GNU bug report logs -
#47628
webkitgtk-2.32.0 fails to launch without /usr/bin
Previous Next
Reported by: Mark H Weaver <mhw <at> netris.org>
Date: Tue, 6 Apr 2021 22:48:01 UTC
Severity: normal
Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
Message #36 received at 47628 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Tue, Apr 13, 2021 at 03:22:47PM -0400, Mark H Weaver wrote:
> Hi Efraim,
>
> Efraim Flashner <efraim <at> flashner.co.il> writes:
>
> > On Thu, Apr 08, 2021 at 11:07:31AM -0400, Mark H Weaver wrote:
> >> I suspect that the relevant bit that needs to be changed is line 779 of
> >> the following file in the webkitgtk-2.32.0 source code:
> >>
> >> Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
> >>
> >> Most likely, that line can simply be deleted. Here's the relevant
> >> excerpt, with line 779 marked by "==>":
> >
> > Looking at the other lines above it, we could just change it from
> > ro-bind to ro-bind-try.
>
> I expect that would work, but why should we give the sandbox access to
> /usr/bin at all? I took a different approach: I removed access to *all*
> of the FHS directories, since they should not be needed for a
> Guix-compiled package.
>
> Below, I've attached the patch that I'm currently using successfully on
> my private branch of Guix.
>
> What do you think?
>
Since we should be linking to any libraries we need anyway and patching
any calls out to other binaries then I suppose this should work. I
suggested ro-bind-try to minimize the patch size.
--
Efraim Flashner <efraim <at> flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 3 years and 67 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.