diff options
| author | Dominyk Tiller | 2015-08-25 17:34:52 +0100 |
|---|---|---|
| committer | Dominyk Tiller | 2015-08-25 22:01:24 +0100 |
| commit | 98499d1d292c6aa820dc15a5b554be9b73c3250e (patch) | |
| tree | 7f15cc781db1b0e917cbb1f5011fc30c5d61b69b /Library | |
| parent | 166e33c2ffe84462240ed36946b9127b63421a60 (diff) | |
| download | brew-98499d1d292c6aa820dc15a5b554be9b73c3250e.tar.bz2 | |
sandbox: permit /var/tmp & DerivedData
Long term it would be nice to sandbox everything that writes to DerivedData
but it is essentially a cache directory of sorts.
The downside of allowing stuff to write there particularly is that DerivedData
is notoriously bad at getting cleaned up, so if you do a lot of Xcode-using
installations very quickly, you can chew your disk space up.
Closes Homebrew/homebrew#43276.
Signed-off-by: Dominyk Tiller <dominyktiller@gmail.com>
Diffstat (limited to 'Library')
| -rw-r--r-- | Library/Homebrew/cmd/postinstall.rb | 1 | ||||
| -rw-r--r-- | Library/Homebrew/cmd/test.rb | 1 | ||||
| -rw-r--r-- | Library/Homebrew/formula_installer.rb | 1 | ||||
| -rw-r--r-- | Library/Homebrew/sandbox.rb | 6 |
4 files changed, 9 insertions, 0 deletions
diff --git a/Library/Homebrew/cmd/postinstall.rb b/Library/Homebrew/cmd/postinstall.rb index 1fdf7f67e..dc402ec4b 100644 --- a/Library/Homebrew/cmd/postinstall.rb +++ b/Library/Homebrew/cmd/postinstall.rb @@ -31,6 +31,7 @@ module Homebrew sandbox.allow_write_temp_and_cache sandbox.allow_write_log(formula) sandbox.allow_write_cellar(formula) + sandbox.allow_write_xcode sandbox.allow_write_path HOMEBREW_PREFIX sandbox.deny_write_homebrew_library sandbox.exec(*args) diff --git a/Library/Homebrew/cmd/test.rb b/Library/Homebrew/cmd/test.rb index fd3c7c4e6..4dc3c4058 100644 --- a/Library/Homebrew/cmd/test.rb +++ b/Library/Homebrew/cmd/test.rb @@ -49,6 +49,7 @@ module Homebrew sandbox.record_log(f.logs/"sandbox.test.log") sandbox.allow_write_temp_and_cache sandbox.allow_write_log(f) + sandbox.allow_write_xcode sandbox.exec(*args) else exec(*args) diff --git a/Library/Homebrew/formula_installer.rb b/Library/Homebrew/formula_installer.rb index bb1b66c29..c3de16cfd 100644 --- a/Library/Homebrew/formula_installer.rb +++ b/Library/Homebrew/formula_installer.rb @@ -553,6 +553,7 @@ class FormulaInstaller sandbox.record_log(formula.logs/"sandbox.build.log") sandbox.allow_write_temp_and_cache sandbox.allow_write_log(formula) + sandbox.allow_write_xcode sandbox.allow_write_cellar(formula) sandbox.exec(*args) else diff --git a/Library/Homebrew/sandbox.rb b/Library/Homebrew/sandbox.rb index 0f4881b41..4d4fdaee0 100644 --- a/Library/Homebrew/sandbox.rb +++ b/Library/Homebrew/sandbox.rb @@ -57,6 +57,7 @@ class Sandbox def allow_write_temp_and_cache allow_write_path "/private/tmp" + allow_write_path "/private/var/tmp" allow_write "^/private/var/folders/[^/]+/[^/]+/[C,T]/", :type => :regex allow_write_path HOMEBREW_TEMP allow_write_path HOMEBREW_CACHE @@ -68,6 +69,11 @@ class Sandbox allow_write_path formula.var end + # Xcode projects expect access to certain cache/archive dirs. + def allow_write_xcode + allow_write_path "/Users/#{ENV["USER"]}/Library/Developer/Xcode/DerivedData/" + end + def allow_write_log(formula) allow_write_path formula.logs end |