2022-07-25 21:57:00 +02:00
|
|
|
Nix may already sandbox the build, in which case sandbox_apply will fail.
|
|
|
|
|
|
|
|
|
|
--- a/Sources/Basics/Sandbox.swift
|
|
|
|
|
+++ b/Sources/Basics/Sandbox.swift
|
2023-04-01 21:43:12 +02:00
|
|
|
@@ -33,12 +33,14 @@ public enum Sandbox {
|
2022-07-25 21:57:00 +02:00
|
|
|
readOnlyDirectories: [AbsolutePath] = []
|
2023-04-01 21:43:12 +02:00
|
|
|
) throws -> [String] {
|
2022-07-25 21:57:00 +02:00
|
|
|
#if os(macOS)
|
|
|
|
|
+ let env = ProcessInfo.processInfo.environment
|
|
|
|
|
+ if env["NIX_BUILD_TOP"] == nil || env["IN_NIX_SHELL"] != nil {
|
2023-04-01 21:43:12 +02:00
|
|
|
let profile = try macOSSandboxProfile(strictness: strictness, writableDirectories: writableDirectories, readOnlyDirectories: readOnlyDirectories)
|
2022-07-25 21:57:00 +02:00
|
|
|
return ["/usr/bin/sandbox-exec", "-p", profile] + command
|
|
|
|
|
- #else
|
|
|
|
|
+ }
|
|
|
|
|
+ #endif
|
|
|
|
|
// rdar://40235432, rdar://75636874 tracks implementing sandboxes for other platforms.
|
|
|
|
|
return command
|
|
|
|
|
- #endif
|
|
|
|
|
}
|
2023-04-01 21:43:12 +02:00
|
|
|
|
2022-07-25 21:57:00 +02:00
|
|
|
/// Basic strictness level of a sandbox applied to a command line.
|
