Be clearer about the security implications.

This commit is contained in:
Ben Radford 2023-07-11 11:09:25 +01:00
parent 0caf28f238
commit 2b4c59dd99
No known key found for this signature in database
GPG key ID: 9DF5D4640AB888D5

View file

@ -533,8 +533,9 @@ public:
For example, if the user lacks the CAP_SETGID capability.
Search setgroups(2) for EPERM to find more detailed information on this.
If you encounter such a failure,
you can instruct Nix to continue without dropping supplementary groups by setting this option to `false`.
If you encounter such a failure, setting this option to `false` will let you ignore it and continue.
But before doing so, you should consider the security implications carefully.
Not dropping supplementary groups means the build sandbox will be less restricted than intended.
)"};
#if __linux__