From 3b52e54e315c4449d2cd057289b95c9354294794 Mon Sep 17 00:00:00 2001
From: Jude Taylor <me@jude.bio>
Date: Tue, 3 Nov 2015 08:43:09 -0800
Subject: [PATCH 1/2] darwin: allow reading system locale and zoneinfo

---
 src/libstore/sandbox-defaults.sb.in | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/libstore/sandbox-defaults.sb.in b/src/libstore/sandbox-defaults.sb.in
index 9993f998d..e3c7f75e5 100644
--- a/src/libstore/sandbox-defaults.sb.in
+++ b/src/libstore/sandbox-defaults.sb.in
@@ -11,8 +11,12 @@
        (literal "/private/etc/protocols")
        (literal "/private/var/tmp")
        (literal "/private/var/db")
-       (subpath "/private/var/db/mds")
-       (subpath "/usr/share/icu"))
+       (subpath "/private/var/db/mds"))
+
+(allow file-read*
+       (subpath "/usr/share/icu")
+       (subpath "/usr/share/locale"))
+       (subpath "/usr/share/zoneinfo"))
 
 (allow file-write*
        (literal "/dev/tty")

From c10ef2d13467a143d9e750e400343fbc7070f23f Mon Sep 17 00:00:00 2001
From: Jude Taylor <me@jude.bio>
Date: Tue, 3 Nov 2015 09:03:32 -0800
Subject: [PATCH 2/2] fix syntax error

---
 src/libstore/sandbox-defaults.sb.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libstore/sandbox-defaults.sb.in b/src/libstore/sandbox-defaults.sb.in
index e3c7f75e5..b5e80085f 100644
--- a/src/libstore/sandbox-defaults.sb.in
+++ b/src/libstore/sandbox-defaults.sb.in
@@ -15,7 +15,7 @@
 
 (allow file-read*
        (subpath "/usr/share/icu")
-       (subpath "/usr/share/locale"))
+       (subpath "/usr/share/locale")
        (subpath "/usr/share/zoneinfo"))
 
 (allow file-write*