security.isolate.boxRoot
NixOS option
All sandboxes are created under this directory. To avoid symlink attacks, this directory and all its ancestors must be writeable only by root.
type: absolute pathDefault
declared in: nixos/modules/security/isolate.nixView source on NixOS/nixpkgs →"/var/lib/isolate/boxes"