diff --git a/net/snowflake/Makefile b/net/snowflake/Makefile
index 2ceb93a67..8471acb2e 100644
--- a/net/snowflake/Makefile
+++ b/net/snowflake/Makefile
@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=snowflake
 PKG_VERSION:=2.3.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=https://git.torproject.org/pluggable-transports/snowflake.git
diff --git a/net/snowflake/files/snowflake-proxy.init b/net/snowflake/files/snowflake-proxy.init
old mode 100755
new mode 100644
index 2ddfe1830..3d8b4387d
--- a/net/snowflake/files/snowflake-proxy.init
+++ b/net/snowflake/files/snowflake-proxy.init
@@ -14,5 +14,10 @@ start_service() {
 	procd_set_param user snowflake
 	procd_set_param group snowflake
 	procd_set_param respawn
+	[ -x /sbin/ujail ] && {
+		procd_add_jail snowflake-proxy ronly
+		procd_add_jail_mount /etc/ssl/certs
+		procd_set_param no_new_privs 1
+	}
 	procd_close_instance
 }