GNU bug report logs - #34135
IceCat lacks WebGL support

Previous Next

Package: guix;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Sat, 19 Jan 2019 15:50:02 UTC

Severity: normal

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #17 received at 34135 <at> debbugs.gnu.org (full text, mbox):

From: Julien Lepiller <julien <at> lepiller.eu>
To: Ricardo Wurmus <rekado <at> elephly.net>,
 Ludovic Courtès <ludo <at> gnu.org>
Cc: 34135 <at> debbugs.gnu.org
Subject: Re: bug#34135: IceCat lacks WebGL support
Date: Mon, 21 Jan 2019 09:49:43 +0100

Le 21 janvier 2019 09:24:53 GMT+01:00, Ricardo Wurmus <rekado <at> elephly.net> a écrit :
>
>Ludovic Courtès <ludo <at> gnu.org> writes:
>
>> Hi Julien,
>>
>> Julien Lepiller <julien <at> lepiller.eu> skribis:
>>
>>> Try setting security.sandbox.content.read_path_whitelist to
>/gnu/store/
>>> (with a leading /) in about:config.
>>
>> Setting it to “/gnu/store/” (with a trailing slash) works, thank you!
>>
>> It turns out that setting LIBGL_DRIVERS_PATH is even unnecessary.
>>
>> I suppose we should patch the default value of
>> ‘security.sandbox.content.read_path_whitelist’ in our package.  What
>do
>> people think?
>
>It isn’t much of a sandbox if all of /gnu/store would be permitted. 
>Can
>this be reduced to the paths of store items that are known at build
>time?

You'll have to list every library and there dependencies. Is that possible? Also I think icecat has read permission to /usr by default, so setting permission to the store is similar.
This bug report was last modified 1 year and 316 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.