diff options
author | Eelco Dolstra <edolstra@gmail.com> | 2017-10-12T16·21+0200 |
---|---|---|
committer | Eelco Dolstra <edolstra@gmail.com> | 2017-10-12T16·21+0200 |
commit | 1dd29d7aebae706f3e90a18bbfae727f2ed03c70 (patch) | |
tree | 9b8dc1516d14b4637dfc65a70989c53aa7de36dc /src/libstore/globals.hh | |
parent | 97307811ee478c30472539a477981d24ec0971de (diff) |
Add option to disable the seccomp filter
I needed this to test ACL/xattr removal in canonicalisePathMetaData(). Might also be useful if you need to build old Nixpkgs that doesn't have the required patches to remove setuid/setgid creation.
Diffstat (limited to 'src/libstore/globals.hh')
-rw-r--r-- | src/libstore/globals.hh | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index 41d3323117b4..264e82a16e20 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -336,6 +336,12 @@ public: "String appended to the user agent in HTTP requests."}; #if __linux__ + Setting<bool> filterSyscalls{this, true, "filter-syscalls", + "Whether to prevent certain dangerous system calls, such as " + "creation of setuid/setgid files or adding ACLs or extended " + "attributes. Only disable this if you're aware of the " + "security implications."}; + Setting<bool> allowNewPrivileges{this, false, "allow-new-privileges", "Whether builders can acquire new privileges by calling programs with " "setuid/setgid bits or with file capabilities."}; |