From bdeecda57684b9be5ec144f866db669bb07b84a1 Mon Sep 17 00:00:00 2001 From: Hugo Herbelin Date: Wed, 17 Oct 2018 18:37:38 +0200 Subject: [PATCH] Sandboxing on MacOS: considering the possibility that TMPDIR in unset (#3597) We then use `getconf` to get the per-user temporary directory. --- src/state/shellscripts/sandbox_exec.sh | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/state/shellscripts/sandbox_exec.sh b/src/state/shellscripts/sandbox_exec.sh index b54b0ac3083..0d272d9dce6 100644 --- a/src/state/shellscripts/sandbox_exec.sh +++ b/src/state/shellscripts/sandbox_exec.sh @@ -12,7 +12,20 @@ add_mounts() { esac } -add_mounts rw "${TMPDIR:-/tmp}" +if [ -z ${TMPDIR+x} ]; then + # If $TMPDIR is not set, some applications use /tmp, so + # /tmp must be made readable/writable + add_mounts rw /tmp + # However, others applications obtain the per-user temporary + # directory differently; the latter should be made readable/writable + # too and getconf seems to be a robust way to get it + if [ -z /usr/bin/getconf ]; then + TMP=`getconf DARWIN_USER_TEMP_DIR` + add_mounts rw $TMP + fi +else + add_mounts rw $TMPDIR +fi # C compilers using `ccache` will write to a shared cache directory # that remain writeable. ccache seems widespread in some Fedora systems.