aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEelco Dolstra <eelco.dolstra@logicblox.com>2017-11-03 10:55:31 +0100
committerGitHub <noreply@github.com>2017-11-03 10:55:31 +0100
commit9ccea31dc26b38c676824e3f7f5471c0cb901e3b (patch)
tree53032a36d2fd5d7948e4f9d1585ef76c923c0af1
parente104842f8b0dfb16ee06301da955ec3dc634e01a (diff)
parent453f6758107dd51dd649fa6f1e9e61c21b90c0a3 (diff)
Merge pull request #1651 from LnL7/darwin-sandbox-getpwuid
Allow getpwuid in the darwin sandbox
-rw-r--r--src/libstore/sandbox-defaults.sb3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/libstore/sandbox-defaults.sb b/src/libstore/sandbox-defaults.sb
index cf700c62c..c8436d986 100644
--- a/src/libstore/sandbox-defaults.sb
+++ b/src/libstore/sandbox-defaults.sb
@@ -21,6 +21,9 @@
; Allow sending signals within the sandbox.
(allow signal (target same-sandbox))
+; Allow getpwuid.
+(allow mach-lookup (global-name "com.apple.system.opendirectoryd.libinfo"))
+
; Access to /tmp.
(allow file* process-exec (literal "/tmp") (subpath TMPDIR))