sandbox: Allow UNIX sockets on macOS even when block-network is used. Closes #3444. PiperOrigin-RevId: 163047183

commit: cd159bcee72a7f377621b45409807231a636f9e2 [log] [tgz]
author: Philipp Wollermann <philwo@google.com> Tue Jul 25 11:29:56 2017 +0200
committer: Jakob Buchgraber <buchgr@google.com> Tue Jul 25 13:17:55 2017 +0200
tree: c6b1ff0d2a09bccf443ad65298dc37b2bcee3a61
parent: ee9830127ff8d2001d882e4766e582815cff5ec2 [diff]
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedSpawnRunner.java b/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedSpawnRunner.java
index 90e9b2c..1c9f098 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedSpawnRunner.java
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedSpawnRunner.java

@@ -248,6 +248,7 @@
         out.println("(deny network*)");
         out.println("(allow network* (local ip \"localhost:*\"))");
         out.println("(allow network* (remote ip \"localhost:*\"))");
+        out.println("(allow network* (remote unix-socket))");
       }
 
       // By default, everything is read-only.
commit	cd159bcee72a7f377621b45409807231a636f9e2	[log] [tgz]
author	Philipp Wollermann <philwo@google.com>	Tue Jul 25 11:29:56 2017 +0200
committer	Jakob Buchgraber <buchgr@google.com>	Tue Jul 25 13:17:55 2017 +0200
tree	c6b1ff0d2a09bccf443ad65298dc37b2bcee3a61
parent	ee9830127ff8d2001d882e4766e582815cff5ec2 [diff]