aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaiderd Jordan <daiderd@gmail.com>2017-11-03 10:50:49 +0100
committerDaiderd Jordan <daiderd@gmail.com>2017-11-03 10:50:49 +0100
commit453f6758107dd51dd649fa6f1e9e61c21b90c0a3 (patch)
treeccb60380b6414c699993350641dd80687dd07e9b
parent197922ea4e76ec9439d487e2d16411495a71df4e (diff)
Allow getpwuid in the darwin sandbox.
-rw-r--r--src/libstore/sandbox-defaults.sb3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/libstore/sandbox-defaults.sb b/src/libstore/sandbox-defaults.sb
index cf700c62c..c8436d986 100644
--- a/src/libstore/sandbox-defaults.sb
+++ b/src/libstore/sandbox-defaults.sb
@@ -21,6 +21,9 @@
; Allow sending signals within the sandbox.
(allow signal (target same-sandbox))
+; Allow getpwuid.
+(allow mach-lookup (global-name "com.apple.system.opendirectoryd.libinfo"))
+
; Access to /tmp.
(allow file* process-exec (literal "/tmp") (subpath TMPDIR))