diff options
| author | Brice Waegeneire <brice@waegenei.re> | 2025-06-22 15:18:13 +0200 |
|---|---|---|
| committer | Hilton Chain <hako@ultrarare.space> | 2025-06-25 03:04:28 +0800 |
| commit | 4d6bc7d0dce675f55de7cebf0c918428f88e5755 (patch) | |
| tree | 2bdf5c119575efbca6fadb8faac72adb5aedb18e /nongnu/packages/patches/firefox-esr-add-store-to-rdd-allowlist.patch | |
| parent | 554e6e6b43a597bf96cc04b948546abdd8d069e3 (diff) | |
nongnu: firefox: Fix GPU decoding.
* nongnu/packages/patches/firefox-esr-add-store-to-rdd-allowlist.patch: New
file.
* nongnu/packages/mozilla.scm (firefox-esr)[source]<patches>: Add it.
[#:phases]<wrap-glxtest>: New phase ported from Guix's librewolf package.
<wrap-program>: Remove whitelist manipulation.
[inputs]: Add pciutils.
* nongnu/packages/patches/firefox-add-store-to-rdd-allowlist.patch: New file.
* nongnu/packages/mozilla.scm (firefox)[source]<patches>: Add it.
Fixes: https://gitlab.com/nonguix/nonguix/-/issues/389
Signed-off-by: Hilton Chain <hako@ultrarare.space>
Modified-by: Hilton Chain <hako@ultrarare.space>
Diffstat (limited to 'nongnu/packages/patches/firefox-esr-add-store-to-rdd-allowlist.patch')
| -rw-r--r-- | nongnu/packages/patches/firefox-esr-add-store-to-rdd-allowlist.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/nongnu/packages/patches/firefox-esr-add-store-to-rdd-allowlist.patch b/nongnu/packages/patches/firefox-esr-add-store-to-rdd-allowlist.patch new file mode 100644 index 00000000..6ae18c37 --- /dev/null +++ b/nongnu/packages/patches/firefox-esr-add-store-to-rdd-allowlist.patch @@ -0,0 +1,36 @@ +diff --git a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp +index 0e5358e68e..efbde9616e 100644 +--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp ++++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp +@@ -452,6 +452,7 @@ void SandboxBrokerPolicyFactory::InitContentPolicy() { + // Various places where fonts reside + policy->AddDir(rdonly, "/usr/X11R6/lib/X11/fonts"); + policy->AddDir(rdonly, "/nix/store"); ++ policy->AddDir(rdonly, "/gnu/store"); + // https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/blob/e434e680d22260f277f4a30ec4660ed32b591d16/files/fontconfig-flatpak.conf + policy->AddDir(rdonly, "/run/host/fonts"); + policy->AddDir(rdonly, "/run/host/user-fonts"); +@@ -461,6 +462,7 @@ void SandboxBrokerPolicyFactory::InitContentPolicy() { + // Bug 1848615 + policy->AddPath(rdonly, "/usr"); + policy->AddPath(rdonly, "/nix"); ++ policy->AddPath(rdonly, "/gnu"); + + AddLdconfigPaths(policy); + AddLdLibraryEnvPaths(policy); +@@ -920,6 +922,7 @@ SandboxBrokerPolicyFactory::GetRDDPolicy(int aPid) { + policy->AddDir(rdonly, "/usr/lib64"); + policy->AddDir(rdonly, "/run/opengl-driver/lib"); + policy->AddDir(rdonly, "/nix/store"); ++ policy->AddDir(rdonly, "/gnu/store"); + + // Bug 1647957: memory reporting. + AddMemoryReporting(policy.get(), aPid); +@@ -1043,6 +1046,7 @@ SandboxBrokerPolicyFactory::GetUtilityProcessPolicy(int aPid) { + // Required to make sure ffmpeg loads properly, this is already existing on + // Content and RDD + policy->AddDir(rdonly, "/nix/store"); ++ policy->AddDir(rdonly, "/gnu/store"); + + // glibc will try to stat64("/") while populating nsswitch database + // https://sourceware.org/git/?p=glibc.git;a=blob;f=nss/nss_database.c;h=cf0306adc47f12d9bc761ab1b013629f4482b7e6;hb=9826b03b747b841f5fc6de2054bf1ef3f5c4bdf3#l396 |