diff options
Diffstat (limited to 'src/libstore/sandbox-defaults.sb')
-rw-r--r-- | src/libstore/sandbox-defaults.sb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/libstore/sandbox-defaults.sb b/src/libstore/sandbox-defaults.sb index 0292f5ee8..d63c8f813 100644 --- a/src/libstore/sandbox-defaults.sb +++ b/src/libstore/sandbox-defaults.sb @@ -1,5 +1,7 @@ (define TMPDIR (param "_GLOBAL_TMP_DIR")) +(deny default) + ; Disallow creating setuid/setgid binaries, since that ; would allow breaking build user isolation. (deny file-write-setugid) |