nix/src/libstore/sandbox-minimal.sb at ae0c026fe9f5532e95e3d2e4dc87c0665b1c59f8 - wroclaw-git-backups/nix - git.proot.pl: Git for Proot and Friends

wroclaw-git-backups/nix

mirror of https://github.com/NixOS/nix synced 2025-06-30 19:57:59 +02:00

Eelco Dolstra 85e93d7b87

Always use the Darwin sandbox

Even with "build-use-sandbox = false", we now use sandboxing with a
permissive profile that allows everything except the creation of
setuid/setgid binaries.

2017-06-06 18:44:49 +02:00

5 lines

143 B

Text

Raw Blame History

 (allow default)
 ; Disallow creating setuid/setgid binaries, since that
 ; would allow breaking build user isolation.
 (deny file-write-setugid)