From 40a7929c8e221e6096c3edd2dd0af948a29e3141 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Baylac-Jacqu=C3=A9?= Date: Sat, 8 Jun 2019 00:41:19 +0200 Subject: [PATCH] Daemon: warn when an untrusted user cannot override a setting In a daemon-based Nix setup, some options cannot be overridden by a client unless the client's user is considered trusted. Currently, if an untrusted user tries to override one of those options, we are silently ignoring it. This can be pretty confusing in certain situations. e.g. a user thinks he disabled the sandbox when in reality he did not. We are now sending a warning message letting know the user some options have been ignored. Related to #1761. This is a cherry-pick of 9e0f5f803f6cbfe9925cef69a0e58cbf5375bfaf. The above commit has been reverted by a59e77d9e54e8e7bf0f3c3f40c22cd34b7a81225 to prevent spamming warnings with experimental features, but these are now totally ignored on the daemon side, so there's no reason for the revert any more. --- src/libstore/daemon.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libstore/daemon.cc b/src/libstore/daemon.cc index 917813342..2c808015d 100644 --- a/src/libstore/daemon.cc +++ b/src/libstore/daemon.cc @@ -254,7 +254,7 @@ struct ClientSettings else if (setSubstituters(settings.substituters)) ; else - debug("ignoring the client-specified setting '%s', because it is a restricted setting and you are not a trusted user", name); + warn("ignoring the client-specified setting '%s', because it is a restricted setting and you are not a trusted user", name); } catch (UsageError & e) { warn(e.what()); }