blob: 406e1d68d0e42af44740e4a68ae63a5193e991a7 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
Nix may already sandbox the build, in which case sandbox_apply will fail.
--- a/Sources/Basics/Sandbox.swift
+++ b/Sources/Basics/Sandbox.swift
@@ -30,12 +30,14 @@ public enum Sandbox {
readOnlyDirectories: [AbsolutePath] = []
) -> [String] {
#if os(macOS)
+ let env = ProcessInfo.processInfo.environment
+ if env["NIX_BUILD_TOP"] == nil || env["IN_NIX_SHELL"] != nil {
let profile = macOSSandboxProfile(strictness: strictness, writableDirectories: writableDirectories, readOnlyDirectories: readOnlyDirectories)
return ["/usr/bin/sandbox-exec", "-p", profile] + command
- #else
+ }
+ #endif
// rdar://40235432, rdar://75636874 tracks implementing sandboxes for other platforms.
return command
- #endif
}
/// Basic strictness level of a sandbox applied to a command line.
|
