diff options
author | Jude Taylor <me@jude.bio> | 2015-10-21T21·39-0700 |
---|---|---|
committer | Jude Taylor <me@jude.bio> | 2015-10-21T21·39-0700 |
commit | 992cda1b113227cc6a4724e53ae2cb9f1e47be0e (patch) | |
tree | 7b416e06bd17ca87d56c08cbec1ad80d926efbfc /src/libstore | |
parent | 76f3ba42fd5516b46c07b8a7cc56f6ef8138f7cc (diff) |
clarifying comment
Diffstat (limited to 'src/libstore')
-rw-r--r-- | src/libstore/build.cc | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 2211191fb635..725a82a868fc 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -2488,7 +2488,11 @@ void DerivationGoal::runChild() sandboxProfile += ")\n"; /* Our ancestry. N.B: this uses literal on folders, instead of subpath. Without that, - you open up the entire filesystem because you end up with (subpath "/") */ + you open up the entire filesystem because you end up with (subpath "/") + Note: file-read-metadata* is not sufficiently permissive for GHC. file-read* is but may + be a security hazard. + TODO: figure out a more appropriate directive. + */ sandboxProfile += "(allow file-read*\n"; for (auto & i : ancestry) { sandboxProfile += (format("\t(literal \"%1%\")\n") % i.c_str()).str(); |