adea821d87
The fix for the Darwin vulnerability in ecdbc3b207
also broke setting `__sandboxProfile` when `sandbox=relaxed` or
`sandbox=false`. This cppnix change fixes `sandbox=relaxed` and
adds a suitable test.
Co-Authored-By: Artemis Tosini <lix@artem.ist>
Co-Authored-By: Eelco Dolstra <edolstra@gmail.com>
Change-Id: I40190f44f3e1d61846df1c7b89677c20a1488522
19 lines
287 B
Nix
19 lines
287 B
Nix
{ destFile, seed }:
|
|
|
|
with import ./config.nix;
|
|
|
|
mkDerivation {
|
|
name = "simple";
|
|
__sandboxProfile = ''
|
|
# Allow writing any file in the filesystem
|
|
(allow file*)
|
|
'';
|
|
inherit seed;
|
|
buildCommand = ''
|
|
(
|
|
set -x
|
|
touch ${destFile}
|
|
touch $out
|
|
)
|
|
'';
|
|
}
|