about summary refs log tree commit diff
diff options
context:
space:
mode:
authorDan Peebles <pumpkin@me.com>2015-03-03T03·55-0500
committerDan Peebles <pumpkin@me.com>2015-03-03T03·55-0500
commit66d612f1da47db1c9944f7e76f60c6ccd1c20cdb (patch)
treec98df3262cded916d9b219a765eb86f456edd975
parentcffa7f80ab04e881b8e926962d9b51e2160ae5bd (diff)
Allow local networking in the darwin sandbox to appease tests
-rw-r--r--src/libstore/build.cc3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 707c416d6e9f..60470a339023 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -2323,6 +2323,9 @@ void DerivationGoal::runChild()
             /* Enables getpwuid (used by git and others) */
             sandboxProfile += "(allow mach-lookup (global-name \"com.apple.system.notification_center\") (global-name \"com.apple.system.opendirectoryd.libinfo\"))\n";
 
+            /* Allow local networking operations, mostly because lots of test suites use it and it seems mostly harmless */
+            sandboxProfile += "(allow network* (local ip) (remote unix-socket))";
+
 
             /* Our rwx outputs */
             sandboxProfile += "(allow file-read* file-write* process-exec\n";