Revert "Merge pull request #3607 from kortewegdevries/wemail"

This reverts commit bd1819a8641e0eeae016846b28a41e625bcc215b, reversing
changes made to 807af3dce05786f10747cc0938cc98af484c8e97.

The hole PR looks like a single crap, it is not even syntactically
correct. Has anyone at least started kmail with this profile before it
was merged? See #3979, thanks @creideiki for reporting.

> First, there are syntax errors. Several mkdir lines have file names containing asterisks.
> This gives the following error:
>
>    Error: "${HOME}/.cache/akonadi*" is an invalid filename: rejected character: "*"
>
> I am not sure what they intend to do, but whatever it is it's not working.
> Especially confusing is the line
>
>    mkdir /tmp/akonadi-*
>
> Yes, Akonadi creates a directory in /tmp, but its name is random and seems to have been created
> using mkstemp(3) or similar. I'm not sure how Firejail is supposed to be able to pre-create it.
>
> Removing the asterisks makes Firejail at least accept the profile syntactically and try to run
> the program.

It is rejected by syntax. Has anyone tested?

> At startup, Firejail now prints the following warning:
>
>     ***
>     *** Warning: cannot whitelist ${DOCUMENTS} directory
>     *** Any file saved in this directory will be lost when the sandbox is closed.
>     ***

Why was 'include disable-xdg.inc' added together with 'whitelist ${DOCUMENTS}', but
no 'nobalcklist ${DOCUMENTS}'? It can not work.

> The actual error is that PostgreSQL needs access to /usr/lib64/postgresql-13/ in order to run.
> Adding the following line to kmail.profile fixes that:
>
>     whitelist /usr/share/postgresql*

Again, has anyone thested this?

> The next problem is this message on the console:
>
>     kf.config.core: Couldn't write "/home/creideiki/.config/kmail2rc" . Disk full?
>
> Which may have something to do with the profile creating a directory with that name:
>
>     mkdir ${HOME}/.config/kmail2rc
>
> when it's supposed to be a file:
>
>     $ stat ~/.config/kmail2rc
>      File: /home/creideiki/.config/kmail2rc
>      Size: 24660           Blocks: 56         IO Block: 4096   regular file

Has anyone tested this or is this just a blind copy of the noblacklist
from above with noblacklist replaced by mkdir?

> However, the error message
>
>     kf.config.core: Couldn't write "/home/creideiki/.config/kmail2rc" . Disk full?
>
>  still appears.

Looks like #1793. HAS ANYONE TESTED THIS PROFILE??!

> Finally, when exiting KMail, it crashes with a SIGSEGV:
>
>     *** KMail got signal 11 (Exiting)
>     *** Dead letters dumped.
>     KCrash: crashing... crashRecursionCounter = 2
>     KCrash: Application Name = kmail path = /usr/bin pid = 20
>     KCrash: Arguments: /usr/bin/kmail

Has any...

> I tried restoring an older kmail.profile, from commit 319f2dc, and it has none of the above problems.

... I give up asking if anyone tested this.

> Given the multitude of problems with commit 5532fbd, I'd suggest reverting it until it can be fixed.

Yes, definitely.

1 files changed, 3 insertions, 78 deletions

diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile
index 8d99da3cf..ab4ff10b9 100644
--- a/etc/profile-a-l/kmail.profile
+++ b/etc/profile-a-l/kmail.profile
@@ -9,10 +9,6 @@ include globals.local
 # kmail has problems launching akonadi in debian and ubuntu.
 # one solution is to have akonadi already running when kmail is started
 
-noblacklist ${HOME}/.gnupg
-# noblacklist ${HOME}/.kde/
-# noblacklist ${HOME}/.kde4/
-noblacklist ${HOME}/.mozilla
 noblacklist ${HOME}/.cache/akonadi*
 noblacklist ${HOME}/.cache/kmail2
 noblacklist ${HOME}/.config/akonadi*
@@ -23,6 +19,7 @@ noblacklist ${HOME}/.config/kmail2rc
 noblacklist ${HOME}/.config/kmailsearchindexingrc
 noblacklist ${HOME}/.config/mailtransports
 noblacklist ${HOME}/.config/specialmailcollectionsrc
+noblacklist ${HOME}/.gnupg
 noblacklist ${HOME}/.local/share/akonadi*
 noblacklist ${HOME}/.local/share/apps/korganizer
 noblacklist ${HOME}/.local/share/contacts
@@ -33,8 +30,6 @@ noblacklist ${HOME}/.local/share/kxmlgui5/kmail2
 noblacklist ${HOME}/.local/share/local-mail
 noblacklist ${HOME}/.local/share/notes
 noblacklist /tmp/akonadi-*
-noblacklist /var/mail
-noblacklist /var/spool/mail
 
 include disable-common.inc
 include disable-devel.inc
@@ -42,73 +37,10 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-include disable-xdg.inc
 
