colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

modules/programs: make-sandboxed: disallowReferences to the fake sane-sandboxed used during checkPhase

Browse Source
This commit is contained in:
Colin
2024-01-28 08:58:13 +00:00
parent 3cc8292d8b
commit 40fee97b06
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
modules/programs/make-sandboxed.nix
View File

@@ -105,12 +105,18 @@ let
# in order to support packages which invoke sandboxed apps in their check phase.
# note that it's not just for packages which invoke their *own* binaries in check phase,
# but also packages which invoke OTHER PACKAGES' sandboxed binaries.
# hence, put the fake sandbox in nativeBuildInputs instead of nativeCheckInputs.
env = (unwrapped.env or {}) // {
SANE_SANDBOX_DISABLE = 1;
};
nativeBuildInputs = (unwrapped.nativeBuildInputs or []) ++ [
fakeSaneSandboxed
];
disallowedReferences = (unwrapped.disallowedReferences or []) ++ [
# the fake sandbox gates itself behind SANE_SANDBOX_DISABLE, so if it did end up deployed
# then it wouldn't permit anything not already permitted. but it would still be annoying.
fakeSaneSandboxed
];
postFixup = (unwrapped.postFixup or "") + ''
getProfileFromBinMap() {