diff options
author | Dan Peebles <pumpkin@me.com> | 2017-10-30T16·25+0100 |
---|---|---|
committer | Dan Peebles <pumpkin@me.com> | 2017-10-30T16·59+0100 |
commit | 4a4a009f78d7267d58a1dbd95f70f12ee3fe89f2 (patch) | |
tree | 4dd7f936847312e08d2082d8ec3f949cff6355f1 /shell.nix | |
parent | 6e5165b77370c76bfa39d4b55e9f83673f3bd466 (diff) |
Allow optional localhost network access to sandboxed derivations
This will allow bind and connect to 127.0.0.1, which can reduce purity/ security (if you're running a vulnerable service on localhost) but is also needed for a ton of test suites, so I'm leaving it turned off by default but allowing certain derivations to turn it on as needed. It also allows DNS resolution of arbitrary hostnames but I haven't found a way to avoid that. In principle I'd just want to allow resolving localhost but that doesn't seem to be possible. I don't think this belongs under `build-use-sandbox = relaxed` because we want it on Hydra and I don't think it's the end of the world.
Diffstat (limited to 'shell.nix')
0 files changed, 0 insertions, 0 deletions