diff options
author | Graham Christensen <graham@grahamc.com> | 2017-02-13 18:06:01 -0500 |
---|---|---|
committer | Graham Christensen <graham@grahamc.com> | 2017-02-13 18:06:01 -0500 |
commit | d0a086770a1be8c1f3175c195587052c5a5bfe1c (patch) | |
tree | 4dfdb37a374805bdd771a3e089feff6f5c63d214 /nixos | |
parent | fc45440b8fd3ff59a17af565fc4aa22ca212fb45 (diff) | |
download | nixlib-d0a086770a1be8c1f3175c195587052c5a5bfe1c.tar nixlib-d0a086770a1be8c1f3175c195587052c5a5bfe1c.tar.gz nixlib-d0a086770a1be8c1f3175c195587052c5a5bfe1c.tar.bz2 nixlib-d0a086770a1be8c1f3175c195587052c5a5bfe1c.tar.lz nixlib-d0a086770a1be8c1f3175c195587052c5a5bfe1c.tar.xz nixlib-d0a086770a1be8c1f3175c195587052c5a5bfe1c.tar.zst nixlib-d0a086770a1be8c1f3175c195587052c5a5bfe1c.zip |
nix-daemon: default useSandbox to true
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-1703.xml | 4 | ||||
-rw-r--r-- | nixos/modules/services/misc/nix-daemon.nix | 8 |
2 files changed, 8 insertions, 4 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1703.xml b/nixos/doc/manual/release-notes/rl-1703.xml index 51de93db92f2..08b772e56703 100644 --- a/nixos/doc/manual/release-notes/rl-1703.xml +++ b/nixos/doc/manual/release-notes/rl-1703.xml @@ -25,6 +25,10 @@ has the following highlights: </para> <listitem> <para>PHP now defaults to PHP 7.1</para> </listitem> + + <listitem> + <para>nix-daemon now uses sandboxing by default.</para> + </listitem> </itemizedlist> <para>The following new services were added since the last release:</para> diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index 7101cadfeed2..4c7264f4ac83 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -100,14 +100,14 @@ in useSandbox = mkOption { type = types.either types.bool (types.enum ["relaxed"]); - default = false; + default = true; description = " If set, Nix will perform builds in a sandboxed environment that it will set up automatically for each build. This prevents impurities in builds by disallowing access to dependencies - outside of the Nix store. This isn't enabled by default for - performance. It doesn't affect derivation hashes, so changing - this option will not trigger a rebuild of packages. + outside of the Nix store. It doesn't affect derivation + hashes, so changing this option will not trigger a rebuild + of packages. "; }; |