nix-daemon: emit a warning if untrusted user tries to set build parameters #2692
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
It's documented in the NixOS wiki that untrusted users can't set build
machines using
--builders
or--option builders
[1]. This should causea warning at least to avoid confusion why the options won't take any
effect.
This applies to all options except
connect-timeout
,timeout
andbuilders
if the value is empty.[1] https://nixos.wiki/wiki/Distributed_build
I tested the behavior with the following VM declaration built from the nixpkgs master: