From 131e831cb97c9762c3b10b35ae3c2094366a5886 Mon Sep 17 00:00:00 2001 From: Jude Taylor Date: Sat, 14 Nov 2015 13:51:50 -0800 Subject: [PATCH] allow networking by default and remove it from derivations --- lib/sandbox.nix | 7 ------- pkgs/build-support/fetchurl/default.nix | 2 -- pkgs/development/haskell-modules/configuration-common.nix | 5 ----- pkgs/stdenv/pure-darwin/standard-sandbox.sb | 3 +++ pkgs/top-level/perl-packages.nix | 1 - pkgs/top-level/python-packages.nix | 4 ---- 6 files changed, 3 insertions(+), 19 deletions(-) diff --git a/lib/sandbox.nix b/lib/sandbox.nix index 9a429cf2ae66..414bf36f779f 100644 --- a/lib/sandbox.nix +++ b/lib/sandbox.nix @@ -35,13 +35,6 @@ genActions = actionName: let "${actionName}DirectoryList" = self."${actionName}FileReadMetadata"; "${actionName}FileWrite" = applyToFiles action "file-write*"; "${actionName}FileWriteMetadata" = applyToFiles action "file-write-metadata"; - "${actionName}Network" = sexp [ actionName "network*" ]; - "${actionName}NetworkBind" = sexp [ actionName "network-bind" ]; - "${actionName}NetworkInbound" = sexp [ actionName "network-inbound" ]; - "${actionName}NetworkOutbound" = sexp [ actionName "network-outbound" ]; - "${actionName}NetworkLocal" = sexp [ actionName "network*" (sexp [ "local" "ip" ]) ]; - "${actionName}NetworkInboundLocal" = sexp [ actionName "network-inbound" (sexp [ "local" "ip" ]) ]; - "${actionName}NetworkOutboundLocal" = sexp [ actionName "network-outbound" (sexp [ "local" "ip" ]) ]; }; in self; diff --git a/pkgs/build-support/fetchurl/default.nix b/pkgs/build-support/fetchurl/default.nix index bcd279380a36..b1dc6e7be31b 100644 --- a/pkgs/build-support/fetchurl/default.nix +++ b/pkgs/build-support/fetchurl/default.nix @@ -118,8 +118,6 @@ if (!hasHash) then throw "Specify hash for fetchurl fixed-output derivation: ${s outputHashMode = if recursiveHash then "recursive" else "flat"; - __sandboxProfile = stdenv.lib.sandbox.allowNetworkOutbound; - inherit curlOpts showURLs mirrorsFile impureEnvVars postFetch downloadToTemp; # Doing the download on a remote machine just duplicates network diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix index 2dac800bace9..f57de134b791 100644 --- a/pkgs/development/haskell-modules/configuration-common.nix +++ b/pkgs/development/haskell-modules/configuration-common.nix @@ -923,9 +923,4 @@ self: super: { hscurses = overrideCabal super.hscurses (drv: { librarySystemDepends = (drv.librarySystemDepends or []) ++ [ pkgs.ncurses ]; }); - - streaming-commons = pkgs.stdenv.lib.overrideDerivation super.streaming-commons (drv: { - __sandboxProfile = drv.__sandboxProfile + - pkgs.stdenv.lib.sandbox.allowNetworkLocal; - }); } diff --git a/pkgs/stdenv/pure-darwin/standard-sandbox.sb b/pkgs/stdenv/pure-darwin/standard-sandbox.sb index 32a911621527..b87be89f35f2 100644 --- a/pkgs/stdenv/pure-darwin/standard-sandbox.sb +++ b/pkgs/stdenv/pure-darwin/standard-sandbox.sb @@ -67,3 +67,6 @@ (allow mach-lookup (global-name "com.apple.system.notification_center") (global-name "com.apple.system.opendirectoryd.libinfo")) + +; allow networking on localhost +(allow network* (local ip) (remote unix-socket)) diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index 4937a00bad92..ed00e4ea66d3 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -8266,7 +8266,6 @@ let self = _self // overrides; _self = with self; { url = mirror://cpan/authors/id/E/ET/ETHER/Net-HTTP-6.09.tar.gz; sha256 = "52762b939d84806908ba544581c5708375f7938c3c0e496c128ca3fbc425e58d"; }; - __sandboxProfile = stdenv.lib.sandbox.allowNetworkLocal; propagatedBuildInputs = [ URI ]; meta = { description = "Low-level HTTP connection (client)"; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index dbd991d82050..22cdc99fcefc 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -3759,8 +3759,6 @@ let substituteInPlace test-requirements.txt --replace 'nose==1.3' 'nose' ''; - __sandboxProfile = pkgs.lib.sandbox.allowNetwork; - doCheck = !isPy3k; # lots of transient failures checkPhase = '' # Not worth the trouble @@ -6550,8 +6548,6 @@ let sha256 = "02rknqarwy7p50693cqswbibqwgxzrfzdq4yhwqxbdmhbsmh0rk6"; }; - __sandboxProfile = pkgs.lib.sandbox.allowNetwork; - # Only test dependencies buildInputs = with self; [ pkgs.git gevent geventhttpclient mock fastimport ];