From adad97e8029880317e33f65ee5d6a18189363e8b Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Sun, 24 Feb 2019 21:22:41 +0000
Subject: Harden ffmpeg.profile (#2457)

---
 etc/ffmpeg.profile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile
index 8aa6198df..44b5d5530 100644
--- a/etc/ffmpeg.profile
+++ b/etc/ffmpeg.profile
@@ -15,7 +15,9 @@ include disable-programs.inc
 
 include whitelist-var-common.inc
 
+apparmor
 caps.drop all
+machine-id
 net none
 no3d
 nodbus
@@ -33,7 +35,10 @@ shell none
 tracelog
 
 private-bin ffmpeg
+private-cache
 private-dev
 private-tmp
 
 # memory-deny-write-execute - it breaks old versions of ffmpeg
+noexec ${HOME}
+noexec /tmp
-- 
cgit v1.2.3-54-g00ecf