diff options
-rw-r--r-- | src/libstore/build.cc | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 2b148391fe9e..9614bb1c3eb2 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -2503,8 +2503,11 @@ void DerivationGoal::runChild() } sandboxProfile += ")\n"; - /* Our inputs (transitive dependencies and any impurities computed above) */ - sandboxProfile += "(allow file-read* process-exec\n"; + /* Our inputs (transitive dependencies and any impurities computed above) + + without file-write* allowed, access() incorrectly returns EPERM + */ + sandboxProfile += "(allow file-read* file-write* process-exec\n"; for (auto & i : dirsInChroot) { if (i.first != i.second) throw SysError(format("can't map '%1%' to '%2%': mismatched impure paths not supported on darwin")); |