chromium: Don't use the sandbox patch on v21.
The patch doesn't apply in version 22 and newer, because mode 1 sandboxes are connsidered "legacy" (well, apart from the fact that I'd personally prefer BPF anyway), for reasons I wasn't able to find, yet. But let's proceed on BPF integration and thus gain more insight on the exact reasons.
This commit is contained in:
parent
b1a6a98139
commit
c67d8bcabe
@ -77,6 +77,10 @@ let
|
||||
xdg_utils yasm zlib
|
||||
];
|
||||
|
||||
needSeccompPatch =
|
||||
stdenv.lib.versionOlder sourceInfo.version "22.0.0.0"
|
||||
&& !config.selinux;
|
||||
|
||||
in stdenv.mkDerivation rec {
|
||||
name = "${packageName}-${version}";
|
||||
packageName = "chromium";
|
||||
@ -108,7 +112,7 @@ in stdenv.mkDerivation rec {
|
||||
|
||||
prePatch = "patchShebangs .";
|
||||
|
||||
patches = stdenv.lib.optional (!config.selinux) ./enable_seccomp.patch
|
||||
patches = stdenv.lib.optional needSeccompPatch ./enable_seccomp.patch
|
||||
++ stdenv.lib.optional config.cups ./cups_allow_deprecated.patch
|
||||
++ stdenv.lib.optional config.pulseaudio ./pulseaudio_array_bounds.patch;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user