mirror of
https://github.com/NixOS/nix
synced 2025-06-26 20:01:15 +02:00
c8d2bc72a5
There is no PR for this, since it was an embargoed fix before
disclosure.
(cherry picked from commit 32e67eba8b)
250 B
250 B
| synopsis | significance | issues |
|---|---|---|
| Harden the user sandboxing | significant |
The build directory has been hardened against interference with the outside world by nesting it inside another directory owned by (and only readable by) the daemon user.