Add new electron-mail profile (#3053)

* Create electron-mail.profile * Add electron-mail to disable-programs.inc * Add electron-mail to firecfg.config
author: glitsj16 <glitsj16@users.noreply.github.com> 2019-11-23 10:54:42 +0000
committer: GitHub <noreply@github.com> 2019-11-23 10:54:42 +0000
commit: 20fa0d580ae50f4104de82d30cefe40a9da5ab85 (patch)
tree: a76e44c7e987fabfa17b06bf6836f6e827c10ef5 /etc/electron-mail.profile
parent: Add lensfun support for gimp (diff)
download: firejail-20fa0d580ae50f4104de82d30cefe40a9da5ab85.tar.gz
firejail-20fa0d580ae50f4104de82d30cefe40a9da5ab85.tar.zst
firejail-20fa0d580ae50f4104de82d30cefe40a9da5ab85.zip
1 files changed, 52 insertions, 0 deletions
diff --git a/etc/electron-mail.profile b/etc/electron-mail.profile
new file mode 100644
index 000000000..2945b9c37
--- /dev/null
+++ b/etc/electron-mail.profile
@@ -0,0 +1,52 @@
+# Firejail profile for electron-mail
+# Description: Unofficial desktop app for several E2E encrypted email providers
+# This file is overwritten after every install/update
+# Persistent local customizations
+include electron-mail.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/electron-mail
+whitelist ${DOWNLOADS}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.config/electron-mail
+whitelist ${HOME}/.config/electron-mail
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+netfilter
+no3d
+# nodbus - breaks tray functionality
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
+shell none
+# tracelog - breaks on Arch
+private-bin electron-mail
+private-cache
+private-dev
+private-etc alternatives,fonts
+private-opt ElectronMail
+private-tmp
+# memory-deny-write-execute - breaks on Arch
author	glitsj16 <glitsj16@users.noreply.github.com>	2019-11-23 10:54:42 +0000
committer	GitHub <noreply@github.com>	2019-11-23 10:54:42 +0000
commit	20fa0d580ae50f4104de82d30cefe40a9da5ab85 (patch)
tree	a76e44c7e987fabfa17b06bf6836f6e827c10ef5 /etc/electron-mail.profile
parent	Add lensfun support for gimp (diff)
download	firejail-20fa0d580ae50f4104de82d30cefe40a9da5ab85.tar.gz firejail-20fa0d580ae50f4104de82d30cefe40a9da5ab85.tar.zst firejail-20fa0d580ae50f4104de82d30cefe40a9da5ab85.zip

diff --git a/etc/electron-mail.profile b/etc/electron-mail.profile new file mode 100644 index 000000000..2945b9c37 --- /dev/null +++ b/etc/electron-mail.profile
@@ -0,0 +1,52 @@
	1	# Firejail profile for electron-mail
	2	# Description: Unofficial desktop app for several E2E encrypted email providers
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include electron-mail.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/.config/electron-mail
	10
	11	whitelist ${DOWNLOADS}
	12
	13	include disable-common.inc
	14	include disable-devel.inc
	15	include disable-exec.inc
	16	include disable-interpreters.inc
	17	include disable-passwdmgr.inc
	18	include disable-programs.inc
	19	include disable-xdg.inc
	20
	21	mkdir ${HOME}/.config/electron-mail
	22	whitelist ${HOME}/.config/electron-mail
	23
	24	include whitelist-common.inc
	25	include whitelist-usr-share-common.inc
	26	include whitelist-var-common.inc
	27
	28	apparmor
	29	caps.drop all
	30	netfilter
	31	no3d
	32	# nodbus - breaks tray functionality
	33	nodvd
	34	nogroups
	35	nonewprivs
	36	noroot
	37	notv
	38	nou2f
	39	novideo
	40	protocol unix,inet,inet6,netlink
	41	seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
	42	shell none
	43	# tracelog - breaks on Arch
	44
	45	private-bin electron-mail
	46	private-cache
	47	private-dev
	48	private-etc alternatives,fonts
	49	private-opt ElectronMail
	50	private-tmp
	51
	52	# memory-deny-write-execute - breaks on Arch