Lix allows configuration which makes everyone inside the sandbox effectively root
It shouldn't since the worst offender here is "if build-users-group is set to empty, default to running user's group" which is a bad default. And as a bonus disallowing it to be root since…
Lix allows configuration which makes everyone inside the sandbox effectively root
@jade wants to kill NixOS CTF challenges this is so sad (jk next year we'll have a Nix 0day dw)
Lix allows configuration which makes everyone inside the sandbox effectively root