I installed nix to my MacBook Pro with daemon option.
Some configuration (such as binary cache) is not changeable unless I add my user to trusted users, so it’s secure than single-user installation in some way?
1 Like
I installed nix to my MacBook Pro with daemon option.
Some configuration (such as binary cache) is not changeable unless I add my user to trusted users, so it’s secure than single-user installation in some way?
I would believe that a daemon running as root can isolate builds better, so it should be more robust w.r.t. builds looking at the global system too much.
3 Likes
The daemon is also able to build multiple packages at once, which I don’t think happens in a single user install.
1 Like
FWIW, multi-user will be the only option if/when darwin: encrypt nix volume if filevault is enabled by abathur · Pull Request #4289 · NixOS/nix · GitHub is merged and makes its way into a release.
2 Likes
I’m not sure whether on macOS builds are sandboxed at all, but on Linux the sandbox is only available in multi-user mode.
1 Like