parent
5a3f140856
commit
812e39313c
5 changed files with 34 additions and 10 deletions
|
@ -12,6 +12,7 @@
|
||||||
</partintro>
|
</partintro>
|
||||||
-->
|
-->
|
||||||
|
|
||||||
|
<xi:include href="rl-2.3.xml" />
|
||||||
<xi:include href="rl-2.2.xml" />
|
<xi:include href="rl-2.2.xml" />
|
||||||
<xi:include href="rl-2.1.xml" />
|
<xi:include href="rl-2.1.xml" />
|
||||||
<xi:include href="rl-2.0.xml" />
|
<xi:include href="rl-2.0.xml" />
|
||||||
|
|
19
doc/manual/release-notes/rl-2.3.xml
Normal file
19
doc/manual/release-notes/rl-2.3.xml
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
<section xmlns="http://docbook.org/ns/docbook"
|
||||||
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||||
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
|
version="5.0"
|
||||||
|
xml:id="ssec-relnotes-2.3">
|
||||||
|
|
||||||
|
<title>Release 2.3 (2019-??-??)</title>
|
||||||
|
|
||||||
|
<para>This release has the following changes:</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Sandbox builds are now enabled by default on Linux.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
</section>
|
|
@ -195,7 +195,13 @@ public:
|
||||||
Setting<bool> showTrace{this, false, "show-trace",
|
Setting<bool> showTrace{this, false, "show-trace",
|
||||||
"Whether to show a stack trace on evaluation errors."};
|
"Whether to show a stack trace on evaluation errors."};
|
||||||
|
|
||||||
Setting<SandboxMode> sandboxMode{this, smDisabled, "sandbox",
|
Setting<SandboxMode> sandboxMode{this,
|
||||||
|
#if __linux__
|
||||||
|
smEnabled
|
||||||
|
#else
|
||||||
|
smDisabled
|
||||||
|
#endif
|
||||||
|
, "sandbox",
|
||||||
"Whether to enable sandboxed builds. Can be \"true\", \"false\" or \"relaxed\".",
|
"Whether to enable sandboxed builds. Can be \"true\", \"false\" or \"relaxed\".",
|
||||||
{"build-use-chroot", "build-use-sandbox"}};
|
{"build-use-chroot", "build-use-sandbox"}};
|
||||||
|
|
||||||
|
|
|
@ -85,16 +85,13 @@ killDaemon() {
|
||||||
trap "" EXIT
|
trap "" EXIT
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if [[ $(uname) == Linux ]] && [[ -L /proc/self/ns/user ]] && unshare --user true; then
|
||||||
|
_canUseSandbox=1
|
||||||
|
fi
|
||||||
|
|
||||||
canUseSandbox() {
|
canUseSandbox() {
|
||||||
if [[ $(uname) != Linux ]]; then return 1; fi
|
if [[ ! $_canUseSandbox ]]; then
|
||||||
|
echo "Sandboxing not supported, skipping this test..."
|
||||||
if [ ! -L /proc/self/ns/user ]; then
|
|
||||||
echo "Kernel doesn't support user namespaces, skipping this test..."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! unshare --user true ; then
|
|
||||||
echo "Unprivileged user namespaces disabled by sysctl, skipping this test..."
|
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
@ -16,6 +16,7 @@ mkdir "$NIX_CONF_DIR"
|
||||||
cat > "$NIX_CONF_DIR"/nix.conf <<EOF
|
cat > "$NIX_CONF_DIR"/nix.conf <<EOF
|
||||||
build-users-group =
|
build-users-group =
|
||||||
keep-derivations = false
|
keep-derivations = false
|
||||||
|
sandbox = false
|
||||||
include nix.conf.extra
|
include nix.conf.extra
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue