Merged
Conversation
jfroche
force-pushed
the
fix/macos-ipcs
branch
from
8295d82 to
65ebab6
Compare
edolstra
approved these changes
Nov 3, 2025
jfroche
force-pushed
the
fix/macos-ipcs
branch
from
77bd54e to
fc72595
Compare
Member
|
I'm merging this, but it would be nice if we could make a test for this |
Ericson2314
reviewed
Nov 4, 2025
Ericson2314
previously requested changes
Nov 4, 2025
Member
Ericson2314
left a comment
Ericson2314
left a comment
There was a problem hiding this comment.
Good to got once the docs are added
In Linux, IPC objects are automatically cleaned up when the IPC namespace is destroyed. On Darwin, since there are no IPC namespaces, the IPC objects may sometimes persist after the build user's processes are killed. This patch modifies the cleanup logic to use sysctl calls to identify and remove left over shm segments associated with the build user. Fixes: NixOS#12548
Previously, only shared memory segments were cleaned up. This could lead to leaked message queues and semaphore sets when builds use System V IPC, exhausting kernel IPC limits over time. This commit extends the cleanup to all three System V IPC types: 1. Shared memory segments 2. Message queues 3. Semaphores Additionally, we stop removing IPC objects during iteration, as it could corrupt the kernel's iterator state and cause some objects to be skipped. The new implementation uses a two-pass approach where we list first and then remove them in a separate pass. The IPC IDs are now extracted during iteration using actual system calls (shmget, msgget, semget) rather than being looked up later, ensuring the objects exist when we capture their IDs.
jfroche
force-pushed
the
fix/macos-ipcs
branch
from
fc72595 to
0507674
Compare
Member
|
Tested and works. |
Mic92
approved these changes
Nov 6, 2025
Merged
13 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In Linux, IPC objects are automatically cleaned up when the IPC namespace is destroyed. On Darwin, since there are no IPC namespaces, IPC objects may persist after the build user's processes are killed, leading to resource leaks.
This PR modifies the builder cleanup logic to enumerate and remove leftover IPC objects associated with the build user using Darwin's sysctl interface (
kern.sysv.ipcs.shm), following the pattern from Apple's ipcs.c implementation.Changes in this PR:
cleanupSysVIPCForUser()function that uses Darwin's sysctl API to enumerate and remove IPC objects owned by the build userkillSandbox()after processes are terminatedCloses: #12548
References: