Last modified: 2013-07-25 08:59:48 UTC
In case one of the media converters has a vulnerability, they should be confined with AppArmor profiles when running on WMF sites
https://gerrit.wikimedia.org/r/#/c/38307/ adds apparmor profiles for avconv and ffmpeg2theora to imagescalers and videoscalers.
(In reply to comment #1) > https://gerrit.wikimedia.org/r/#/c/38307/ adds apparmor profiles for avconv > and ffmpeg2theora to imagescalers and videoscalers. Patch has both +1 and -1. Jan: Do you plan to take a look at it at some point?
not sure how to proceed with this, as long as beta does not use swift enabling the profiles will break things since files are accessed outside of /tmp.