wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-08 23:33:55 +02:00
Code Activity

libstore: relax default sandbox-paths on darwin

Browse source 
(cherry picked from commit 7f2df903d9)
Signed-off-by: Domen Kožar <domen@dev.si>
This commit is contained in:
Daiderd Jordan 2020-03-20 21:31:20 +01:00 committed by Domen Kožar
parent ec9bfa7afd
commit f953a51d43
No known key found for this signature in database
GPG key ID: C2FFBCAFD2C24246
1 changed files with 6 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/libstore/globals.cc
View file

@ -19,13 +19,6 @@ namespace nix {
must be deleted and recreated on startup.) */ must be deleted and recreated on startup.) */
#define DEFAULT_SOCKET_PATH "/daemon-socket/socket" #define DEFAULT_SOCKET_PATH "/daemon-socket/socket"
/* chroot-like behavior from Apple's sandbox */
#if __APPLE__
#define DEFAULT_ALLOWED_IMPURE_PREFIXES "/System/Library /usr/lib /dev /bin/sh"
#else
#define DEFAULT_ALLOWED_IMPURE_PREFIXES ""
#endif
Settings settings; Settings settings;
static GlobalConfig::Register r1(&settings); static GlobalConfig::Register r1(&settings);
@ -67,7 +60,12 @@ Settings::Settings()
sandboxPaths = tokenizeString<StringSet>("/bin/sh=" SANDBOX_SHELL); sandboxPaths = tokenizeString<StringSet>("/bin/sh=" SANDBOX_SHELL);
#endif #endif
allowedImpureHostPrefixes = tokenizeString<StringSet>(DEFAULT_ALLOWED_IMPURE_PREFIXES);
/* chroot-like behavior from Apple's sandbox */
#if __APPLE__
sandboxPaths = tokenizeString<StringSet>("/System/Library/Frameworks /System/Library/PrivateFrameworks /bin/sh /private/tmp /private/var/tmp /usr/lib");
allowedImpureHostPrefixes = tokenizeString<StringSet>("/System/Library /usr/lib /dev /bin/sh");
#endif
} }
void loadConfFile() void loadConfFile()