diff options
author | smitsohu <smitsohu@gmail.com> | 2022-04-10 20:36:14 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-04-10 20:36:14 +0200 |
commit | 142ab7ea29644e1ec27c5d2625951bc789f0c492 (patch) | |
tree | 68f8764d8298d65713b0898f9d79e7bb00659945 /etc/profile-m-z | |
parent | libvirt dnsmasq: more fixes (#5089) (diff) | |
parent | harden vlc (diff) | |
download | firejail-142ab7ea29644e1ec27c5d2625951bc789f0c492.tar.gz firejail-142ab7ea29644e1ec27c5d2625951bc789f0c492.tar.zst firejail-142ab7ea29644e1ec27c5d2625951bc789f0c492.zip |
Merge pull request #5092 from smitsohu/vlc
harden vlc
Diffstat (limited to 'etc/profile-m-z')
-rw-r--r-- | etc/profile-m-z/vlc.profile | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/etc/profile-m-z/vlc.profile b/etc/profile-m-z/vlc.profile index 68db032aa..4a43ed196 100644 --- a/etc/profile-m-z/vlc.profile +++ b/etc/profile-m-z/vlc.profile | |||
@@ -27,9 +27,11 @@ whitelist ${HOME}/.config/aacs | |||
27 | whitelist ${HOME}/.local/share/vlc | 27 | whitelist ${HOME}/.local/share/vlc |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-player-common.inc | 29 | include whitelist-player-common.inc |
30 | include whitelist-run-common.inc | ||
31 | include whitelist-runuser-common.inc | ||
30 | include whitelist-var-common.inc | 32 | include whitelist-var-common.inc |
31 | 33 | ||
32 | #apparmor - on Ubuntu 18.04 it refuses to start without dbus access | 34 | apparmor |
33 | caps.drop all | 35 | caps.drop all |
34 | netfilter | 36 | netfilter |
35 | nogroups | 37 | nogroups |
@@ -45,9 +47,10 @@ private-bin cvlc,nvlc,qvlc,rvlc,svlc,vlc | |||
45 | private-dev | 47 | private-dev |
46 | private-tmp | 48 | private-tmp |
47 | 49 | ||
48 | # dbus needed for MPRIS | 50 | dbus-user filter |
49 | # dbus-user none | 51 | dbus-user.own org.mpris.MediaPlayer2.vlc |
50 | # dbus-system none | 52 | dbus-user.talk org.freedesktop.Notifications |
51 | 53 | dbus-user.talk org.freedesktop.ScreenSaver | |
52 | # mdwe is disabled due to breaking hardware accelerated decoding | 54 | ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher |
53 | #memory-deny-write-execute | 55 | dbus-user.talk org.mpris.MediaPlayer2.Player |
56 | dbus-system none | ||