diff options
author | netblue30 <netblue30@protonmail.com> | 2021-02-09 08:37:40 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-02-09 08:37:40 -0500 |
commit | 0b818f13fd4c14e5cf6dff24e8b5078f650f374d (patch) | |
tree | 7ec845b22d07edd925e2b98bb03c10f48b1be3bb /etc/profile-m-z | |
parent | Merge pull request #3322 from topimiettinen/filter-environment-variables (diff) | |
parent | Some minor changes (diff) | |
download | firejail-0b818f13fd4c14e5cf6dff24e8b5078f650f374d.tar.gz firejail-0b818f13fd4c14e5cf6dff24e8b5078f650f374d.tar.zst firejail-0b818f13fd4c14e5cf6dff24e8b5078f650f374d.zip |
Merge pull request #3849 from bbhtt/email
Email part (2)
Diffstat (limited to 'etc/profile-m-z')
-rw-r--r-- | etc/profile-m-z/mutt.profile | 88 | ||||
-rw-r--r-- | etc/profile-m-z/neomutt.profile | 152 | ||||
-rw-r--r-- | etc/profile-m-z/sylpheed.profile | 9 |
3 files changed, 249 insertions, 0 deletions
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index 1ce12f54f..24782c033 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile | |||
@@ -1,6 +1,7 @@ | |||
1 | # Firejail profile for mutt | 1 | # Firejail profile for mutt |
2 | # Description: Text-based mailreader supporting MIME, GPG, PGP and threading | 2 | # Description: Text-based mailreader supporting MIME, GPG, PGP and threading |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | ||
4 | # Persistent local customizations | 5 | # Persistent local customizations |
5 | include mutt.local | 6 | include mutt.local |
6 | # Persistent global definitions | 7 | # Persistent global definitions |
@@ -8,15 +9,18 @@ include globals.local | |||
8 | 9 | ||
9 | noblacklist /var/mail | 10 | noblacklist /var/mail |
10 | noblacklist /var/spool/mail | 11 | noblacklist /var/spool/mail |
12 | noblacklist ${DOCUMENTS} | ||
11 | noblacklist ${HOME}/.Mail | 13 | noblacklist ${HOME}/.Mail |
12 | noblacklist ${HOME}/.bogofilter | 14 | noblacklist ${HOME}/.bogofilter |
13 | noblacklist ${HOME}/.cache/mutt | 15 | noblacklist ${HOME}/.cache/mutt |
16 | noblacklist ${HOME}/.config/mutt | ||
14 | noblacklist ${HOME}/.config/nano | 17 | noblacklist ${HOME}/.config/nano |
15 | noblacklist ${HOME}/.elinks | 18 | noblacklist ${HOME}/.elinks |
16 | noblacklist ${HOME}/.emacs | 19 | noblacklist ${HOME}/.emacs |
17 | noblacklist ${HOME}/.emacs.d | 20 | noblacklist ${HOME}/.emacs.d |
18 | noblacklist ${HOME}/.gnupg | 21 | noblacklist ${HOME}/.gnupg |
19 | noblacklist ${HOME}/.mail | 22 | noblacklist ${HOME}/.mail |
23 | noblacklist ${HOME}/.mailcap | ||
20 | noblacklist ${HOME}/.msmtprc | 24 | noblacklist ${HOME}/.msmtprc |
21 | noblacklist ${HOME}/.mutt | 25 | noblacklist ${HOME}/.mutt |
22 | noblacklist ${HOME}/.muttrc | 26 | noblacklist ${HOME}/.muttrc |
@@ -34,15 +38,84 @@ noblacklist ${HOME}/sent | |||
34 | blacklist /tmp/.X11-unix | 38 | blacklist /tmp/.X11-unix |
35 | blacklist ${RUNUSER}/wayland-* | 39 | blacklist ${RUNUSER}/wayland-* |
36 | 40 | ||
41 | # Uncomment or put them in mutt.local for oauth.py,S/MIME | ||
42 | |||
43 | #include allow-perl.inc | ||
44 | #include allow-python2.inc | ||
45 | #include allow-python3.inc | ||
46 | |||
