sandbox: allow Rosetta 2 on Darwin

This allows sandboxed x86_64-darwin builds on aarch64-darwin.
2021-09-15 02:00:06 +01:00 · 2021-09-15 02:00:06 +01:00 · 56025ad3b1
parent fda4efff87
commit 56025ad3b1
1 changed files with 4 additions and 0 deletions
--- a/src/libstore/sandbox-defaults.sb
+++ b/src/libstore/sandbox-defaults.sb
@ -97,3 +97,7 @@
 ; This is used by /bin/sh on macOS 10.15 and later.
 (allow file*
       (literal "/private/var/select/sh"))
+
+; Allow Rosetta 2 to run x86_64 binaries on aarch64-darwin.
+(allow file-read*
+       (subpath "/Library/Apple/usr/libexec/oah"))