Add whitelisting to mutt; improve geary, new profile for neomutt

author: bbhtt <62639087+bbhtt@users.noreply.github.com> 2020-12-28 13:10:15 +0000
committer: bbhtt <62639087+bbhtt@users.noreply.github.com> 2020-12-28 13:10:15 +0000
commit: a8a8e33bc17263db763cd7bd803314f8d5dbd2c5 (patch)
tree: e6941abe0856b28a6f1b68c58ae88e8b4e68330a
parent: shell autoselection fixup (diff)
download: firejail-a8a8e33bc17263db763cd7bd803314f8d5dbd2c5.tar.gz
firejail-a8a8e33bc17263db763cd7bd803314f8d5dbd2c5.tar.zst
firejail-a8a8e33bc17263db763cd7bd803314f8d5dbd2c5.zip
4 files changed, 268 insertions, 13 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 07fefec8c..60b586ae2 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -316,11 +316,13 @@ blacklist ${HOME}/.config/mpd
 blacklist ${HOME}/.config/mps-youtube
 blacklist ${HOME}/.config/mpv
 blacklist ${HOME}/.config/mupen64plus
+blacklist ${HOME}/.config/mutt
 blacklist ${HOME}/.config/mutter
 blacklist ${HOME}/.config/mypaint
 blacklist ${HOME}/.config/nano
 blacklist ${HOME}/.config/nautilus
 blacklist ${HOME}/.config/nemo
+blacklist ${HOME}/.config/neomutt
 blacklist ${HOME}/.config/netsurf
 blacklist ${HOME}/.config/newsbeuter
 blacklist ${HOME}/.config/newsflash
diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile
index f4e5a392f..3f96d8b25 100644
--- a/etc/profile-a-l/geary.profile
+++ b/etc/profile-a-l/geary.profile
@@ -4,19 +4,21 @@
 # Persistent local customizations
 include geary.local
 # Persistent global definitions
-# added by included profile
+include globals.local
-#include globals.local
-# Users have Geary set to open a browser by clicking a link in an email
-# We are not allowed to blacklist browser-specific directories
-ignore dbus-user filter
-ignore dbus-system none
-ignore private-tmp
 noblacklist ${HOME}/.cache/geary
 noblacklist ${HOME}/.config/geary
 noblacklist ${HOME}/.local/share/geary
+noblacklist ${HOME}/.mozilla
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
 mkdir ${HOME}/.cache/geary
 mkdir ${HOME}/.config/geary
@@ -24,8 +26,43 @@ mkdir ${HOME}/.local/share/geary
 whitelist ${HOME}/.cache/geary
 whitelist ${HOME}/.config/geary
 whitelist ${HOME}/.local/share/geary
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
+whitelist ${DOWNLOADS}
 whitelist /usr/share/geary
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+# disable-mnt
+# Add ignore private-bin to geary.local for hyperlink support
+private-bin geary
+private-cache
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,pki,resolv.conf,selinux,ssl,xdg
+private-tmp
+dbus-user filter
+dbus-user.own org.gnome.Geary
+dbus-user.talk ca.desrt.dconf
+dbus-user.talk org.freedesktop.secrets
+dbus-system none
-# allow Mozilla browsers
+read-only ${HOME}/.mozilla/firefox/profiles.ini
-# Redirect
-include firefox.profile
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile
index 1ce12f54f..87e7c7f06 100644
--- a/etc/profile-m-z/mutt.profile
+++ b/etc/profile-m-z/mutt.profile
@@ -1,5 +1,6 @@
 # Firejail profile for mutt
 # Description: Text-based mailreader supporting MIME, GPG, PGP and threading
+quiet
 # This file is overwritten after every install/update
 # Persistent local customizations
 include mutt.local
