pkgs/development/libraries/webkitgtk/fix-bubblewrap-paths.patch at 20.09-beta · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

nixpkgs / pkgs / development / libraries / webkitgtk / fix-bubblewrap-paths.patch

at 20.09-beta 23 lines 1.1 kB view raw

 1diff -ru old/webkitgtk-2.26.0/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp webkitgtk-2.26.0/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
 2--- old/webkitgtk-2.26.0/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp	2019-09-09 04:47:07.000000000 -0400
 3+++ webkitgtk-2.26.0/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp	2019-09-20 21:14:10.537921173 -0400
 4@@ -585,7 +585,7 @@
 5         { SCMP_SYS(keyctl), nullptr },
 6         { SCMP_SYS(request_key), nullptr },
 7 
 8-        // Scary VM/NUMA ops 
 9+        // Scary VM/NUMA ops
10         { SCMP_SYS(move_pages), nullptr },
11         { SCMP_SYS(mbind), nullptr },
12         { SCMP_SYS(get_mempolicy), nullptr },
13@@ -724,6 +724,10 @@
14         "--ro-bind-try", "/usr/local/lib64", "/usr/local/lib64",
15 
16         "--ro-bind-try", PKGLIBEXECDIR, PKGLIBEXECDIR,
17+
18+        // Nix Directories
19+        "--ro-bind", "@storeDir@", "@storeDir@",
20+        "--ro-bind", "/run/current-system", "/run/current-system",
21     };
22     // We would have to parse ld config files for more info.
23     bindPathVar(sandboxArgs, "LD_LIBRARY_PATH");