lix/doc/manual/rl-next
Alois Wohlschlager f047e4357b libstore/build: always enable seccomp filtering and no-new-privileges
Seccomp filtering and the no-new-privileges functionality improve the security
of the sandbox, and have been enabled by default for a long time. In
https://git.lix.systems/lix-project/lix/issues/265 it was decided that they
should be enabled unconditionally. Accordingly, remove the allow-new-privileges
(which had weird behavior anyway) and filter-syscall settings, and force the
security features on. Syscall filtering can still be enabled at build time to
support building on architectures libseccomp doesn't support.

Change-Id: Iedbfa18d720ae557dee07a24f69b2520f30119cb
2024-05-24 21:19:29 +00:00
..
addDrvOutputDependencies.md release notes: add a bunch of them 2024-05-22 21:13:56 +02:00
always-allow-substitutes.md release notes: add a bunch of them 2024-05-22 21:13:56 +02:00
better-errors-in-nix-repl.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
consistent-nix-build.md nix3-build: show all FOD errors with --keep-going 2024-05-15 15:35:18 +02:00
cve-fod-fix.md release notes: add a bunch of them 2024-05-22 21:13:56 +02:00
debugger-locals-for-let-expressions.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
debugger-on-trace.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
deprecate-online-flake-registry.md Deprecate the online flake registries and vendor the default registry 2024-05-18 12:27:23 +10:00
drop-vendored-toml11.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
drv-string-parse-hang.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
dup-attr-errors.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
empty-search-regex.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
enable-coredumps.md Allow enabling core dumps from builds for nix & child processes 2024-05-16 17:11:21 -07:00
enter-debugger-more-reliably-in-let-and-calls.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
env-size-reduction.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
eval-system.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
fchmodat2-sandbox.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
fix-nested-follows.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
forbid-nested-debuggers.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
formal-order.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
gc-roots-darwin.md release notes: add a bunch of them 2024-05-22 21:13:56 +02:00
inherit-error-positions.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
inherit-from-by-need.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
leading-period.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
linux-sandbox-consistency.md libstore/build: always enable seccomp filtering and no-new-privileges 2024-05-24 21:19:29 +00:00
macos-stack-size.md release notes: add a bunch of them 2024-05-22 21:13:56 +02:00
more-logs.md release notes: add a bunch of them 2024-05-22 21:13:56 +02:00
new-assertions.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
nix-config-show.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
nix-env-json-drv-path.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
nix-eval-derivations.md release notes: add a bunch of them 2024-05-22 21:13:56 +02:00
nix-flake-check-logs-actions.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
nix-flake-update-ux.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
nix-profile-names.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
nix-store-prefetch-unpack.md release notes: add a bunch of them 2024-05-22 21:13:56 +02:00
nixversion-fake.md builtins: fix builtins.langVersion docs to state it's deprecated 2024-05-15 21:54:12 -07:00
no-cache-eval-errors.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
print-in-repl.md release notes: add a bunch of them 2024-05-22 21:13:56 +02:00
print-value-in-coercion-error.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
print-value-in-installable-flake-error.md print type and value in "flake attr is not a derivation" errors 2024-05-21 05:55:13 -06:00
print-value-in-type-error.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
reduce-debugger-clutter.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
rename-lixexpr.md clang-tidy: work with angle brackets and external projects 2024-05-24 02:22:58 +00:00
repl-doc-command.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
repl-fix-history.md repl-interacter: save history after entering every line 2024-05-19 22:47:45 +00:00
repl-interrupt.md doc: fix repl-interrupt release note entry 2024-05-21 16:34:04 +02:00
repl-overlays.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
repl-tstp.md make CTRL+Z work in the REPL 2024-05-24 03:10:12 +00:00
shebang-single-quotes.md release notes: add a bunch of them 2024-05-22 21:13:56 +02:00
short-expr-flag.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
source-location-in-while-evaluating-attribute.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
source-positions-in-errors.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
ssh-ng-phase-reporting.md release notes: add a bunch of them 2024-05-22 21:13:56 +02:00
ssh-ng-substitute.md release notes: add a bunch of them 2024-05-22 21:13:56 +02:00
stack-overflow-segfaults.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
upgrade-nix-override.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
upgrade-nix-profile-compat.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
upstart-removal.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00
warn-ignored-client-settings.md release notes: add a bunch of them 2024-05-22 21:13:56 +02:00
with-error-reporting.md doc: add release note credits and categories for all the changes in Lix 2024-05-15 14:33:35 -07:00