From bfab0a6789f6dfea858d2084d79d690cdbadd626 Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Mon, 4 Apr 2022 19:15:50 +0200
Subject: harden vlc

apparmor doesn't disable D-Bus anymore, so add it back
remove memory-deny-write-execute comment, as this also breaks JIT compiled QtQuick nowadays
---
 etc/profile-m-z/vlc.profile | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

(limited to 'etc/profile-m-z/vlc.profile')

diff --git a/etc/profile-m-z/vlc.profile b/etc/profile-m-z/vlc.profile
index 68db032aa..4a43ed196 100644
--- a/etc/profile-m-z/vlc.profile
+++ b/etc/profile-m-z/vlc.profile
@@ -27,9 +27,11 @@ whitelist ${HOME}/.config/aacs
 whitelist ${HOME}/.local/share/vlc
 include whitelist-common.inc
 include whitelist-player-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
 include whitelist-var-common.inc
 
-#apparmor - on Ubuntu 18.04 it refuses to start without dbus access
+apparmor
 caps.drop all
 netfilter
 nogroups
@@ -45,9 +47,10 @@ private-bin cvlc,nvlc,qvlc,rvlc,svlc,vlc
 private-dev
 private-tmp
 
-# dbus needed for MPRIS
-# dbus-user none
-# dbus-system none
-
-# mdwe is disabled due to breaking hardware accelerated decoding
-#memory-deny-write-execute
+dbus-user filter
+dbus-user.own org.mpris.MediaPlayer2.vlc
+dbus-user.talk org.freedesktop.Notifications
+dbus-user.talk org.freedesktop.ScreenSaver
+?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher
+dbus-user.talk org.mpris.MediaPlayer2.Player
+dbus-system none
-- 
cgit v1.2.3-70-g09d2