wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-07 01:51:47 +02:00
Code Activity

Merge pull request from GHSA-q82p-44mg-mgh5

Browse source 
Fix sandbox escape 2.20
This commit is contained in:
tomberek 2024-06-26 18:49:22 -04:00 committed by GitHub
commit 2b15b0b9b0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 257 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

8
doc/manual/rl-next/harden-user-sandboxing.md Normal file
View file

@ -0,0 +1,8 @@
---
synopsis: Harden the user sandboxing
significance: significant
issues:
prs: <only provided once merged>
---
The build directory has been hardened against interference with the outside world by nesting it inside another directory owned by (and only readable by) the daemon user.