diff options
author | bbhtt <62639087+bbhtt@users.noreply.github.com> | 2020-12-28 13:10:15 +0000 |
---|---|---|
committer | bbhtt <62639087+bbhtt@users.noreply.github.com> | 2020-12-28 13:10:15 +0000 |
commit | a8a8e33bc17263db763cd7bd803314f8d5dbd2c5 (patch) | |
tree | e6941abe0856b28a6f1b68c58ae88e8b4e68330a /etc/profile-a-l/geary.profile | |
parent | shell autoselection fixup (diff) | |
download | firejail-a8a8e33bc17263db763cd7bd803314f8d5dbd2c5.tar.gz firejail-a8a8e33bc17263db763cd7bd803314f8d5dbd2c5.tar.zst firejail-a8a8e33bc17263db763cd7bd803314f8d5dbd2c5.zip |
Add whitelisting to mutt; improve geary, new profile for neomutt
Diffstat (limited to 'etc/profile-a-l/geary.profile')
-rw-r--r-- | etc/profile-a-l/geary.profile | 61 |
1 files changed, 49 insertions, 12 deletions
diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile index f4e5a392f..3f96d8b25 100644 --- a/etc/profile-a-l/geary.profile +++ b/etc/profile-a-l/geary.profile | |||
@@ -4,19 +4,21 @@ | |||
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include geary.local | 5 | include geary.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | # added by included profile | 7 | include globals.local |
8 | #include globals.local | ||
9 | |||
10 | # Users have Geary set to open a browser by clicking a link in an email | ||
11 | # We are not allowed to blacklist browser-specific directories | ||
12 | |||
13 | ignore dbus-user filter | ||
14 | ignore dbus-system none | ||
15 | ignore private-tmp | ||
16 | 8 | ||
17 | noblacklist ${HOME}/.cache/geary | 9 | noblacklist ${HOME}/.cache/geary |
18 | noblacklist ${HOME}/.config/geary | 10 | noblacklist ${HOME}/.config/geary |
19 | noblacklist ${HOME}/.local/share/geary | 11 | noblacklist ${HOME}/.local/share/geary |
12 | noblacklist ${HOME}/.mozilla | ||
13 | |||
14 | include disable-common.inc | ||
15 | include disable-devel.inc | ||
16 | include disable-exec.inc | ||
17 | include disable-interpreters.inc | ||
18 | include disable-passwdmgr.inc | ||
19 | include disable-programs.inc | ||
20 | include disable-shell.inc | ||
21 | include disable-xdg.inc | ||
20 | 22 | ||
21 | mkdir ${HOME}/.cache/geary | 23 | mkdir ${HOME}/.cache/geary |
22 | mkdir ${HOME}/.config/geary | 24 | mkdir ${HOME}/.config/geary |
@@ -24,8 +26,43 @@ mkdir ${HOME}/.local/share/geary | |||
24 | whitelist ${HOME}/.cache/geary | 26 | whitelist ${HOME}/.cache/geary |
25 | whitelist ${HOME}/.config/geary | 27 | whitelist ${HOME}/.config/geary |
26 | whitelist ${HOME}/.local/share/geary | 28 | whitelist ${HOME}/.local/share/geary |
29 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | ||
30 | whitelist ${DOWNLOADS} | ||
27 | whitelist /usr/share/geary | 31 | whitelist /usr/share/geary |
32 | include whitelist-common.inc | ||
33 | include whitelist-runuser-common.inc | ||
34 | include whitelist-usr-share-common.inc | ||
35 | include whitelist-var-common.inc | ||
36 | |||
37 | apparmor | ||
38 | caps.drop all | ||
39 | netfilter | ||
40 | no3d | ||
41 | nodvd | ||
42 | nogroups | ||
43 | nonewprivs | ||
44 | noroot | ||
45 | nosound | ||
46 | notv | ||
47 | nou2f | ||
48 | novideo | ||
49 | protocol unix,inet,inet6 | ||
50 | seccomp | ||
51 | shell none | ||
52 | tracelog | ||
53 | |||
54 | # disable-mnt | ||
55 | # Add ignore private-bin to geary.local for hyperlink support | ||
56 | private-bin geary | ||
57 | private-cache | ||
58 | private-dev | ||
59 | private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,pki,resolv.conf,selinux,ssl,xdg | ||
60 | private-tmp | ||
61 | |||
62 | dbus-user filter | ||
63 | dbus-user.own org.gnome.Geary | ||
64 | dbus-user.talk ca.desrt.dconf | ||
65 | dbus-user.talk org.freedesktop.secrets | ||
66 | dbus-system none | ||
28 | 67 | ||
29 | # allow Mozilla browsers | 68 | read-only ${HOME}/.mozilla/firefox/profiles.ini |
30 | # Redirect | ||
31 | include firefox.profile | ||