Add whitelisting to mutt; improve geary, new profile for neomutt

author: bbhtt <62639087+bbhtt@users.noreply.github.com> 2020-12-28 13:10:15 +0000
committer: bbhtt <62639087+bbhtt@users.noreply.github.com> 2020-12-28 13:10:15 +0000
commit: a8a8e33bc17263db763cd7bd803314f8d5dbd2c5 (patch)
tree: e6941abe0856b28a6f1b68c58ae88e8b4e68330a /etc/profile-m-z/mutt.profile
parent: shell autoselection fixup (diff)
download: firejail-a8a8e33bc17263db763cd7bd803314f8d5dbd2c5.tar.gz
firejail-a8a8e33bc17263db763cd7bd803314f8d5dbd2c5.tar.zst
firejail-a8a8e33bc17263db763cd7bd803314f8d5dbd2c5.zip
1 files changed, 74 insertions, 1 deletions
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile
index 1ce12f54f..87e7c7f06 100644
--- a/etc/profile-m-z/mutt.profile
+++ b/etc/profile-m-z/mutt.profile
@@ -1,5 +1,6 @@
 # Firejail profile for mutt
 # Description: Text-based mailreader supporting MIME, GPG, PGP and threading
+quiet
 # This file is overwritten after every install/update
 # Persistent local customizations
 include mutt.local
@@ -10,13 +11,14 @@ noblacklist /var/mail
 noblacklist /var/spool/mail
 noblacklist ${HOME}/.Mail
 noblacklist ${HOME}/.bogofilter
-noblacklist ${HOME}/.cache/mutt
+noblacklist ${HOME}/.config/mutt
 noblacklist ${HOME}/.config/nano
 noblacklist ${HOME}/.elinks
 noblacklist ${HOME}/.emacs
 noblacklist ${HOME}/.emacs.d
 noblacklist ${HOME}/.gnupg
 noblacklist ${HOME}/.mail
+noblacklist ${HOME}/.mailcap
 noblacklist ${HOME}/.msmtprc
 noblacklist ${HOME}/.mutt
 noblacklist ${HOME}/.muttrc
@@ -34,14 +36,77 @@ noblacklist ${HOME}/sent
 blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}/wayland-*
+include allow-perl.inc
+include allow-python.inc
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-xdg.inc
+mkfile ${HOME}/.elinks
+mkfile ${HOME}/.emacs
+mkfile ${HOME}/.mailcap
+mkfile ${HOME}/.msmtprc
+mkfile ${HOME}/.muttrc
+mkfile ${HOME}/.nanorc
+mkfile ${HOME}/.signature
+mkfile ${HOME}/.vimrc
+mkfile ${HOME}/.viminfo
+mkfile ${HOME}/.vimrc
+mkfile ${HOME}/.w3m
+mkdir ${HOME}/.Mail
+mkdir ${HOME}/.bogofilter
+mkdir ${HOME}/.config/mutt
+mkdir ${HOME}/.config/nano
+mkdir ${HOME}/.emacs.d
+mkdir ${HOME}/.gnupg
+mkdir ${HOME}/.mail
+mkdir ${HOME}/.mutt
+mkdir ${HOME}/.vim
+mkdir ${HOME}/Mail
+mkdir ${HOME}/mail
+mkdir ${HOME}/postponed
+mkdir ${HOME}/sent
+whitelist ${HOME}/.Mail
+whitelist ${HOME}/.bogofilter
+whitelist ${HOME}/.config/mutt
+whitelist ${HOME}/.config/nano
+whitelist ${HOME}/.elinks
+whitelist ${HOME}/.emacs
+whitelist ${HOME}/.emacs.d
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.mail
+whitelist ${HOME}/.mailcap
+whitelist ${HOME}/.msmtprc
+whitelist ${HOME}/.mutt
+whitelist ${HOME}/.muttrc
+whitelist ${HOME}/.nanorc
+whitelist ${HOME}/.signature
+whitelist ${HOME}/.vim
+whitelist ${HOME}/.viminfo
+whitelist ${HOME}/.vimrc
+whitelist ${HOME}/.w3m
+whitelist ${HOME}/Mail
+whitelist ${HOME}/mail
+whitelist ${HOME}/postponed
+whitelist ${HOME}/sent
