nrabulinski/lix
0
0
Fork 0
forked from lix-project/lix
Code Pull requests Activity

Default should depend on whether we are root.

Browse source
This commit is contained in:
Ben Radford 2023-07-11 11:13:39 +01:00
parent 2b4c59dd99
commit a193ec4052
No known key found for this signature in database
GPG key ID: 9DF5D4640AB888D5
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/libstore/globals.hh
View file

@ -524,7 +524,7 @@ public:
Setting<bool> sandboxFallback{this, true, "sandbox-fallback", Setting<bool> sandboxFallback{this, true, "sandbox-fallback",
"Whether to disable sandboxing when the kernel doesn't allow it."}; "Whether to disable sandboxing when the kernel doesn't allow it."};
Setting<bool> requireDropSupplementaryGroups{this, true, "require-drop-supplementary-groups", Setting<bool> requireDropSupplementaryGroups{this, getuid() == 0, "require-drop-supplementary-groups",
R"( R"(
Following the principle of least privilege, Following the principle of least privilege,
Nix will attempt to drop supplementary groups when building with sandboxing. Nix will attempt to drop supplementary groups when building with sandboxing.