added ffmpeg.profile, removed ssh-agent from firecfg

author: netblue30 <netblue30@yahoo.com> 2017-09-21 08:15:19 -0400
committer: netblue30 <netblue30@yahoo.com> 2017-09-21 08:15:19 -0400
commit: 0ec8ec63375efaf87a5f8af48c83eac560dacd20 (patch)
tree: 978dab36c48f26091d2e1919d1f561d522577737 /etc/ffmpeg.profile
parent: Fixup 17a2edf9be3d1144db1a262c5358bf190c9b272b (diff)
download: firejail-0ec8ec63375efaf87a5f8af48c83eac560dacd20.tar.gz
firejail-0ec8ec63375efaf87a5f8af48c83eac560dacd20.tar.zst
firejail-0ec8ec63375efaf87a5f8af48c83eac560dacd20.zip
1 files changed, 33 insertions, 0 deletions
diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile
new file mode 100644
index 000000000..e098c95e3
--- /dev/null
+++ b/etc/ffmpeg.profile
@@ -0,0 +1,33 @@
+# Firejail profile for default
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include /etc/firejail/ffmpeg.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+net none
+no3d
+nodvd
+nosound
+notv
+novideo
+nonewprivs
+noroot
+# protocol none - needs to be implemented!
+seccomp
+# seccomp.keep futex,write,read,munmap,fstat,mprotect,mmap,open,close,stat,lseek,brk,rt_sigaction,rt_sigprocmask,ioctl,access,select,madvise,getpid,clone,execve,fcntl,getdents,readlink,getrlimit,getrusage,statfs,getpriority,setpriority,arch_prctl,sched_getaffinity,set_tid_address,set_robust_list,getrandom
+# memory-deny-write-execute - it breaks old versions of ffmpeg
+shell none
+tracelog
+private-tmp
+private-dev
+private-bin ffmpeg
+include /etc/firejail/whitelist-var-common.inc
author	netblue30 <netblue30@yahoo.com>	2017-09-21 08:15:19 -0400
committer	netblue30 <netblue30@yahoo.com>	2017-09-21 08:15:19 -0400
commit	0ec8ec63375efaf87a5f8af48c83eac560dacd20 (patch)
tree	978dab36c48f26091d2e1919d1f561d522577737 /etc/ffmpeg.profile
parent	Fixup 17a2edf9be3d1144db1a262c5358bf190c9b272b (diff)
download	firejail-0ec8ec63375efaf87a5f8af48c83eac560dacd20.tar.gz firejail-0ec8ec63375efaf87a5f8af48c83eac560dacd20.tar.zst firejail-0ec8ec63375efaf87a5f8af48c83eac560dacd20.zip

diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile new file mode 100644 index 000000000..e098c95e3 --- /dev/null +++ b/etc/ffmpeg.profile
@@ -0,0 +1,33 @@
	1	# Firejail profile for default
	2	# This file is overwritten after every install/update
	3	quiet
	4	# Persistent local customizations
	5	include /etc/firejail/ffmpeg.local
	6	# Persistent global definitions
	7	include /etc/firejail/globals.local
	8
	9	include /etc/firejail/disable-common.inc
	10	include /etc/firejail/disable-devel.inc
	11	include /etc/firejail/disable-passwdmgr.inc
	12	include /etc/firejail/disable-programs.inc
	13
	14	caps.drop all
	15	net none
	16	no3d
	17	nodvd
	18	nosound
	19	notv
	20	novideo
	21	nonewprivs
	22	noroot
	23	# protocol none - needs to be implemented!
	24	seccomp
	25	# seccomp.keep futex,write,read,munmap,fstat,mprotect,mmap,open,close,stat,lseek,brk,rt_sigaction,rt_sigprocmask,ioctl,access,select,madvise,getpid,clone,execve,fcntl,getdents,readlink,getrlimit,getrusage,statfs,getpriority,setpriority,arch_prctl,sched_getaffinity,set_tid_address,set_robust_list,getrandom
	26	# memory-deny-write-execute - it breaks old versions of ffmpeg
	27	shell none
	28	tracelog
	29
	30	private-tmp
	31	private-dev
	32	private-bin ffmpeg
	33	include /etc/firejail/whitelist-var-common.inc