about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--src/libstore/build.cc4
-rw-r--r--tests/sandbox.nix3
2 files changed, 6 insertions, 1 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 6c6d0dee36ff..6fc6220e0524 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -1659,6 +1659,10 @@ void setupSeccomp(void) {
     FORCE_SUCCESS(fchownat);
     FORCE_SUCCESS(lchown);
 
+    FORCE_SUCCESS(setxattr);
+    FORCE_SUCCESS(lsetxattr);
+    FORCE_SUCCESS(fsetxattr);
+
     if (seccomp_load(ctx) != 0) {
         seccomp_release(ctx);
         throw SysError("unable to load seccomp BPF program");
diff --git a/tests/sandbox.nix b/tests/sandbox.nix
index 7e2055038c91..dc72a5985ef7 100644
--- a/tests/sandbox.nix
+++ b/tests/sandbox.nix
@@ -16,7 +16,7 @@ let
 
   sandboxTestScript = pkgs.writeText "sandbox-testscript.sh" ''
     [ $(id -u) -eq 0 ]
-    touch foo
+    cp -p "$testfile" foo
     chown 1024:1024 foo
     touch "$out"
   '';
@@ -31,6 +31,7 @@ let
       builder = "''${utils}/bin/bash";
       args = ["-e" ${sandboxTestScript}];
       PATH = "''${utils}/bin";
+      testfile = builtins.toFile "test" "i am a test file";
     }
   '';