diff --git a/src/libstore/sandbox-defaults.sb b/src/libstore/sandbox-defaults.sb
index cf700c62c..c8436d986 100644
--- a/src/libstore/sandbox-defaults.sb
+++ b/src/libstore/sandbox-defaults.sb
@@ -21,6 +21,9 @@
 ; Allow sending signals within the sandbox.
 (allow signal (target same-sandbox))
 
+; Allow getpwuid.
+(allow mach-lookup (global-name "com.apple.system.opendirectoryd.libinfo"))
+
 ; Access to /tmp.
 (allow file* process-exec (literal "/tmp") (subpath TMPDIR))