<y> > The nix sandbox is not used at all inside the builders. In fact, the nix-daemon is not used at all. We have our own sandbox implementation. Each and every build gets its own synthesized nix database and synthesized nix store inside an isolated KVM sandbox, we run nix-store --serve as a user that have write access to that db and store. However, it can never change any of its input paths, only output paths.
cc edef ^
qyliss: tbf thats where i got it
Yes, I am 7c6f434c as proved by my ability to type that account name, and I am not an Emacs user even though I use Common Lisp
apodiptych8 has joined #spectrum
apodiptych has quit [Quit: Ping timeout (120 seconds)]
wow, real mailing list traffic! :D
Granted, it was complaining about the mailing list... :P