Add restricted evaluation mode
If ‘--option restrict-eval true’ is given, the evaluator will throw an exception if an attempt is made to access any file outside of the Nix search path. This is primarily intended for Hydra, where we don't want people doing ‘builtins.readFile ~/.ssh/id_dsa’ or stuff like that.
Showing
- doc/manual/command-ref/conf-file.xml 15 additions, 0 deletionsdoc/manual/command-ref/conf-file.xml
- src/libexpr/eval.cc 20 additions, 3 deletionssrc/libexpr/eval.cc
- src/libexpr/eval.hh 6 additions, 0 deletionssrc/libexpr/eval.hh
- src/libexpr/nixexpr.hh 1 addition, 0 deletionssrc/libexpr/nixexpr.hh
- src/libexpr/parser.y 2 additions, 1 deletionsrc/libexpr/parser.y
- src/libexpr/primops.cc 21 additions, 7 deletionssrc/libexpr/primops.cc
Loading
Please register or sign in to comment