From 9492a64005d64020222efe0a7899f39838f80b69 Mon Sep 17 00:00:00 2001
From: Andrew Marshall <andrew@johnandrewmarshall.com>
Date: Wed, 11 Sep 2024 17:29:11 -0400
Subject: [PATCH] Document that the macOS sandbox is not a security boundary

See e.g. discussion in https://github.com/NixOS/nix/pull/11270
---
 src/libstore/globals.hh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
index 8765a6a62..9149e9f20 100644
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -625,6 +625,9 @@ public:
           `__darwinAllowLocalNetworking` attribute set to `true` will have a
           sandbox exception added to allow it.
 
+          The macOS sandbox has known limitations, and should not be
+          considered a strong security boundary.
+
           Currently, sandboxing only work on Linux and macOS. The use of a
           sandbox requires that Nix is run as root (so you should use the
           “build users” feature to perform the actual builds under different