sandbox: Allow UNIX sockets on macOS even when block-network is used.

Closes #3444. PiperOrigin-RevId: 163047183
author: Philipp Wollermann <philwo@google.com> 2017-07-25 11:29:56 +0200
committer: Jakob Buchgraber <buchgr@google.com> 2017-07-25 13:17:55 +0200
commit: cd159bcee72a7f377621b45409807231a636f9e2 (patch)
tree: c6b1ff0d2a09bccf443ad65298dc37b2bcee3a61
parent: ee9830127ff8d2001d882e4766e582815cff5ec2 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedSpawnRunner.java b/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedSpawnRunner.java
index 90e9b2c07f..1c9f098c41 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedSpawnRunner.java
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedSpawnRunner.java
@@ -248,6 +248,7 @@ final class DarwinSandboxedSpawnRunner extends AbstractSandboxSpawnRunner {
         out.println("(deny network*)");
         out.println("(allow network* (local ip \"localhost:*\"))");
         out.println("(allow network* (remote ip \"localhost:*\"))");
+        out.println("(allow network* (remote unix-socket))");
       }
 
       // By default, everything is read-only.
author	Philipp Wollermann <philwo@google.com>	2017-07-25 11:29:56 +0200
committer	Jakob Buchgraber <buchgr@google.com>	2017-07-25 13:17:55 +0200
commit	cd159bcee72a7f377621b45409807231a636f9e2 (patch)
tree	c6b1ff0d2a09bccf443ad65298dc37b2bcee3a61
parent	ee9830127ff8d2001d882e4766e582815cff5ec2 (diff)