JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #22767 from grahamc/sandbox-by-default

Browse Source 
nix-daemon: default useSandbox to true
This commit is contained in:
Graham Christensen 2017-02-14 13:57:44 -05:00 committed by GitHub
commit 3be1388963
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/doc/manual/release-notes/rl-1703.xml
View File

@ -30,6 +30,10 @@ has the following highlights: </para>
<listitem> <listitem>
<para>PHP now defaults to PHP 7.1</para> <para>PHP now defaults to PHP 7.1</para>
</listitem> </listitem>
<listitem>
<para>nix-daemon now uses sandboxing by default.</para>
</listitem>
</itemizedlist> </itemizedlist>
<para>The following new services were added since the last release:</para> <para>The following new services were added since the last release:</para>

8
nixos/modules/services/misc/nix-daemon.nix
View File

@ -100,14 +100,14 @@ in
useSandbox = mkOption { useSandbox = mkOption {
type = types.either types.bool (types.enum ["relaxed"]); type = types.either types.bool (types.enum ["relaxed"]);
default = false; default = true;
description = " description = "
If set, Nix will perform builds in a sandboxed environment that it If set, Nix will perform builds in a sandboxed environment that it
will set up automatically for each build. This prevents will set up automatically for each build. This prevents
impurities in builds by disallowing access to dependencies impurities in builds by disallowing access to dependencies
outside of the Nix store. This isn't enabled by default for outside of the Nix store. It doesn't affect derivation
performance. It doesn't affect derivation hashes, so changing hashes, so changing this option will not trigger a rebuild
this option will not trigger a rebuild of packages. of packages.
"; ";
}; };