Fix private-etc of electron-mail, fix geary,minitube (#3588)

* Fix private-etc of electron-mail

* Fix dbus of geary

* Fix geary again, remove GPG

* Fix seccomp on Arch

4 files changed, 14 insertions, 12 deletions

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index dba60fcba..6b0c16d5f 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -216,6 +216,7 @@ blacklist ${HOME}/.config/gajim
 blacklist ${HOME}/.config/galculator
 blacklist ${HOME}/.config/gconf
 blacklist ${HOME}/.config/geany
+blacklist ${HOME}/.config/geary
 blacklist ${HOME}/.config/gedit
 blacklist ${HOME}/.config/geeqie
 blacklist ${HOME}/.config/ghb
@@ -865,6 +866,7 @@ blacklist ${HOME}/.cache/fossamail
 blacklist ${HOME}/.cache/fractal
 blacklist ${HOME}/.cache/freecol
 blacklist ${HOME}/.cache/gajim
+blacklist ${HOME}/.cache/geary
 blacklist ${HOME}/.cache/gegl-0.4
 blacklist ${HOME}/.cache/geeqie
 blacklist ${HOME}/.cache/gfeeds
diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile
index 39366470f..a77bca0f8 100644
--- a/etc/profile-a-l/electron-mail.profile
+++ b/etc/profile-a-l/electron-mail.profile
@@ -8,8 +8,6 @@ include globals.local
 
 noblacklist ${HOME}/.config/electron-mail
 
-whitelist ${DOWNLOADS}
-
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -21,8 +19,10 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/electron-mail
 whitelist ${HOME}/.config/electron-mail
+whitelist ${DOWNLOADS}
 
 include whitelist-common.inc
+include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
@@ -45,12 +45,12 @@ shell none
 private-bin electron-mail
 private-cache
 private-dev
-private-etc alternatives,fonts
+private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,nsswitch.conf,pki,resolv.conf,ssl,selinux,xdg
 private-opt ElectronMail
 private-tmp
 
 # breaks tray functionality
 # dbus-user none
-# dbus-system none
+dbus-system none
 
-# memory-deny-write-execute - breaks on Arch
+# memory-deny-write-execute - breaks on Arch
\ No newline at end of file
diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile
index fa01d04b7..118ed62ca 100644
--- a/etc/profile-a-l/geary.profile
+++ b/etc/profile-a-l/geary.profile
@@ -10,24 +10,24 @@ include geary.local
 # Users have Geary set to open a browser by clicking a link in an email
 # We are not allowed to blacklist browser-specific directories
 
-ignore dbus-user none
+ignore dbus-user filter
 ignore dbus-system none
 ignore private-tmp
 
-noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.cache/geary
+noblacklist ${HOME}/.config/geary
 noblacklist ${HOME}/.local/share/geary
 
-mkdir ${HOME}/.gnupg
+mkdir ${HOME}/.cache/geary
 mkdir ${HOME}/.config/geary
 mkdir ${HOME}/.local/share/geary
-whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.cache/geary
 whitelist ${HOME}/.config/geary
 whitelist ${HOME}/.local/share/geary
+whitelist /usr/share/geary
 
 read-only ${HOME}/.config/mimeapps.list
 
-whitelist /usr/share/geary
-
 # allow Mozilla browsers
 # Redirect
 include firefox.profile
diff --git a/etc/profile-m-z/minitube.profile b/etc/profile-m-z/minitube.profile
index 2c70978a9..39ecc7127 100644
--- a/etc/profile-m-z/minitube.profile
+++ b/etc/profile-m-z/minitube.profile
@@ -46,7 +46,7 @@ notv
 nou2f
 novideo
 protocol unix,inet,inet6,netlink
-seccomp
+seccomp !kcmp
 shell none
 tracelog