OS X -> macOS
This commit is contained in:
parent
0fb60e4e0f
commit
c20641ce56
|
@ -19,7 +19,7 @@ filter. Note that this imposes a small performance penalty (e.g. 1%
|
|||
when building GNU Hello). Using seccomp, we now also prevent the
|
||||
creation of extended attributes and POSIX ACLs since these cannot be
|
||||
represented in the NAR format and (in the case of POSIX ACLs) allow
|
||||
bypassing regular Nix store permissions. On OS X, the restriction is
|
||||
bypassing regular Nix store permissions. On macOS, the restriction is
|
||||
implemented using the existing sandbox mechanism, which now uses a
|
||||
minimal “allow all except the creation of setuid/setgid binaries”
|
||||
profile when regular sandboxing is disabled. On other platforms, the
|
||||
|
|
Loading…
Reference in New Issue