max/nix-super
1
0
Fork 0
mirror of https://github.com/privatevoid-net/nix-super.git synced 2024-11-10 00:08:07 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Daemon: warn when an untrusted user cannot override a setting

Browse source 
In a daemon-based Nix setup, some options cannot be overridden by a
client unless the client's user is considered trusted.

Currently, if an untrusted user tries to override one of those
options, we are silently ignoring it.

This can be pretty confusing in certain situations.

e.g. a user thinks he disabled the sandbox when in reality he did not.

We are now sending a warning message letting know the user some options
have been ignored.

Related to #1761.
This commit is contained in:
Félix Baylac-Jacqué 2019-06-08 00:41:19 +02:00 committed by Graham Christensen
parent fb0ad898ed
commit 9e0f5f803f
No known key found for this signature in database
GPG key ID: ACA1C1D120C83D5C
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/nix-daemon/nix-daemon.cc
View file

@ -574,7 +574,7 @@ static void performOp(TunnelLogger * logger, ref<Store> store,
else if (setSubstituters(settings.extraSubstituters))
;
else
debug("ignoring untrusted setting '%s'", name);
warn("ignoring the user-specified setting '%s', because it is a restricted setting and you are not a trusted user.", name);
} catch (UsageError & e) {
warn(e.what());
}