about summary refs log tree commit diff
diff options
context:
space:
mode:
authorEelco Dolstra <edolstra@gmail.com>2018-02-22T11·27+0100
committerEelco Dolstra <edolstra@gmail.com>2018-02-22T11·27+0100
commitddc58e789636e1b94149c342575d92583251fbf6 (patch)
tree2b06967dda7120ca7e2c78716d711d399e9ad4a9
parent6964131cd716b2ccf9d1f0a817b5cac483f87a9b (diff)
Enable sandbox builds on Linux by default
The overhead of sandbox builds is a problem on NixOS (since building a
NixOS configuration involves a lot of small derivations) but not for
typical non-NixOS use cases. So outside of NixOS we can enable it.

Issue #179.
-rw-r--r--doc/manual/manual.xml4
-rw-r--r--doc/manual/release-notes/rl-2.0.xml4
-rw-r--r--src/libstore/globals.hh8
3 files changed, 12 insertions, 4 deletions
diff --git a/doc/manual/manual.xml b/doc/manual/manual.xml
index b5a6af7d0c3b..b408b6817727 100644
--- a/doc/manual/manual.xml
+++ b/doc/manual/manual.xml
@@ -16,12 +16,10 @@
     </author>
 
     <copyright>
-      <year>2004-2017</year>
+      <year>2004-2018</year>
       <holder>Eelco Dolstra</holder>
     </copyright>
 
-    <date>November 2014</date>
-
   </info>
 
   <!--
diff --git a/doc/manual/release-notes/rl-2.0.xml b/doc/manual/release-notes/rl-2.0.xml
index 0d5296cc9007..f0f44ae260bb 100644
--- a/doc/manual/release-notes/rl-2.0.xml
+++ b/doc/manual/release-notes/rl-2.0.xml
@@ -810,6 +810,10 @@ configureFlags = "--prefix=${placeholder "out"} --includedir=${placeholder "dev"
 <itemizedlist>
 
   <listitem>
+    <para>Sandbox builds are now enabled by default on Linux.</para>
+  </listitem>
+
+  <listitem>
     <para>Values such as Booleans, integers, (nested) lists and
     attribute sets can <link
     xlink:href="https://github.com/NixOS/nix/commit/6de33a9c675b187437a2e1abbcb290981a89ecb1">now</link>
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
index dd01f832df0c..12917a438fa7 100644
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -220,7 +220,13 @@ public:
     Setting<bool> enableNativeCode{this, false, "allow-unsafe-native-code-during-evaluation",
         "Whether builtin functions that allow executing native code should be enabled."};
 
-    Setting<SandboxMode> sandboxMode{this, smDisabled, "sandbox",
+    Setting<SandboxMode> sandboxMode{this,
+        #if __linux__
+          smEnabled
+        #else
+          smDisabled
+        #endif
+        , "sandbox",
         "Whether to enable sandboxed builds. Can be \"true\", \"false\" or \"relaxed\".",
         {"build-use-chroot", "build-use-sandbox"}};