@@ -10,13 +11,14 @@ noblacklist /var/mail
 noblacklist /var/spool/mail
 noblacklist ${HOME}/.Mail
 noblacklist ${HOME}/.bogofilter
-noblacklist ${HOME}/.cache/mutt
+noblacklist ${HOME}/.config/mutt
 noblacklist ${HOME}/.config/nano
 noblacklist ${HOME}/.elinks
 noblacklist ${HOME}/.emacs
 noblacklist ${HOME}/.emacs.d
 noblacklist ${HOME}/.gnupg
 noblacklist ${HOME}/.mail
+noblacklist ${HOME}/.mailcap
 noblacklist ${HOME}/.msmtprc
 noblacklist ${HOME}/.mutt
 noblacklist ${HOME}/.muttrc
@@ -34,14 +36,77 @@ noblacklist ${HOME}/sent
 blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}/wayland-*
+include allow-perl.inc
+include allow-python.inc
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-xdg.inc
+mkfile ${HOME}/.elinks
+mkfile ${HOME}/.emacs
+mkfile ${HOME}/.mailcap
+mkfile ${HOME}/.msmtprc
+mkfile ${HOME}/.muttrc
+mkfile ${HOME}/.nanorc
+mkfile ${HOME}/.signature
+mkfile ${HOME}/.vimrc
+mkfile ${HOME}/.viminfo
+mkfile ${HOME}/.vimrc
+mkfile ${HOME}/.w3m
+mkdir ${HOME}/.Mail
+mkdir ${HOME}/.bogofilter
+mkdir ${HOME}/.config/mutt
+mkdir ${HOME}/.config/nano
+mkdir ${HOME}/.emacs.d
+mkdir ${HOME}/.gnupg
+mkdir ${HOME}/.mail
+mkdir ${HOME}/.mutt
+mkdir ${HOME}/.vim
+mkdir ${HOME}/Mail
+mkdir ${HOME}/mail
+mkdir ${HOME}/postponed
+mkdir ${HOME}/sent
+whitelist ${HOME}/.Mail
+whitelist ${HOME}/.bogofilter
+whitelist ${HOME}/.config/mutt
+whitelist ${HOME}/.config/nano
+whitelist ${HOME}/.elinks
+whitelist ${HOME}/.emacs
+whitelist ${HOME}/.emacs.d
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.mail
+whitelist ${HOME}/.mailcap
+whitelist ${HOME}/.msmtprc
+whitelist ${HOME}/.mutt
+whitelist ${HOME}/.muttrc
+whitelist ${HOME}/.nanorc
+whitelist ${HOME}/.signature
+whitelist ${HOME}/.vim
+whitelist ${HOME}/.viminfo
+whitelist ${HOME}/.vimrc
+whitelist ${HOME}/.w3m
+whitelist ${HOME}/Mail
+whitelist ${HOME}/mail
+whitelist ${HOME}/postponed
+whitelist ${HOME}/sent
+whitelist ${DOCUMENTS}
+whitelist ${DOWNLOADS}
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
+whitelist /usr/share/mutt
+whitelist /var/mail
+whitelist /var/spool/mail
+include whitelist-common.inc
 include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
 caps.drop all
 netfilter
 no3d
@@ -56,7 +121,15 @@ novideo
 protocol unix,inet,inet6
 seccomp
 shell none
+tracelog
+# disable-mnt
+private-cache
 private-dev
+private-etc alternatives,ca-certificates,crypto-policies,fonts,gai.conf,gcrypt,gnupg,gnutls,hostname,hosts,hosts.conf,mail,mailname,Mutt,Muttrc,Muttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,terminfo,xdg
+private-tmp
 writable-run-user
 writable-var
+dbus-user none
+dbus-system none
diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile
new file mode 100644
index 000000000..d71dc618b
--- /dev/null
+++ b/etc/profile-m-z/neomutt.profile
@@ -0,0 +1,143 @@
+# Firejail profile for neomutt
+# Description: Mutt fork with advanced features and better documentation
+quiet
+# This file is overwritten after every install/update
+# Persistent local customizations
+include neomutt.local
+# Persistent global definitions
+include globals.local
+noblacklist /var/mail
+noblacklist /var/spool/mail
+noblacklist ${HOME}/.Mail
+noblacklist ${HOME}/.bogofilter
