nrabulinski/lix
0
0
Fork 0
forked from lix-project/lix
Code Pull requests Activity

Be clearer about the security implications.

Browse source
This commit is contained in:
Ben Radford 2023-07-11 11:09:25 +01:00
parent 0caf28f238
commit 2b4c59dd99
No known key found for this signature in database
GPG key ID: 9DF5D4640AB888D5
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/libstore/globals.hh
View file

@ -533,8 +533,9 @@ public:
For example, if the user lacks the CAP_SETGID capability. For example, if the user lacks the CAP_SETGID capability.
Search setgroups(2) for EPERM to find more detailed information on this. Search setgroups(2) for EPERM to find more detailed information on this.
If you encounter such a failure, If you encounter such a failure, setting this option to `false` will let you ignore it and continue.
you can instruct Nix to continue without dropping supplementary groups by setting this option to `false`. But before doing so, you should consider the security implications carefully.
Not dropping supplementary groups means the build sandbox will be less restricted than intended.
)"}; )"};
#if __linux__ #if __linux__