diff options
| author | Shea Levy <shea@shealevy.com> | 2015-11-19T22·44-0500 |
|---|---|---|
| committer | Shea Levy <shea@shealevy.com> | 2015-11-19T22·44-0500 |
| commit | 5deb7fbdfb9fd910be6be4bfcd139ebdac435242 (patch) | |
| tree | da8e56515ec79bf5d865b2775f8073fcebbbc818 /release.nix | |
| parent | 33f2fbcb62a4c47dd5c9c2fd987f5288b81dae61 (diff) | |
| parent | 36f7fcc157de8d4f1b195f0e3cb7e384d4083c2a (diff) | |
Merge branch 'sandbox-profiles' of git://github.com/pikajude/nix
Temporarily allow derivations to describe their full sandbox profile. This will be eventually scaled back to a more secure setup, see the discussion at #695
Diffstat (limited to 'release.nix')
| -rw-r--r-- | release.nix | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/release.nix b/release.nix index 4269a3f76d8c..8935cfa19680 100644 --- a/release.nix +++ b/release.nix @@ -97,6 +97,10 @@ let enableParallelBuilding = true; + __sandboxProfile = lib.sandbox.allowFileRead [ + "/etc" "/etc/nix/nix.conf" "/private/etc/nix/nix.conf" + ]; + makeFlags = "profiledir=$(out)/etc/profile.d"; preBuild = "unset NIX_INDENT_MAKE"; |