diff options
| author |  glitsj16 <glitsj16@users.noreply.github.com> | 2019-02-24 21:22:41 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2019-02-24 21:22:41 +0000 |
| commit | adad97e8029880317e33f65ee5d6a18189363e8b (patch) | |
| tree | 20ea682559d1bd08233e80d66b64ee2d52e61816 /etc/ffmpeg.profile | |
| parent | Harden exiftool.profile (#2456) (diff) | |
| download | firejail-adad97e8029880317e33f65ee5d6a18189363e8b.tar.gz firejail-adad97e8029880317e33f65ee5d6a18189363e8b.tar.zst firejail-adad97e8029880317e33f65ee5d6a18189363e8b.zip | |
Harden ffmpeg.profile (#2457)
Diffstat (limited to 'etc/ffmpeg.profile')
| -rw-r--r-- | etc/ffmpeg.profile | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile index 8aa6198df..44b5d5530 100644 --- a/etc/ffmpeg.profile +++ b/etc/ffmpeg.profile | |||
| @@ -15,7 +15,9 @@ include disable-programs.inc | |||
| 15 | 15 | ||
| 16 | include whitelist-var-common.inc | 16 | include whitelist-var-common.inc |
| 17 | 17 | ||
| 18 | apparmor | ||
| 18 | caps.drop all | 19 | caps.drop all |
| 20 | machine-id | ||
| 19 | net none | 21 | net none |
| 20 | no3d | 22 | no3d |
| 21 | nodbus | 23 | nodbus |
| @@ -33,7 +35,10 @@ shell none | |||
| 33 | tracelog | 35 | tracelog |
| 34 | 36 | ||
| 35 | private-bin ffmpeg | 37 | private-bin ffmpeg |
| 38 | private-cache | ||
| 36 | private-dev | 39 | private-dev |
| 37 | private-tmp | 40 | private-tmp |
| 38 | 41 | ||
| 39 | # memory-deny-write-execute - it breaks old versions of ffmpeg | 42 | # memory-deny-write-execute - it breaks old versions of ffmpeg |
| 43 | noexec ${HOME} | ||
| 44 | noexec /tmp | ||