Share /gnu/store in the BubbleWrap container and remove FHS mounts. This is a Guix-specific patch not meant to be upstreamed. diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp index f0a5e4b05dff..88b11f806968 100644 --- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp +++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp @@ -854,27 +854,12 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces "--ro-bind", "/sys/dev", "/sys/dev", "--ro-bind", "/sys/devices", "/sys/devices", - "--ro-bind-try", "/usr/share", "/usr/share", - "--ro-bind-try", "/usr/local/share", "/usr/local/share", "--ro-bind-try", DATADIR, DATADIR, - - // We only grant access to the libdirs webkit is built with and - // guess system libdirs. This will always have some edge cases. - "--ro-bind-try", "/lib", "/lib", - "--ro-bind-try", "/usr/lib", "/usr/lib", - "--ro-bind-try", "/usr/local/lib", "/usr/local/lib", "--ro-bind-try", LIBDIR, LIBDIR, -#if CPU(ADDRESS64) - "--ro-bind-try", "/lib64", "/lib64", - "--ro-bind-try", "/usr/lib64", "/usr/lib64", - "--ro-bind-try", "/usr/local/lib64", "/usr/local/lib64", -#else - "--ro-bind-try", "/lib32", "/lib32", - "--ro-bind-try", "/usr/lib32", "/usr/lib32", - "--ro-bind-try", "/usr/local/lib32", "/usr/local/lib32", -#endif - "--ro-bind-try", PKGLIBEXECDIR, PKGLIBEXECDIR, + + // Bind mount the store inside the WebKitGTK sandbox. + "--ro-bind", "@storedir@", "@storedir@", }; if (launchOptions.processType == ProcessLauncher::ProcessType::DBusProxy) { nge
path: root/tests/cpio.scm
Age
AgeCommit message (Expand)Author
Commit message (Expand)Author
2020-12-15store-copy: 'populate-store' can optionally deduplicate files....Until now deduplication was performed as an additional pass after copying files, which involve re-traversing all the files that had just been copied. * guix/store/deduplication.scm (copy-file/deduplicate): New procedure. * tests/store-deduplication.scm ("copy-file/deduplicate"): New test. * guix/build/store-copy.scm (populate-store): Add #:deduplicate? parameter and honor it. * tests/gexp.scm ("gexp->derivation, store copy"): Pass #:deduplicate? #f to 'populate-store'. * gnu/build/image.scm (initialize-root-partition): Pass #:deduplicate? to 'populate-store'. Pass #:deduplicate? #f to 'register-closure'. * gnu/build/vm.scm (root-partition-initializer): Likewise. * gnu/build/install.scm (populate-single-profile-directory): Pass #:deduplicate? #f to 'populate-store'. * gnu/build/linux-initrd.scm (build-initrd): Likewise. * guix/scripts/pack.scm (self-contained-tarball)[import-module?]: New procedure. [build]: Pass it as an argument to 'source-module-closure'. * guix/scripts/pack.scm (squashfs-image)[build]: Wrap in 'with-extensions'. * gnu/system/linux-initrd.scm (expression->initrd)[import-module?]: New procedure. [builder]: Pass it to 'source-module-closure'. * gnu/system/install.scm (cow-store-service-type)[import-module?]: New procedure. Pass it to 'source-module-closure'. Ludovic Courtès
2020-11-21linux-initrd: Remove unnecessary timestamp reset phase....* gnu/build/linux-initrd.scm (write-cpio-archive): Mention timestamps in docstring. (build-initrd): Remove unnecessary timestamp reset phase. Ludovic Courtès