diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2019-02-24 21:22:41 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-02-24 21:22:41 +0000 |
commit | adad97e8029880317e33f65ee5d6a18189363e8b (patch) | |
tree | 20ea682559d1bd08233e80d66b64ee2d52e61816 /etc | |
parent | Harden exiftool.profile (#2456) (diff) | |
download | firejail-adad97e8029880317e33f65ee5d6a18189363e8b.tar.gz firejail-adad97e8029880317e33f65ee5d6a18189363e8b.tar.zst firejail-adad97e8029880317e33f65ee5d6a18189363e8b.zip |
Harden ffmpeg.profile (#2457)
Diffstat (limited to 'etc')
-rw-r--r-- | etc/ffmpeg.profile | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile index 8aa6198df..44b5d5530 100644 --- a/etc/ffmpeg.profile +++ b/etc/ffmpeg.profile | |||
@@ -15,7 +15,9 @@ include disable-programs.inc | |||
15 | 15 | ||
16 | include whitelist-var-common.inc | 16 | include whitelist-var-common.inc |
17 | 17 | ||
18 | apparmor | ||
18 | caps.drop all | 19 | caps.drop all |
20 | machine-id | ||
19 | net none | 21 | net none |
20 | no3d | 22 | no3d |
21 | nodbus | 23 | nodbus |
@@ -33,7 +35,10 @@ shell none | |||
33 | tracelog | 35 | tracelog |
34 | 36 | ||
35 | private-bin ffmpeg | 37 | private-bin ffmpeg |
38 | private-cache | ||
36 | private-dev | 39 | private-dev |
37 | private-tmp | 40 | private-tmp |
38 | 41 | ||
39 | # memory-deny-write-execute - it breaks old versions of ffmpeg | 42 | # memory-deny-write-execute - it breaks old versions of ffmpeg |
43 | noexec ${HOME} | ||
44 | noexec /tmp | ||