revert(tvix): "Disable sandboxing by default until its time comes" r/1768

This reverts commit a41c3dedb18201aa689206079e203f41c9bef389. Reason for revert: I believe its time has come. Change-Id: I4133dc8a3b57b40b280646d1622ed7a0409c5246 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1941 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: kanepyork <rikingcoding@gmail.com>
author: Griffin Smith <grfn@gws.fyi> 2020-09-01T03·03-0400
committer: glittershark <grfn@gws.fyi> 2020-09-06T21·12+0000
commit: 053a98a7d7c8344b64ae88c5ddebf0bc7b33c031 (patch)
tree: 8a2ed30cae632b0120bd41acf8a26424832faf85
parent: 8b7dcfaebae17947c2b85eb9759d858f08b74852 (diff)
1 files changed, 15 insertions, 8 deletions
diff --git a/third_party/nix/src/libstore/globals.hh b/third_party/nix/src/libstore/globals.hh
index 29848fbb4b..ed9b6a338e 100644
--- a/third_party/nix/src/libstore/globals.hh
+++ b/third_party/nix/src/libstore/globals.hh
@@ -243,14 +243,21 @@ class Settings : public Config {
       this, false, "show-trace",
       "Whether to show a stack trace on evaluation errors."};
 
-  Setting<SandboxMode> sandboxMode{
-      this,
-      // TODO(tazjin): Turn sandboxing back on once it is time.
-      smDisabled,
-      "sandbox",
-      "Whether to enable sandboxed builds. Can be \"true\", \"false\" or "
-      "\"relaxed\".",
-      {"build-use-chroot", "build-use-sandbox"}};
+  Setting<SandboxMode> sandboxMode {
+    this,
+#if __linux__
+        smEnabled
+#else
+        smDisabled
+#endif
+        ,
+        "sandbox",
+        "Whether to enable sandboxed builds. Can be \"true\", \"false\" or "
+        "\"relaxed\".",
+    {
+      "build-use-chroot", "build-use-sandbox"
+    }
+  };
 
   Setting<PathSet> sandboxPaths{
       this,
author	Griffin Smith <grfn@gws.fyi>	2020-09-01T03·03-0400
committer	glittershark <grfn@gws.fyi>	2020-09-06T21·12+0000
commit	053a98a7d7c8344b64ae88c5ddebf0bc7b33c031 (patch)
tree	8a2ed30cae632b0120bd41acf8a26424832faf85
parent	8b7dcfaebae17947c2b85eb9759d858f08b74852 (diff)