Revert "Merge pull request #3607 from kortewegdevries/wemail"

This reverts commit bd1819a8641e0eeae016846b28a41e625bcc215b, reversing
changes made to 807af3dce05786f10747cc0938cc98af484c8e97.

The hole PR looks like a single crap, it is not even syntactically
correct. Has anyone at least started kmail with this profile before it
was merged? See #3979, thanks @creideiki for reporting.

> First, there are syntax errors. Several mkdir lines have file names containing asterisks.
> This gives the following error:
>
>    Error: "${HOME}/.cache/akonadi*" is an invalid filename: rejected character: "*"
>
> I am not sure what they intend to do, but whatever it is it's not working.
> Especially confusing is the line
>
>    mkdir /tmp/akonadi-*
>
> Yes, Akonadi creates a directory in /tmp, but its name is random and seems to have been created
> using mkstemp(3) or similar. I'm not sure how Firejail is supposed to be able to pre-create it.
>
> Removing the asterisks makes Firejail at least accept the profile syntactically and try to run
> the program.

It is rejected by syntax. Has anyone tested?

> At startup, Firejail now prints the following warning:
>
>     ***
>     *** Warning: cannot whitelist ${DOCUMENTS} directory
>     *** Any file saved in this directory will be lost when the sandbox is closed.
>     ***

Why was 'include disable-xdg.inc' added together with 'whitelist ${DOCUMENTS}', but
no 'nobalcklist ${DOCUMENTS}'? It can not work.

> The actual error is that PostgreSQL needs access to /usr/lib64/postgresql-13/ in order to run.
> Adding the following line to kmail.profile fixes that:
>
>     whitelist /usr/share/postgresql*

Again, has anyone thested this?

> The next problem is this message on the console:
>
>     kf.config.core: Couldn't write "/home/creideiki/.config/kmail2rc" . Disk full?
>
> Which may have something to do with the profile creating a directory with that name:
>
>     mkdir ${HOME}/.config/kmail2rc
>
> when it's supposed to be a file:
>
>     $ stat ~/.config/kmail2rc
>      File: /home/creideiki/.config/kmail2rc
>      Size: 24660           Blocks: 56         IO Block: 4096   regular file

Has anyone tested this or is this just a blind copy of the noblacklist
from above with noblacklist replaced by mkdir?

> However, the error message
>
>     kf.config.core: Couldn't write "/home/creideiki/.config/kmail2rc" . Disk full?
>
>  still appears.

Looks like #1793. HAS ANYONE TESTED THIS PROFILE??!

> Finally, when exiting KMail, it crashes with a SIGSEGV:
>
>     *** KMail got signal 11 (Exiting)
>     *** Dead letters dumped.
>     KCrash: crashing... crashRecursionCounter = 2
>     KCrash: Application Name = kmail path = /usr/bin pid = 20
>     KCrash: Arguments: /usr/bin/kmail

Has any...

> I tried restoring an older kmail.profile, from commit 319f2dc, and it has none of the above problems.

... I give up asking if anyone tested this.

> Given the multitude of problems with commit 5532fbd, I'd suggest reverting it until it can be fixed.

Yes, definitely.

1 files changed, 5 insertions, 55 deletions

diff --git a/etc/profile-a-l/evolution.profile b/etc/profile-a-l/evolution.profile
index 1355c4337..422200ffe 100644
--- a/etc/profile-a-l/evolution.profile
+++ b/etc/profile-a-l/evolution.profile
@@ -6,16 +6,15 @@ include evolution.local
 # Persistent global definitions
 include globals.local
 
+noblacklist /var/mail
+noblacklist /var/spool/mail
 noblacklist ${HOME}/.bogofilter
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.mozilla
-noblacklist ${HOME}/.pki
 noblacklist ${HOME}/.cache/evolution
 noblacklist ${HOME}/.config/evolution
+noblacklist ${HOME}/.gnupg
 noblacklist ${HOME}/.local/share/evolution
+noblacklist ${HOME}/.pki
 noblacklist ${HOME}/.local/share/pki
-noblacklist /var/mail
-noblacklist /var/spool/mail
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,42 +22,13 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-include disable-shell.inc
-include disable-xdg.inc
 
-mkdir ${HOME}/.bogofilter
-mkdir ${HOME}/.gnupg
-mkdir ${HOME}/.pki
-mkdir ${HOME}/.cache/evolution
-mkdir ${HOME}/.config/evolution
-mkdir ${HOME}/.local/share/evolution
-mkdir ${HOME}/.local/share/pki
-whitelist ${HOME}/.bogofilter
-whitelist ${HOME}/.gnupg
-whitelist ${HOME}/.mozilla/firefox/profiles.ini
-whitelist ${HOME}/.pki
-whitelist ${HOME}/.cache/evolution
-whitelist ${HOME}/.config/evolution
-whitelist ${HOME}/.local/share/evolution
-whitelist ${HOME}/.local/share/pki
-whitelist ${DOCUMENTS}
-whitelist ${DOWNLOADS}
-whitelist ${RUNUSER}/gnupg
-whitelist /usr/share/evolution
-whitelist /usr/share/gnupg
-whitelist /usr/share/gnupg2
-whitelist /var/mail
-whitelist /var/spool/mail
-include whitelist-common.inc
 include whitelist-runuser-common.inc
-include whitelist-usr-share-common.inc
-include whitelist-var-common.inc
 
-apparmor
 caps.drop all
 netfilter
 # no3d breaks under wayland
-# no3d
+#no3d
 nodvd
 nogroups
 nonewprivs
@@ -70,27 +40,7 @@ novideo
 protocol unix,inet,inet6
 seccomp
 shell none
-tracelog
 
-# disable-mnt
-# Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg
-# To use private-bin add all evolution,gpg,pinentry binaries and follow firefox.profile for hyperlink support
-# private-bin evolution
-private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,groups,gtk-2.0,gtk-3.0,hostname,hosts,mailname,passwd,pki,resolv.conf,selinux,ssl,xdg
 private-tmp
-writable-run-user
 writable-var
-
-dbus-user filter
-dbus-user.own org.gnome.Evolution
-dbus-user.talk ca.desrt.dconf
-# Uncomment to have keyring access
-# dbus-user.talk org.freedesktop.secrets
-dbus-user.talk org.gnome.keyring.SystemPrompter
-dbus-user.talk org.gnome.OnlineAccounts
-dbus-user.talk org.freedesktop.Notifications
-dbus-system none
-
-read-only ${HOME}/.mozilla/firefox/profiles.ini