+noblacklist ${HOME}/.config/mutt
+noblacklist ${HOME}/.config/nano
+noblacklist ${HOME}/.config/neomutt
+noblacklist ${HOME}/.elinks
+noblacklist ${HOME}/.emacs
+noblacklist ${HOME}/.emacs.d
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.mail
+noblacklist ${HOME}/.mailcap
+noblacklist ${HOME}/.msmtprc
+noblacklist ${HOME}/.mutt
+noblacklist ${HOME}/.muttrc
+noblacklist ${HOME}/.nanorc
+noblacklist ${HOME}/.neomutt
+noblacklist ${HOME}/.neomuttrc
+noblacklist ${HOME}/.signature
+noblacklist ${HOME}/.vim
+noblacklist ${HOME}/.viminfo
+noblacklist ${HOME}/.vimrc
+noblacklist ${HOME}/.w3m
+noblacklist ${HOME}/Mail
+noblacklist ${HOME}/mail
+noblacklist ${HOME}/postponed
+noblacklist ${HOME}/sent
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
+include allow-lua.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkfile ${HOME}/.elinks
+mkfile ${HOME}/.emacs
+mkfile ${HOME}/.mailcap
+mkfile ${HOME}/.msmtprc
+mkfile ${HOME}/.muttrc
+mkfile ${HOME}/.nanorc
+mkfile ${HOME}/.neomuttrc
+mkfile ${HOME}/.signature
+mkfile ${HOME}/.vimrc
+mkfile ${HOME}/.viminfo
+mkfile ${HOME}/.vimrc
+mkfile ${HOME}/.w3m
+mkdir ${HOME}/.Mail
+mkdir ${HOME}/.bogofilter
+mkdir ${HOME}/.config/mutt
+mkdir ${HOME}/.config/nano
+mkdir ${HOME}/.config/neomutt
+mkdir ${HOME}/.emacs.d
+mkdir ${HOME}/.gnupg
+mkdir ${HOME}/.mail
+mkdir ${HOME}/.mutt
+mkdir ${HOME}/.neomutt
+mkdir ${HOME}/.vim
+mkdir ${HOME}/Mail
+mkdir ${HOME}/mail
+mkdir ${HOME}/postponed
+mkdir ${HOME}/sent
+whitelist ${HOME}/.Mail
+whitelist ${HOME}/.bogofilter
+whitelist ${HOME}/.config/mutt
+whitelist ${HOME}/.config/nano
+whitelist ${HOME}/.config/neomutt
+whitelist ${HOME}/.elinks
+whitelist ${HOME}/.emacs
+whitelist ${HOME}/.emacs.d
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.mail
+whitelist ${HOME}/.mailcap
+whitelist ${HOME}/.msmtprc
+whitelist ${HOME}/.mutt
+whitelist ${HOME}/.muttrc
+whitelist ${HOME}/.nanorc
+whitelist ${HOME}/.neomutt
+whitelist ${HOME}/.neomuttrc
+whitelist ${HOME}/.signature
+whitelist ${HOME}/.vim
+whitelist ${HOME}/.viminfo
+whitelist ${HOME}/.vimrc
+whitelist ${HOME}/.w3m
+whitelist ${HOME}/Mail
+whitelist ${HOME}/mail
+whitelist ${HOME}/postponed
+whitelist ${HOME}/sent
+whitelist ${DOCUMENTS}
+whitelist ${DOWNLOADS}
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
+whitelist /usr/share/neomutt
+whitelist /var/mail
+whitelist /var/spool/mail
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+# disable-mnt
+private-cache
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gnupg,hostname,hosts,hosts.conf,mail,mailname,Mutt,Muttrc,Muttrc.d,neomuttrc,neomuttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,xdg
+private-tmp
+writable-run-user
+writable-var
+dbus-user none
+dbus-system none
author	bbhtt <62639087+bbhtt@users.noreply.github.com>	2020-12-28 13:10:15 +0000
committer	bbhtt <62639087+bbhtt@users.noreply.github.com>	2020-12-28 13:10:15 +0000
commit	a8a8e33bc17263db763cd7bd803314f8d5dbd2c5 (patch)
tree	e6941abe0856b28a6f1b68c58ae88e8b4e68330a
parent	shell autoselection fixup (diff)
download	firejail-a8a8e33bc17263db763cd7bd803314f8d5dbd2c5.tar.gz firejail-a8a8e33bc17263db763cd7bd803314f8d5dbd2c5.tar.zst firejail-a8a8e33bc17263db763cd7bd803314f8d5dbd2c5.zip

