diff options
author | bbhtt <62639087+bbhtt@users.noreply.github.com> | 2020-12-31 03:58:57 +0000 |
---|---|---|
committer | bbhtt <62639087+bbhtt@users.noreply.github.com> | 2020-12-31 03:58:57 +0000 |
commit | 144aee26f56156cb4ec0c674062c447d261802a4 (patch) | |
tree | 4512bc6cd552355f53c404bd25ad7400eafbdf55 /etc/profile-a-l | |
parent | Add folks cache directory (diff) | |
download | firejail-144aee26f56156cb4ec0c674062c447d261802a4.tar.gz firejail-144aee26f56156cb4ec0c674062c447d261802a4.tar.zst firejail-144aee26f56156cb4ec0c674062c447d261802a4.zip |
Improve whitelisting and dbus of Sylpheed and Claws-mail
Diffstat (limited to 'etc/profile-a-l')
-rw-r--r-- | etc/profile-a-l/claws-mail.profile | 10 | ||||
-rw-r--r-- | etc/profile-a-l/email-common.profile | 22 |
2 files changed, 23 insertions, 9 deletions
diff --git a/etc/profile-a-l/claws-mail.profile b/etc/profile-a-l/claws-mail.profile index 69196c578..c060279df 100644 --- a/etc/profile-a-l/claws-mail.profile +++ b/etc/profile-a-l/claws-mail.profile | |||
@@ -18,10 +18,14 @@ whitelist ${HOME}/.claws-mail | |||
18 | 18 | ||
19 | whitelist /usr/share/doc/claws-mail | 19 | whitelist /usr/share/doc/claws-mail |
20 | 20 | ||
21 | # private-bin claws-mail,curl,gpg,gpg2,gpg-agent,gpgsm,gpgme-config,pinentry,pinentry-gtk-2 | ||
22 | |||
23 | dbus-user filter | ||
24 | dbus-user.talk ca.desrt.dconf | ||
25 | dbus-user.talk org.gnome.keyring.SystemPrompter | ||
21 | # if you use the notification plugin you need to uncomment the below (or put them in your claws-mail.local) | 26 | # if you use the notification plugin you need to uncomment the below (or put them in your claws-mail.local) |
22 | #ignore dbus-user none | 27 | # dbus-user.talk org.freedesktop.Notifications |
23 | #dbus-user filter | 28 | dbus-system none |
24 | #dbus-user.talk org.freedesktop.Notifications | ||
25 | 29 | ||
26 | # Redirect | 30 | # Redirect |
27 | include email-common.profile | 31 | include email-common.profile |
diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile index df47f478d..9e7c15a9d 100644 --- a/etc/profile-a-l/email-common.profile +++ b/etc/profile-a-l/email-common.profile | |||
@@ -8,6 +8,7 @@ include email-common.local | |||
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.gnupg | 10 | noblacklist ${HOME}/.gnupg |
11 | noblacklist ${HOME}/.mozilla | ||
11 | noblacklist ${HOME}/.signature | 12 | noblacklist ${HOME}/.signature |
12 | # when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local | 13 | # when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local |
13 | # and 'blacklist' it in your disable-common.local too so it is kept hidden from other applications | 14 | # and 'blacklist' it in your disable-common.local too so it is kept hidden from other applications |
@@ -17,28 +18,35 @@ noblacklist ${DOCUMENTS} | |||
17 | 18 | ||
18 | include disable-common.inc | 19 | include disable-common.inc |
19 | include disable-devel.inc | 20 | include disable-devel.inc |
21 | include disable-exec.inc | ||
20 | include disable-interpreters.inc | 22 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
22 | include disable-programs.inc | 24 | include disable-programs.inc |
23 | include disable-xdg.inc | 25 | include disable-xdg.inc |
24 | 26 | ||
25 | whitelist ${DOCUMENTS} | ||
26 | whitelist ${DOWNLOADS} | ||
27 | mkfile ${HOME}/.config/mimeapps.list | 27 | mkfile ${HOME}/.config/mimeapps.list |
28 | mkdir ${HOME}/.gnupg | ||
29 | mkfile ${HOME}/.signature | 28 | mkfile ${HOME}/.signature |
29 | mkdir ${HOME}/.gnupg | ||
30 | whitelist ${HOME}/.config/mimeapps.list | 30 | whitelist ${HOME}/.config/mimeapps.list |
31 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | ||
31 | whitelist ${HOME}/.gnupg | 32 | whitelist ${HOME}/.gnupg |
32 | whitelist ${HOME}/.signature | 33 | whitelist ${HOME}/.signature |
34 | whitelist ${DOCUMENTS} | ||
35 | whitelist ${DOWNLOADS} | ||
33 | # when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local | 36 | # when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local |
34 | whitelist ${HOME}/Mail | 37 | whitelist ${HOME}/Mail |
38 | |||
39 | whitelist ${RUNUSER}/gnupg | ||
35 | whitelist /usr/share/gnupg | 40 | whitelist /usr/share/gnupg |
36 | whitelist /usr/share/gnupg2 | 41 | whitelist /usr/share/gnupg2 |
37 | include whitelist-common.inc | 42 | include whitelist-common.inc |
43 | include whitelist-runuser-common.inc | ||
38 | include whitelist-usr-share-common.inc | 44 | include whitelist-usr-share-common.inc |
39 | include whitelist-var-common.inc | 45 | include whitelist-var-common.inc |
40 | 46 | ||
47 | apparmor | ||
41 | caps.drop all | 48 | caps.drop all |
49 | machine-id | ||
42 | netfilter | 50 | netfilter |
43 | no3d | 51 | no3d |
44 | nodvd | 52 | nodvd |
@@ -54,13 +62,12 @@ seccomp | |||
54 | shell none | 62 | shell none |
55 | tracelog | 63 | tracelog |
56 | 64 | ||
65 | # disable-mnt | ||
57 | private-cache | 66 | private-cache |
58 | private-dev | 67 | private-dev |
68 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gnupg,groups,gtk-2.0,gtk-3.0,hostname,hosts,hosts.conf,mailname,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssl,xdg | ||
59 | private-tmp | 69 | private-tmp |
60 | 70 | ||
61 | dbus-user none | ||
62 | dbus-system none | ||
63 | |||
64 | # encrypting and signing email | 71 | # encrypting and signing email |
65 | writable-run-user | 72 | writable-run-user |
66 | 73 | ||
@@ -70,3 +77,6 @@ writable-run-user | |||
70 | #whitelist /var/mail | 77 | #whitelist /var/mail |
71 | #whitelist /var/spool/mail | 78 | #whitelist /var/spool/mail |
72 | #writable-var | 79 | #writable-var |
80 | |||
81 | read-only ${HOME}/.mozilla/firefox/profiles.ini | ||
82 | read-only ${HOME}/.signature | ||