#spectrum on 2020-05-19

2019-08-29 20:55 qyliss changed the topic of #spectrum to: A compartmentalized operating system | https://spectrum-os.org/ | Logs: https://logs.spectrum-os.org/spectrum/

00:09 cole-h has joined #spectrum

00:10 cole-h has quit [Client Quit]

00:10 cole-h has joined #spectrum

00:58 cole-h has quit [Quit: Goodbye]

01:00 cole-h has joined #spectrum

01:29 thePiGrepper has left #spectrum [#spectrum]

06:11 cole-h has quit [Quit: Goodbye]

06:15 cole-h_ has quit [Quit: Goodbye]

12:43 maxdevjs has quit [Remote host closed the connection]

12:46 maxdevjs has joined #spectrum

12:47 maxdevjs has quit [Remote host closed the connection]

12:51 maxdevjs has joined #spectrum

13:12 maxdevjs has quit [Remote host closed the connection]

13:13 maxdevjs has joined #spectrum

13:14 maxdevjs has quit [Remote host closed the connection]

13:15 maxdevjs has joined #spectrum

13:16 maxdevjs has quit [Remote host closed the connection]

13:16 maxdevjs has joined #spectrum

13:17 maxdevjs has quit [Remote host closed the connection]

13:22 maxdevjs has joined #spectrum

13:23 maxdevjs has quit [Remote host closed the connection]

13:30 maxdevjs has joined #spectrum

14:33 e1956ar has joined #spectrum

14:44 e1956ar has left #spectrum [#spectrum]

16:17 cole-h has joined #spectrum

16:25 cole-h_ has joined #spectrum

16:25 cole-h__ has joined #spectrum

16:28 cole-h has quit [Ping timeout: 265 seconds]

16:37 cole-h__ is now known as cole-h

16:41 <cole-h> Day 0.5 of updating chromiumOSPackages: Nothing to report.

16:43 <qyliss> thanks for checking in :D

16:43 <cole-h> :^)

17:07 <qyliss> I have the memfd server running inside a sandbox now, but the sandbox... doesn't seem to be restricting anything?

17:07 <qyliss> currently my seccomp policy says that the only syscall that is allowed is write, but the server is just running fine and ignoring that

17:19 <MichaelRaskin> I guess I could imagine a server backend that only uses write() syscalls, but the additional condition of sending memfd's makes the task more interesting…

18:21 <qyliss> think i might just write today off. at least i got the jail sort of done

18:42 <MichaelRaskin> Stage 1: make mem server work; Stage 2: make mem server _not_ work when policy forbids _all_ syscalls?

19:02 <qyliss> indeed :)

20:06 <alj[m]> Stage 3: make mem server work again, with hopefully not much difficulty knocks on wood

20:08 <MichaelRaskin> alj[m]: one _hopes_ that the core part of the stage 3 is to allow the syscalls mem server makes.

20:10 <alj[m]> si. to be honest, after reading about the chromeOS sandboxing, I'm very surprised that the jail apparently didnt work

20:41 <MichaelRaskin> Well, it's Google, I have yet to see anything they do correctly all the way through

20:46 <cole-h> Day 0.6 of updating chromiumOSPackages: Nothing to report (though chromestatus did update).

20:46 <cole-h> qyliss: Uh, what is the link to the matrix of what the various devices are running again? On my NixOS machine, so I don't have my logs handy

21:07 <MichaelRaskin> 1589668503 <qyliss> You can see what's actually being served to devices here: https://cros-updates-serving.appspot.com/

21:09 <cole-h> Cheers, thanks.

21:10 <cole-h> (Oh, I guess I could have looked at the logs linked in the MOTD... Oops)

21:40 cole-h has quit [Quit: Goodbye]

21:42 cole-h has joined #spectrum