security.isolate.boxRoot

All sandboxes are created under this directory. To avoid symlink attacks, this directory and all its ancestors must be writeable only by root.

Type

absolute path

Default

"/var/lib/isolate/boxes"

Declared

<nixpkgs/nixos/modules/security/isolate.nix>