Hi Efraim, Efraim Flashner writes: > On Thu, Apr 08, 2021 at 11:07:31AM -0400, Mark H Weaver wrote: >> I suspect that the relevant bit that needs to be changed is line 779 of >> the following file in the webkitgtk-2.32.0 source code: >> >> Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp >> >> Most likely, that line can simply be deleted. Here's the relevant >> excerpt, with line 779 marked by "==>": > > Looking at the other lines above it, we could just change it from > ro-bind to ro-bind-try. I expect that would work, but why should we give the sandbox access to /usr/bin at all? I took a different approach: I removed access to *all* of the FHS directories, since they should not be needed for a Guix-compiled package. Below, I've attached the patch that I'm currently using successfully on my private branch of Guix. What do you think? Thanks, Mark