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 07fefec8c..60b586ae2 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc
@@ -316,11 +316,13 @@ blacklist ${HOME}/.config/mpd
316	blacklist ${HOME}/.config/mps-youtube	316	blacklist ${HOME}/.config/mps-youtube
317	blacklist ${HOME}/.config/mpv	317	blacklist ${HOME}/.config/mpv
318	blacklist ${HOME}/.config/mupen64plus	318	blacklist ${HOME}/.config/mupen64plus
		319	blacklist ${HOME}/.config/mutt
319	blacklist ${HOME}/.config/mutter	320	blacklist ${HOME}/.config/mutter
320	blacklist ${HOME}/.config/mypaint	321	blacklist ${HOME}/.config/mypaint
321	blacklist ${HOME}/.config/nano	322	blacklist ${HOME}/.config/nano
322	blacklist ${HOME}/.config/nautilus	323	blacklist ${HOME}/.config/nautilus
323	blacklist ${HOME}/.config/nemo	324	blacklist ${HOME}/.config/nemo
		325	blacklist ${HOME}/.config/neomutt
324	blacklist ${HOME}/.config/netsurf	326	blacklist ${HOME}/.config/netsurf
325	blacklist ${HOME}/.config/newsbeuter	327	blacklist ${HOME}/.config/newsbeuter
326	blacklist ${HOME}/.config/newsflash	328	blacklist ${HOME}/.config/newsflash


diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile index f4e5a392f..3f96d8b25 100644 --- a/etc/profile-a-l/geary.profile +++ b/etc/profile-a-l/geary.profile
@@ -4,19 +4,21 @@
4	# Persistent local customizations	4	# Persistent local customizations
5	include geary.local	5	include geary.local
6	# Persistent global definitions	6	# Persistent global definitions
7	# added by included profile	7	include globals.local
8	#include globals.local
9
10	# Users have Geary set to open a browser by clicking a link in an email
11	# We are not allowed to blacklist browser-specific directories
12
13	ignore dbus-user filter
14	ignore dbus-system none
15	ignore private-tmp
16		8
17	noblacklist ${HOME}/.cache/geary	9	noblacklist ${HOME}/.cache/geary
18	noblacklist ${HOME}/.config/geary	10	noblacklist ${HOME}/.config/geary
19	noblacklist ${HOME}/.local/share/geary	11	noblacklist ${HOME}/.local/share/geary
		12	noblacklist ${HOME}/.mozilla
		13
		14	include disable-common.inc
		15	include disable-devel.inc
		16	include disable-exec.inc
		17	include disable-interpreters.inc
		18	include disable-passwdmgr.inc
		19	include disable-programs.inc
		20	include disable-shell.inc
		21	include disable-xdg.inc
20		22
21	mkdir ${HOME}/.cache/geary	23	mkdir ${HOME}/.cache/geary
22	mkdir ${HOME}/.config/geary	24	mkdir ${HOME}/.config/geary
@@ -24,8 +26,43 @@ mkdir ${HOME}/.local/share/geary
24	whitelist ${HOME}/.cache/geary	26	whitelist ${HOME}/.cache/geary
25	whitelist ${HOME}/.config/geary	27	whitelist ${HOME}/.config/geary
26	whitelist ${HOME}/.local/share/geary	28	whitelist ${HOME}/.local/share/geary
		29	whitelist ${HOME}/.mozilla/firefox/profiles.ini
		30	whitelist ${DOWNLOADS}
27	whitelist /usr/share/geary	31	whitelist /usr/share/geary
		32	include whitelist-common.inc
		33	include whitelist-runuser-common.inc
		34	include whitelist-usr-share-common.inc
		35	include whitelist-var-common.inc
		36
		37	apparmor
		38	caps.drop all
		39	netfilter
		40	no3d
		41	nodvd
		42	nogroups
		43	nonewprivs
		44	noroot
		45	nosound
		46	notv
		47	nou2f
		48	novideo
