about summary refs log tree commit diff
diff options
context:
space:
mode:
authorAndreas Rammhold <andreas@rammhold.de>2018-07-29 11:01:55 +0200
committerAndreas Rammhold <andreas@rammhold.de>2018-07-29 16:47:10 +0200
commit4f6df27aee0a3f620d65280c7b6644d5cce094ae (patch)
tree5f54c3311dbc47378f84fe33ffcd49f9c1ed007c
parent6dd7ddd5b8918e9e3c3c3e795b7e5a1bcaa56858 (diff)
downloadnixlib-4f6df27aee0a3f620d65280c7b6644d5cce094ae.tar
nixlib-4f6df27aee0a3f620d65280c7b6644d5cce094ae.tar.gz
nixlib-4f6df27aee0a3f620d65280c7b6644d5cce094ae.tar.bz2
nixlib-4f6df27aee0a3f620d65280c7b6644d5cce094ae.tar.lz
nixlib-4f6df27aee0a3f620d65280c7b6644d5cce094ae.tar.xz
nixlib-4f6df27aee0a3f620d65280c7b6644d5cce094ae.tar.zst
nixlib-4f6df27aee0a3f620d65280c7b6644d5cce094ae.zip
nixos/nix-daemon: default `nix.useSandbox` to `true`.
Diffstat
-rw-r--r--nixos/doc/manual/release-notes/rl-1809.xml4


-rw-r--r--nixos/modules/services/misc/nix-daemon.nix10


2 files changed, 8 insertions, 6 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1809.xml b/nixos/doc/manual/release-notes/rl-1809.xml
index f03b1eab619d..b80f30f01118 100644
--- a/nixos/doc/manual/release-notes/rl-1809.xml
+++ b/nixos/doc/manual/release-notes/rl-1809.xml
@@ -370,7 +370,9 @@ inherit (pkgs.nixos {
       <varname>s6-dns</varname>, <varname>s6-networking</varname>,
       <varname>s6-linux-utils</varname> and <varname>s6-portable-utils</varname> respectively.
     </para>
-   </listitem>
+  </listitem>
+  <listitem>
+    <para>The module option <option>nix.useSandbox</option> is now defaulted to <literal>true</literal>.
   </itemizedlist>
  </section>
 </section>
diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix
index e64df8dc7d2d..5ca879bf2664 100644
--- a/nixos/modules/services/misc/nix-daemon.nix
+++ b/nixos/modules/services/misc/nix-daemon.nix
@@ -127,16 +127,16 @@ in
 
       useSandbox = mkOption {
         type = types.either types.bool (types.enum ["relaxed"]);
-        default = false;
+        default = true;
         description = "
           If set, Nix will perform builds in a sandboxed environment that it
           will set up automatically for each build. This prevents impurities
           in builds by disallowing access to dependencies outside of the Nix
           store by using network and mount namespaces in a chroot environment.
-          This isn't enabled by default for possible performance impacts due to
-          the initial setup time of a sandbox for each build. It doesn't affect
-          derivation hashes, so changing this option will not trigger a rebuild
-          of packages.
+          This is enabled by default even though it has a possible performance
+          impact due to the initial setup time of a sandbox for each build. It
+          doesn't affect derivation hashes, so changing this option will not
+          trigger a rebuild of packages.
         ";
       };
 

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-30 11:54:31 +0000