about summary refs log tree commit diff
path: root/src/libstore/local.mk
diff options
context:
space:
mode:
authorEelco Dolstra <edolstra@gmail.com>2017-06-06T16·44+0200
committerEelco Dolstra <edolstra@gmail.com>2017-06-06T16·44+0200
commit85e93d7b874f99730387714394bb60407cf138d5 (patch)
treea8b27c3200ce4d8dca85d9dc3f414bedb3c1d0bc /src/libstore/local.mk
parentd3f780996c05d348bd44fe846520153d5c1ae31c (diff)
Always use the Darwin sandbox
Even with "build-use-sandbox = false", we now use sandboxing with a
permissive profile that allows everything except the creation of
setuid/setgid binaries.
Diffstat (limited to 'src/libstore/local.mk')
-rw-r--r--src/libstore/local.mk6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/libstore/local.mk b/src/libstore/local.mk
index c0cc91c26582..36b270f2e078 100644
--- a/src/libstore/local.mk
+++ b/src/libstore/local.mk
@@ -36,7 +36,9 @@ libstore_CXXFLAGS = \
 
 $(d)/local-store.cc: $(d)/schema.sql.gen.hh
 
-$(d)/build.cc: $(d)/sandbox-defaults.sb.gen.hh $(d)/sandbox-network.sb.gen.hh
+sandbox-headers = $(d)/sandbox-defaults.sb.gen.hh $(d)/sandbox-network.sb.gen.hh $(d)/sandbox-minimal.sb.gen.hh
+
+$(d)/build.cc: $(sandbox-headers)
 
 %.gen.hh: %
 	@echo 'R"foo(' >> $@.tmp
@@ -44,6 +46,6 @@ $(d)/build.cc: $(d)/sandbox-defaults.sb.gen.hh $(d)/sandbox-network.sb.gen.hh
 	@echo ')foo"' >> $@.tmp
 	@mv $@.tmp $@
 
-clean-files += $(d)/schema.sql.gen.hh $(d)/sandbox-defaults.sb.gen.hh $(d)/sandbox-network.sb.gen.hh
+clean-files += $(d)/schema.sql.gen.hh $(sandbox-headers)
 
 $(eval $(call install-file-in, $(d)/nix-store.pc, $(prefix)/lib/pkgconfig, 0644))