		49	protocol unix,inet,inet6
		50	seccomp
		51	shell none
		52	tracelog
		53
		54	# disable-mnt
		55	# Add ignore private-bin to geary.local for hyperlink support
		56	private-bin geary
		57	private-cache
		58	private-dev
		59	private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,pki,resolv.conf,selinux,ssl,xdg
		60	private-tmp
		61
		62	dbus-user filter
		63	dbus-user.own org.gnome.Geary
		64	dbus-user.talk ca.desrt.dconf
		65	dbus-user.talk org.freedesktop.secrets
		66	dbus-system none
28		67
29	# allow Mozilla browsers	68	read-only ${HOME}/.mozilla/firefox/profiles.ini
30	# Redirect
31	include firefox.profile


diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index 1ce12f54f..87e7c7f06 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile
@@ -1,5 +1,6 @@
1	# Firejail profile for mutt	1	# Firejail profile for mutt
2	# Description: Text-based mailreader supporting MIME, GPG, PGP and threading	2	# Description: Text-based mailreader supporting MIME, GPG, PGP and threading
		3	quiet
3	# This file is overwritten after every install/update	4	# This file is overwritten after every install/update
4	# Persistent local customizations	5	# Persistent local customizations
5	include mutt.local	6	include mutt.local
@@ -10,13 +11,14 @@ noblacklist /var/mail
10	noblacklist /var/spool/mail	11	noblacklist /var/spool/mail
11	noblacklist ${HOME}/.Mail	12	noblacklist ${HOME}/.Mail
12	noblacklist ${HOME}/.bogofilter	13	noblacklist ${HOME}/.bogofilter
13	noblacklist ${HOME}/.cache/mutt	14	noblacklist ${HOME}/.config/mutt
14	noblacklist ${HOME}/.config/nano	15	noblacklist ${HOME}/.config/nano
15	noblacklist ${HOME}/.elinks	16	noblacklist ${HOME}/.elinks
16	noblacklist ${HOME}/.emacs	17	noblacklist ${HOME}/.emacs
17	noblacklist ${HOME}/.emacs.d	18	noblacklist ${HOME}/.emacs.d
18	noblacklist ${HOME}/.gnupg	19	noblacklist ${HOME}/.gnupg
19	noblacklist ${HOME}/.mail	20	noblacklist ${HOME}/.mail
		21	noblacklist ${HOME}/.mailcap
20	noblacklist ${HOME}/.msmtprc	22	noblacklist ${HOME}/.msmtprc
21	noblacklist ${HOME}/.mutt	23	noblacklist ${HOME}/.mutt
22	noblacklist ${HOME}/.muttrc	24	noblacklist ${HOME}/.muttrc
@@ -34,14 +36,77 @@ noblacklist ${HOME}/sent
34	blacklist /tmp/.X11-unix	36	blacklist /tmp/.X11-unix
35	blacklist ${RUNUSER}/wayland-*	37	blacklist ${RUNUSER}/wayland-*
36		38
		39	include allow-perl.inc
		40	include allow-python.inc
		41
37	include disable-common.inc	42	include disable-common.inc
38	include disable-devel.inc	43	include disable-devel.inc
		44	include disable-exec.inc
39	include disable-interpreters.inc	45	include disable-interpreters.inc
40	include disable-passwdmgr.inc	46	include disable-passwdmgr.inc
41	include disable-programs.inc	47	include disable-programs.inc
		48	include disable-xdg.inc
42		49
		50	mkfile ${HOME}/.elinks
		51	mkfile ${HOME}/.emacs
		52	mkfile ${HOME}/.mailcap
		53	mkfile ${HOME}/.msmtprc
		54	mkfile ${HOME}/.muttrc
		55	mkfile ${HOME}/.nanorc
		56	mkfile ${HOME}/.signature
		57	mkfile ${HOME}/.vimrc
		58	mkfile ${HOME}/.viminfo
		59	mkfile ${HOME}/.vimrc
		60	mkfile ${HOME}/.w3m
		61	mkdir ${HOME}/.Mail
		62	mkdir ${HOME}/.bogofilter
		63	mkdir ${HOME}/.config/mutt
		64	mkdir ${HOME}/.config/nano
