firefox: allow RDD sandbox access to gpu drivers

Firefox uses a sandboxing model that only allows access to paths that were previously explicitly granted. We can only add granular permissions to a specific sandbox by patching, because setting LD_LIBRARY_PATH would affect all of them. To use hardware decoding via VA-API with Firefox 98.0.2 one needs to head to `about:config` and enable `media.ffmpeg.vaapi.enabled`. Closes: #157061
2022-03-27 16:40:22 +02:00 · 2022-03-27 16:40:22 +02:00 · 6cdf69546b
commit 6cdf69546b
parent cd1410a7d4
1 changed files with 8 additions and 0 deletions
--- a/pkgs/applications/networking/browsers/firefox/common.nix
+++ b/pkgs/applications/networking/browsers/firefox/common.nix
@ -165,6 +165,14 @@ buildStdenv.mkDerivation ({
  inherit src unpackPhase meta;

  patches = [
+    (fetchpatch {
+      # RDD Sandbox paths for NixOS, remove with Firefox>=100
+      # https://hg.mozilla.org/integration/autoland/rev/5ac6a69a01f47ca050d90704a9791b8224d30f14
+      # https://bugzilla.mozilla.org/show_bug.cgi?id=1761692
+      name = "mozbz-1761692-rdd-sandbox-paths.patch";
+      url = "https://hg.mozilla.org/integration/autoland/raw-rev/5ac6a69a01f47ca050d90704a9791b8224d30f14";
+      hash = "sha256-+NGRUxXA7HGvPaAwvDveqRsdXof5nBIc+l4hdf7cC/Y=";
+    })
  ]
  ++ lib.optional (lib.versionAtLeast version "86") ./env_var_for_system_dir-ff86.patch
  ++ lib.optional (lib.versionAtLeast version "90" && lib.versionOlder version "95") ./no-buildconfig-ffx90.patch