diff options
author | Jude Taylor <me@jude.bio> | 2015-11-12 22:51:52 -0800 |
---|---|---|
committer | Jude Taylor <me@jude.bio> | 2015-11-14 14:11:03 -0800 |
commit | 22dfd023fafc5951619072d3031e3198f9538e45 (patch) | |
tree | ecc0e2e13d89fcd7d11f28a9a1a73f09043ca2cf /corepkgs/buildenv.nix | |
parent | 8a7f0dfd68a785d254f7156c4b57c8809eb4bbbe (diff) |
update sandbox profiles within nix
Diffstat (limited to 'corepkgs/buildenv.nix')
-rw-r--r-- | corepkgs/buildenv.nix | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/corepkgs/buildenv.nix b/corepkgs/buildenv.nix index b4946457f..ab1ce13f2 100644 --- a/corepkgs/buildenv.nix +++ b/corepkgs/buildenv.nix @@ -23,10 +23,20 @@ derivation { # network traffic, so don't do that. preferLocalBuild = true; - __impureHostDeps = if builtins.currentSystem == "x86_64-darwin" then [ - "/usr/lib/libSystem.dylib" - "/usr/lib/system" - ] else null; + __sandboxProfile = '' + (allow sysctl-read) + (allow file-read* + (literal "/usr/lib/libSystem.dylib") + (literal "/usr/lib/libSystem.B.dylib") + (literal "/usr/lib/libobjc.A.dylib") + (literal "/usr/lib/libobjc.dylib") + (literal "/usr/lib/libauto.dylib") + (literal "/usr/lib/libc++abi.dylib") + (literal "/usr/lib/libc++.1.dylib") + (literal "/usr/lib/libDiagnosticMessagesClient.dylib") + (subpath "/usr/lib/system") + (subpath "/dev")) + ''; inherit chrootDeps; } |