37 | include disable-common.inc | 47 | include disable-common.inc |
38 | include disable-devel.inc | 48 | include disable-devel.inc |
49 | include disable-exec.inc | ||
39 | include disable-interpreters.inc | 50 | include disable-interpreters.inc |
40 | include disable-passwdmgr.inc | 51 | include disable-passwdmgr.inc |
41 | include disable-programs.inc | 52 | include disable-programs.inc |
53 | include disable-xdg.inc | ||
42 | 54 | ||
55 | mkdir ${HOME}/.Mail | ||
56 | mkdir ${HOME}/.bogofilter | ||
57 | mkdir ${HOME}/.cache/mutt | ||
58 | mkdir ${HOME}/.config/mutt | ||
59 | mkdir ${HOME}/.config/nano | ||
60 | mkdir ${HOME}/.elinks | ||
61 | mkdir ${HOME}/.emacs.d | ||
62 | mkdir ${HOME}/.gnupg | ||
63 | mkdir ${HOME}/.mail | ||
64 | mkdir ${HOME}/.mutt | ||
65 | mkdir ${HOME}/.vim | ||
66 | mkdir ${HOME}/.w3m | ||
67 | mkdir ${HOME}/Mail | ||
68 | mkdir ${HOME}/mail | ||
69 | mkdir ${HOME}/postponed | ||
70 | mkdir ${HOME}/sent | ||
71 | mkfile ${HOME}/.emacs | ||
72 | mkfile ${HOME}/.mailcap | ||
73 | mkfile ${HOME}/.msmtprc | ||
74 | mkfile ${HOME}/.muttrc | ||
75 | mkfile ${HOME}/.nanorc | ||
76 | mkfile ${HOME}/.signature | ||
77 | mkfile ${HOME}/.viminfo | ||
78 | mkfile ${HOME}/.vimrc | ||
79 | whitelist ${DOCUMENTS} | ||
80 | whitelist ${DOWNLOADS} | ||
81 | whitelist ${HOME}/.Mail | ||
82 | whitelist ${HOME}/.bogofilter | ||
83 | whitelist ${HOME}/.cache/mutt | ||
84 | whitelist ${HOME}/.config/mutt | ||
85 | whitelist ${HOME}/.config/nano | ||
86 | whitelist ${HOME}/.elinks | ||
87 | whitelist ${HOME}/.emacs | ||
88 | whitelist ${HOME}/.emacs.d | ||
89 | whitelist ${HOME}/.gnupg | ||
90 | whitelist ${HOME}/.mail | ||
91 | whitelist ${HOME}/.mailcap | ||
92 | whitelist ${HOME}/.msmtprc | ||
93 | whitelist ${HOME}/.mutt | ||
94 | whitelist ${HOME}/.muttrc | ||
95 | whitelist ${HOME}/.nanorc | ||
96 | whitelist ${HOME}/.signature | ||
97 | whitelist ${HOME}/.vim | ||
98 | whitelist ${HOME}/.viminfo | ||
99 | whitelist ${HOME}/.vimrc | ||
100 | whitelist ${HOME}/.w3m | ||
101 | whitelist ${HOME}/Mail | ||
102 | whitelist ${HOME}/mail | ||
103 | whitelist ${HOME}/postponed | ||
104 | whitelist ${HOME}/sent | ||
105 | whitelist /usr/share/gnupg | ||
106 | whitelist /usr/share/gnupg2 | ||
107 | whitelist /usr/share/mutt | ||
108 | whitelist /var/mail | ||
109 | whitelist /var/spool/mail | ||
110 | include whitelist-common.inc | ||
43 | include whitelist-runuser-common.inc | 111 | include whitelist-runuser-common.inc |
112 | include whitelist-usr-share-common.inc | ||
113 | include whitelist-var-common.inc | ||
44 | 114 | ||
115 | apparmor | ||
45 | caps.drop all | 116 | caps.drop all |
117 | ipc-namespace | ||
118 | machine-id | ||
46 | netfilter | 119 | netfilter |
47 | no3d | 120 | no3d |
48 | nodvd | 121 | nodvd |
@@ -55,8 +128,23 @@ nou2f | |||
55 | novideo | 128 | novideo |
56 | protocol unix,inet,inet6 | 129 | protocol unix,inet,inet6 |
57 | seccomp | 130 | seccomp |
131 | seccomp.block-secondary | ||
58 | shell none | 132 | shell none |
133 | tracelog | ||
59 | 134 | ||
135 | # disable-mnt | ||
136 | private-cache | ||
60 | private-dev | 137 | private-dev |
