maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

OS X sandbox: Improve builtin sandbox profile

Browse source 
Also, add rules to allow fixed-output derivations to access the
network.

These rules are sufficient to build stdenvDarwin without any
__sandboxProfile magic.
This commit is contained in:
Eelco Dolstra 2017-05-31 17:23:27 +02:00
parent 5ea8161b55
commit c96e8cd097
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
5 changed files with 85 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/libstore/local.mk
View file

@ -36,14 +36,14 @@ libstore_CXXFLAGS = \
$(d)/local-store.cc: $(d)/schema.sql.gen.hh
$(d)/build.cc: $(d)/sandbox-defaults.sb.gen.hh
$(d)/build.cc: $(d)/sandbox-defaults.sb.gen.hh $(d)/sandbox-network.sb.gen.hh
%.gen.hh: %
echo 'R"foo(' >> $@.tmp
cat $< >> $@.tmp
echo ')foo"' >> $@.tmp
mv $@.tmp $@
@echo 'R"foo(' >> $@.tmp
$(trace-gen) cat $< >> $@.tmp
@echo ')foo"' >> $@.tmp
@mv $@.tmp $@
clean-files += $(d)/schema.sql.gen.hh $(d)/sandbox-defaults.sb.gen.hh
clean-files += $(d)/schema.sql.gen.hh $(d)/sandbox-defaults.sb.gen.hh $(d)/sandbox-network.sb.gen.hh
$(eval $(call install-file-in, $(d)/nix-store.pc, $(prefix)/lib/pkgconfig, 0644))