about summary refs log tree commit diff
path: root/corepkgs/buildenv.nix
diff options
context:
space:
mode:
Diffstat (limited to 'corepkgs/buildenv.nix')
-rw-r--r--corepkgs/buildenv.nix15
1 files changed, 15 insertions, 0 deletions
diff --git a/corepkgs/buildenv.nix b/corepkgs/buildenv.nix
index 5bf7b4e56042..ab1ce13f2cf6 100644
--- a/corepkgs/buildenv.nix
+++ b/corepkgs/buildenv.nix
@@ -23,5 +23,20 @@ derivation {
   # network traffic, so don't do that.
   preferLocalBuild = true;
 
+  __sandboxProfile = ''
+    (allow sysctl-read)
+    (allow file-read*
+           (literal "/usr/lib/libSystem.dylib")
+           (literal "/usr/lib/libSystem.B.dylib")
+           (literal "/usr/lib/libobjc.A.dylib")
+           (literal "/usr/lib/libobjc.dylib")
+           (literal "/usr/lib/libauto.dylib")
+           (literal "/usr/lib/libc++abi.dylib")
+           (literal "/usr/lib/libc++.1.dylib")
+           (literal "/usr/lib/libDiagnosticMessagesClient.dylib")
+           (subpath "/usr/lib/system")
+           (subpath "/dev"))
+  '';
+
   inherit chrootDeps;
 }