diff options
author | smitsohu <smitsohu@gmail.com> | 2022-04-04 19:15:50 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2022-04-10 20:19:42 +0200 |
commit | bfab0a6789f6dfea858d2084d79d690cdbadd626 (patch) | |
tree | d4e05608800327fcb35b588374cabcb1dd4281ed /etc/profile-m-z/vlc.profile | |
parent | teams: drop doubled option (#5087) (diff) | |
download | firejail-bfab0a6789f6dfea858d2084d79d690cdbadd626.tar.gz firejail-bfab0a6789f6dfea858d2084d79d690cdbadd626.tar.zst firejail-bfab0a6789f6dfea858d2084d79d690cdbadd626.zip |
harden vlc
apparmor doesn't disable D-Bus anymore, so add it back
remove memory-deny-write-execute comment, as this also breaks JIT compiled QtQuick nowadays
Diffstat (limited to 'etc/profile-m-z/vlc.profile')
-rw-r--r-- | etc/profile-m-z/vlc.profile | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/etc/profile-m-z/vlc.profile b/etc/profile-m-z/vlc.profile index 68db032aa..4a43ed196 100644 --- a/etc/profile-m-z/vlc.profile +++ b/etc/profile-m-z/vlc.profile | |||
@@ -27,9 +27,11 @@ whitelist ${HOME}/.config/aacs | |||
27 | whitelist ${HOME}/.local/share/vlc | 27 | whitelist ${HOME}/.local/share/vlc |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-player-common.inc | 29 | include whitelist-player-common.inc |
30 | include whitelist-run-common.inc | ||
31 | include whitelist-runuser-common.inc | ||
30 | include whitelist-var-common.inc | 32 | include whitelist-var-common.inc |
31 | 33 | ||
32 | #apparmor - on Ubuntu 18.04 it refuses to start without dbus access | 34 | apparmor |
33 | caps.drop all | 35 | caps.drop all |
34 | netfilter | 36 | netfilter |
35 | nogroups | 37 | nogroups |
@@ -45,9 +47,10 @@ private-bin cvlc,nvlc,qvlc,rvlc,svlc,vlc | |||
45 | private-dev | 47 | private-dev |
46 | private-tmp | 48 | private-tmp |
47 | 49 | ||
48 | # dbus needed for MPRIS | 50 | dbus-user filter |
49 | # dbus-user none | 51 | dbus-user.own org.mpris.MediaPlayer2.vlc |
50 | # dbus-system none | 52 | dbus-user.talk org.freedesktop.Notifications |
51 | 53 | dbus-user.talk org.freedesktop.ScreenSaver | |
52 | # mdwe is disabled due to breaking hardware accelerated decoding | 54 | ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher |
53 | #memory-deny-write-execute | 55 | dbus-user.talk org.mpris.MediaPlayer2.Player |
56 | dbus-system none | ||