public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nix-daemon: default useSandbox to true

Browse Source
This commit is contained in:
Graham Christensen 2017-02-13 18:06:01 -05:00
parent fc45440b8f
commit d0a086770a
No known key found for this signature in database
GPG Key ID: 06121D366FE9435C
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/doc/manual/release-notes/rl-1703.xml
View File

@ -25,6 +25,10 @@ has the following highlights: </para>
<listitem> <listitem>
<para>PHP now defaults to PHP 7.1</para> <para>PHP now defaults to PHP 7.1</para>
</listitem> </listitem>
<listitem>
<para>nix-daemon now uses sandboxing by default.</para>
</listitem>
</itemizedlist> </itemizedlist>
<para>The following new services were added since the last release:</para> <para>The following new services were added since the last release:</para>

8
nixos/modules/services/misc/nix-daemon.nix
View File

@ -100,14 +100,14 @@ in
useSandbox = mkOption { useSandbox = mkOption {
type = types.either types.bool (types.enum ["relaxed"]); type = types.either types.bool (types.enum ["relaxed"]);
default = false; default = true;
description = " description = "
If set, Nix will perform builds in a sandboxed environment that it If set, Nix will perform builds in a sandboxed environment that it
will set up automatically for each build. This prevents will set up automatically for each build. This prevents
impurities in builds by disallowing access to dependencies impurities in builds by disallowing access to dependencies
outside of the Nix store. This isn't enabled by default for outside of the Nix store. It doesn't affect derivation
performance. It doesn't affect derivation hashes, so changing hashes, so changing this option will not trigger a rebuild
this option will not trigger a rebuild of packages. of packages.
"; ";
}; };