From d4cac051f7f6ebfb24856eb35f5250de1faf1a80 Mon Sep 17 00:00:00 2001
From: Jude Taylor <me@jude.bio>
Date: Tue, 29 Sep 2015 09:19:27 -0700
Subject: [PATCH] restore allowed impure prefixes

---
 src/libstore/build.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 78b58b8ca..56835a418 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -59,7 +59,7 @@
 /* chroot-like behavior from Apple's sandbox */
 #if __APPLE__
     #define SANDBOX_ENABLED 1
-    #define DEFAULT_ALLOWED_IMPURE_PREFIXES "/"
+    #define DEFAULT_ALLOWED_IMPURE_PREFIXES "/System/Library /usr /dev /bin/sh"
 #else
     #define SANDBOX_ENABLED 0
     #define DEFAULT_ALLOWED_IMPURE_PREFIXES "/bin" "/usr/bin"