Merge "Fix namespace warning being emitted if sandbox is disabled" into main
This commit is contained in:
commit
1917e6c765
1 changed files with 5 additions and 5 deletions
|
@ -221,12 +221,12 @@ void LocalDerivationGoal::tryLocalBuild()
|
||||||
}
|
}
|
||||||
|
|
||||||
#if __linux__
|
#if __linux__
|
||||||
// FIXME: should user namespaces being unsupported also require
|
|
||||||
// sandbox-fallback to be allowed? I don't think so, since they aren't a
|
|
||||||
// huge security win to have enabled.
|
|
||||||
usingUserNamespace = userNamespacesSupported();
|
|
||||||
|
|
||||||
if (useChroot) {
|
if (useChroot) {
|
||||||
|
// FIXME: should user namespaces being unsupported also require
|
||||||
|
// sandbox-fallback to be allowed? I don't think so, since they aren't a
|
||||||
|
// huge security win to have enabled.
|
||||||
|
usingUserNamespace = userNamespacesSupported();
|
||||||
|
|
||||||
if (!mountAndPidNamespacesSupported()) {
|
if (!mountAndPidNamespacesSupported()) {
|
||||||
if (!settings.sandboxFallback)
|
if (!settings.sandboxFallback)
|
||||||
throw Error("this system does not support the kernel namespaces that are required for sandboxing; use '--no-sandbox' to disable sandboxing. Pass --debug for diagnostics on what is broken.");
|
throw Error("this system does not support the kernel namespaces that are required for sandboxing; use '--no-sandbox' to disable sandboxing. Pass --debug for diagnostics on what is broken.");
|
||||||
|
|
Loading…
Reference in a new issue