about summary refs log tree commit diff
path: root/src/libstore
diff options
context:
space:
mode:
authorEelco Dolstra <edolstra@gmail.com>2017-10-30T11·39+0100
committerEelco Dolstra <edolstra@gmail.com>2017-10-30T11·41+0100
commit812e027e1d5a4f83394069edd67bdf8404ffa2bb (patch)
treefe11aee398ea3ddfa0a8117c566e2ed1c6435883 /src/libstore
parentf1c555cef870654cdaf232b5d08fdbba0bf06add (diff)
Add option allowed-uris
This allows network access in restricted eval mode.
Diffstat (limited to 'src/libstore')
-rw-r--r--src/libstore/globals.hh4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
index 538273b546be..a4aa842d70fd 100644
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -225,7 +225,7 @@ public:
 
     Setting<bool> restrictEval{this, false, "restrict-eval",
         "Whether to restrict file system access to paths in $NIX_PATH, "
-        "and to disallow fetching files from the network."};
+        "and network access to the URI prefixes listed in 'allowed-uris'."};
 
     Setting<size_t> buildRepeat{this, 0, "repeat",
         "The number of times to repeat a build in order to verify determinism.",
@@ -353,6 +353,8 @@ public:
     Setting<uint64_t> maxFree{this, std::numeric_limits<uint64_t>::max(), "max-free",
         "Stop deleting garbage when free disk space is above the specified amount."};
 
+    Setting<Strings> allowedUris{this, {}, "allowed-uris",
+        "Prefixes of URIs that builtin functions such as fetchurl and fetchGit are allowed to fetch."};
 };