diff options
author | Jonas Heinrich <onny@project-insanity.org> | 2022-05-06 14:05:35 +0200 |
---|---|---|
committer | Jonas Heinrich <onny@project-insanity.org> | 2022-05-07 11:39:02 +0200 |
commit | 5d2dfa253eaf9092bfc10695e40b2c80371dd55c (patch) | |
tree | ee84f102f528b17a14a4562f66154646c99d0a26 /pkgs/os-specific/linux/firejail | |
parent | f678ad7c7a306f5a073fbb68e93a074ca2d1f054 (diff) |
firejail: Fix resolve binary paths in user environment
Diffstat (limited to 'pkgs/os-specific/linux/firejail')
-rw-r--r-- | pkgs/os-specific/linux/firejail/default.nix | 7 | ||||
-rw-r--r-- | pkgs/os-specific/linux/firejail/whitelist-nix-profile.patch | 9 |
2 files changed, 16 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/firejail/default.nix b/pkgs/os-specific/linux/firejail/default.nix index c3dc819b5bcff..3caf41cfca562 100644 --- a/pkgs/os-specific/linux/firejail/default.nix +++ b/pkgs/os-specific/linux/firejail/default.nix @@ -37,9 +37,16 @@ stdenv.mkDerivation rec { # Adds the /nix directory when using an overlay. # Required to run any programs under this mode. ./mount-nix-dir-on-overlay.patch + # By default fbuilder hardcodes the firejail binary to the install path. # On NixOS the firejail binary is a setuid wrapper available in $PATH. ./fbuilder-call-firejail-on-path.patch + + # NixOS specific whitelist to resolve binary paths in user environment + # Fixes https://github.com/NixOS/nixpkgs/issues/170784 + # Upstream fix https://github.com/netblue30/firejail/pull/5131 + # Upstream hopefully fixed in later versions > 0.9.68 + ./whitelist-nix-profile.patch ]; prePatch = '' diff --git a/pkgs/os-specific/linux/firejail/whitelist-nix-profile.patch b/pkgs/os-specific/linux/firejail/whitelist-nix-profile.patch new file mode 100644 index 0000000000000..227d28846ea5f --- /dev/null +++ b/pkgs/os-specific/linux/firejail/whitelist-nix-profile.patch @@ -0,0 +1,9 @@ +--- a/etc/inc/whitelist-common.inc.org 2022-05-06 13:57:17.294206339 +0200 ++++ b/etc/inc/whitelist-common.inc 2022-05-06 13:58:00.108655548 +0200 +@@ -83,3 +83,6 @@ + whitelist ${HOME}/.kde4/share/config/oxygenrc + whitelist ${HOME}/.kde4/share/icons + whitelist ${HOME}/.local/share/qt5ct ++ ++# NixOS specific to resolve binary paths ++whitelist ${HOME}/.nix-profile |