Filippo Giunchedi has submitted this change and it was merged. Change subject: Whitelist /home/pdfrender/.config in firejail profile ......................................................................
Whitelist /home/pdfrender/.config in firejail profile The firejail default profile does not grant permission to read a user's home directory, so we need to explicitly whitelist the .config directory containing fonts.conf to enable hinting. Change-Id: I8fb502f6a10ef666bb006d495b4335472c53fb02 --- M modules/pdfrender/files/firejail.profile 1 file changed, 1 insertion(+), 0 deletions(-) Approvals: Filippo Giunchedi: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/pdfrender/files/firejail.profile b/modules/pdfrender/files/firejail.profile index a9e3c46..eee8468 100644 --- a/modules/pdfrender/files/firejail.profile +++ b/modules/pdfrender/files/firejail.profile @@ -8,6 +8,7 @@ include /etc/firejail/default.profile blacklist /root +whitelist /home/pdfrender/.config # Electron uses xvfb as the X11 engine by default, which # requires setuid root; that is not acceptable for firejail -- To view, visit https://gerrit.wikimedia.org/r/324976 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I8fb502f6a10ef666bb006d495b4335472c53fb02 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: GWicke <[email protected]> Gerrit-Reviewer: Filippo Giunchedi <[email protected]> Gerrit-Reviewer: Mobrovac <[email protected]> Gerrit-Reviewer: Muehlenhoff <[email protected]> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
