-
-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dhcpcd: enable sandboxing options #208780
Conversation
9bc13c3
to
a594e3f
Compare
a594e3f
to
f8b7eee
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This might break the setup of people using networking.dhcpcd.runHook
. I don't think we should go ahead with this without at least an entry in the release notes and an option to disable hardening.
f8b7eee
to
3c36fdc
Compare
3c36fdc
to
467708b
Compare
Updated PR. |
467708b
to
1201af8
Compare
Resolving conflicts. |
1201af8
to
740978b
Compare
Rebased PR. |
740978b
to
22ab6e8
Compare
Resolved conflicts. |
43c6672
to
9e46a1b
Compare
Small update and rebase PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't test this on my machine but if the author tested it fine for me
9e46a1b
to
b02af89
Compare
I am no longer using dhcpcd |
b02af89
to
af89055
Compare
af89055
to
7c60587
Compare
7c60587
to
611b1d5
Compare
Rebased PR. |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/prs-already-reviewed/2617/2020 |
From #208780 (review), slightly highlighted:
This is still missing said option, as well as a mention of it in the release notes. |
Doesn't this line disable sandbox mode?
|
Ah, now I understand, you don't apply sandboxing at all if there's a hook present. |
I still hope we can get rid of scripted networking altogether, but today is not that day, so sure, let's add the sandboxing. Thanks for the PR! |
Thanks! |
Description of changes
Enable sandboxing options.
Result:
cc @SuperSandro2000
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)nixos/doc/manual/md-to-db.sh
to update generated release notes