diff options
| author | Eelco Dolstra <edolstra@gmail.com> | 2019-08-27 21:17:20 +0200 |
|---|---|---|
| committer | Eelco Dolstra <edolstra@gmail.com> | 2019-08-27 21:17:20 +0200 |
| commit | 35c1c170d7dc49bf3f878a2170be487c5d27c8b1 (patch) | |
| tree | 050860354a7582cecf7b748c8e6e28a96d88fbaa /nixos/modules/services/misc/nix-daemon.nix | |
| parent | fa29f98bb59927b26a0cbf698bcd10d379a8f4db (diff) | |
| download | nixpkgs-35c1c170d7dc49bf3f878a2170be487c5d27c8b1.tar nixpkgs-35c1c170d7dc49bf3f878a2170be487c5d27c8b1.tar.gz nixpkgs-35c1c170d7dc49bf3f878a2170be487c5d27c8b1.tar.bz2 nixpkgs-35c1c170d7dc49bf3f878a2170be487c5d27c8b1.tar.lz nixpkgs-35c1c170d7dc49bf3f878a2170be487c5d27c8b1.tar.xz nixpkgs-35c1c170d7dc49bf3f878a2170be487c5d27c8b1.tar.zst nixpkgs-35c1c170d7dc49bf3f878a2170be487c5d27c8b1.zip | |
nix.conf: Set sandbox-fallback = false
For security, we don't want the sandbox to be disabled silently.
Diffstat (limited to 'nixos/modules/services/misc/nix-daemon.nix')
| -rw-r--r-- | nixos/modules/services/misc/nix-daemon.nix | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index 6bc88c66dc1..088dfd71860 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -8,7 +8,9 @@ let nix = cfg.package.out; - isNix20 = versionAtLeast (getVersion nix) "2.0pre"; + nixVersion = getVersion nix; + + isNix20 = versionAtLeast nixVersion "2.0pre"; makeNixBuildUser = nr: { name = "nixbld${toString nr}"; @@ -61,6 +63,9 @@ let builders = ''} system-features = ${toString cfg.systemFeatures} + ${optionalString (versionAtLeast nixVersion "2.3pre") '' + sandbox-fallback = false + ''} $extraOptions END '' + optionalString cfg.checkConfig ( |