macOS sandbox blocks os.sysconf("SC_SEM_NSEMS_MAX"), breaking Python ProcessPoolExecutor

[alendit]

What is broken?

In the Codex macOS sandbox, Python's ProcessPoolExecutor can fail before spawning workers because CPython calls:

os.sysconf("SC_SEM_NSEMS_MAX")

That call raises:

PermissionError: [Errno 1] Operation not permitted

This appears to be the same class of sandbox issue as #2486 / #2494 for SC_ARG_MAX / kern.argmax, but this case is SC_SEM_NSEMS_MAX.

Repro

Direct blocked call:

import os
print(os.sysconf("SC_SEM_NSEMS_MAX"))

Process pool path:

import concurrent.futures

def ident(x):
    return x

with concurrent.futures.ProcessPoolExecutor(max_workers=1) as pool:
    print(list(pool.map(ident, [1])))

Expected behavior

The sandbox should allow the sysconf read needed by CPython's process pool setup, or otherwise Python multiprocessing/process pools should not fail during the internal semaphore limit check.

Actual behavior

PermissionError: [Errno 1] Operation not permitted

Impact

This breaks Python tools that use concurrent.futures.ProcessPoolExecutor. One observed case is Graphify's parallel extraction path, which fails during ProcessPoolExecutor setup before it can spawn workers.

Environment

Observed in Codex on macOS sandbox. The same session allows SC_ARG_MAX but blocks SC_SEM_NSEMS_MAX:

SC_ARG_MAX 1048576
SC_SEM_NSEMS_MAX PermissionError [Errno 1] Operation not permitted