diff options
Diffstat (limited to 'third_party/nix/src/libstore/sandbox-minimal.sb')
| -rw-r--r-- | third_party/nix/src/libstore/sandbox-minimal.sb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/third_party/nix/src/libstore/sandbox-minimal.sb b/third_party/nix/src/libstore/sandbox-minimal.sb new file mode 100644 index 0000000000..65f5108b39 --- /dev/null +++ b/third_party/nix/src/libstore/sandbox-minimal.sb @@ -0,0 +1,5 @@ +(allow default) + +; Disallow creating setuid/setgid binaries, since that +; would allow breaking build user isolation. +(deny file-write-setugid) |