mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-29 10:23:29 +00:00
firejail: Fix resolve binary paths in user environment
This commit is contained in:
parent
f678ad7c7a
commit
5d2dfa253e
@ -37,9 +37,16 @@ stdenv.mkDerivation rec {
|
||||
# Adds the /nix directory when using an overlay.
|
||||
# Required to run any programs under this mode.
|
||||
./mount-nix-dir-on-overlay.patch
|
||||
|
||||
# By default fbuilder hardcodes the firejail binary to the install path.
|
||||
# On NixOS the firejail binary is a setuid wrapper available in $PATH.
|
||||
./fbuilder-call-firejail-on-path.patch
|
||||
|
||||
# NixOS specific whitelist to resolve binary paths in user environment
|
||||
# Fixes https://github.com/NixOS/nixpkgs/issues/170784
|
||||
# Upstream fix https://github.com/netblue30/firejail/pull/5131
|
||||
# Upstream hopefully fixed in later versions > 0.9.68
|
||||
./whitelist-nix-profile.patch
|
||||
];
|
||||
|
||||
prePatch = ''
|
||||
|
@ -0,0 +1,9 @@
|
||||
--- a/etc/inc/whitelist-common.inc.org 2022-05-06 13:57:17.294206339 +0200
|
||||
+++ b/etc/inc/whitelist-common.inc 2022-05-06 13:58:00.108655548 +0200
|
||||
@@ -83,3 +83,6 @@
|
||||
whitelist ${HOME}/.kde4/share/config/oxygenrc
|
||||
whitelist ${HOME}/.kde4/share/icons
|
||||
whitelist ${HOME}/.local/share/qt5ct
|
||||
+
|
||||
+# NixOS specific to resolve binary paths
|
||||
+whitelist ${HOME}/.nix-profile
|
Loading…
Reference in New Issue
Block a user