From 98499d1d292c6aa820dc15a5b554be9b73c3250e Mon Sep 17 00:00:00 2001
From: Dominyk Tiller
Date: Tue, 25 Aug 2015 17:34:52 +0100
Subject: sandbox: permit /var/tmp & DerivedData

Long term it would be nice to sandbox everything that writes to DerivedData
but it is essentially a cache directory of sorts.

The downside of allowing stuff to write there particularly is that DerivedData
is notoriously bad at getting cleaned up, so if you do a lot of Xcode-using
installations very quickly, you can chew your disk space up.

Closes Homebrew/homebrew#43276.

Signed-off-by: Dominyk Tiller <dominyktiller@gmail.com>
---
 Library/Homebrew/cmd/postinstall.rb | 1 +
 Library/Homebrew/cmd/test.rb        | 1 +
 2 files changed, 2 insertions(+)

(limited to 'Library/Homebrew/cmd')

diff --git a/Library/Homebrew/cmd/postinstall.rb b/Library/Homebrew/cmd/postinstall.rb
index 1fdf7f67e..dc402ec4b 100644
--- a/Library/Homebrew/cmd/postinstall.rb
+++ b/Library/Homebrew/cmd/postinstall.rb
@@ -31,6 +31,7 @@ module Homebrew
         sandbox.allow_write_temp_and_cache
         sandbox.allow_write_log(formula)
         sandbox.allow_write_cellar(formula)
+        sandbox.allow_write_xcode
         sandbox.allow_write_path HOMEBREW_PREFIX
         sandbox.deny_write_homebrew_library
         sandbox.exec(*args)
diff --git a/Library/Homebrew/cmd/test.rb b/Library/Homebrew/cmd/test.rb
index fd3c7c4e6..4dc3c4058 100644
--- a/Library/Homebrew/cmd/test.rb
+++ b/Library/Homebrew/cmd/test.rb
@@ -49,6 +49,7 @@ module Homebrew
             sandbox.record_log(f.logs/"sandbox.test.log")
             sandbox.allow_write_temp_and_cache
             sandbox.allow_write_log(f)
+            sandbox.allow_write_xcode
             sandbox.exec(*args)
           else
             exec(*args)
-- 
cgit v1.2.3