From 336c4270c625cf606d3a2bb141b1a648dba8fc05 Mon Sep 17 00:00:00 2001 From: Dan Peebles Date: Mon, 2 Mar 2015 23:01:24 -0500 Subject: [PATCH] Make the default impure prefix (not actual allowed impurities!) include all of /System/Library, since we also want PrivateFrameworks from there and (briefly) TextEncodings, and who knows what else. Yay infectious impurities? --- src/libstore/build.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 707c416d6..addf0923d 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -56,7 +56,7 @@ /* chroot-like behavior from Apple's sandbox */ #if __APPLE__ #define SANDBOX_ENABLED 1 - #define DEFAULT_ALLOWED_IMPURE_PREFIXES "/System/Library/Frameworks /usr/lib /dev /bin/sh" + #define DEFAULT_ALLOWED_IMPURE_PREFIXES "/System/Library /usr/lib /dev /bin/sh" #else #define SANDBOX_ENABLED 0 #define DEFAULT_ALLOWED_IMPURE_PREFIXES "/bin" "/usr/bin"