-mkdir ${HOME}/.gnupg
-# mkdir ${HOME}/.kde/
-# mkdir ${HOME}/.kde4/
-mkdir ${HOME}/.cache/akonadi*
-mkdir ${HOME}/.cache/kmail2
-mkdir ${HOME}/.config/akonadi*
-mkdir ${HOME}/.config/baloorc
-mkdir ${HOME}/.config/emaildefaults
-mkdir ${HOME}/.config/emailidentities
-mkdir ${HOME}/.config/kmail2rc
-mkdir ${HOME}/.config/kmailsearchindexingrc
-mkdir ${HOME}/.config/mailtransports
-mkdir ${HOME}/.config/specialmailcollectionsrc
-mkdir ${HOME}/.local/share/akonadi*
-mkdir ${HOME}/.local/share/apps/korganizer
-mkdir ${HOME}/.local/share/contacts
-mkdir ${HOME}/.local/share/emailidentities
-mkdir ${HOME}/.local/share/kmail2
-mkdir ${HOME}/.local/share/kxmlgui5/kmail
-mkdir ${HOME}/.local/share/kxmlgui5/kmail2
-mkdir ${HOME}/.local/share/local-mail
-mkdir ${HOME}/.local/share/notes
-mkdir /tmp/akonadi-*
-whitelist ${HOME}/.gnupg
-# whitelist ${HOME}/.kde/
-# whitelist ${HOME}/.kde4/
-whitelist ${HOME}/.mozilla/firefox/profiles.ini
-whitelist ${HOME}/.cache/akonadi*
-whitelist ${HOME}/.cache/kmail2
-whitelist ${HOME}/.config/akonadi*
-whitelist ${HOME}/.config/baloorc
-whitelist ${HOME}/.config/emaildefaults
-whitelist ${HOME}/.config/emailidentities
-whitelist ${HOME}/.config/kmail2rc
-whitelist ${HOME}/.config/kmailsearchindexingrc
-whitelist ${HOME}/.config/mailtransports
-whitelist ${HOME}/.config/specialmailcollectionsrc
-whitelist ${HOME}/.local/share/akonadi*
-whitelist ${HOME}/.local/share/apps/korganizer
-whitelist ${HOME}/.local/share/contacts
-whitelist ${HOME}/.local/share/emailidentities
-whitelist ${HOME}/.local/share/kmail2
-whitelist ${HOME}/.local/share/kxmlgui5/kmail
-whitelist ${HOME}/.local/share/kxmlgui5/kmail2
-whitelist ${HOME}/.local/share/local-mail
-whitelist ${HOME}/.local/share/notes
-whitelist ${DOWNLOADS}
-whitelist ${DOCUMENTS}
-whitelist ${RUNUSER}/gnupg
-whitelist /tmp/akonadi-*
-whitelist /usr/share/akonadi
-whitelist /usr/share/gnupg
-whitelist /usr/share/gnupg2
-whitelist /usr/share/kconf_update
-whitelist /usr/share/kf5
-whitelist /usr/share/kservices5
-whitelist /usr/share/qlogging-categories5
-whitelist /var/mail
-whitelist /var/spool/mail
-include whitelist-common.inc
-include whitelist-runuser-common.inc
-include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
-apparmor
+# apparmor
 caps.drop all
 netfilter
 nodvd
@@ -124,14 +56,7 @@ protocol unix,inet,inet6,netlink
 seccomp !chroot,!io_getevents,!io_setup,!io_submit,!ioprio_set
 # tracelog
 
-private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gcrypt,groups,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,mailname,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssl,xdg
 # private-tmp - interrupts connection to akonadi, breaks opening of email attachments
+# writable-run-user is needed for signing and encrypting emails
 writable-run-user
-writable-var
-
-# dbus-user none
-dbus-system none
-
-read-only ${HOME}/.mozilla/firefox/profiles.ini
\ No newline at end of file