Allow using /bin and /usr/bin as impure prefixes on non-darwin by default

These directories are generally world-readable anyway, and give us the two most common linux impurities (env and sh)
author: Shea Levy <shea@shealevy.com> 2015-01-13 09:40:11 -0500
committer: Eelco Dolstra <eelco.dolstra@logicblox.com> 2015-01-13 15:41:46 +0100
commit: 79ca5033329053caa364bb2f7e50953f859cc97f (patch)
tree: d75f7d1fe3d18de2b5616636d0474e81238aedc7 /src/libstore
parent: fcf57aad27d0785df18015d0f115fa09c7577ed3 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 575777c8a..5285d39df 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -56,7 +56,7 @@
     #define DEFAULT_ALLOWED_IMPURE_PREFIXES "/System/Library/Frameworks /usr/lib /dev /bin/sh"
 #else
     #define SANDBOX_ENABLED 0
-    #define DEFAULT_ALLOWED_IMPURE_PREFIXES ""
+    #define DEFAULT_ALLOWED_IMPURE_PREFIXES "/bin" "/usr/bin"
 #endif
 
 #if CHROOT_ENABLED
author	Shea Levy <shea@shealevy.com>	2015-01-13 09:40:11 -0500
committer	Eelco Dolstra <eelco.dolstra@logicblox.com>	2015-01-13 15:41:46 +0100
commit	79ca5033329053caa364bb2f7e50953f859cc97f (patch)
tree	d75f7d1fe3d18de2b5616636d0474e81238aedc7 /src/libstore
parent	fcf57aad27d0785df18015d0f115fa09c7577ed3 (diff)