138 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gai.conf,gcrypt,gnupg,gnutls,hostname,hosts,hosts.conf,mail,mailname,Mutt,Muttrc,Muttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,terminfo,xdg | ||
139 | private-tmp | ||
61 | writable-run-user | 140 | writable-run-user |
62 | writable-var | 141 | writable-var |
142 | |||
143 | dbus-user none | ||
144 | dbus-system none | ||
145 | |||
146 | memory-deny-write-execute | ||
147 | read-only ${HOME}/.elinks | ||
148 | read-only ${HOME}/.nanorc | ||
149 | read-only ${HOME}/.signature | ||
150 | read-only ${HOME}/.w3m | ||
diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile new file mode 100644 index 000000000..26865b90a --- /dev/null +++ b/etc/profile-m-z/neomutt.profile | |||
@@ -0,0 +1,152 @@ | |||
1 | # Firejail profile for neomutt | ||
2 | # Description: Mutt fork with advanced features and better documentation | ||
3 | # This file is overwritten after every install/update | ||
4 | quiet | ||
5 | # Persistent local customizations | ||
6 | include neomutt.local | ||
7 | # Persistent global definitions | ||
8 | include globals.local | ||
9 | |||
10 | noblacklist ${DOCUMENTS} | ||
11 | noblacklist ${HOME}/.Mail | ||
12 | noblacklist ${HOME}/.bogofilter | ||
13 | noblacklist ${HOME}/.config/mutt | ||
14 | noblacklist ${HOME}/.config/nano | ||
15 | noblacklist ${HOME}/.config/neomutt | ||
16 | noblacklist ${HOME}/.elinks | ||
17 | noblacklist ${HOME}/.emacs | ||
18 | noblacklist ${HOME}/.emacs.d | ||
19 | noblacklist ${HOME}/.gnupg | ||
20 | noblacklist ${HOME}/.mail | ||
21 | noblacklist ${HOME}/.mailcap | ||
22 | noblacklist ${HOME}/.msmtprc | ||
23 | noblacklist ${HOME}/.mutt | ||
24 | noblacklist ${HOME}/.muttrc | ||
25 | noblacklist ${HOME}/.nanorc | ||
26 | noblacklist ${HOME}/.neomutt | ||
27 | noblacklist ${HOME}/.neomuttrc | ||
28 | noblacklist ${HOME}/.signature | ||
29 | noblacklist ${HOME}/.vim | ||
30 | noblacklist ${HOME}/.viminfo | ||
31 | noblacklist ${HOME}/.vimrc | ||
32 | noblacklist ${HOME}/.w3m | ||
33 | noblacklist ${HOME}/Mail | ||
34 | noblacklist ${HOME}/mail | ||
35 | noblacklist ${HOME}/postponed | ||
36 | noblacklist ${HOME}/sent | ||
37 | noblacklist /var/mail | ||
38 | noblacklist /var/spool/mail | ||
39 | |||
40 | blacklist /tmp/.X11-unix | ||
41 | blacklist ${RUNUSER}/wayland-* | ||
42 | |||
43 | include allow-lua.inc | ||
44 | |||
45 | include disable-common.inc | ||
46 | include disable-devel.inc | ||
47 | include disable-exec.inc | ||
48 | include disable-interpreters.inc | ||
49 | include disable-passwdmgr.inc | ||
50 | include disable-programs.inc | ||
51 | include disable-xdg.inc | ||
52 | |||
53 | mkdir ${HOME}/.Mail | ||
54 | mkdir ${HOME}/.bogofilter | ||
55 | mkdir ${HOME}/.config/mutt | ||
56 | mkdir ${HOME}/.config/nano | ||
57 | mkdir ${HOME}/.config/neomutt | ||
58 | mkdir ${HOME}/.elinks | ||
59 | mkdir ${HOME}/.emacs.d | ||
60 | mkdir ${HOME}/.gnupg | ||
61 | mkdir ${HOME}/.mail | ||
62 | mkdir ${HOME}/.mutt | ||
63 | mkdir ${HOME}/.neomutt | ||
64 | mkdir ${HOME}/.vim | ||
65 | mkdir ${HOME}/.w3m | ||
66 | mkdir ${HOME}/Mail | ||
