about summary refs log tree commit diff
diff options
context:
space:
mode:
authorEelco Dolstra <eelco.dolstra@logicblox.com>2017-11-08T15·16+0100
committerGitHub <noreply@github.com>2017-11-08T15·16+0100
commit513b143cd8fff4d7d931e14fd26306579cb9be31 (patch)
tree4f5802f905de0392d07e14544ac8a1a2c5ea3ad1
parentfd10f6f2414521947ca60b9d1508d909f50e9faa (diff)
parentbc6b3f7e8fa46c183e20a9f28a5e0a7a6a19429d (diff)
Merge pull request #1650 from copumpkin/darwin-sandbox-unix-socket
Always allow builds to use unix domain sockets in Darwin sandbox
-rw-r--r--src/libstore/sandbox-defaults.sb9
1 files changed, 8 insertions, 1 deletions
diff --git a/src/libstore/sandbox-defaults.sb b/src/libstore/sandbox-defaults.sb
index c8436d9866c5..f556a26a01f4 100644
--- a/src/libstore/sandbox-defaults.sb
+++ b/src/libstore/sandbox-defaults.sb
@@ -25,7 +25,14 @@
 (allow mach-lookup (global-name "com.apple.system.opendirectoryd.libinfo"))
 
 ; Access to /tmp.
-(allow file* process-exec (literal "/tmp") (subpath TMPDIR))
+; The network-outbound/network-inbound ones are for unix domain sockets, which
+; we allow access to in TMPDIR (but if we allow them more broadly, you could in
+; theory escape the sandbox)
+(allow file* process-exec network-outbound network-inbound
+       (literal "/tmp") (subpath TMPDIR))
+
+; Always allow unix domain sockets, since they can't hurt purity or security
+
 
 ; Some packages like to read the system version.
 (allow file-read* (literal "/System/Library/CoreServices/SystemVersion.plist"))