maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Always use the Darwin sandbox

Browse source 
Even with "build-use-sandbox = false", we now use sandboxing with a
permissive profile that allows everything except the creation of
setuid/setgid binaries.
This commit is contained in:
Eelco Dolstra 2017-06-06 18:44:49 +02:00
parent d3f780996c
commit 85e93d7b87
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
5 changed files with 100 additions and 87 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/libstore/local.mk
View file

@ -36,7 +36,9 @@ libstore_CXXFLAGS = \
$(d)/local-store.cc: $(d)/schema.sql.gen.hh
$(d)/build.cc: $(d)/sandbox-defaults.sb.gen.hh $(d)/sandbox-network.sb.gen.hh
sandbox-headers = $(d)/sandbox-defaults.sb.gen.hh $(d)/sandbox-network.sb.gen.hh $(d)/sandbox-minimal.sb.gen.hh
$(d)/build.cc: $(sandbox-headers)
%.gen.hh: %
@echo 'R"foo(' >> $@.tmp
@ -44,6 +46,6 @@ $(d)/build.cc: $(d)/sandbox-defaults.sb.gen.hh $(d)/sandbox-network.sb.gen.hh
@echo ')foo"' >> $@.tmp
@mv $@.tmp $@
clean-files += $(d)/schema.sql.gen.hh $(d)/sandbox-defaults.sb.gen.hh $(d)/sandbox-network.sb.gen.hh
clean-files += $(d)/schema.sql.gen.hh $(sandbox-headers)
$(eval $(call install-file-in, $(d)/nix-store.pc, $(prefix)/lib/pkgconfig, 0644))