Share /gnu/store in the BubbleWrap container and remove FHS mounts. This is a Guix-specific patch not meant to be upstreamed. diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp index f0a5e4b05dff..88b11f806968 100644 --- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp +++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp @@ -854,27 +854,12 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces "--ro-bind", "/sys/dev", "/sys/dev", "--ro-bind", "/sys/devices", "/sys/devices", - "--ro-bind-try", "/usr/share", "/usr/share", - "--ro-bind-try", "/usr/local/share", "/usr/local/share", "--ro-bind-try", DATADIR, DATADIR, - - // We only grant access to the libdirs webkit is built with and - // guess system libdirs. This will always have some edge cases. - "--ro-bind-try", "/lib", "/lib", - "--ro-bind-try", "/usr/lib", "/usr/lib", - "--ro-bind-try", "/usr/local/lib", "/usr/local/lib", "--ro-bind-try", LIBDIR, LIBDIR, -#if CPU(ADDRESS64) - "--ro-bind-try", "/lib64", "/lib64", - "--ro-bind-try", "/usr/lib64", "/usr/lib64", - "--ro-bind-try", "/usr/local/lib64", "/usr/local/lib64", -#else - "--ro-bind-try", "/lib32", "/lib32", - "--ro-bind-try", "/usr/lib32", "/usr/lib32", - "--ro-bind-try", "/usr/local/lib32", "/usr/local/lib32", -#endif - "--ro-bind-try", PKGLIBEXECDIR, PKGLIBEXECDIR, + + // Bind mount the store inside the WebKitGTK sandbox. + "--ro-bind", "@storedir@", "@storedir@", }; if (launchOptions.processType == ProcessLauncher::ProcessType::DBusProxy) { thor'>author
path: root/gnu/home/services/media.scm
AgeCommit message (Expand)Author
2023-03-16home: services: kodi, znc, ssh-agent: Use 'match-record'....* gnu/home/services/media.scm (home-kodi-services): Use 'match-record' instead of 'match'. * gnu/home/services/messaging.scm (home-znc-services): Likewise. * gnu/home/services/ssh.scm (home-ssh-agent-services): Likewise. Ludovic Courtès
2023-03-16home: services: kodi: Remove host-side use of (shepherd support)....This is a followup to 70056b1b2beebbc9f8ea2c34eacc57f379368ab3, which inadvertently pulled in (shepherd support) on the host side. * gnu/home/services/media.scm (home-kodi-services): Change 'command' and 'logfile' to gexps. Add 'modules' field to 'shepherd-service'. Ludovic Courtès
2023-03-16gnu: home: services: Add home-kodi-service-type....* gnu/home/services/media.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * po/guix/POTFILES.in: Likewise. * doc/guix.texi (Media Home Services): Document it in new subsection. Jan (janneke) Nieuwenhuizen