From 7483ba093222371e33d5daa22269992104f401c6 Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Tue, 14 Feb 2017 14:13:39 -0500 Subject: [PATCH] Revert "nix-daemon: default useSandbox to true" This reverts commit d0a086770a1be8c1f3175c195587052c5a5bfe1c. --- nixos/doc/manual/release-notes/rl-1703.xml | 4 ---- nixos/modules/services/misc/nix-daemon.nix | 8 ++++---- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-1703.xml b/nixos/doc/manual/release-notes/rl-1703.xml index 68dc8e9b4bf..8f9694bad8b 100644 --- a/nixos/doc/manual/release-notes/rl-1703.xml +++ b/nixos/doc/manual/release-notes/rl-1703.xml @@ -30,10 +30,6 @@ has the following highlights: PHP now defaults to PHP 7.1 - - - nix-daemon now uses sandboxing by default. - The following new services were added since the last release: diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index 4c7264f4ac8..7101cadfeed 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -100,14 +100,14 @@ in useSandbox = mkOption { type = types.either types.bool (types.enum ["relaxed"]); - default = true; + default = false; description = " If set, Nix will perform builds in a sandboxed environment that it will set up automatically for each build. This prevents impurities in builds by disallowing access to dependencies - outside of the Nix store. It doesn't affect derivation - hashes, so changing this option will not trigger a rebuild - of packages. + outside of the Nix store. This isn't enabled by default for + performance. It doesn't affect derivation hashes, so changing + this option will not trigger a rebuild of packages. "; };