From cd159bcee72a7f377621b45409807231a636f9e2 Mon Sep 17 00:00:00 2001
From: Philipp Wollermann <philwo@google.com>
Date: Tue, 25 Jul 2017 11:29:56 +0200
Subject: sandbox: Allow UNIX sockets on macOS even when block-network is used.

Closes #3444.

PiperOrigin-RevId: 163047183
---
 .../google/devtools/build/lib/sandbox/DarwinSandboxedSpawnRunner.java    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedSpawnRunner.java b/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedSpawnRunner.java
index 90e9b2c07f..1c9f098c41 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedSpawnRunner.java
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedSpawnRunner.java
@@ -248,6 +248,7 @@ final class DarwinSandboxedSpawnRunner extends AbstractSandboxSpawnRunner {
         out.println("(deny network*)");
         out.println("(allow network* (local ip \"localhost:*\"))");
         out.println("(allow network* (remote ip \"localhost:*\"))");
+        out.println("(allow network* (remote unix-socket))");
       }
 
       // By default, everything is read-only.
-- 
cgit v1.2.3