From 4d6bc7d0dce675f55de7cebf0c918428f88e5755 Mon Sep 17 00:00:00 2001 From: Brice Waegeneire Date: Sun, 22 Jun 2025 15:18:13 +0200 Subject: nongnu: firefox: Fix GPU decoding. * nongnu/packages/patches/firefox-esr-add-store-to-rdd-allowlist.patch: New file. * nongnu/packages/mozilla.scm (firefox-esr)[source]: Add it. [#:phases]: New phase ported from Guix's librewolf package. : Remove whitelist manipulation. [inputs]: Add pciutils. * nongnu/packages/patches/firefox-add-store-to-rdd-allowlist.patch: New file. * nongnu/packages/mozilla.scm (firefox)[source]: Add it. Fixes: https://gitlab.com/nonguix/nonguix/-/issues/389 Signed-off-by: Hilton Chain Modified-by: Hilton Chain --- .../firefox-esr-add-store-to-rdd-allowlist.patch | 36 ++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 nongnu/packages/patches/firefox-esr-add-store-to-rdd-allowlist.patch (limited to 'nongnu/packages/patches/firefox-esr-add-store-to-rdd-allowlist.patch') diff --git a/nongnu/packages/patches/firefox-esr-add-store-to-rdd-allowlist.patch b/nongnu/packages/patches/firefox-esr-add-store-to-rdd-allowlist.patch new file mode 100644 index 0000000..6ae18c3 --- /dev/null +++ b/nongnu/packages/patches/firefox-esr-add-store-to-rdd-allowlist.patch @@ -0,0 +1,36 @@ +diff --git a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp +index 0e5358e68e..efbde9616e 100644 +--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp ++++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp +@@ -452,6 +452,7 @@ void SandboxBrokerPolicyFactory::InitContentPolicy() { + // Various places where fonts reside + policy->AddDir(rdonly, "/usr/X11R6/lib/X11/fonts"); + policy->AddDir(rdonly, "/nix/store"); ++ policy->AddDir(rdonly, "/gnu/store"); + // https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/blob/e434e680d22260f277f4a30ec4660ed32b591d16/files/fontconfig-flatpak.conf + policy->AddDir(rdonly, "/run/host/fonts"); + policy->AddDir(rdonly, "/run/host/user-fonts"); +@@ -461,6 +462,7 @@ void SandboxBrokerPolicyFactory::InitContentPolicy() { + // Bug 1848615 + policy->AddPath(rdonly, "/usr"); + policy->AddPath(rdonly, "/nix"); ++ policy->AddPath(rdonly, "/gnu"); + + AddLdconfigPaths(policy); + AddLdLibraryEnvPaths(policy); +@@ -920,6 +922,7 @@ SandboxBrokerPolicyFactory::GetRDDPolicy(int aPid) { + policy->AddDir(rdonly, "/usr/lib64"); + policy->AddDir(rdonly, "/run/opengl-driver/lib"); + policy->AddDir(rdonly, "/nix/store"); ++ policy->AddDir(rdonly, "/gnu/store"); + + // Bug 1647957: memory reporting. + AddMemoryReporting(policy.get(), aPid); +@@ -1043,6 +1046,7 @@ SandboxBrokerPolicyFactory::GetUtilityProcessPolicy(int aPid) { + // Required to make sure ffmpeg loads properly, this is already existing on + // Content and RDD + policy->AddDir(rdonly, "/nix/store"); ++ policy->AddDir(rdonly, "/gnu/store"); + + // glibc will try to stat64("/") while populating nsswitch database + // https://sourceware.org/git/?p=glibc.git;a=blob;f=nss/nss_database.c;h=cf0306adc47f12d9bc761ab1b013629f4482b7e6;hb=9826b03b747b841f5fc6de2054bf1ef3f5c4bdf3#l396 -- cgit v1.2.3