amaharaneko/nonguix-mirrors
1
0
Fork 0
mirror of https://gitlab.com/nonguix/nonguix.git synced 2025-10-02 02:14:59 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
nonguix-mirrors/nongnu/packages/patches/firefox-esr-add-store-to-rdd-allowlist.patch
Tomas Volf 1b17c6dfc0
nongnu: firefox-esr: Update to 140.0esr. 
* nongnu/packages/mozilla.scm (firefox-esr): Update to 140.0esr.
[source]<patches>: Add firefox-restore-desktop-files.patch.  Use >=138 version
of path comparison patch.
[inputs]: Use icu4c-76.
[native-inputs]: Use rust-cbindgen-0.28.
(firefox)[inputs]: Drop.
[native-inputs]: Do not replace rust-cbindgen.
* nongnu/packages/patches/firefox-esr-add-store-to-rdd-allowlist.patch: Update
to new version.  No functional changes.
* nongnu/packages/patches/firefox-esr-use-system-wide-dir.patch: Same.
* nongnu/packages/patches/firefox-esr-compare-paths.patch: Delete file.

Signed-off-by: Hilton Chain <hako@ultrarare.space>
2025-06-28 21:03:20 +08:00

36 lines
1.9 KiB
Diff
Raw Blame History

diff --git a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
index 4eff5e6..42171eb 100644
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -476,6 +476,7 @@ void SandboxBrokerPolicyFactory::InitContentPolicy() {
// Various places where fonts reside
policy->AddTree(rdonly, "/usr/X11R6/lib/X11/fonts");
policy->AddTree(rdonly, "/nix/store");
+ policy->AddTree(rdonly, "/gnu/store");
// https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/blob/e434e680d22260f277f4a30ec4660ed32b591d16/files/fontconfig-flatpak.conf
policy->AddTree(rdonly, "/run/host/fonts");
policy->AddTree(rdonly, "/run/host/user-fonts");
@@ -485,6 +486,7 @@ void SandboxBrokerPolicyFactory::InitContentPolicy() {
// Bug 1848615
policy->AddPath(rdonly, "/usr");
policy->AddPath(rdonly, "/nix");
+ policy->AddPath(rdonly, "/gnu");
AddLdconfigPaths(policy);
AddLdLibraryEnvPaths(policy);
@@ -934,6 +936,7 @@ SandboxBrokerPolicyFactory::GetRDDPolicy(int aPid) {
policy->AddTree(rdonly, "/usr/lib64");
policy->AddTree(rdonly, "/run/opengl-driver/lib");
policy->AddTree(rdonly, "/nix/store");
+ policy->AddTree(rdonly, "/gnu/store");
// Bug 1647957: memory reporting.
AddMemoryReporting(policy.get(), aPid);
@@ -1079,6 +1082,7 @@ SandboxBrokerPolicyFactory::GetUtilityProcessPolicy(int aPid) {
// Required to make sure ffmpeg loads properly, this is already existing on
// Content and RDD
policy->AddTree(rdonly, "/nix/store");
+ policy->AddTree(rdonly, "/gnu/store");
// glibc will try to stat64("/") while populating nsswitch database
// https://sourceware.org/git/?p=glibc.git;a=blob;f=nss/nss_database.c;h=cf0306adc47f12d9bc761ab1b013629f4482b7e6;hb=9826b03b747b841f5fc6de2054bf1ef3f5c4bdf3#l396
Reference in a new issue View git blame Copy permalink