diff options
author | Florian Klink <flokli@flokli.de> | 2020-04-05 17:36:20 +0200 |
---|---|---|
committer | Florian Klink <flokli@flokli.de> | 2020-04-05 17:38:15 +0200 |
commit | a8989b353a8266bbd73ce3c2cb91fe4e4dcf7688 (patch) | |
tree | 3fe67642f948a7f18620e8633ae0c7c82847af09 /nixos | |
parent | 0454fae7ca61dc3d0d83e889fb8e37a7841157d0 (diff) | |
download | nixpkgs-a8989b353a8266bbd73ce3c2cb91fe4e4dcf7688.tar nixpkgs-a8989b353a8266bbd73ce3c2cb91fe4e4dcf7688.tar.gz nixpkgs-a8989b353a8266bbd73ce3c2cb91fe4e4dcf7688.tar.bz2 nixpkgs-a8989b353a8266bbd73ce3c2cb91fe4e4dcf7688.tar.lz nixpkgs-a8989b353a8266bbd73ce3c2cb91fe4e4dcf7688.tar.xz nixpkgs-a8989b353a8266bbd73ce3c2cb91fe4e4dcf7688.tar.zst nixpkgs-a8989b353a8266bbd73ce3c2cb91fe4e4dcf7688.zip |
Revert "nixos/hardened: build sandbox incompatible with namespaces"
As discussed in https://github.com/NixOS/nixpkgs/pull/73763, prevailing consensus is to revert that commit. People use the hardened profile on machines and run nix builds, and there's no good reason to use unsandboxed builds at all unless you're in a platform that doesn't support them. This reverts commit 00ac71ab1932b395452209627011a32a63d81897.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/profiles/hardened.nix | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix index da3de444768..35743d83134 100644 --- a/nixos/modules/profiles/hardened.nix +++ b/nixos/modules/profiles/hardened.nix @@ -23,8 +23,6 @@ with lib; security.allowUserNamespaces = mkDefault false; - nix.useSandbox = mkDefault false; - security.protectKernelImage = mkDefault true; security.allowSimultaneousMultithreading = mkDefault false; |