diff options
Diffstat (limited to 'etc/cvlc.profile')
-rw-r--r-- | etc/cvlc.profile | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/etc/cvlc.profile b/etc/cvlc.profile index 460966321..e0d32da0f 100644 --- a/etc/cvlc.profile +++ b/etc/cvlc.profile | |||
@@ -14,7 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nogroups | 17 | # nogroups |
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | protocol unix,inet,inet6,netlink | 20 | protocol unix,inet,inet6,netlink |
@@ -27,4 +27,7 @@ tracelog | |||
27 | private-dev | 27 | private-dev |
28 | private-tmp | 28 | private-tmp |
29 | 29 | ||
30 | memory-deny-write-execute | 30 | # mdwe is disabled due to breaking hardware accelerated decoding |
31 | # memory-deny-write-execute | ||
32 | noexec ${HOME} | ||
33 | noexec /tmp | ||