From b9127e66e956c94ef30b5f3dd2d9a61d9d2c545b Mon Sep 17 00:00:00 2001 From: Philip Kaludercic Date: Sat, 21 May 2022 13:29:19 +0200 Subject: [PATCH 1/2] Bind /gnu directory as a read-only mount when sandboxing This allows for packages installed and made available using GNU Guix to be used by bubblewrap. --- elpa-admin.el | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elpa-admin.el b/elpa-admin.el index d570c3c6aa..a546bb63ba 100644 --- a/elpa-admin.el +++ b/elpa-admin.el @@ -955,7 +955,7 @@ The INFILE and DISPLAY arguments are fixed as nil." "--tmpfs" "/tmp")) (defvar elpaa--sandbox-ro-binds - '("/lib" "/lib64" "/bin" "/usr" "/etc/alternatives" "/etc/emacs")) + '("/lib" "/lib64" "/bin" "/usr" "/etc/alternatives" "/etc/emacs" "/gnu")) (defun elpaa--call-sandboxed (destination &rest args) "Like ‘elpaa--call’ but sandboxed. -- 2.36.1