From b8e8dfc3e8581a08bc179f75fbe61e04030088de Mon Sep 17 00:00:00 2001 From: Ben Radford Date: Tue, 11 Jul 2023 11:24:11 +0100 Subject: Say a bit about default value in setting description. --- src/libstore/globals.hh | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/libstore/globals.hh') diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index 9a9b4903f..81fa154bb 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -536,6 +536,10 @@ public: If you encounter such a failure, setting this option to `false` will let you ignore it and continue. But before doing so, you should consider the security implications carefully. Not dropping supplementary groups means the build sandbox will be less restricted than intended. + + This option defaults to `true` when the user is root + (since root usually has permissions to call setgroups) + and `false` otherwise. )"}; #if __linux__ -- cgit v1.2.3