+whitelist ${DOCUMENTS}
+whitelist ${DOWNLOADS}
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
+whitelist /usr/share/mutt
+whitelist /var/mail
+whitelist /var/spool/mail
+include whitelist-common.inc
 include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
 caps.drop all
 netfilter
 no3d
@@ -56,7 +121,15 @@ novideo
 protocol unix,inet,inet6
 seccomp
 shell none
+tracelog
+# disable-mnt
+private-cache
 private-dev
+private-etc alternatives,ca-certificates,crypto-policies,fonts,gai.conf,gcrypt,gnupg,gnutls,hostname,hosts,hosts.conf,mail,mailname,Mutt,Muttrc,Muttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,terminfo,xdg
+private-tmp
 writable-run-user
 writable-var
+dbus-user none
+dbus-system none
author	bbhtt <62639087+bbhtt@users.noreply.github.com>	2020-12-28 13:10:15 +0000
committer	bbhtt <62639087+bbhtt@users.noreply.github.com>	2020-12-28 13:10:15 +0000
commit	a8a8e33bc17263db763cd7bd803314f8d5dbd2c5 (patch)
tree	e6941abe0856b28a6f1b68c58ae88e8b4e68330a /etc/profile-m-z/mutt.profile
parent	shell autoselection fixup (diff)
download	firejail-a8a8e33bc17263db763cd7bd803314f8d5dbd2c5.tar.gz firejail-a8a8e33bc17263db763cd7bd803314f8d5dbd2c5.tar.zst firejail-a8a8e33bc17263db763cd7bd803314f8d5dbd2c5.zip

diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index 1ce12f54f..87e7c7f06 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile
@@ -1,5 +1,6 @@
1	# Firejail profile for mutt	1	# Firejail profile for mutt
2	# Description: Text-based mailreader supporting MIME, GPG, PGP and threading	2	# Description: Text-based mailreader supporting MIME, GPG, PGP and threading
		3	quiet
3	# This file is overwritten after every install/update	4	# This file is overwritten after every install/update
4	# Persistent local customizations	5	# Persistent local customizations
5	include mutt.local	6	include mutt.local
@@ -10,13 +11,14 @@ noblacklist /var/mail
10	noblacklist /var/spool/mail	11	noblacklist /var/spool/mail
11	noblacklist ${HOME}/.Mail	12	noblacklist ${HOME}/.Mail
12	noblacklist ${HOME}/.bogofilter	13	noblacklist ${HOME}/.bogofilter
13	noblacklist ${HOME}/.cache/mutt	14	noblacklist ${HOME}/.config/mutt
14	noblacklist ${HOME}/.config/nano	15	noblacklist ${HOME}/.config/nano
15	noblacklist ${HOME}/.elinks	16	noblacklist ${HOME}/.elinks
16	noblacklist ${HOME}/.emacs	17	noblacklist ${HOME}/.emacs
17	noblacklist ${HOME}/.emacs.d	18	noblacklist ${HOME}/.emacs.d
18	noblacklist ${HOME}/.gnupg	19	noblacklist ${HOME}/.gnupg
19	noblacklist ${HOME}/.mail	20	noblacklist ${HOME}/.mail
		21	noblacklist ${HOME}/.mailcap
20	noblacklist ${HOME}/.msmtprc	22	noblacklist ${HOME}/.msmtprc
21	noblacklist ${HOME}/.mutt	23	noblacklist ${HOME}/.mutt
22	noblacklist ${HOME}/.muttrc	24	noblacklist ${HOME}/.muttrc
@@ -34,14 +36,77 @@ noblacklist ${HOME}/sent
34	blacklist /tmp/.X11-unix	36	blacklist /tmp/.X11-unix
35	blacklist ${RUNUSER}/wayland-*	37	blacklist ${RUNUSER}/wayland-*
36		38
