From b615d8681a953045b3c74a024346b1f6e138fa4d Mon Sep 17 00:00:00 2001
From: Kershaw Chang <kershaw@mozilla.com>
Date: Fri, 26 Jun 2020 08:32:46 +0000
Subject: [PATCH] Bug 1640612 - Allow socket process to read /etc, r=gcp

Differential Revision: https://phabricator.services.mozilla.com/D80718
---
 security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
index 9ec0365fb0cc..147a3bb77215 100644
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -693,6 +693,7 @@ SandboxBrokerPolicyFactory::GetSocketProcessPolicy(int aPid) {
   policy->AddDir(rdonly, "/usr/lib64");
   policy->AddDir(rdonly, "/usr/share");
   policy->AddDir(rdonly, "/usr/local/share");
+  policy->AddDir(rdonly, "/etc");
 
   AddLdconfigPaths(policy.get());