From 9b99215a1eb2ac5ff8fddeff3e43b725fee18ca2 Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Mon, 25 Sep 2017 15:57:50 +0200
Subject: various profile enhancements

* okular needs kdeinit4 for open file dialog since recently
* memory-deny-write-execute should be a safe addition for
  desktop use of dnscrypt and unbound
* cleanup works
---
 etc/ffmpeg.profile | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'etc/ffmpeg.profile')

diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile
index e098c95e3..5db39cf61 100644
--- a/etc/ffmpeg.profile
+++ b/etc/ffmpeg.profile
@@ -1,4 +1,4 @@
-# Firejail profile for default
+# Firejail profile for ffmpeg
 # This file is overwritten after every install/update
 quiet
 # Persistent local customizations
@@ -11,6 +11,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
+include /etc/firejail/whitelist-var-common.inc
+
 caps.drop all
 net none
 no3d
@@ -23,11 +25,11 @@ noroot
 # protocol none - needs to be implemented!
 seccomp
 # seccomp.keep futex,write,read,munmap,fstat,mprotect,mmap,open,close,stat,lseek,brk,rt_sigaction,rt_sigprocmask,ioctl,access,select,madvise,getpid,clone,execve,fcntl,getdents,readlink,getrlimit,getrusage,statfs,getpriority,setpriority,arch_prctl,sched_getaffinity,set_tid_address,set_robust_list,getrandom
-# memory-deny-write-execute - it breaks old versions of ffmpeg
 shell none
 tracelog
 
-private-tmp
-private-dev
 private-bin ffmpeg
-include /etc/firejail/whitelist-var-common.inc
+private-dev
+private-tmp
+
+# memory-deny-write-execute - it breaks old versions of ffmpeg
-- 
cgit v1.2.3-70-g09d2