Flushing is bad if the Nix store is on a remote filesystem accessed
over that interface.
http://hydra.nixos.org/build/3184162
Also added a interface option ‘prefixLength’ as a better alternative
to ‘subnetMask’.
Instead it's enough to depend on
sys-subsystem-net-devices-<interface>.device, which in turn has a
"wants" dependency on the service (if any) that creates the interface.
The VirtualBox build in Nixpkgs is insecure because it uses the
"--disable-hardened" flag, which disables some checks in the
VirtualBox kernel module. Since getting rid of that flag looks like
too much work, it's better to ensure that only explicitly permitted
users have access to VirtualBox.
* Drop the 666 permission on "sonypi" because it's not clear why that
device should be world-writable.
svn path=/nixos/trunk/; revision=33301