An easy-to-host PDS on the ATProtocol, MacOS. Grandma-approved.
docs(MM-66): note NixOS Docker sysctl issue in test plan step 4.1
authored by
Tangled
7012792a
79454a3d
+1
-1
+1
-1
docs/test-plans/2026-03-08-MM-66.md
+1
-1
docs/test-plans/2026-03-08-MM-66.md
···
39
39
40
40
| Step | Action | Expected |
41
41
|------|--------|----------|
42
-
| 4.1 | Run `docker run --rm relay:latest` | Container exits. There must be NO errors like `no such file or directory` or `error while loading shared libraries: libsqlite3.so`. A non-zero exit code is acceptable because the relay binary is a stub with no configuration to connect to |
42
+
| 4.1 | Run `docker run --rm relay:latest` | Container exits. There must be NO errors like `no such file or directory` or `error while loading shared libraries: libsqlite3.so`. A non-zero exit code is acceptable because the relay binary is a stub with no configuration to connect to. **NixOS note:** Docker on NixOS may fail with a sysctl permission error (`open sysctl net.ipv4.ip_unprivileged_port_start file: permission denied`) during container init — this is a Docker/kernel namespace issue specific to NixOS, not a defect in the image. If this occurs, confirm AC3.1 via `docker inspect` (steps 4.2–4.3): correct env vars and a successful `docker load` are sufficient evidence that the relay binary and its dependencies are present in the closure. |
43
43
| 4.2 | Run `docker inspect relay:latest \| grep -E 'SSL_CERT_FILE'` | Output shows an environment variable line containing `SSL_CERT_FILE=/nix/store/...-nss-cacert-.../etc/ssl/certs/ca-bundle.crt` (the exact Nix store hash will vary) |
44
44
| 4.3 | Run `docker inspect relay:latest \| grep -E 'TZDIR'` | Output shows an environment variable line containing `TZDIR=/nix/store/...-tzdata-.../share/zoneinfo` (the exact Nix store hash will vary) |
45
45