improve documentation for nix.settings.sandbox (#188541)

* add information on the "relaxed" setting in `nix.settings.sandbox`
2023-06-06 04:32:26 -04:00 · 2023-06-06 04:32:26 -04:00 · aa884b8f3d
parent 04c41a12cf
commit aa884b8f3d
1 changed files with 7 additions and 0 deletions
--- a/nixos/modules/services/misc/nix-daemon.nix
+++ b/nixos/modules/services/misc/nix-daemon.nix
@ -520,10 +520,17 @@ in
                will set up automatically for each build. This prevents impurities
                in builds by disallowing access to dependencies outside of the Nix
                store by using network and mount namespaces in a chroot environment.
+
                This is enabled by default even though it has a possible performance
                impact due to the initial setup time of a sandbox for each build. It
                doesn't affect derivation hashes, so changing this option will not
                trigger a rebuild of packages.
+
+                When set to "relaxed", this option permits derivations that set
+                `__noChroot = true;` to run outside of the sandboxed environment.
+                Exercise caution when using this mode of operation! It is intended to
+                be a quick hack when building with packages that are not easily setup
+                to be built reproducibly.
              '';
            };