diff options
| author | worldofpeace <worldofpeace@protonmail.ch> | 2019-10-09 20:41:29 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-10-09 20:41:29 +0000 |
| commit | 586208204ece03fae0b68e5d2b5235671c54629c (patch) | |
| tree | 98f8098a3fdd1f82adc3dc493759da2c054a7446 /pkgs/applications/editors | |
| parent | 5883c59f76c027b482e6bf1044d32524f8b46291 (diff) | |
| parent | cf6fd918046f5281409c028126f5a02ec0bbefa4 (diff) | |
| download | nixlib-586208204ece03fae0b68e5d2b5235671c54629c.tar nixlib-586208204ece03fae0b68e5d2b5235671c54629c.tar.gz nixlib-586208204ece03fae0b68e5d2b5235671c54629c.tar.bz2 nixlib-586208204ece03fae0b68e5d2b5235671c54629c.tar.lz nixlib-586208204ece03fae0b68e5d2b5235671c54629c.tar.xz nixlib-586208204ece03fae0b68e5d2b5235671c54629c.tar.zst nixlib-586208204ece03fae0b68e5d2b5235671c54629c.zip | |
Merge pull request #69576 from lilyball/macvim-no-chroot
macvim: Add sandboxProfile
Diffstat (limited to 'pkgs/applications/editors')
| -rw-r--r-- | pkgs/applications/editors/vim/macvim.nix | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/pkgs/applications/editors/vim/macvim.nix b/pkgs/applications/editors/vim/macvim.nix index 8406dd60b895..073cd84890ef 100644 --- a/pkgs/applications/editors/vim/macvim.nix +++ b/pkgs/applications/editors/vim/macvim.nix @@ -136,6 +136,15 @@ stdenv.mkDerivation { find $out/share/man \( -name eVim.1 -or -name xxd.1 \) -delete ''; + # We rely on the user's Xcode install to build. It may be located in an arbitrary place, and + # it's not clear what system-level components it may require, so for now we'll just allow full + # filesystem access. This way the package still can't access the network. + sandboxProfile = '' + (allow file-read* file-write* process-exec mach-lookup) + ; block homebrew dependencies + (deny file-read* file-write* process-exec mach-lookup (subpath "/usr/local") (with no-log)) + ''; + meta = with stdenv.lib; { description = "Vim - the text editor - for macOS"; homepage = https://github.com/macvim-dev/macvim; |