Hi,
Z572 <873216071@qq.com> writes:
Thanks! One very important note: you should "reset" this customization
after updating to IceCat 91.3.0, or else IceCat will stop working
correctly after some future update of Guix. The reason is that the
whitelist contains several other directories within /gnu/store/, and
those directory will need to be updated whenever those components are
updated in Guix. For example, when 'ffmpeg' is updated to a newer
version, or one of its dependent libraries is updated, the directory
name /gnu/store/…-ffmpeg-4.4 will change; if you don't update the
whitelist accordingly, video playback will stop working.
In the IceCat 91.3.0 update that I pushed a few hours ago, I added
"/run/current-system/profile/share/fonts/" to the default whitelist.
So, I suggest that you update to IceCat 91.3.0 at your earliest
opportunity, and then visit <about:config>, navigate to the
"security.sandbox.content.read_path_whitelist" setting, and click on its
"reset" button (the one with an arrow pointing to the left), to erase
the customization of that setting.
Note that it is not enough to simply remove the directory that you
added. You must click the reset button on that customization in order
to allow it to be automatically updated in the future.
* * *
Going forward, I think that we should create a patch for IceCat
analogous to the webkitgtk-bind-all-fonts.patch that Liliana wrote for
WebKitGTK. I think that all of the directories that currently comprise
the default value of "security.sandbox.content.read_path_whitelist"
should instead be *implicitly* added to the whitelist, in *addition* to
the contents of "security.sandbox.content.read_path_whitelist". That
would enable users to customize that setting without having to manually
keep the /gnu/store/…/ entries updated.
I'll keep this bug open for now, pending a more proper fix.
Thanks,
Mark
--
Disinformation flourishes because many people care deeply about injustice