nixos/sandbox: improve documentation.

This was put together based on feedback from LnL on IRC.
2018-06-07 16:43:52 -04:00 · 2018-06-07 16:43:52 -04:00 · f098e60ecf
commit f098e60ecf
parent 0f8594170a
1 changed files with 7 additions and 5 deletions
--- a/nixos/modules/services/misc/nix-daemon.nix
+++ b/nixos/modules/services/misc/nix-daemon.nix
@ -130,11 +130,13 @@ in
        default = false;
        description = "
          If set, Nix will perform builds in a sandboxed environment that it
-          will set up automatically for each build.  This prevents
-          impurities in builds by disallowing access to dependencies
-          outside of the Nix store. This isn't enabled by default for
-          performance. It doesn't affect derivation hashes, so changing
-          this option will not trigger a rebuild of packages.
+          will set up automatically for each build. This prevents impurities
+          in builds by disallowing access to dependencies outside of the Nix 
+          store by using network and mount namespaces in a chroot environment. 
+          This isn't enabled by default for possible performance impacts due to 
+          the initial setup time of a sandbox for each build. It doesn't affect 
+          derivation hashes, so changing this option will not trigger a rebuild
+          of packages.
        ";
      };