about summary refs log tree commit diff
diff options
context:
space:
mode:
authorShea Levy <shea@shealevy.com>2015-11-04T22·27-0500
committerShea Levy <shea@shealevy.com>2015-11-04T22·27-0500
commit5bc12454fd0ca07c26de197daaf0b52188d517b5 (patch)
treefcec12076f7340d4042dede899ddef2a4a1b018e
parent6f1743b1a5116ca57a60b481ee4083c891b7a334 (diff)
parentc10ef2d13467a143d9e750e400343fbc7070f23f (diff)
Merge branch 'master' of https://github.com/pikajude/nix
> I made this change for two reasons:

> 1. Darwin's locale data doesn't appear to be open source
> 2. Privileged processes will always use /usr/share/locale regardless of environment variables
-rw-r--r--src/libstore/sandbox-defaults.sb.in8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/libstore/sandbox-defaults.sb.in b/src/libstore/sandbox-defaults.sb.in
index 9993f998d161..b5e80085fbe2 100644
--- a/src/libstore/sandbox-defaults.sb.in
+++ b/src/libstore/sandbox-defaults.sb.in
@@ -11,8 +11,12 @@
        (literal "/private/etc/protocols")
        (literal "/private/var/tmp")
        (literal "/private/var/db")
-       (subpath "/private/var/db/mds")
-       (subpath "/usr/share/icu"))
+       (subpath "/private/var/db/mds"))
+
+(allow file-read*
+       (subpath "/usr/share/icu")
+       (subpath "/usr/share/locale")
+       (subpath "/usr/share/zoneinfo"))
 
 (allow file-write*
        (literal "/dev/tty")