Initial adding of memory-deny-write-execute to profiles

- mdwe breaks most vm-based languages so python/java/javascript and some mono programs are not compatible - mdwe also breaks most 3d accelerated programs such as 3d games - mdwe is similar to PaX's mprotect meaning PaX flag managers can be used as reference -- See https://github.com/copperhead/paxd-archive/blob/master/paxd.conf -- See https://github.com/nning/linux-pax-flags
author: Tad <tad@spotco.us> 2017-07-30 16:56:31 -0400
committer: Tad <tad@spotco.us> 2017-08-02 00:13:42 -0400
commit: b18f42ab0236de7eed5888f43ba36cdaf990cbca (patch)
tree: 589537e44ce9efbfae2b84275367967550eadd75 /etc/cvlc.profile
parent: Harden profiles (diff)
download: firejail-b18f42ab0236de7eed5888f43ba36cdaf990cbca.tar.gz
firejail-b18f42ab0236de7eed5888f43ba36cdaf990cbca.tar.zst
firejail-b18f42ab0236de7eed5888f43ba36cdaf990cbca.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/etc/cvlc.profile b/etc/cvlc.profile
index a52d62f83..921d505a9 100644
--- a/etc/cvlc.profile
+++ b/etc/cvlc.profile
@@ -27,3 +27,5 @@ tracelog
 #private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc
 private-dev
 private-tmp
+memory-deny-write-execute
author	Tad <tad@spotco.us>	2017-07-30 16:56:31 -0400
committer	Tad <tad@spotco.us>	2017-08-02 00:13:42 -0400
commit	b18f42ab0236de7eed5888f43ba36cdaf990cbca (patch)
tree	589537e44ce9efbfae2b84275367967550eadd75 /etc/cvlc.profile
parent	Harden profiles (diff)
download	firejail-b18f42ab0236de7eed5888f43ba36cdaf990cbca.tar.gz firejail-b18f42ab0236de7eed5888f43ba36cdaf990cbca.tar.zst firejail-b18f42ab0236de7eed5888f43ba36cdaf990cbca.zip

diff --git a/etc/cvlc.profile b/etc/cvlc.profile index a52d62f83..921d505a9 100644 --- a/etc/cvlc.profile +++ b/etc/cvlc.profile
@@ -27,3 +27,5 @@ tracelog
27	#private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc	27	#private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc
28	private-dev	28	private-dev
29	private-tmp	29	private-tmp
		30
		31	memory-deny-write-execute