alois31
f047e4357b
Seccomp filtering and the no-new-privileges functionality improve the security
of the sandbox, and have been enabled by default for a long time. In
#265 it was decided that they
should be enabled unconditionally. Accordingly, remove the allow-new-privileges
(which had weird behavior anyway) and filter-syscall settings, and force the
security features on. Syscall filtering can still be enabled at build time to
support building on architectures libseccomp doesn't support.
Change-Id: Iedbfa18d720ae557dee07a24f69b2520f30119cb
9 lines
285 B
Nix
9 lines
285 B
Nix
{ runCommand, libcap }:
|
|
runCommand "cant-get-capabilities" { nativeBuildInputs = [ libcap.out ]; } ''
|
|
if [ "$(/run/wrappers/bin/ohno 2>&1)" != "failed to inherit capabilities: Operation not permitted" ]; then
|
|
echo "Oh no! We gained capabilities!"
|
|
exit 1
|
|
fi
|
|
touch $out
|
|
''
|