Commit 54c260e updates the daemon again from upstream Nix code. Few
interesting changes this time; interesting changes include:
• Fixed-output derivations (such as downloads) are now also run in a
chroot environment. The difference with other derivations is that
they do not get a separate network name space, which allows them to
access the network, and they get additional files such as
/etc/resolv.conf.
• pivot_root(2) is used in addition to chroot(2), which is claimed to
really prevent getting out of the chroot (though in practice build
processes are non-root so I don’t see how they could get away.)
• The ‘verifyStore’ RPC (more on that soon.)
Please report any issues!
Ludo’.
