diff options
| author | Théophane Hufschmitt <theophane.hufschmitt@tweag.io> | 2024-05-06 15:10:18 +0200 |
|---|---|---|
| committer | Artemis Tosini <lix@artem.ist> | 2024-05-08 19:31:43 +0000 |
| commit | adea821d8766976f6e0006575aba39404b649e40 (patch) | |
| tree | f13db10041fe4f67f233f3744953822bc2eaf48a /tests/functional/extra-sandbox-profile.nix | |
| parent | f782c8a60a4be16eebf98ef329a8e614de814c30 (diff) | |
libstore: Fix sandbox=relaxed
The fix for the Darwin vulnerability in ecdbc3b207eaec1a2cafd2a0d494bcbabdd60a11
also broke setting `__sandboxProfile` when `sandbox=relaxed` or
`sandbox=false`. This cppnix change fixes `sandbox=relaxed` and
adds a suitable test.
Co-Authored-By: Artemis Tosini <lix@artem.ist>
Co-Authored-By: Eelco Dolstra <edolstra@gmail.com>
Change-Id: I40190f44f3e1d61846df1c7b89677c20a1488522
Diffstat (limited to 'tests/functional/extra-sandbox-profile.nix')
| -rw-r--r-- | tests/functional/extra-sandbox-profile.nix | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/tests/functional/extra-sandbox-profile.nix b/tests/functional/extra-sandbox-profile.nix new file mode 100644 index 000000000..aa680b918 --- /dev/null +++ b/tests/functional/extra-sandbox-profile.nix @@ -0,0 +1,19 @@ +{ destFile, seed }: + +with import ./config.nix; + +mkDerivation { + name = "simple"; + __sandboxProfile = '' + # Allow writing any file in the filesystem + (allow file*) + ''; + inherit seed; + buildCommand = '' + ( + set -x + touch ${destFile} + touch $out + ) + ''; +} |