1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -452,6 +452,7 @@
// Various places where fonts reside
policy->AddDir(rdonly, "/usr/X11R6/lib/X11/fonts");
policy->AddDir(rdonly, "/nix/store");
+ policy->AddDir(rdonly, "/gnu/store");
// https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/blob/e434e680d22260f277f4a30ec4660ed32b591d16/files/fontconfig-flatpak.conf
policy->AddDir(rdonly, "/run/host/fonts");
policy->AddDir(rdonly, "/run/host/user-fonts");
@@ -461,6 +462,7 @@
// Bug 1848615
policy->AddPath(rdonly, "/usr");
policy->AddPath(rdonly, "/nix");
+ policy->AddPath(rdonly, "/gnu");
AddLdconfigPaths(policy);
AddLdLibraryEnvPaths(policy);
@@ -920,6 +922,7 @@
policy->AddDir(rdonly, "/usr/lib64");
policy->AddDir(rdonly, "/run/opengl-driver/lib");
policy->AddDir(rdonly, "/nix/store");
+ policy->AddDir(rdonly, "/gnu/store");
// Bug 1647957: memory reporting.
AddMemoryReporting(policy.get(), aPid);
@@ -1043,6 +1046,7 @@
// Required to make sure ffmpeg loads properly, this is already existing on
// Content and RDD
policy->AddDir(rdonly, "/nix/store");
+ policy->AddDir(rdonly, "/gnu/store");
// glibc will try to stat64("/") while populating nsswitch database
// https://sourceware.org/git/?p=glibc.git;a=blob;f=nss/nss_database.c;h=cf0306adc47f12d9bc761ab1b013629f4482b7e6;hb=9826b03b747b841f5fc6de2054bf1ef3f5c4bdf3#l396
|
