vinzenz/hyperhive
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

harness: fix sandbox-fallback conflict with lib.mkForce (closes #247)

Browse source
This commit is contained in:
damocles 2026-05-22 14:04:59 +02:00 committed by Mara
parent 7426654a74
commit 4bc5237bea
1 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
nix/templates/harness-base.nix
View file

@ -353,8 +353,10 @@
# fail inside the container. Enable sandbox-fallback so builds that # fail inside the container. Enable sandbox-fallback so builds that
# can't set up the sandbox (no user-namespaces in nspawn) fall back # can't set up the sandbox (no user-namespaces in nspawn) fall back
# to unsandboxed local builds rather than failing outright. # to unsandboxed local builds rather than failing outright.
# Security implications: see docs/security.md. # mkForce overrides the nixpkgs nix module which sets this to false
nix.settings.sandbox-fallback = true; # at normal priority -- without it agents get a conflicting definition
# error on rebuild. Security implications: see docs/security.md.
nix.settings.sandbox-fallback = lib.mkForce true;
# `claude-code` is unfree. Each per-agent container's nixosConfiguration # `claude-code` is unfree. Each per-agent container's nixosConfiguration
# evaluates its own `nixpkgs` instance, so the operator's host-level # evaluates its own `nixpkgs` instance, so the operator's host-level