		65	mkdir ${HOME}/.emacs.d
		66	mkdir ${HOME}/.gnupg
		67	mkdir ${HOME}/.mail
		68	mkdir ${HOME}/.mutt
		69	mkdir ${HOME}/.vim
		70	mkdir ${HOME}/Mail
		71	mkdir ${HOME}/mail
		72	mkdir ${HOME}/postponed
		73	mkdir ${HOME}/sent
		74	whitelist ${HOME}/.Mail
		75	whitelist ${HOME}/.bogofilter
		76	whitelist ${HOME}/.config/mutt
		77	whitelist ${HOME}/.config/nano
		78	whitelist ${HOME}/.elinks
		79	whitelist ${HOME}/.emacs
		80	whitelist ${HOME}/.emacs.d
		81	whitelist ${HOME}/.gnupg
		82	whitelist ${HOME}/.mail
		83	whitelist ${HOME}/.mailcap
		84	whitelist ${HOME}/.msmtprc
		85	whitelist ${HOME}/.mutt
		86	whitelist ${HOME}/.muttrc
		87	whitelist ${HOME}/.nanorc
		88	whitelist ${HOME}/.signature
		89	whitelist ${HOME}/.vim
		90	whitelist ${HOME}/.viminfo
		91	whitelist ${HOME}/.vimrc
		92	whitelist ${HOME}/.w3m
		93	whitelist ${HOME}/Mail
		94	whitelist ${HOME}/mail
		95	whitelist ${HOME}/postponed
		96	whitelist ${HOME}/sent
		97	whitelist ${DOCUMENTS}
		98	whitelist ${DOWNLOADS}
		99	whitelist /usr/share/gnupg
		100	whitelist /usr/share/gnupg2
		101	whitelist /usr/share/mutt
		102	whitelist /var/mail
		103	whitelist /var/spool/mail
		104	include whitelist-common.inc
43	include whitelist-runuser-common.inc	105	include whitelist-runuser-common.inc
		106	include whitelist-usr-share-common.inc
		107	include whitelist-var-common.inc
44		108
		109	apparmor
45	caps.drop all	110	caps.drop all
46	netfilter	111	netfilter
47	no3d	112	no3d
@@ -56,7 +121,15 @@ novideo
56	protocol unix,inet,inet6	121	protocol unix,inet,inet6
57	seccomp	122	seccomp
58	shell none	123	shell none
		124	tracelog
59		125
		126	# disable-mnt
		127	private-cache
60	private-dev	128	private-dev
		129	private-etc alternatives,ca-certificates,crypto-policies,fonts,gai.conf,gcrypt,gnupg,gnutls,hostname,hosts,hosts.conf,mail,mailname,Mutt,Muttrc,Muttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,terminfo,xdg
		130	private-tmp
61	writable-run-user	131	writable-run-user
62	writable-var	132	writable-var
		133
		134	dbus-user none
		135	dbus-system none


diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile new file mode 100644 index 000000000..d71dc618b --- /dev/null +++ b/etc/profile-m-z/neomutt.profile
@@ -0,0 +1,143 @@
		1	# Firejail profile for neomutt
		2	# Description: Mutt fork with advanced features and better documentation
		3	quiet
		4	# This file is overwritten after every install/update
		5	# Persistent local customizations
		6	include neomutt.local
		7	# Persistent global definitions
		8	include globals.local
		9
		10	noblacklist /var/mail
		11	noblacklist /var/spool/mail
		12	noblacklist ${HOME}/.Mail
		13	noblacklist ${HOME}/.bogofilter
		14	noblacklist ${HOME}/.config/mutt
		15	noblacklist ${HOME}/.config/nano
		16	noblacklist ${HOME}/.config/neomutt
		17	noblacklist ${HOME}/.elinks
		18	noblacklist ${HOME}/.emacs
		19	noblacklist ${HOME}/.emacs.d
		20	noblacklist ${HOME}/.gnupg
		21	noblacklist ${HOME}/.mail
		22	noblacklist ${HOME}/.mailcap
		23	noblacklist ${HOME}/.msmtprc
		24	noblacklist ${HOME}/.mutt
		25	noblacklist ${HOME}/.muttrc
		26	noblacklist ${HOME}/.nanorc
		27	noblacklist ${HOME}/.neomutt
		28	noblacklist ${HOME}/.neomuttrc
		29	noblacklist ${HOME}/.signature
