about summary refs log tree commit diff
diff options
context:
space:
mode:
authorJude Taylor <me@jude.bio>2015-10-31T03·32-0700
committerJude Taylor <me@jude.bio>2015-10-31T03·32-0700
commit95c66cc95058b9a918dbd1ef756b9da6abdd7eee (patch)
tree55a3b55ecadd3f2b7325da932ce039c53bb428ea
parentb83fb35f7947e25124ec733422a7479d5975eccf (diff)
add special devices to sandbox-defaults
-rw-r--r--src/libstore/sandbox-defaults.sb.in5
1 files changed, 4 insertions, 1 deletions
diff --git a/src/libstore/sandbox-defaults.sb.in b/src/libstore/sandbox-defaults.sb.in
index 12c39fa7f217..702f05602bd0 100644
--- a/src/libstore/sandbox-defaults.sb.in
+++ b/src/libstore/sandbox-defaults.sb.in
@@ -35,7 +35,10 @@
        (literal "/private/var/run/resolv.conf"))
 
 ; some builders use filehandles other than stdin/stdout
-(allow file* (subpath "/dev/fd"))
+(allow file*
+        (subpath "/dev/fd")
+        (literal "/dev/ptmx")
+        (regex #"^/dev/[pt]ty.*$"))
 
 ; allow everything inside TMP
 (allow file* process-exec