about summary refs log tree commit diff
diff options
context:
space:
mode:
authorJude Taylor <me@jude.bio>2015-09-29T16·19-0700
committerJude Taylor <me@jude.bio>2015-10-21T19·38-0700
commitd4cac051f7f6ebfb24856eb35f5250de1faf1a80 (patch)
tree22d42d597050e1357693057f6520b03304394473
parent4b8c71b4ef6093ed4a9a391906cece7799a28351 (diff)
restore allowed impure prefixes
-rw-r--r--src/libstore/build.cc2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 78b58b8caa23..56835a418352 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -59,7 +59,7 @@
 /* chroot-like behavior from Apple's sandbox */
 #if __APPLE__
     #define SANDBOX_ENABLED 1
-    #define DEFAULT_ALLOWED_IMPURE_PREFIXES "/"
+    #define DEFAULT_ALLOWED_IMPURE_PREFIXES "/System/Library /usr /dev /bin/sh"
 #else
     #define SANDBOX_ENABLED 0
     #define DEFAULT_ALLOWED_IMPURE_PREFIXES "/bin" "/usr/bin"