Luke Granger-Brown
57725ef3ec
git-subtree-dir: third_party/nixpkgs git-subtree-split: 76612b17c0ce71689921ca12d9ffdc9c23ce40b2
17 lines
1 KiB
Diff
17 lines
1 KiB
Diff
diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
|
|
index 0a201fe176..fa3690c12a 100644
|
|
--- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
|
|
+++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
|
|
@@ -819,6 +819,12 @@ GRefPtr<GSubprocess> bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces
|
|
sandboxArgs.append("--unshare-ipc");
|
|
}
|
|
|
|
+ // Nix Directories
|
|
+ sandboxArgs.appendVector(Vector<CString>({ "--ro-bind", "@storeDir@", "@storeDir@" }));
|
|
+ sandboxArgs.appendVector(Vector<CString>({ "--ro-bind-try", "/run/current-system", "/run/current-system" }));
|
|
+ sandboxArgs.appendVector(Vector<CString>({ "--ro-bind-try", "@driverLink@/lib", "@driverLink@/lib" }));
|
|
+ sandboxArgs.appendVector(Vector<CString>({ "--ro-bind-try", "@driverLink@/share", "@driverLink@/share" }));
|
|
+
|
|
#if ENABLE(DEVELOPER_MODE)
|
|
const char* execDirectory = g_getenv("WEBKIT_EXEC_PATH");
|
|
if (execDirectory) {
|