Default should depend on whether we are root.
This commit is contained in:
parent
2b4c59dd99
commit
a193ec4052
1 changed files with 1 additions and 1 deletions
|
@ -524,7 +524,7 @@ public:
|
||||||
Setting<bool> sandboxFallback{this, true, "sandbox-fallback",
|
Setting<bool> sandboxFallback{this, true, "sandbox-fallback",
|
||||||
"Whether to disable sandboxing when the kernel doesn't allow it."};
|
"Whether to disable sandboxing when the kernel doesn't allow it."};
|
||||||
|
|
||||||
Setting<bool> requireDropSupplementaryGroups{this, true, "require-drop-supplementary-groups",
|
Setting<bool> requireDropSupplementaryGroups{this, getuid() == 0, "require-drop-supplementary-groups",
|
||||||
R"(
|
R"(
|
||||||
Following the principle of least privilege,
|
Following the principle of least privilege,
|
||||||
Nix will attempt to drop supplementary groups when building with sandboxing.
|
Nix will attempt to drop supplementary groups when building with sandboxing.
|
||||||
|
|
Loading…
Reference in a new issue