Merge pull request #22767 from grahamc/sandbox-by-default

nix-daemon: default useSandbox to true
This commit is contained in:
Graham Christensen 2017-02-14 13:57:44 -05:00 committed by GitHub
commit 3be1388963
2 changed files with 8 additions and 4 deletions

View File

@ -30,6 +30,10 @@ has the following highlights: </para>
<listitem>
<para>PHP now defaults to PHP 7.1</para>
</listitem>
<listitem>
<para>nix-daemon now uses sandboxing by default.</para>
</listitem>
</itemizedlist>
<para>The following new services were added since the last release:</para>

View File

@ -100,14 +100,14 @@ in
useSandbox = mkOption {
type = types.either types.bool (types.enum ["relaxed"]);
default = false;
default = true;
description = "
If set, Nix will perform builds in a sandboxed environment that it
will set up automatically for each build. This prevents
impurities in builds by disallowing access to dependencies
outside of the Nix store. This isn't enabled by default for
performance. It doesn't affect derivation hashes, so changing
this option will not trigger a rebuild of packages.
outside of the Nix store. It doesn't affect derivation
hashes, so changing this option will not trigger a rebuild
of packages.
";
};