diff options
Diffstat (limited to 'etc/ffmpeg.profile')
-rw-r--r-- | etc/ffmpeg.profile | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile index 44b5d5530..aa7a91928 100644 --- a/etc/ffmpeg.profile +++ b/etc/ffmpeg.profile | |||
@@ -7,28 +7,35 @@ include ffmpeg.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${MUSIC} | ||
11 | noblacklist ${VIDEOS} | ||
12 | |||
10 | include disable-common.inc | 13 | include disable-common.inc |
11 | include disable-devel.inc | 14 | include disable-devel.inc |
12 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
14 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | ||
15 | 19 | ||
16 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
17 | 21 | ||
18 | apparmor | 22 | apparmor |
19 | caps.drop all | 23 | caps.drop all |
24 | ipc-namespace | ||
20 | machine-id | 25 | machine-id |
21 | net none | 26 | netfilter |
27 | # no3d might break HW accelerated de/encoding - comment when appropriate | ||
22 | no3d | 28 | no3d |
23 | nodbus | 29 | nodbus |
24 | nodvd | 30 | nodvd |
31 | nogroups | ||
32 | nonewprivs | ||
33 | noroot | ||
25 | nosound | 34 | nosound |
26 | notv | 35 | notv |
27 | nou2f | 36 | nou2f |
28 | novideo | 37 | novideo |
29 | nonewprivs | 38 | protocol inet,inet6 |
30 | noroot | ||
31 | # protocol none - needs to be implemented! | ||
32 | seccomp | 39 | seccomp |
33 | # seccomp.keep futex,write,read,munmap,fstat,mprotect,mmap,open,close,stat,lseek,brk,rt_sigaction,rt_sigprocmask,ioctl,access,select,madvise,getpid,clone,execve,fcntl,getdents,readlink,getrlimit,getrusage,statfs,getpriority,setpriority,arch_prctl,sched_getaffinity,set_tid_address,set_robust_list,getrandom | 40 | # seccomp.keep futex,write,read,munmap,fstat,mprotect,mmap,open,close,stat,lseek,brk,rt_sigaction,rt_sigprocmask,ioctl,access,select,madvise,getpid,clone,execve,fcntl,getdents,readlink,getrlimit,getrusage,statfs,getpriority,setpriority,arch_prctl,sched_getaffinity,set_tid_address,set_robust_list,getrandom |
34 | shell none | 41 | shell none |
@@ -37,6 +44,7 @@ tracelog | |||
37 | private-bin ffmpeg | 44 | private-bin ffmpeg |
38 | private-cache | 45 | private-cache |
39 | private-dev | 46 | private-dev |
47 | private-etc alternatives,pki,pkcs11,hosts,ssl,ca-certificates,resolv.conf | ||
40 | private-tmp | 48 | private-tmp |
41 | 49 | ||
42 | # memory-deny-write-execute - it breaks old versions of ffmpeg | 50 | # memory-deny-write-execute - it breaks old versions of ffmpeg |