diff options
| -rw-r--r-- | gnu/local.mk | 1 | ||||
| -rw-r--r-- | gnu/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch | 11 |
2 files changed, 12 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 8e7abc8a47..795ff822a4 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1687,6 +1687,7 @@ dist_patch_DATA = \ %D%/packages/patches/libphonenumber-reproducible-build.patch \ %D%/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch \ %D%/packages/patches/libquicktime-ffmpeg.patch \ + %D%/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch \ %D%/packages/patches/libsepol-versioned-docbook.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ %D%/packages/patches/libtgvoip-disable-sse2.patch \ diff --git a/gnu/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch b/gnu/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch new file mode 100644 index 0000000000..1bee0bddf5 --- /dev/null +++ b/gnu/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch @@ -0,0 +1,11 @@ +--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp ++++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp +@@ -920,6 +920,8 @@ + policy->AddDir(rdonly, "/usr/lib64"); + policy->AddDir(rdonly, "/run/opengl-driver/lib"); + policy->AddDir(rdonly, "/nix/store"); ++ policy->AddDir(rdonly, "/gnu/store"); ++ policy->AddDir(rdonly, "/run/current-system/profile/lib"); + + // Bug 1647957: memory reporting. + AddMemoryReporting(policy.get(), aPid); |