From 053a98a7d7c8344b64ae88c5ddebf0bc7b33c031 Mon Sep 17 00:00:00 2001
From: Griffin Smith <grfn@gws.fyi>
Date: Mon, 31 Aug 2020 23:03:26 -0400
Subject: revert(tvix): "Disable sandboxing by default until its time comes"

This reverts commit a41c3dedb18201aa689206079e203f41c9bef389.

Reason for revert: I believe its time has come.

Change-Id: I4133dc8a3b57b40b280646d1622ed7a0409c5246
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1941
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: kanepyork <rikingcoding@gmail.com>
---
 third_party/nix/src/libstore/globals.hh | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

(limited to 'third_party/nix')

diff --git a/third_party/nix/src/libstore/globals.hh b/third_party/nix/src/libstore/globals.hh
index 29848fbb4b..ed9b6a338e 100644
--- a/third_party/nix/src/libstore/globals.hh
+++ b/third_party/nix/src/libstore/globals.hh
@@ -243,14 +243,21 @@ class Settings : public Config {
       this, false, "show-trace",
       "Whether to show a stack trace on evaluation errors."};
 
-  Setting<SandboxMode> sandboxMode{
-      this,
-      // TODO(tazjin): Turn sandboxing back on once it is time.
-      smDisabled,
-      "sandbox",
-      "Whether to enable sandboxed builds. Can be \"true\", \"false\" or "
-      "\"relaxed\".",
-      {"build-use-chroot", "build-use-sandbox"}};
+  Setting<SandboxMode> sandboxMode {
+    this,
+#if __linux__
+        smEnabled
+#else
+        smDisabled
+#endif
+        ,
+        "sandbox",
+        "Whether to enable sandboxed builds. Can be \"true\", \"false\" or "
+        "\"relaxed\".",
+    {
+      "build-use-chroot", "build-use-sandbox"
+    }
+  };
 
   Setting<PathSet> sandboxPaths{
       this,
-- 
cgit 1.4.1