From 32e67eba8ba297045627cd0259c75a2668eda8df Mon Sep 17 00:00:00 2001 From: John Ericson Date: Wed, 26 Jun 2024 19:34:57 -0400 Subject: [PATCH 1/2] Remove invalid release notes YAML field There is no PR for this, since it was an embargoed fix before disclosure. --- doc/manual/rl-next/harden-user-sandboxing.md | 1 - 1 file changed, 1 deletion(-) diff --git a/doc/manual/rl-next/harden-user-sandboxing.md b/doc/manual/rl-next/harden-user-sandboxing.md index fa3c49fc0..a647acf25 100644 --- a/doc/manual/rl-next/harden-user-sandboxing.md +++ b/doc/manual/rl-next/harden-user-sandboxing.md @@ -2,7 +2,6 @@ synopsis: Harden the user sandboxing significance: significant issues: -prs: --- The build directory has been hardened against interference with the outside world by nesting it inside another directory owned by (and only readable by) the daemon user. From 88f9d8ccb1d8091c8a35d5916d8490d609f6ce48 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Wed, 26 Jun 2024 19:53:36 -0400 Subject: [PATCH 2/2] Don't format the just-added test .c file On one hand, new things should be formatted. On the other, we just bacported this file to many prior branches, and if we need to make changes to it and backport them also, formatting the file on master but not the release branches would cause issues. --- maintainers/flake-module.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/maintainers/flake-module.nix b/maintainers/flake-module.nix index 5e4291fcb..5febb1011 100644 --- a/maintainers/flake-module.nix +++ b/maintainers/flake-module.nix @@ -429,6 +429,7 @@ ''^tests/functional/test-libstoreconsumer/main\.cc'' ''^tests/nixos/ca-fd-leak/sender\.c'' ''^tests/nixos/ca-fd-leak/smuggler\.c'' + ''^tests/nixos/user-sandboxing/attacker\.c'' ''^tests/unit/libexpr-support/tests/libexpr\.hh'' ''^tests/unit/libexpr-support/tests/value/context\.cc'' ''^tests/unit/libexpr-support/tests/value/context\.hh''