Daemon: warn when an untrusted user cannot override a setting

In a daemon-based Nix setup, some options cannot be overridden by a client unless the client's user is considered trusted. Currently, if an untrusted user tries to override one of those options, we are silently ignoring it. This can be pretty confusing in certain situations. e.g. a user thinks he disabled the sandbox when in reality he did not. We are now sending a warning message letting know the user some options have been ignored. Related to #1761.
author: Félix Baylac-Jacqué <felix@alternativebit.fr> 2019-06-07T22·41+0200
committer: Graham Christensen <graham@grahamc.com> 2019-06-15T07·59-0400
commit: 9e0f5f803f6cbfe9925cef69a0e58cbf5375bfaf (patch)
tree: 9e477e435f7856111faaad271ac267a0e8150807
parent: fb0ad898ed0f1c8d5297f5dc1035b2e6ac7e3632 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/nix-daemon/nix-daemon.cc b/src/nix-daemon/nix-daemon.cc
index 8d63b8f362ec..973f64a3446c 100644
--- a/src/nix-daemon/nix-daemon.cc
+++ b/src/nix-daemon/nix-daemon.cc
@@ -574,7 +574,7 @@ static void performOp(TunnelLogger * logger, ref<Store> store,
                 else if (setSubstituters(settings.extraSubstituters))
                     ;
                 else
-                    debug("ignoring untrusted setting '%s'", name);
+                    warn("ignoring the user-specified setting '%s', because it is a restricted setting and you are not a trusted user.", name);
             } catch (UsageError & e) {
                 warn(e.what());
             }
author	Félix Baylac-Jacqué <felix@alternativebit.fr>	2019-06-07T22·41+0200
committer	Graham Christensen <graham@grahamc.com>	2019-06-15T07·59-0400
commit	9e0f5f803f6cbfe9925cef69a0e58cbf5375bfaf (patch)
tree	9e477e435f7856111faaad271ac267a0e8150807
parent	fb0ad898ed0f1c8d5297f5dc1035b2e6ac7e3632 (diff)