From 5d2dfa253eaf9092bfc10695e40b2c80371dd55c Mon Sep 17 00:00:00 2001 From: Jonas Heinrich Date: Fri, 6 May 2022 14:05:35 +0200 Subject: [PATCH] firejail: Fix resolve binary paths in user environment --- pkgs/os-specific/linux/firejail/default.nix | 7 +++++++ .../linux/firejail/whitelist-nix-profile.patch | 9 +++++++++ 2 files changed, 16 insertions(+) create mode 100644 pkgs/os-specific/linux/firejail/whitelist-nix-profile.patch diff --git a/pkgs/os-specific/linux/firejail/default.nix b/pkgs/os-specific/linux/firejail/default.nix index c3dc819b5bc..3caf41cfca5 100644 --- a/pkgs/os-specific/linux/firejail/default.nix +++ b/pkgs/os-specific/linux/firejail/default.nix @@ -37,9 +37,16 @@ stdenv.mkDerivation rec { # Adds the /nix directory when using an overlay. # Required to run any programs under this mode. ./mount-nix-dir-on-overlay.patch + # By default fbuilder hardcodes the firejail binary to the install path. # On NixOS the firejail binary is a setuid wrapper available in $PATH. ./fbuilder-call-firejail-on-path.patch + + # NixOS specific whitelist to resolve binary paths in user environment + # Fixes https://github.com/NixOS/nixpkgs/issues/170784 + # Upstream fix https://github.com/netblue30/firejail/pull/5131 + # Upstream hopefully fixed in later versions > 0.9.68 + ./whitelist-nix-profile.patch ]; prePatch = '' diff --git a/pkgs/os-specific/linux/firejail/whitelist-nix-profile.patch b/pkgs/os-specific/linux/firejail/whitelist-nix-profile.patch new file mode 100644 index 00000000000..227d28846ea --- /dev/null +++ b/pkgs/os-specific/linux/firejail/whitelist-nix-profile.patch @@ -0,0 +1,9 @@ +--- a/etc/inc/whitelist-common.inc.org 2022-05-06 13:57:17.294206339 +0200 ++++ b/etc/inc/whitelist-common.inc 2022-05-06 13:58:00.108655548 +0200 +@@ -83,3 +83,6 @@ + whitelist ${HOME}/.kde4/share/config/oxygenrc + whitelist ${HOME}/.kde4/share/icons + whitelist ${HOME}/.local/share/qt5ct ++ ++# NixOS specific to resolve binary paths ++whitelist ${HOME}/.nix-profile