From 4f6df27aee0a3f620d65280c7b6644d5cce094ae Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Sun, 29 Jul 2018 11:01:55 +0200 Subject: [PATCH] nixos/nix-daemon: default `nix.useSandbox` to `true`. --- nixos/doc/manual/release-notes/rl-1809.xml | 4 +++- nixos/modules/services/misc/nix-daemon.nix | 10 +++++----- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-1809.xml b/nixos/doc/manual/release-notes/rl-1809.xml index f03b1eab619d3b..b80f30f0111830 100644 --- a/nixos/doc/manual/release-notes/rl-1809.xml +++ b/nixos/doc/manual/release-notes/rl-1809.xml @@ -370,7 +370,9 @@ inherit (pkgs.nixos { s6-dns, s6-networking, s6-linux-utils and s6-portable-utils respectively. - + + + The module option is now defaulted to true. diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index e64df8dc7d2d73..5ca879bf266431 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -127,16 +127,16 @@ in useSandbox = mkOption { type = types.either types.bool (types.enum ["relaxed"]); - default = false; + default = true; description = " If set, Nix will perform builds in a sandboxed environment that it will set up automatically for each build. This prevents impurities in builds by disallowing access to dependencies outside of the Nix store by using network and mount namespaces in a chroot environment. - This isn't enabled by default for possible performance impacts due to - the initial setup time of a sandbox for each build. It doesn't affect - derivation hashes, so changing this option will not trigger a rebuild - of packages. + This is enabled by default even though it has a possible performance + impact due to the initial setup time of a sandbox for each build. It + doesn't affect derivation hashes, so changing this option will not + trigger a rebuild of packages. "; };