Package: firejail-profiles
Version: 0.9.60-2
Severity: important
Dear Maintainer,
the firejail profile for 'ffplay' makes the program completely unusable. Trying
to play any media file results in the error
| Could not initialize SDL - No available video device
| (Did you set the DISPLAY variable?)
A short investigation showed that the 'ffplay' profile include the 'ffmpeg'
profile which, among other things, sets
| protocol inet,inet6
Adding 'unix' to the list fixes the problem. Now ALSA complains that it cannot
find any sound card. Removing
| nosound
from the profile fixes that. My modified, working profile is attached.
Strangely, I could not find any negative consequences of the 'novideo' option.
Regards, Jan
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.2.0-2-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages firejail-profiles depends on:
ii firejail 0.9.60-2
firejail-profiles recommends no packages.
firejail-profiles suggests no packages.
-- Configuration Files:
/etc/firejail/ffmpeg.profile changed:
quiet
include ffmpeg.local
include globals.local
noblacklist ${MUSIC}
noblacklist ${VIDEOS}
include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
include disable-xdg.inc
include whitelist-var-common.inc
apparmor
caps.drop all
ipc-namespace
machine-id
netfilter
nodbus
nodvd
nogroups
nonewprivs
noroot
notv
nou2f
novideo
protocol inet,inet6,unix
seccomp
shell none
tracelog
private-bin ffmpeg
private-cache
private-dev
private-etc alternatives,pki,pkcs11,hosts,ssl,ca-certificates,resolv.conf
private-tmp
-- no debconf information
