mirror of
https://github.com/NixOS/nix.git
synced 2025-11-12 21:46:01 +01:00
c8d2bc72a5
There is no PR for this, since it was an embargoed fix before
disclosure.
(cherry picked from commit 32e67eba8b)
250 B
250 B
| synopsis | significance | issues |
|---|---|---|
| Harden the user sandboxing | significant |
The build directory has been hardened against interference with the outside world by nesting it inside another directory owned by (and only readable by) the daemon user.