		39	include allow-perl.inc
		40	include allow-python.inc
		41
37	include disable-common.inc	42	include disable-common.inc
38	include disable-devel.inc	43	include disable-devel.inc
		44	include disable-exec.inc
39	include disable-interpreters.inc	45	include disable-interpreters.inc
40	include disable-passwdmgr.inc	46	include disable-passwdmgr.inc
41	include disable-programs.inc	47	include disable-programs.inc
		48	include disable-xdg.inc
42		49
		50	mkfile ${HOME}/.elinks
		51	mkfile ${HOME}/.emacs
		52	mkfile ${HOME}/.mailcap
		53	mkfile ${HOME}/.msmtprc
		54	mkfile ${HOME}/.muttrc
		55	mkfile ${HOME}/.nanorc
		56	mkfile ${HOME}/.signature
		57	mkfile ${HOME}/.vimrc
		58	mkfile ${HOME}/.viminfo
		59	mkfile ${HOME}/.vimrc
		60	mkfile ${HOME}/.w3m
		61	mkdir ${HOME}/.Mail
		62	mkdir ${HOME}/.bogofilter
		63	mkdir ${HOME}/.config/mutt
		64	mkdir ${HOME}/.config/nano
		65	mkdir ${HOME}/.emacs.d
		66	mkdir ${HOME}/.gnupg
		67	mkdir ${HOME}/.mail
		68	mkdir ${HOME}/.mutt
		69	mkdir ${HOME}/.vim
		70	mkdir ${HOME}/Mail
		71	mkdir ${HOME}/mail
		72	mkdir ${HOME}/postponed
		73	mkdir ${HOME}/sent
		74	whitelist ${HOME}/.Mail
		75	whitelist ${HOME}/.bogofilter
		76	whitelist ${HOME}/.config/mutt
		77	whitelist ${HOME}/.config/nano
		78	whitelist ${HOME}/.elinks
		79	whitelist ${HOME}/.emacs
		80	whitelist ${HOME}/.emacs.d
		81	whitelist ${HOME}/.gnupg
		82	whitelist ${HOME}/.mail
		83	whitelist ${HOME}/.mailcap
		84	whitelist ${HOME}/.msmtprc
		85	whitelist ${HOME}/.mutt
		86	whitelist ${HOME}/.muttrc
		87	whitelist ${HOME}/.nanorc
		88	whitelist ${HOME}/.signature
		89	whitelist ${HOME}/.vim
		90	whitelist ${HOME}/.viminfo
		91	whitelist ${HOME}/.vimrc
		92	whitelist ${HOME}/.w3m
		93	whitelist ${HOME}/Mail
		94	whitelist ${HOME}/mail
		95	whitelist ${HOME}/postponed
		96	whitelist ${HOME}/sent
		97	whitelist ${DOCUMENTS}
		98	whitelist ${DOWNLOADS}
		99	whitelist /usr/share/gnupg
		100	whitelist /usr/share/gnupg2
		101	whitelist /usr/share/mutt
		102	whitelist /var/mail
		103	whitelist /var/spool/mail
		104	include whitelist-common.inc
43	include whitelist-runuser-common.inc	105	include whitelist-runuser-common.inc
		106	include whitelist-usr-share-common.inc
		107	include whitelist-var-common.inc
44		108
		109	apparmor
45	caps.drop all	110	caps.drop all
46	netfilter	111	netfilter
47	no3d	112	no3d
@@ -56,7 +121,15 @@ novideo
56	protocol unix,inet,inet6	121	protocol unix,inet,inet6
57	seccomp	122	seccomp
58	shell none	123	shell none
		124	tracelog
59		125
		126	# disable-mnt
		127	private-cache
60	private-dev	128	private-dev
		129	private-etc alternatives,ca-certificates,crypto-policies,fonts,gai.conf,gcrypt,gnupg,gnutls,hostname,hosts,hosts.conf,mail,mailname,Mutt,Muttrc,Muttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,terminfo,xdg
		130	private-tmp
61	writable-run-user	131	writable-run-user
62	writable-var	132	writable-var
		133
		134	dbus-user none
		135	dbus-system none