From 4318ba2ec568a9fe7d5b4b014df6b7d252ae3481 Mon Sep 17 00:00:00 2001
From: Tom Bereknyei <tomberek@gmail.com>
Date: Fri, 19 Nov 2021 23:52:52 -0500
Subject: [PATCH] add real path to allowedPaths

---
 src/libexpr/eval.cc    | 4 ++--
 src/libexpr/primops.cc | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/libexpr/eval.cc b/src/libexpr/eval.cc
index f1ff3a6e0..97fc04711 100644
--- a/src/libexpr/eval.cc
+++ b/src/libexpr/eval.cc
@@ -520,7 +520,7 @@ Path EvalState::checkSourcePath(const Path & path_)
     }
 
     if (!found)
-        throw RestrictedPathError("access to path '%1%' is forbidden in restricted mode", abspath);
+        throw RestrictedPathError("access to absolute path '%1%' is forbidden in restricted mode", abspath);
 
     /* Resolve symlinks. */
     debug(format("checking access to '%s'") % abspath);
@@ -533,7 +533,7 @@ Path EvalState::checkSourcePath(const Path & path_)
         }
     }
 
-    throw RestrictedPathError("access to path '%1%' is forbidden in restricted mode", path);
+    throw RestrictedPathError("access to canonical path '%1%' is forbidden in restricted mode", path);
 }
 
 
diff --git a/src/libexpr/primops.cc b/src/libexpr/primops.cc
index 5bd4e5545..8dccf6401 100644
--- a/src/libexpr/primops.cc
+++ b/src/libexpr/primops.cc
@@ -70,7 +70,7 @@ void EvalState::realiseContext(const PathSet & context)
                 if (outputPaths.count(outputName) == 0)
                     throw Error("derivation '%s' does not have an output named '%s'",
                             store->printStorePath(drvPath), outputName);
-                allowedPaths->insert(store->printStorePath(outputPaths.at(outputName)));
+                allowPath(outputPaths.at(outputName));
             }
         }
     }