Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

filterSource is disallowed in restrict-eval #2538

Closed
roberth opened this issue Nov 14, 2018 · 1 comment · Fixed by #5163
Closed

filterSource is disallowed in restrict-eval #2538

roberth opened this issue Nov 14, 2018 · 1 comment · Fixed by #5163
Labels
stale

Comments

@roberth
Copy link
Member

roberth commented Nov 14, 2018

restrict-eval does not allow access to paths that are derived from the search path by filterSource.

Is there a reason to disallow this?

It seems that it could be implemented by making addPath perform the restrict-eval check on the path argument and if it was ok, add it to evalState.allowedPaths at the end.

This would prevent problems like NixOS/nixpkgs#50342

Documentation from the Nix manual:

If set to true, the Nix evaluator will not allow access to any files outside of the Nix search path (as set via the NIX_PATH environment variable or the -I option), or to URIs outside of allowed-uri.
@stale
Copy link

stale bot commented Feb 21, 2021

I marked this as stale due to inactivity. → More info

@stale stale bot added the stale label Feb 21, 2021
@tomberek tomberek mentioned this issue Aug 29, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow use of path and filterSource in flakes tomberek/nix
1 participant
@roberth