diff options
Diffstat (limited to 'etc/ffmpeg.profile')
-rw-r--r-- | etc/ffmpeg.profile | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile index e098c95e3..5db39cf61 100644 --- a/etc/ffmpeg.profile +++ b/etc/ffmpeg.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # Firejail profile for default | 1 | # Firejail profile for ffmpeg |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | quiet | 3 | quiet |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
@@ -11,6 +11,8 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | 13 | ||
14 | include /etc/firejail/whitelist-var-common.inc | ||
15 | |||
14 | caps.drop all | 16 | caps.drop all |
15 | net none | 17 | net none |
16 | no3d | 18 | no3d |
@@ -23,11 +25,11 @@ noroot | |||
23 | # protocol none - needs to be implemented! | 25 | # protocol none - needs to be implemented! |
24 | seccomp | 26 | seccomp |
25 | # seccomp.keep futex,write,read,munmap,fstat,mprotect,mmap,open,close,stat,lseek,brk,rt_sigaction,rt_sigprocmask,ioctl,access,select,madvise,getpid,clone,execve,fcntl,getdents,readlink,getrlimit,getrusage,statfs,getpriority,setpriority,arch_prctl,sched_getaffinity,set_tid_address,set_robust_list,getrandom | 27 | # seccomp.keep futex,write,read,munmap,fstat,mprotect,mmap,open,close,stat,lseek,brk,rt_sigaction,rt_sigprocmask,ioctl,access,select,madvise,getpid,clone,execve,fcntl,getdents,readlink,getrlimit,getrusage,statfs,getpriority,setpriority,arch_prctl,sched_getaffinity,set_tid_address,set_robust_list,getrandom |
26 | # memory-deny-write-execute - it breaks old versions of ffmpeg | ||
27 | shell none | 28 | shell none |
28 | tracelog | 29 | tracelog |
29 | 30 | ||
30 | private-tmp | ||
31 | private-dev | ||
32 | private-bin ffmpeg | 31 | private-bin ffmpeg |
33 | include /etc/firejail/whitelist-var-common.inc | 32 | private-dev |
33 | private-tmp | ||
34 | |||
35 | # memory-deny-write-execute - it breaks old versions of ffmpeg | ||