mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-09-23 01:38:04 +03:00
85e93d7b87
Even with "build-use-sandbox = false", we now use sandboxing with a permissive profile that allows everything except the creation of setuid/setgid binaries.
6 lines
143 B
Text
6 lines
143 B
Text
(allow default)
|
|
|
|
; Disallow creating setuid/setgid binaries, since that
|
|
; would allow breaking build user isolation.
|
|
(deny file-write-setugid)
|