Enable sandbox builds on Linux by default

The overhead of sandbox builds is a problem on NixOS (since building a
NixOS configuration involves a lot of small derivations) but not for
typical non-NixOS use cases. So outside of NixOS we can enable it.

Issue #179.

doc/manual/manual.xml

@@ -16,12 +16,10 @@
     </author>
 
     <copyright>
-      <year>2004-2017</year>
+      <year>2004-2018</year>
       <holder>Eelco Dolstra</holder>
     </copyright>
 
-    <date>November 2014</date>
-
   </info>
 
   <!--

doc/manual/release-notes/rl-2.0.xml

@@ -809,6 +809,10 @@ configureFlags = "--prefix=${placeholder "out"} --includedir=${placeholder "dev"
 
 <itemizedlist>
 
+  <listitem>
+    <para>Sandbox builds are now enabled by default on Linux.</para>
+  </listitem>
+
   <listitem>
     <para>Values such as Booleans, integers, (nested) lists and
     attribute sets can <link

src/libstore/globals.hh

@@ -220,7 +220,13 @@ public:
     Setting<bool> enableNativeCode{this, false, "allow-unsafe-native-code-during-evaluation",
         "Whether builtin functions that allow executing native code should be enabled."};
 
-    Setting<SandboxMode> sandboxMode{this, smDisabled, "sandbox",
+    Setting<SandboxMode> sandboxMode{this,
+        #if __linux__
+          smEnabled
+        #else
+          smDisabled
+        #endif
+        , "sandbox",
         "Whether to enable sandboxed builds. Can be \"true\", \"false\" or \"relaxed\".",
         {"build-use-chroot", "build-use-sandbox"}};