ffmpeg.profile 1.01 KB
Newer Older
1
# Firejail profile for ffmpeg
2
# Description: Tools for transcoding, streaming and playing of multimedia files
3 4 5
# This file is overwritten after every install/update
quiet
# Persistent local customizations
6
include ffmpeg.local
7
# Persistent global definitions
8
include globals.local
9

10 11 12 13 14
include disable-common.inc
include disable-devel.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
15

16
include whitelist-var-common.inc
17 18 19 20

caps.drop all
net none
no3d
21
nodbus
22 23 24
nodvd
nosound
notv
25
nou2f
26 27 28 29 30 31 32 33 34 35 36 37 38 39
novideo
nonewprivs
noroot
# protocol none - needs to be implemented!
seccomp
# seccomp.keep futex,write,read,munmap,fstat,mprotect,mmap,open,close,stat,lseek,brk,rt_sigaction,rt_sigprocmask,ioctl,access,select,madvise,getpid,clone,execve,fcntl,getdents,readlink,getrlimit,getrusage,statfs,getpriority,setpriority,arch_prctl,sched_getaffinity,set_tid_address,set_robust_list,getrandom
shell none
tracelog

private-bin ffmpeg
private-dev
private-tmp

# memory-deny-write-execute - it breaks old versions of ffmpeg