		30	noblacklist ${HOME}/.vim
		31	noblacklist ${HOME}/.viminfo
		32	noblacklist ${HOME}/.vimrc
		33	noblacklist ${HOME}/.w3m
		34	noblacklist ${HOME}/Mail
		35	noblacklist ${HOME}/mail
		36	noblacklist ${HOME}/postponed
		37	noblacklist ${HOME}/sent
		38
		39	blacklist /tmp/.X11-unix
		40	blacklist ${RUNUSER}/wayland-*
		41
		42	include allow-lua.inc
		43
		44	include disable-common.inc
		45	include disable-devel.inc
		46	include disable-exec.inc
		47	include disable-interpreters.inc
		48	include disable-passwdmgr.inc
		49	include disable-programs.inc
		50	include disable-xdg.inc
		51
		52	mkfile ${HOME}/.elinks
		53	mkfile ${HOME}/.emacs
		54	mkfile ${HOME}/.mailcap
		55	mkfile ${HOME}/.msmtprc
		56	mkfile ${HOME}/.muttrc
		57	mkfile ${HOME}/.nanorc
		58	mkfile ${HOME}/.neomuttrc
		59	mkfile ${HOME}/.signature
		60	mkfile ${HOME}/.vimrc
		61	mkfile ${HOME}/.viminfo
		62	mkfile ${HOME}/.vimrc
		63	mkfile ${HOME}/.w3m
		64	mkdir ${HOME}/.Mail
		65	mkdir ${HOME}/.bogofilter
		66	mkdir ${HOME}/.config/mutt
		67	mkdir ${HOME}/.config/nano
		68	mkdir ${HOME}/.config/neomutt
		69	mkdir ${HOME}/.emacs.d
		70	mkdir ${HOME}/.gnupg
		71	mkdir ${HOME}/.mail
		72	mkdir ${HOME}/.mutt
		73	mkdir ${HOME}/.neomutt
		74	mkdir ${HOME}/.vim
		75	mkdir ${HOME}/Mail
		76	mkdir ${HOME}/mail
		77	mkdir ${HOME}/postponed
		78	mkdir ${HOME}/sent
		79	whitelist ${HOME}/.Mail
		80	whitelist ${HOME}/.bogofilter
		81	whitelist ${HOME}/.config/mutt
		82	whitelist ${HOME}/.config/nano
		83	whitelist ${HOME}/.config/neomutt
		84	whitelist ${HOME}/.elinks
		85	whitelist ${HOME}/.emacs
		86	whitelist ${HOME}/.emacs.d
		87	whitelist ${HOME}/.gnupg
		88	whitelist ${HOME}/.mail
		89	whitelist ${HOME}/.mailcap
		90	whitelist ${HOME}/.msmtprc
		91	whitelist ${HOME}/.mutt
		92	whitelist ${HOME}/.muttrc
		93	whitelist ${HOME}/.nanorc
		94	whitelist ${HOME}/.neomutt
		95	whitelist ${HOME}/.neomuttrc
		96	whitelist ${HOME}/.signature
		97	whitelist ${HOME}/.vim
		98	whitelist ${HOME}/.viminfo
		99	whitelist ${HOME}/.vimrc
		100	whitelist ${HOME}/.w3m
		101	whitelist ${HOME}/Mail
		102	whitelist ${HOME}/mail
		103	whitelist ${HOME}/postponed
		104	whitelist ${HOME}/sent
		105	whitelist ${DOCUMENTS}
		106	whitelist ${DOWNLOADS}
		107	whitelist /usr/share/gnupg
		108	whitelist /usr/share/gnupg2
		109	whitelist /usr/share/neomutt
		110	whitelist /var/mail
		111	whitelist /var/spool/mail
		112	include whitelist-common.inc
		113	include whitelist-runuser-common.inc
		114	include whitelist-usr-share-common.inc
		115	include whitelist-var-common.inc
		116
		117	apparmor
		118	caps.drop all
		119	netfilter
		120	no3d
		121	nodvd
		122	nogroups
		123	nonewprivs
		124	noroot
		125	nosound
		126	notv
		127	nou2f
		128	novideo
		129	protocol unix,inet,inet6
		130	seccomp
		131	shell none
		132	tracelog
		133
		134	# disable-mnt
		135	private-cache
		136	private-dev
		137	private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gnupg,hostname,hosts,hosts.conf,mail,mailname,Mutt,Muttrc,Muttrc.d,neomuttrc,neomuttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,xdg
		138	private-tmp
		139	writable-run-user
		140	writable-var
		141
		142	dbus-user none
		143	dbus-system none