firejail: Fix opengl support for various apps

2 files changed, 13 insertions, 0 deletions

diff --git a/pkgs/os-specific/linux/firejail/default.nix b/pkgs/os-specific/linux/firejail/default.nix
index 3caf41cfca5..bbb3a1daab6 100644
--- a/pkgs/os-specific/linux/firejail/default.nix
+++ b/pkgs/os-specific/linux/firejail/default.nix
@@ -47,6 +47,12 @@ stdenv.mkDerivation rec {
     # Upstream fix https://github.com/netblue30/firejail/pull/5131
     # Upstream hopefully fixed in later versions > 0.9.68
    ./whitelist-nix-profile.patch
+
+    # Fix OpenGL support for various applications including Firefox
+    # Issue: https://github.com/NixOS/nixpkgs/issues/55191
+    # Upstream fix: https://github.com/netblue30/firejail/pull/5132
+    # Hopefully fixed upstream in version > 0.9.68
+    ./fix-opengl-support.patch
   ];
 
   prePatch = ''
diff --git a/pkgs/os-specific/linux/firejail/fix-opengl-support.patch b/pkgs/os-specific/linux/firejail/fix-opengl-support.patch
new file mode 100644
index 00000000000..9fd18aad3fd
--- /dev/null
+++ b/pkgs/os-specific/linux/firejail/fix-opengl-support.patch
@@ -0,0 +1,7 @@
+--- a/etc/inc/whitelist-run-common.inc.org	2022-05-07 11:27:32.264849186 +0200
++++ b/etc/inc/whitelist-run-common.inc	2022-05-07 11:27:55.577778211 +0200
+@@ -13,3 +13,4 @@
+ whitelist /run/systemd/resolve/resolv.conf
+ whitelist /run/systemd/resolve/stub-resolv.conf
+ whitelist /run/udev/data
++whitelist /run/opengl-driver	# NixOS