[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#39127] [PATCH] fixing icecat's multimedia
|
From: |
Julien Lepiller |
|
Subject: |
[bug#39127] [PATCH] fixing icecat's multimedia |
|
Date: |
Tue, 14 Jan 2020 02:36:05 +0100 |
Le Tue, 14 Jan 2020 02:29:20 +0100,
Tobias Geerinckx-Rice <address@hidden> a écrit :
> Julien,
>
> Thanks! For anything with ‘security’ *and* ‘sandbox’ in the name
> we should definitely involve IceCat upstream.
>
> Julien Lepiller 写道:
> > (substitute* "browser/app/profile/icecat.js"
> > (("\"security.sandbox.content.read_path_whitelist\", \"\"")
> > (string-append
> > "\"security.sandbox.content.read_path_whitelist\", \""
> > (%store-directory) "/\"")))
>
> When I asked bandali on IRC a few weeks(?) ago about this exact
> patch, they didn't sound convinced. But we were both quite unsure
> :-) Have things changed? Have you talked to Mark?
I haven't talked to Mark, but here's how you can check:
set security.sandbox.content.read_path_whitelist in about:config to an
empty string (the default) and restart icecat. It cannot play the video
from https://harmonist.tuxfamily.org/. It doesn't work. Set it to
/gnu/store/ (with a trailing /) and restart the browser. Now the video
works. This patch attempts to make the working scenario the default :)
>
> > Since icecat has access to /lib and /usr/lib, I think we can
> > also give
> > it read access (not write) to /gnu/store.
>
> That sounds reasonable, if you're certain that it's read-only.
>
> > Wdyt?
>
> LGTM from the Guix side.
>
> Kind regards,
>
> T G-R