jeremy Fleischman (jfly) | * i think it is not in the tested set | 11:29:54 |
| Jeremy Fleischman (jfly) | standby, reading code... | 11:30:00 |
| hexa | the bittorrent test succeeded, but with lots of errors around /dev/net https://cache.nixos.org/log/qnfqxdcj1g5d8c0vz0scdg078mvql3f1-vm-test-run-bittorrent.drv | 11:34:15 |
| Jeremy Fleischman (jfly) | those smell like warnings to me | 11:40:27 |
| Jeremy Fleischman (jfly) | i recorded notes from this convo here: https://github.com/NixOS/infra/issues/987
to unbreak things for now, i propose that we disable nixosTests.nixos-test-driver.containers: https://github.com/NixOS/nixpkgs/pull/503014
| 11:41:35 |
| hexa | cancelled the remaining test jobs | 12:15:05 |
 emily | is this going to apply to Darwin? it's definitely busted there fwiw | 13:52:04 |
| hexa | I don't think darwin has systemd-nspawn | 13:56:04 |
| hexa | and builders only targets the linux machines | 13:56:15 |
| hexa | macs are in the mac directory | 13:56:19 |
| hexa | for historical reasons | 13:56:25 |
