mirror of
https://github.com/NixOS/nix.git
synced 2024-11-30 02:32:26 +00:00
Revert "Allow using /bin and /usr/bin as impure prefixes on non-darwin by default"
This reverts commit 79ca503332
. Ouch,
never noticed this. We definitely don't want to allow builds to have
arbitrary access to /bin and /usr/bin, because then they can (for
instance) bring in a bunch of setuid programs. Also, we shouldn't be
encouraging the use of impurities in the default configuration.
This commit is contained in:
parent
4384bbd2e1
commit
96c2ebf004
@ -62,7 +62,7 @@
|
||||
#define DEFAULT_ALLOWED_IMPURE_PREFIXES "/System/Library /usr/lib /dev /bin/sh"
|
||||
#else
|
||||
#define SANDBOX_ENABLED 0
|
||||
#define DEFAULT_ALLOWED_IMPURE_PREFIXES "/bin" "/usr/bin"
|
||||
#define DEFAULT_ALLOWED_IMPURE_PREFIXES ""
|
||||
#endif
|
||||
|
||||
#if CHROOT_ENABLED
|
||||
|
Loading…
Reference in New Issue
Block a user