Include macOS sandbox files in the Nix binary

This basically reverts 6e5165b77370c76bfa39d4b55e9f83673f3bd466. It fixes errors like sandbox-exec: <internal init prelude>:292:47: unable to open sandbox-minimal.sb: not found when trying to run a development Nix installed in a user's home directory. Also, we're trying to minimize the number of installed files to make it possible to deploy Nix as a single statically-linked binary.
author: Eelco Dolstra <edolstra@gmail.com> 2023-01-04 04:36:07 -0800
committer: Eelco Dolstra <edolstra@gmail.com> 2023-01-04 04:36:07 -0800
commit: 609a7dc05974c9f86b2e7304762b9e01c5879380 (patch)
tree: 6ce2282d0d28381a12e8fb81642ed779f1d38a23 /src/libstore/sandbox-minimal.sb
parent: d4d1ca8b1160c8ee045fefafa7ccb00a1a5eeb0b (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libstore/sandbox-minimal.sb b/src/libstore/sandbox-minimal.sb
index 65f5108b3..976a1f636 100644
--- a/src/libstore/sandbox-minimal.sb
+++ b/src/libstore/sandbox-minimal.sb
@@ -1,5 +1,9 @@
+R""(
+
 (allow default)
 
 ; Disallow creating setuid/setgid binaries, since that
 ; would allow breaking build user isolation.
 (deny file-write-setugid)
+
+)""
author	Eelco Dolstra <edolstra@gmail.com>	2023-01-04 04:36:07 -0800
committer	Eelco Dolstra <edolstra@gmail.com>	2023-01-04 04:36:07 -0800
commit	609a7dc05974c9f86b2e7304762b9e01c5879380 (patch)
tree	6ce2282d0d28381a12e8fb81642ed779f1d38a23 /src/libstore/sandbox-minimal.sb
parent	d4d1ca8b1160c8ee045fefafa7ccb00a1a5eeb0b (diff)