diff options
-rw-r--r-- | etc/cvlc.profile | 7 | ||||
-rw-r--r-- | etc/vlc.profile | 1 |
2 files changed, 6 insertions, 2 deletions
diff --git a/etc/cvlc.profile b/etc/cvlc.profile index 460966321..e0d32da0f 100644 --- a/etc/cvlc.profile +++ b/etc/cvlc.profile | |||
@@ -14,7 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nogroups | 17 | # nogroups |
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | protocol unix,inet,inet6,netlink | 20 | protocol unix,inet,inet6,netlink |
@@ -27,4 +27,7 @@ tracelog | |||
27 | private-dev | 27 | private-dev |
28 | private-tmp | 28 | private-tmp |
29 | 29 | ||
30 | memory-deny-write-execute | 30 | # mdwe is disabled due to breaking hardware accelerated decoding |
31 | # memory-deny-write-execute | ||
32 | noexec ${HOME} | ||
33 | noexec /tmp | ||
diff --git a/etc/vlc.profile b/etc/vlc.profile index 01ddfa8a9..bccde7a3d 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -25,6 +25,7 @@ private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc | |||
25 | private-dev | 25 | private-dev |
26 | private-tmp | 26 | private-tmp |
27 | 27 | ||
28 | # mdwe is disabled due to breaking hardware accelerated decoding | ||
28 | # memory-deny-write-execute | 29 | # memory-deny-write-execute |
29 | noexec ${HOME} | 30 | noexec ${HOME} |
30 | noexec /tmp | 31 | noexec /tmp |