diff options
author | Shea Levy <shea@shealevy.com> | 2015-01-13T14·40-0500 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-01-13T14·41+0100 |
commit | 79ca5033329053caa364bb2f7e50953f859cc97f (patch) | |
tree | d75f7d1fe3d18de2b5616636d0474e81238aedc7 | |
parent | fcf57aad27d0785df18015d0f115fa09c7577ed3 (diff) |
Allow using /bin and /usr/bin as impure prefixes on non-darwin by default
These directories are generally world-readable anyway, and give us the two most common linux impurities (env and sh)
-rw-r--r-- | src/libstore/build.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 575777c8a5ee..5285d39df2d6 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -56,7 +56,7 @@ #define DEFAULT_ALLOWED_IMPURE_PREFIXES "/System/Library/Frameworks /usr/lib /dev /bin/sh" #else #define SANDBOX_ENABLED 0 - #define DEFAULT_ALLOWED_IMPURE_PREFIXES "" + #define DEFAULT_ALLOWED_IMPURE_PREFIXES "/bin" "/usr/bin" #endif #if CHROOT_ENABLED |