Merge pull request #22767 from grahamc/sandbox-by-default
nix-daemon: default useSandbox to true
This commit is contained in:
commit
3be1388963
@ -30,6 +30,10 @@ has the following highlights: </para>
|
||||
<listitem>
|
||||
<para>PHP now defaults to PHP 7.1</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>nix-daemon now uses sandboxing by default.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>The following new services were added since the last release:</para>
|
||||
|
@ -100,14 +100,14 @@ in
|
||||
|
||||
useSandbox = mkOption {
|
||||
type = types.either types.bool (types.enum ["relaxed"]);
|
||||
default = false;
|
||||
default = true;
|
||||
description = "
|
||||
If set, Nix will perform builds in a sandboxed environment that it
|
||||
will set up automatically for each build. This prevents
|
||||
impurities in builds by disallowing access to dependencies
|
||||
outside of the Nix store. This isn't enabled by default for
|
||||
performance. It doesn't affect derivation hashes, so changing
|
||||
this option will not trigger a rebuild of packages.
|
||||
outside of the Nix store. It doesn't affect derivation
|
||||
hashes, so changing this option will not trigger a rebuild
|
||||
of packages.
|
||||
";
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user