diff options
author | Eelco Dolstra <edolstra@gmail.com> | 2017-10-30T11·39+0100 |
---|---|---|
committer | Eelco Dolstra <edolstra@gmail.com> | 2017-10-30T11·41+0100 |
commit | 812e027e1d5a4f83394069edd67bdf8404ffa2bb (patch) | |
tree | fe11aee398ea3ddfa0a8117c566e2ed1c6435883 /src/libstore | |
parent | f1c555cef870654cdaf232b5d08fdbba0bf06add (diff) |
Add option allowed-uris
This allows network access in restricted eval mode.
Diffstat (limited to 'src/libstore')
-rw-r--r-- | src/libstore/globals.hh | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index 538273b546be..a4aa842d70fd 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -225,7 +225,7 @@ public: Setting<bool> restrictEval{this, false, "restrict-eval", "Whether to restrict file system access to paths in $NIX_PATH, " - "and to disallow fetching files from the network."}; + "and network access to the URI prefixes listed in 'allowed-uris'."}; Setting<size_t> buildRepeat{this, 0, "repeat", "The number of times to repeat a build in order to verify determinism.", @@ -353,6 +353,8 @@ public: Setting<uint64_t> maxFree{this, std::numeric_limits<uint64_t>::max(), "max-free", "Stop deleting garbage when free disk space is above the specified amount."}; + Setting<Strings> allowedUris{this, {}, "allowed-uris", + "Prefixes of URIs that builtin functions such as fetchurl and fetchGit are allowed to fetch."}; }; |