diff options
Diffstat (limited to 'src/libstore/sandbox-defaults.sb')
| -rw-r--r-- | src/libstore/sandbox-defaults.sb | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/libstore/sandbox-defaults.sb b/src/libstore/sandbox-defaults.sb index b4e29c94381c..f556a26a01f4 100644 --- a/src/libstore/sandbox-defaults.sb +++ b/src/libstore/sandbox-defaults.sb @@ -21,6 +21,9 @@ ; Allow sending signals within the sandbox. (allow signal (target same-sandbox)) +; Allow getpwuid. +(allow mach-lookup (global-name "com.apple.system.opendirectoryd.libinfo")) + ; Access to /tmp. ; The network-outbound/network-inbound ones are for unix domain sockets, which ; we allow access to in TMPDIR (but if we allow them more broadly, you could in |