diff options
author | Tad <tad@spotco.us> | 2017-07-30 16:56:31 -0400 |
---|---|---|
committer | Tad <tad@spotco.us> | 2017-08-02 00:13:42 -0400 |
commit | b18f42ab0236de7eed5888f43ba36cdaf990cbca (patch) | |
tree | 589537e44ce9efbfae2b84275367967550eadd75 /etc/cvlc.profile | |
parent | Harden profiles (diff) | |
download | firejail-b18f42ab0236de7eed5888f43ba36cdaf990cbca.tar.gz firejail-b18f42ab0236de7eed5888f43ba36cdaf990cbca.tar.zst firejail-b18f42ab0236de7eed5888f43ba36cdaf990cbca.zip |
Initial adding of memory-deny-write-execute to profiles
- mdwe breaks most vm-based languages so python/java/javascript and some mono programs are not compatible
- mdwe also breaks most 3d accelerated programs such as 3d games
- mdwe is similar to PaX's mprotect meaning PaX flag managers can be used as reference
-- See https://github.com/copperhead/paxd-archive/blob/master/paxd.conf
-- See https://github.com/nning/linux-pax-flags
Diffstat (limited to 'etc/cvlc.profile')
-rw-r--r-- | etc/cvlc.profile | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/etc/cvlc.profile b/etc/cvlc.profile index a52d62f83..921d505a9 100644 --- a/etc/cvlc.profile +++ b/etc/cvlc.profile | |||
@@ -27,3 +27,5 @@ tracelog | |||
27 | #private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc | 27 | #private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc |
28 | private-dev | 28 | private-dev |
29 | private-tmp | 29 | private-tmp |
30 | |||
31 | memory-deny-write-execute | ||