From 453f6758107dd51dd649fa6f1e9e61c21b90c0a3 Mon Sep 17 00:00:00 2001 From: Daiderd Jordan Date: Fri, 3 Nov 2017 10:50:49 +0100 Subject: [PATCH] Allow getpwuid in the darwin sandbox. --- src/libstore/sandbox-defaults.sb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/libstore/sandbox-defaults.sb b/src/libstore/sandbox-defaults.sb index cf700c62c..c8436d986 100644 --- a/src/libstore/sandbox-defaults.sb +++ b/src/libstore/sandbox-defaults.sb @@ -21,6 +21,9 @@ ; Allow sending signals within the sandbox. (allow signal (target same-sandbox)) +; Allow getpwuid. +(allow mach-lookup (global-name "com.apple.system.opendirectoryd.libinfo")) + ; Access to /tmp. (allow file* process-exec (literal "/tmp") (subpath TMPDIR))