adea821d87
The fix for the Darwin vulnerability inecdbc3b207
also broke setting `__sandboxProfile` when `sandbox=relaxed` or `sandbox=false`. This cppnix change fixes `sandbox=relaxed` and adds a suitable test. Co-Authored-By: Artemis Tosini <lix@artem.ist> Co-Authored-By: Eelco Dolstra <edolstra@gmail.com> Change-Id:I40190f44f3e1d61846df1c7b89677c20a1488522
20 lines
287 B
Nix
20 lines
287 B
Nix
{ destFile, seed }:
|
|
|
|
with import ./config.nix;
|
|
|
|
mkDerivation {
|
|
name = "simple";
|
|
__sandboxProfile = ''
|
|
# Allow writing any file in the filesystem
|
|
(allow file*)
|
|
'';
|
|
inherit seed;
|
|
buildCommand = ''
|
|
(
|
|
set -x
|
|
touch ${destFile}
|
|
touch $out
|
|
)
|
|
'';
|
|
}
|