Loading pkgs/by-name/no/nono/package.nix +24 −0 Original line number Diff line number Diff line { lib, stdenv, rustPlatform, fetchFromGitHub, Loading Loading @@ -34,6 +35,29 @@ rustPlatform.buildRustPackage (finalAttrs: { writableTmpDirAsHomeHook ]; checkFlags = lib.optionals stdenv.hostPlatform.isDarwin [ # panics with "Deny-within-allow overlap on Linux ... Landlock cannot enforce this. ..." # landlock is linux only "--skip=policy::tests::test_all_groups_no_deny_within_allow_overlap" # panics with "exact-path fallback must not recursively cover descendants" "--skip=capability_ext::tests::test_from_profile_allow_file_falls_back_to_exact_directory_when_present" # env_vars # don't work inside of the /nix dir # unsure why home is still under /nix with writableTmpDirAsHomeHook # Sandbox initialization failed: Refusing to grant '/nix' (source: group:system_read_macos) because it overlaps protected nono state root '/nix/build/nix-<ID>/.home/.nono'. "--skip=allow_net_overrides_profile_external_proxy" "--skip=cli_flag_overrides_env_var" "--skip=env_nono_allow_comma_separated" "--skip=env_nono_block_net" "--skip=env_nono_block_net_accepts_true" "--skip=env_nono_network_profile" "--skip=env_nono_profile" "--skip=env_nono_upstream_bypass_comma_separated" "--skip=env_nono_upstream_proxy" "--skip=legacy_env_nono_net_block_still_works" ]; meta = { description = "Secure, kernel-enforced sandbox for AI agents, MCP and LLM workloads"; homepage = "https://github.com/always-further/nono"; Loading Loading
pkgs/by-name/no/nono/package.nix +24 −0 Original line number Diff line number Diff line { lib, stdenv, rustPlatform, fetchFromGitHub, Loading Loading @@ -34,6 +35,29 @@ rustPlatform.buildRustPackage (finalAttrs: { writableTmpDirAsHomeHook ]; checkFlags = lib.optionals stdenv.hostPlatform.isDarwin [ # panics with "Deny-within-allow overlap on Linux ... Landlock cannot enforce this. ..." # landlock is linux only "--skip=policy::tests::test_all_groups_no_deny_within_allow_overlap" # panics with "exact-path fallback must not recursively cover descendants" "--skip=capability_ext::tests::test_from_profile_allow_file_falls_back_to_exact_directory_when_present" # env_vars # don't work inside of the /nix dir # unsure why home is still under /nix with writableTmpDirAsHomeHook # Sandbox initialization failed: Refusing to grant '/nix' (source: group:system_read_macos) because it overlaps protected nono state root '/nix/build/nix-<ID>/.home/.nono'. "--skip=allow_net_overrides_profile_external_proxy" "--skip=cli_flag_overrides_env_var" "--skip=env_nono_allow_comma_separated" "--skip=env_nono_block_net" "--skip=env_nono_block_net_accepts_true" "--skip=env_nono_network_profile" "--skip=env_nono_profile" "--skip=env_nono_upstream_bypass_comma_separated" "--skip=env_nono_upstream_proxy" "--skip=legacy_env_nono_net_block_still_works" ]; meta = { description = "Secure, kernel-enforced sandbox for AI agents, MCP and LLM workloads"; homepage = "https://github.com/always-further/nono"; Loading
