diff --git a/src/c/hydra-eval-jobs.cc b/src/c/hydra-eval-jobs.cc
index 6b5a12bb..0eacecd0 100644
--- a/src/c/hydra-eval-jobs.cc
+++ b/src/c/hydra-eval-jobs.cc
@@ -242,6 +242,10 @@ int main(int argc, char * * argv)
             return true;
         });
 
+        /* Prevent access to paths outside of the Nix search path and
+           to the environment. */
+        settings.set("restrict-eval", "true");
+
         if (releaseExpr == "") throw UsageError("no expression specified");
 
         if (gcRootsDir == "") printMsg(lvlError, "warning: `--gc-roots-dir' not specified");