Use sandbox fallback when cloning fails in builder

When sandbox-fallback = true (the default), the Nix builder will fall back to disabled sandbox mode when the kernel doesn’t allow users to set it up. This prevents hard errors from occuring in tricky places, especially the initial installer. To restore the previous behavior, users can set: sandbox-fallback = false in their /etc/nix/nix.conf configuration.
author: Matthew Bauer <mjbauer95@gmail.com> 2019-07-25T18·29-0400
committer: Matthew Bauer <mjbauer95@gmail.com> 2019-07-25T18·42-0400
commit: 11d853462925d0b57fe956962e07edf5751fd4c3 (patch)
tree: c42900966dd0f3dae262fbe7092fd678fdb0c05e /src/libstore/globals.hh
parent: d171090530f4a2a79efec2c385bee1a10844c706 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
index 0af8215d1fd8..cc9534b2794d 100644
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -209,6 +209,9 @@ public:
         "The paths to make available inside the build sandbox.",
         {"build-chroot-dirs", "build-sandbox-paths"}};
 
+    Setting<bool> sandboxFallback{this, true, "sandbox-fallback",
+        "Whether to disable sandboxing when the kernel doesn't allow it."};
+
     Setting<PathSet> extraSandboxPaths{this, {}, "extra-sandbox-paths",
         "Additional paths to make available inside the build sandbox.",
         {"build-extra-chroot-dirs", "build-extra-sandbox-paths"}};
author	Matthew Bauer <mjbauer95@gmail.com>	2019-07-25T18·29-0400
committer	Matthew Bauer <mjbauer95@gmail.com>	2019-07-25T18·42-0400
commit	11d853462925d0b57fe956962e07edf5751fd4c3 (patch)
tree	c42900966dd0f3dae262fbe7092fd678fdb0c05e /src/libstore/globals.hh
parent	d171090530f4a2a79efec2c385bee1a10844c706 (diff)