GNU bug report logs -
#77827
[PATCH] gnu: librewolf: Fix video playback.
Previous Next
Reported by: Jakob Kirsch <jakob.kirsch <at> web.de>
Date: Tue, 15 Apr 2025 16:48:02 UTC
Severity: normal
Tags: patch
Done: Ian Eure <ian <at> retrospec.tv>
Bug is archived. No further changes may be made.
Full log
Message #29 received at 77827 <at> debbugs.gnu.org (full text, mbox):
Hi Ian,
On 19 April 2025 15:45, Ian Eure <ian <at> retrospec.tv> wrote:
> I pushed the patch provided in #72265, but reverted it, as I got bug reports
> about it breaking live video streams. I’ve updated and reapplied the patch
> locally a few times, but it’s continued to exhibit that problem, _and_ it still
> complains about being unable to open the vaapi drivers with sandbox logging
> enabled. The specific issue is that with hwaccel enabled, it can’t demux
> AAC-LATM audio streams. Mullvadb and Torbrowser are both subject to this issue,
> I wrote up #77559 about what I found there, but haven’t gotten a response.
>
> I have an idea here, I’ll patch things up a bit and see if the situation is
> improved.
I decided to test it with this dumb patch, basically adding /gnu/store
everywhere /nix/store was added. With the patch I have HW decoding with
my old Intel GPU using i965_drv_video.so from
intel-vaapi-driver package. Can't comment if the AAC-LATM issue is
there.
There's some sandbox messages when it goes through
LD_LIBRARY_PATH trying to open nonexistent libraries that can look
sandbox rejection messages at first glance:
--8<---------------cut here---------------start------------->8---
[3942] Sandbox: Failed errno -2 op open flags 02000000 path /gnu/store/71122si4k9mwxp71i483xica7fh7nsrx-mesa-24.3.2/lib/libdrm_intel.so.1
--8<---------------cut here---------------end--------------->8---
Possibly not everything in the patch is necessary, but iterating on it
and building Firefox is too much of a pain on an old machine.
--8<---------------cut here---------------start------------->8---
diff --git a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
index 4eff5e6..42171eb 100644
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -476,6 +476,7 @@ void SandboxBrokerPolicyFactory::InitContentPolicy() {
// Various places where fonts reside
policy->AddTree(rdonly, "/usr/X11R6/lib/X11/fonts");
policy->AddTree(rdonly, "/nix/store");
+ policy->AddTree(rdonly, "/gnu/store");
// https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/blob/e434e680d22260f277f4a30ec4660ed32b591d16/files/fontconfig-flatpak.conf
policy->AddTree(rdonly, "/run/host/fonts");
policy->AddTree(rdonly, "/run/host/user-fonts");
@@ -485,6 +486,7 @@ void SandboxBrokerPolicyFactory::InitContentPolicy() {
// Bug 1848615
policy->AddPath(rdonly, "/usr");
policy->AddPath(rdonly, "/nix");
+ policy->AddPath(rdonly, "/gnu");
AddLdconfigPaths(policy);
AddLdLibraryEnvPaths(policy);
@@ -934,6 +936,7 @@ SandboxBrokerPolicyFactory::GetRDDPolicy(int aPid) {
policy->AddTree(rdonly, "/usr/lib64");
policy->AddTree(rdonly, "/run/opengl-driver/lib");
policy->AddTree(rdonly, "/nix/store");
+ policy->AddTree(rdonly, "/gnu/store");
// Bug 1647957: memory reporting.
AddMemoryReporting(policy.get(), aPid);
@@ -1079,6 +1082,7 @@ SandboxBrokerPolicyFactory::GetUtilityProcessPolicy(int aPid) {
// Required to make sure ffmpeg loads properly, this is already existing on
// Content and RDD
policy->AddTree(rdonly, "/nix/store");
+ policy->AddTree(rdonly, "/gnu/store");
// glibc will try to stat64("/") while populating nsswitch database
// https://sourceware.org/git/?p=glibc.git;a=blob;f=nss/nss_database.c;h=cf0306adc47f12d9bc761ab1b013629f4482b7e6;hb=9826b03b747b841f5fc6de2054bf1ef3f5c4bdf3#l396
--8<---------------cut here---------------end--------------->8---
Best,
--
Jussi
This bug report was last modified 127 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.