diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml
index c947d19fa..a23223818 100644
--- a/doc/manual/command-ref/conf-file.xml
+++ b/doc/manual/command-ref/conf-file.xml
@@ -224,16 +224,16 @@ flag, e.g. --option gc-keep-outputs false.
- build-use-chroot
+ build-use-sandboxIf set to true, builds will be
- performed in a chroot environment, i.e.,
+ performed in a sandboxed environment, i.e.,
they’re isolated from the normal file system hierarchy and will
only see their dependencies in the Nix store, the temporary build
directory, private versions of /proc,
/dev, /dev/shm and
- /dev/pts, and the paths configured with the
- build-chroot-dirs
+ /dev/pts (on Linux), and the paths configured with the
+ build-sandbox-paths
option. This is useful to prevent undeclared dependencies
on files in directories such as /usr/bin. In
addition, on Linux, builds run in private PID, mount, network, IPC
@@ -241,8 +241,8 @@ flag, e.g. --option gc-keep-outputs false.
system (except that fixed-output derivations do not run in private
network namespace to ensure they can access the network).
- Currently, chroots only work on Linux and Mac OS X. The use
- of a chroot requires that Nix is run as root (so you should use
+ Currently, sandboxing only work on Linux and Mac OS X. The use
+ of a sandbox requires that Nix is run as root (so you should use
the “build users”
feature to perform the actual builds under different users
than root).
@@ -250,7 +250,7 @@ flag, e.g. --option gc-keep-outputs false.If this option is set to relaxed, then
fixed-output derivations and derivations that have the
__noChroot attribute set to
- true do not run in chroots.
+ true do not run in sandboxes.
The default is false.
@@ -259,17 +259,16 @@ flag, e.g. --option gc-keep-outputs false.
- build-chroot-dirs
+
+ build-sandbox-paths
- A list of paths bind-mounted into Nix chroot
- environments. Contrary to what the name suggests, the specified
- paths do not have to be directories; you can bind-mount other
- types of files as well. You can use the syntax
+ A list of paths bind-mounted into Nix sandbox
+ environments. You can use the syntax
target=source
- to mount a path in a different location in the chroot; for
+ to mount a path in a different location in the sandbox; for
instance, /bin=/nix-bin will mount the path
/nix-bin as /bin inside the
- chroot.
+ sandbox.Depending on how Nix was built, the default value for this option
may be empty or provide /bin/sh as a
@@ -278,10 +277,11 @@ flag, e.g. --option gc-keep-outputs false.
- build-extra-chroot-dirs
+
+ build-extra-sandbox-pathsA list of additional paths appended to
- . Useful if you want to extend
+ . Useful if you want to extend
its default value.
@@ -593,19 +593,21 @@ flag, e.g. --option gc-keep-outputs false.
between different versions of the same system to be hard-coded into nix.
- The hook is passed the derivation path and, if chroots are enabled,
- the chroot directory. It can then modify the chroot and send a series of
+ The hook is passed the derivation path and, if sandboxes are enabled,
+ the sandbox directory. It can then modify the sandbox and send a series of
commands to modify various settings to stdout. The currently recognized
commands are:
- extra-chroot-dirs
+
+ extra-sandbox-pathsPass a list of files and directories to be included in the
- chroot for this build. One entry per line, terminated by an empty
- line. Entries have the same format as build-chroot-dirs.
+ sandbox for this build. One entry per line, terminated by an empty
+ line. Entries have the same format as
+ build-sandbox-paths.
diff --git a/doc/manual/release-notes/release-notes.xml b/doc/manual/release-notes/release-notes.xml
index 4ea57c99c..0aa3e8717 100644
--- a/doc/manual/release-notes/release-notes.xml
+++ b/doc/manual/release-notes/release-notes.xml
@@ -12,6 +12,7 @@
-->
+
diff --git a/doc/manual/release-notes/rl-1.11.xml b/doc/manual/release-notes/rl-1.11.xml
new file mode 100644
index 000000000..aa9a3e101
--- /dev/null
+++ b/doc/manual/release-notes/rl-1.11.xml
@@ -0,0 +1,23 @@
+
+
+Release 1.11 (TODO: date, 2015)
+
+TODO: This is primarily a bug fix release. It also has a number of new
+features:
+
+
+
+ All "chroot"-containing strings got renamed to "sandbox".
+ In particular, some nix options got renamed, but the old names
+ are still accepted as lower-priority aliases.
+
+
+
+
+This release has contributions from TODO.
+
+
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 70278a878..dde87dcda 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -1842,12 +1842,14 @@ void DerivationGoal::startBuilder()
work properly. Purity checking for fixed-output derivations
is somewhat pointless anyway. */
{
- string x = settings.get("build-use-chroot", string("false"));
+ string x = settings.get("build-use-sandbox",
+ /* deprecated alias */
+ settings.get("build-use-chroot", string("false")));
if (x != "true" && x != "false" && x != "relaxed")
- throw Error("option ‘build-use-chroot’ must be set to one of ‘true’, ‘false’ or ‘relaxed’");
+ throw Error("option ‘build-use-sandbox’ must be set to one of ‘true’, ‘false’ or ‘relaxed’");
if (x == "true") {
if (get(drv->env, "__noChroot") == "1")
- throw Error(format("derivation ‘%1%’ has ‘__noChroot’ set, but that's not allowed when ‘build-use-chroot’ is ‘true’") % drvPath);
+ throw Error(format("derivation ‘%1%’ has ‘__noChroot’ set, but that's not allowed when ‘build-use-sandbox’ is ‘true’") % drvPath);
useChroot = true;
}
else if (x == "false")
@@ -1866,8 +1868,13 @@ void DerivationGoal::startBuilder()
/* Allow a user-configurable set of directories from the
host file system. */
- PathSet dirs = tokenizeString(settings.get("build-chroot-dirs", defaultChrootDirs));
- PathSet dirs2 = tokenizeString(settings.get("build-extra-chroot-dirs", string("")));
+ PathSet dirs = tokenizeString(
+ settings.get("build-sandbox-paths",
+ /* deprecated alias with lower priority */
+ settings.get("build-chroot-dirs", defaultChrootDirs)));
+ PathSet dirs2 = tokenizeString(
+ settings.get("build-extra-chroot-dirs",
+ settings.get("build-extra-sandbox-paths", string(""))));
dirs.insert(dirs2.begin(), dirs2.end());
for (auto & i : dirs) {
@@ -2010,7 +2017,7 @@ void DerivationGoal::startBuilder()
/* We don't really have any parent prep work to do (yet?)
All work happens in the child, instead. */
#else
- throw Error("chroot builds are not supported on this platform");
+ throw Error("sandboxing builds is not supported on this platform");
#endif
}
@@ -2059,7 +2066,7 @@ void DerivationGoal::startBuilder()
auto line = std::string{lines, lastPos, nlPos};
lastPos = nlPos + 1;
if (state == stBegin) {
- if (line == "extra-chroot-dirs") {
+ if (line == "extra-sandbox-paths" || line == "extra-chroot-dirs") {
state = stExtraChrootDirs;
} else {
throw Error(format("unknown pre-build hook command ‘%1%’")
@@ -2607,7 +2614,7 @@ void DerivationGoal::registerOutputs()
replaceValidPath(path, actualPath);
else
if (buildMode != bmCheck && rename(actualPath.c_str(), path.c_str()) == -1)
- throw SysError(format("moving build output ‘%1%’ from the chroot to the Nix store") % path);
+ throw SysError(format("moving build output ‘%1%’ from the sandbox to the Nix store") % path);
}
if (buildMode != bmCheck) actualPath = path;
} else {