electron-mail.profile: refactor and redirect to electron.profile

Changes: - redirect to electron.profile - fix program name - update program description - allow /bin/sh - allow opening links in Firefox - remove no3d, nonewprivs, noroot, protocol, seccomp - add machine-id, nosound - remove private-bin, disable-mnt - harden private-etc - allow D-Bus notifications, secrets
author: pirate486743186 <> 2022-10-05 17:48:25 +0200
committer: pirate486743186 <> 2022-10-05 17:48:25 +0200
commit: 8562ec98523e78aab1dec28cce574f7f18342ccb (patch)
tree: 540ff89283b68d6e6ce408e7628366e95df00490 /etc/profile-a-l/electron-mail.profile
parent: build(deps): bump github/codeql-action from 2.1.16 to 2.1.17 (diff)
download: firejail-8562ec98523e78aab1dec28cce574f7f18342ccb.tar.gz
firejail-8562ec98523e78aab1dec28cce574f7f18342ccb.tar.zst
firejail-8562ec98523e78aab1dec28cce574f7f18342ccb.zip
1 files changed, 28 insertions, 40 deletions
diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile
index 0e5c35167..d0d0f2168 100644
--- a/etc/profile-a-l/electron-mail.profile
+++ b/etc/profile-a-l/electron-mail.profile
@@ -1,55 +1,43 @@
-# Firejail profile for electron-mail
+# Firejail profile for ElectronMail
-# Description: Unofficial desktop app for several E2E encrypted email providers
+# Description: Unofficial desktop app for the Proton Mail E2E encrypted email provider
 # This file is overwritten after every install/update
 # Persistent local customizations
 include electron-mail.local
 # Persistent global definitions
 include globals.local
+ignore dbus-user none
+ignore disable-mnt
 noblacklist ${HOME}/.config/electron-mail
-include disable-common.inc
+# sh is needed to allow Firefox to open links
-include disable-devel.inc
+include allow-bin-sh.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-programs.inc
 include disable-shell.inc
-include disable-xdg.inc
 mkdir ${HOME}/.config/electron-mail
 whitelist ${HOME}/.config/electron-mail
-whitelist ${DOWNLOADS}
+# The lines below are needed to find the default Firefox profile name, to allow
-include whitelist-common.inc
+# opening links in an existing instance of Firefox (note that it still fails if
-include whitelist-runuser-common.inc
+# there isn't a Firefox instance running with the default profile; see #5352)
-include whitelist-usr-share-common.inc
+noblacklist ${HOME}/.mozilla
-include whitelist-var-common.inc
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
+read-only ${HOME}/.mozilla/firefox/profiles.ini
-apparmor
-caps.drop all
+machine-id
-netfilter
+nosound
-no3d
-nodvd
+private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl
-nogroups
-noinput
-nonewprivs
-noroot
-notv
-nou2f
-novideo
-protocol unix,inet,inet6,netlink
-seccomp !chroot
-# tracelog - breaks on Arch
-private-bin electron-mail
-private-cache
-private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,selinux,ssl,xdg
 private-opt ElectronMail
-private-tmp
-# breaks tray functionality
+dbus-user filter
-# dbus-user none
+dbus-user.talk org.freedesktop.Notifications
-dbus-system none
+dbus-user.talk org.freedesktop.secrets
+dbus-user.talk org.gnome.keyring.SystemPrompter
+# allow D-Bus communication with firefox for opening links
+dbus-user.talk org.mozilla.*
-# memory-deny-write-execute - breaks on Arch
+# Redirect
+include electron.profile
author	pirate486743186 <>	2022-10-05 17:48:25 +0200
committer	pirate486743186 <>	2022-10-05 17:48:25 +0200
commit	8562ec98523e78aab1dec28cce574f7f18342ccb (patch)
tree	540ff89283b68d6e6ce408e7628366e95df00490 /etc/profile-a-l/electron-mail.profile
parent	build(deps): bump github/codeql-action from 2.1.16 to 2.1.17 (diff)
download	firejail-8562ec98523e78aab1dec28cce574f7f18342ccb.tar.gz firejail-8562ec98523e78aab1dec28cce574f7f18342ccb.tar.zst firejail-8562ec98523e78aab1dec28cce574f7f18342ccb.zip

diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile index 0e5c35167..d0d0f2168 100644 --- a/etc/profile-a-l/electron-mail.profile +++ b/etc/profile-a-l/electron-mail.profile
@@ -1,55 +1,43 @@
1	# Firejail profile for electron-mail	1	# Firejail profile for ElectronMail
2	# Description: Unofficial desktop app for several E2E encrypted email providers	2	# Description: Unofficial desktop app for the Proton Mail E2E encrypted email provider
3	# This file is overwritten after every install/update	3	# This file is overwritten after every install/update
4	# Persistent local customizations	4	# Persistent local customizations
5	include electron-mail.local	5	include electron-mail.local
6	# Persistent global definitions	6	# Persistent global definitions
7	include globals.local	7	include globals.local
8		8
		9	ignore dbus-user none
		10	ignore disable-mnt
		11
9	noblacklist ${HOME}/.config/electron-mail	12	noblacklist ${HOME}/.config/electron-mail
10		13
11	include disable-common.inc	14	# sh is needed to allow Firefox to open links
12	include disable-devel.inc	15	include allow-bin-sh.inc
13	include disable-exec.inc	16
14	include disable-interpreters.inc
15	include disable-programs.inc
16	include disable-shell.inc	17	include disable-shell.inc
17	include disable-xdg.inc
18		18
19	mkdir ${HOME}/.config/electron-mail	19	mkdir ${HOME}/.config/electron-mail
20	whitelist ${HOME}/.config/electron-mail	20	whitelist ${HOME}/.config/electron-mail
21	whitelist ${DOWNLOADS}	21
22		22	# The lines below are needed to find the default Firefox profile name, to allow
23	include whitelist-common.inc	23	# opening links in an existing instance of Firefox (note that it still fails if
24	include whitelist-runuser-common.inc	24	# there isn't a Firefox instance running with the default profile; see #5352)
25	include whitelist-usr-share-common.inc	25	noblacklist ${HOME}/.mozilla
26	include whitelist-var-common.inc	26	whitelist ${HOME}/.mozilla/firefox/profiles.ini
27		27	read-only ${HOME}/.mozilla/firefox/profiles.ini
28	apparmor	28
29	caps.drop all	29	machine-id
30	netfilter	30	nosound
31	no3d	31
32	nodvd	32	private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl
33	nogroups
34	noinput
35	nonewprivs
36	noroot
37	notv
38	nou2f
39	novideo
40	protocol unix,inet,inet6,netlink
41	seccomp !chroot
42	# tracelog - breaks on Arch
43
44	private-bin electron-mail
45	private-cache
46	private-dev
47	private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,selinux,ssl,xdg
48	private-opt ElectronMail	33	private-opt ElectronMail
49	private-tmp
50		34
51	# breaks tray functionality	35	dbus-user filter
52	# dbus-user none	36	dbus-user.talk org.freedesktop.Notifications
53	dbus-system none	37	dbus-user.talk org.freedesktop.secrets
		38	dbus-user.talk org.gnome.keyring.SystemPrompter
		39	# allow D-Bus communication with firefox for opening links
		40	dbus-user.talk org.mozilla.*
54		41
55	# memory-deny-write-execute - breaks on Arch	42	# Redirect
		43	include electron.profile