aboutsummaryrefslogtreecommitdiff
path: root/src/libstore/sandbox-defaults.sb
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstore/sandbox-defaults.sb')
-rw-r--r--src/libstore/sandbox-defaults.sb2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/libstore/sandbox-defaults.sb b/src/libstore/sandbox-defaults.sb
index 0292f5ee8..d63c8f813 100644
--- a/src/libstore/sandbox-defaults.sb
+++ b/src/libstore/sandbox-defaults.sb
@@ -1,5 +1,7 @@
(define TMPDIR (param "_GLOBAL_TMP_DIR"))
+(deny default)
+
; Disallow creating setuid/setgid binaries, since that
; would allow breaking build user isolation.
(deny file-write-setugid)
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-23 03:28:19 +0000