Sandboxed PostgreSQL initdb fails on macOS (shmget operation not permitted) #87
Description
Using PostgreSQL 18 installed via https://postgresapp.com/, I found that the initdb command fails (see log below), while I expected it to work normally.
I would appreciate if some form of allowSharedMemory toggle could be added, which permits access to shmget and related system V APIs, so that tests that use PostgreSQL can run sandboxed.
This appears to be sufficient to allow sysv shm APIs, though I'm not sure about security implications and hence would put this behind a flag:
(allow ipc-posix-sem)
(allow ipc-posix-shm)
(allow ipc-sysv-shm)
Full log:
$ uname -a
Darwin macbook.local 25.2.0 Darwin Kernel Version 25.2.0: Tue Nov 18 21:09:56 PST 2025; root:xnu-12377.61.12~1/RELEASE_ARM64_T6041 arm64
$ npx --package @anthropic-ai/sandbox-runtime srt -- initdb foo
The files belonging to this database system will be owned by user "tri".
This user must also own the server process.
The database cluster will be initialized with locale "en_US.UTF-8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".
Data page checksums are enabled.
creating directory foo ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default "max_connections" ... 20
selecting default "shared_buffers" ... 400kB
selecting default time zone ... Europe/Vienna
creating configuration files ... ok
running bootstrap script ... 2026-01-11 20:50:50.354 CET [61427] FATAL: could not create shared memory segment: Operation not permitted
2026-01-11 20:50:50.354 CET [61427] DETAIL: Failed system call was shmget(key=88549528, size=56, 03600).
child process exited with exit code 1