diff options
| author | Théophane Hufschmitt <theophane.hufschmitt@tweag.io> | 2024-05-06 15:10:18 +0200 |
|---|---|---|
| committer | Artemis Tosini <lix@artem.ist> | 2024-05-08 19:31:43 +0000 |
| commit | adea821d8766976f6e0006575aba39404b649e40 (patch) | |
| tree | f13db10041fe4f67f233f3744953822bc2eaf48a /src/libstore | |
| parent | f782c8a60a4be16eebf98ef329a8e614de814c30 (diff) | |
libstore: Fix sandbox=relaxed
The fix for the Darwin vulnerability in ecdbc3b207eaec1a2cafd2a0d494bcbabdd60a11
also broke setting `__sandboxProfile` when `sandbox=relaxed` or
`sandbox=false`. This cppnix change fixes `sandbox=relaxed` and
adds a suitable test.
Co-Authored-By: Artemis Tosini <lix@artem.ist>
Co-Authored-By: Eelco Dolstra <edolstra@gmail.com>
Change-Id: I40190f44f3e1d61846df1c7b89677c20a1488522
Diffstat (limited to 'src/libstore')
| -rw-r--r-- | src/libstore/build/local-derivation-goal.cc | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/libstore/build/local-derivation-goal.cc b/src/libstore/build/local-derivation-goal.cc index da1db5771..0fa2eca8d 100644 --- a/src/libstore/build/local-derivation-goal.cc +++ b/src/libstore/build/local-derivation-goal.cc @@ -175,6 +175,10 @@ void LocalDerivationGoal::killSandbox(bool getStats) void LocalDerivationGoal::tryLocalBuild() { +#if __APPLE__ + additionalSandboxProfile = parsedDrv->getStringAttr("__sandboxProfile").value_or(""); +#endif + unsigned int curBuilds = worker.getNrLocalBuilds(); if (curBuilds >= settings.maxBuildJobs) { state = &DerivationGoal::tryToBuild; @@ -193,7 +197,6 @@ void LocalDerivationGoal::tryLocalBuild() throw Error("derivation '%s' has '__noChroot' set, " "but that's not allowed when 'sandbox' is 'true'", worker.store.printStorePath(drvPath)); #if __APPLE__ - additionalSandboxProfile = parsedDrv->getStringAttr("__sandboxProfile").value_or(""); if (additionalSandboxProfile != "") throw Error("derivation '%s' specifies a sandbox profile, " "but this is only allowed when 'sandbox' is 'relaxed'", worker.store.printStorePath(drvPath)); |