OS X -> macOS
(cherry picked from commit c20641ce569dc1fdeaeaa147b0292f258667f53b)
This commit is contained in:
parent
1dcadadf74
commit
a10951de08
|
@ -19,7 +19,7 @@ filter. Note that this imposes a small performance penalty (e.g. 1%
|
|||
when building GNU Hello). Using seccomp, we now also prevent the
|
||||
creation of extended attributes and POSIX ACLs since these cannot be
|
||||
represented in the NAR format and (in the case of POSIX ACLs) allow
|
||||
bypassing regular Nix store permissions. On OS X, the restriction is
|
||||
bypassing regular Nix store permissions. On macOS, the restriction is
|
||||
implemented using the existing sandbox mechanism, which now uses a
|
||||
minimal “allow all except the creation of setuid/setgid binaries”
|
||||
profile when regular sandboxing is disabled. On other platforms, the
|
||||
|
|
Loading…
Reference in a new issue