This is a tiny project where @aszlig did all the hard work. I am just doing the docs and marketing
Haskell programs are difficult to run in the Nix sandbox if they do any type of network access because they depend on /etc/protocols to exist. This applies to other languages as well but Haskell likes to call getprotobyname() a lot. You would see a failure like that:
ConnectionFailure Network.BSD.getProtocolByName: does not exist (no such protocol name: tcp)
This project implements a LD_PRELOAD hack to load that file from another location. Add this project to your Nix fetcher and you are good to go.
In theory it’s possible to make this work on macOS. If you have any knowledge of how DYLD_INSERT_LIBRARIES works, please ping me!
I think it should also be possible to use libredirect (included in nixpkgs) to divert /etc/protocols to a different location? I seem to recall wrapping some Haskell binaries with it to fix network access for a sandboxed fetcher…
Hm, I originally thought it was using internal glibc calls (as a few other functions do), but it turns out that libnss* calls back to glibc and thus you can intercept fopen, so this works as well and it’s probably the better solution as it doesn’t involve recompiling glibc.
Nice! libredirect looks even more versatile and was written by @edolstra in 2014 ( a0072b4d2d4233d29ba6456d20f1d87070fcfad2 ). It would be nice to make it work on macOS as well.
