gnu: librewolf: Add rdd paths allowlist patch.

* gnu/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it here. Change-Id: Ice417148b0ddf9acf0062eb6d16a875a81e350e6
author: Andrew Tropin <andrew@trop.in> 2024-09-24 12:24:33 +0400
committer: Andrew Tropin <andrew@trop.in> 2024-09-24 12:26:07 +0400
commit: 75824be1ac60b39e123e6ee9617a64bbf2ee4add (patch)
tree: 680160fd0ec10ebcddfa0a823006dd7a0302f42e /gnu/packages
parent: 8888f930ad9b2494a23e88019284266a1b1b2bb0 (diff)
download: guix-75824be1ac60b39e123e6ee9617a64bbf2ee4add.tar.gz
guix-75824be1ac60b39e123e6ee9617a64bbf2ee4add.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/gnu/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch b/gnu/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch
new file mode 100644
index 0000000000..1bee0bddf5
--- /dev/null
+++ b/gnu/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch
@@ -0,0 +1,11 @@
+--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
++++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+@@ -920,6 +920,8 @@
+   policy->AddDir(rdonly, "/usr/lib64");
+   policy->AddDir(rdonly, "/run/opengl-driver/lib");
+   policy->AddDir(rdonly, "/nix/store");
++  policy->AddDir(rdonly, "/gnu/store");
++  policy->AddDir(rdonly, "/run/current-system/profile/lib");
+
+   // Bug 1647957: memory reporting.
+   AddMemoryReporting(policy.get(), aPid);
author	Andrew Tropin <andrew@trop.in>	2024-09-24 12:24:33 +0400
committer	Andrew Tropin <andrew@trop.in>	2024-09-24 12:26:07 +0400
commit	75824be1ac60b39e123e6ee9617a64bbf2ee4add (patch)
tree	680160fd0ec10ebcddfa0a823006dd7a0302f42e /gnu/packages
parent	8888f930ad9b2494a23e88019284266a1b1b2bb0 (diff)
download	guix-75824be1ac60b39e123e6ee9617a64bbf2ee4add.tar.gz guix-75824be1ac60b39e123e6ee9617a64bbf2ee4add.zip