From 66d612f1da47db1c9944f7e76f60c6ccd1c20cdb Mon Sep 17 00:00:00 2001 From: Dan Peebles Date: Mon, 2 Mar 2015 22:55:42 -0500 Subject: [PATCH] Allow local networking in the darwin sandbox to appease tests --- src/libstore/build.cc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 707c416d6..60470a339 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -2323,6 +2323,9 @@ void DerivationGoal::runChild() /* Enables getpwuid (used by git and others) */ sandboxProfile += "(allow mach-lookup (global-name \"com.apple.system.notification_center\") (global-name \"com.apple.system.opendirectoryd.libinfo\"))\n"; + /* Allow local networking operations, mostly because lots of test suites use it and it seems mostly harmless */ + sandboxProfile += "(allow network* (local ip) (remote unix-socket))"; + /* Our rwx outputs */ sandboxProfile += "(allow file-read* file-write* process-exec\n";