diff options
| author | Jade Lovelace <lix@jade.fyi> | 2024-08-29 17:06:39 -0700 |
|---|---|---|
| committer | Jade Lovelace <lix@jade.fyi> | 2024-08-29 17:06:39 -0700 |
| commit | bb161a96cf1171a5c4ed3661a0f2f5a93ac10804 (patch) | |
| tree | 08a97ea452a1bcb4d710cbe77bb4fc995d0e858a /doc | |
| parent | a510d1748416ff29b1ed3cab92ac0ad943b6e590 (diff) | |
manual: note that __sandboxProfile allows bypassing the darwin sandbox
(but only if it is set to relaxed. no security hole here.)
Thanks to lilyball for pointing out this omission in the docs.
Change-Id: I2408a943bfe817fe660fe1c8fefef898aaf5f7e9
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/manual/src/installation/multi-user.md | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/doc/manual/src/installation/multi-user.md b/doc/manual/src/installation/multi-user.md index 87c956071..a470aa74d 100644 --- a/doc/manual/src/installation/multi-user.md +++ b/doc/manual/src/installation/multi-user.md @@ -36,7 +36,10 @@ All users of the Lix daemon may do the following to bring things into the Nix st - Input-addressed, so they are run in the sandbox with no network access, with the following exceptions: - The (poorly named, since it is not *just* about chroot) property `__noChroot` is set on the derivation and `sandbox` is set to `relaxed`. - - On macOS, the derivation property `__darwinAllowLocalNetworking` allows network access to localhost from input-addressed derivations regardless of the `sandbox` setting value. This property exists with such semantics because macOS has no network namespace equivalent to isolate individual processes' localhost networking. + - On macOS, the derivation property `__darwinAllowLocalNetworking` allows network access to localhost from input-addressed derivations regardless of the `sandbox` setting value. + This property exists with such semantics because macOS has no network namespace equivalent to isolate individual processes' localhost networking. + - On macOS, the derivation property `__sandboxProfile` accepts extra sandbox profile S-expressions, allowing derivations to bypass arbitrary parts of the sandbox without altogether disabling it. + This is only permitted when `sandbox` is set to `relaxed`. - Output-addressed, so they are run with network access but their result must match an expected hash. Trusted users may set any setting, including `sandbox = false`, so the sandbox state can be different at runtime from what is described in `nix.conf` for builds invoked with such settings. |