From 56025ad3b1c6925ab53a17242d2b9c008015ec6a Mon Sep 17 00:00:00 2001
From: Emily <vcs@emily.moe>
Date: Wed, 15 Sep 2021 02:00:06 +0100
Subject: [PATCH] sandbox: allow Rosetta 2 on Darwin

This allows sandboxed x86_64-darwin builds on aarch64-darwin.
---
 src/libstore/sandbox-defaults.sb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/libstore/sandbox-defaults.sb b/src/libstore/sandbox-defaults.sb
index 2bb1ea130..41893e6dd 100644
--- a/src/libstore/sandbox-defaults.sb
+++ b/src/libstore/sandbox-defaults.sb
@@ -97,3 +97,7 @@
 ; This is used by /bin/sh on macOS 10.15 and later.
 (allow file*
        (literal "/private/var/select/sh"))
+
+; Allow Rosetta 2 to run x86_64 binaries on aarch64-darwin.
+(allow file-read*
+       (subpath "/Library/Apple/usr/libexec/oah"))