diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2023-07-31 11:22:31 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-07-31 11:22:31 +0000 |
commit | a7d92e1d8b541bffc2e2ceda4a070bc7cb4267e5 (patch) | |
tree | f84715713e9ea56dfc0707cb52c390cd13cde9a5 /etc/profile-m-z/thunderbird.profile | |
parent | build(deps): bump github/codeql-action from 2.21.0 to 2.21.2 (diff) | |
download | firejail-a7d92e1d8b541bffc2e2ceda4a070bc7cb4267e5.tar.gz firejail-a7d92e1d8b541bffc2e2ceda4a070bc7cb4267e5.tar.zst firejail-a7d92e1d8b541bffc2e2ceda4a070bc7cb4267e5.zip |
thunderbird: D-Bus hardening (#5913)
Diffstat (limited to 'etc/profile-m-z/thunderbird.profile')
-rw-r--r-- | etc/profile-m-z/thunderbird.profile | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/etc/profile-m-z/thunderbird.profile b/etc/profile-m-z/thunderbird.profile index f2405a7d3..17e2f0856 100644 --- a/etc/profile-m-z/thunderbird.profile +++ b/etc/profile-m-z/thunderbird.profile | |||
@@ -8,9 +8,17 @@ include globals.local | |||
8 | 8 | ||
9 | ignore include whitelist-runuser-common.inc | 9 | ignore include whitelist-runuser-common.inc |
10 | 10 | ||
11 | # writable-run-user and dbus are needed by enigmail | 11 | # TB stopped supporting enigmail in 2020 (v78) - let's harden D-Bus |
12 | # https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq | ||
12 | ignore dbus-user none | 13 | ignore dbus-user none |
13 | ignore dbus-system none | 14 | dbus-user filter |
15 | dbus-user.own org.mozilla.thunderbird.* | ||
16 | dbus-user.talk ca.desrt.dconf | ||
17 | dbus-user.talk org.freedesktop.Notifications | ||
18 | # allow D-Bus communication with firefox for opening links | ||
19 | dbus-user.talk org.mozilla.* | ||
20 | # e2ee email needs writable-run-user | ||
21 | # https://support.mozilla.org/en-US/kb/introduction-to-e2e-encryption | ||
14 | writable-run-user | 22 | writable-run-user |
15 | 23 | ||
16 | # If you want to read local mail stored in /var/mail edit /etc/apparmor.d/firejail-default accordingly | 24 | # If you want to read local mail stored in /var/mail edit /etc/apparmor.d/firejail-default accordingly |