At the moment, the project's readme suggests setting security.sandbox.content.level to 0.
jrmuizel recommended rather setting MOZ_DISABLE_RDD_SANDBOX=1 than disabling the content process sandbox:
even running in the rdd with the sandbox completely disabled wouldn't be the worst option in the world
definitely better than disabling the sandbox in the content processes
So we recommended media.rdd-ffmpeg.enabled=true + MOZ_DISABLE_RDD_SANDBOX=1 in this issue:
If the required syscalls could be behind a security.sandbox.rdd.nvidia-highly-experimental-vaapi pref, it would allow users of that project to not disable any sandbox.
Type: defect → enhancement
OS: Unspecified → Linux
Hardware: Unspecified → x86_64
Summary: Allow more syscalls for nvidia-vaapi-driver → Allow more syscalls for nvidia-vaapi-driver, possibly behind a pref