67 | mkdir ${HOME}/mail | ||
68 | mkdir ${HOME}/postponed | ||
69 | mkdir ${HOME}/sent | ||
70 | mkfile ${HOME}/.emacs | ||
71 | mkfile ${HOME}/.mailcap | ||
72 | mkfile ${HOME}/.msmtprc | ||
73 | mkfile ${HOME}/.muttrc | ||
74 | mkfile ${HOME}/.nanorc | ||
75 | mkfile ${HOME}/.neomuttrc | ||
76 | mkfile ${HOME}/.signature | ||
77 | mkfile ${HOME}/.viminfo | ||
78 | mkfile ${HOME}/.vimrc | ||
79 | whitelist ${DOCUMENTS} | ||
80 | whitelist ${DOWNLOADS} | ||
81 | whitelist ${HOME}/.Mail | ||
82 | whitelist ${HOME}/.bogofilter | ||
83 | whitelist ${HOME}/.config/mutt | ||
84 | whitelist ${HOME}/.config/nano | ||
85 | whitelist ${HOME}/.config/neomutt | ||
86 | whitelist ${HOME}/.elinks | ||
87 | whitelist ${HOME}/.emacs | ||
88 | whitelist ${HOME}/.emacs.d | ||
89 | whitelist ${HOME}/.gnupg | ||
90 | whitelist ${HOME}/.mail | ||
91 | whitelist ${HOME}/.mailcap | ||
92 | whitelist ${HOME}/.msmtprc | ||
93 | whitelist ${HOME}/.mutt | ||
94 | whitelist ${HOME}/.muttrc | ||
95 | whitelist ${HOME}/.nanorc | ||
96 | whitelist ${HOME}/.neomutt | ||
97 | whitelist ${HOME}/.neomuttrc | ||
98 | whitelist ${HOME}/.signature | ||
99 | whitelist ${HOME}/.vim | ||
100 | whitelist ${HOME}/.viminfo | ||
101 | whitelist ${HOME}/.vimrc | ||
102 | whitelist ${HOME}/.w3m | ||
103 | whitelist ${HOME}/Mail | ||
104 | whitelist ${HOME}/mail | ||
105 | whitelist ${HOME}/postponed | ||
106 | whitelist ${HOME}/sent | ||
107 | whitelist /usr/share/gnupg | ||
108 | whitelist /usr/share/gnupg2 | ||
109 | whitelist /usr/share/neomutt | ||
110 | whitelist /var/mail | ||
111 | whitelist /var/spool/mail | ||
112 | include whitelist-common.inc | ||
113 | include whitelist-runuser-common.inc | ||
114 | include whitelist-usr-share-common.inc | ||
115 | include whitelist-var-common.inc | ||
116 | |||
117 | apparmor | ||
118 | caps.drop all | ||
119 | ipc-namespace | ||
120 | machine-id | ||
121 | netfilter | ||
122 | no3d | ||
123 | nodvd | ||
124 | nogroups | ||
125 | nonewprivs | ||
126 | noroot | ||
127 | nosound | ||
128 | notv | ||
129 | nou2f | ||
130 | novideo | ||
131 | protocol unix,inet,inet6 | ||
132 | seccomp | ||
133 | seccomp.block-secondary | ||
134 | shell none | ||
135 | tracelog | ||
136 | |||
137 | # disable-mnt | ||
138 | private-cache | ||
139 | private-dev | ||
140 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gnupg,hostname,hosts,hosts.conf,mail,mailname,Mutt,Muttrc,Muttrc.d,neomuttrc,neomuttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,xdg | ||
141 | private-tmp | ||
142 | writable-run-user | ||
143 | writable-var | ||
144 | |||
145 | dbus-user none | ||
146 | dbus-system none | ||
147 | |||
148 | memory-deny-write-execute | ||
149 | read-only ${HOME}/.elinks | ||
150 | read-only ${HOME}/.nanorc | ||
151 | read-only ${HOME}/.signature | ||
152 | read-only ${HOME}/.w3m | ||
diff --git a/etc/profile-m-z/sylpheed.profile b/etc/profile-m-z/sylpheed.profile index 4344fe73a..50506d100 100644 --- a/etc/profile-m-z/sylpheed.profile +++ b/etc/profile-m-z/sylpheed.profile | |||
@@ -13,5 +13,14 @@ whitelist ${HOME}/.sylpheed-2.0 | |||
13 | 13 | ||
14 | whitelist /usr/share/sylpheed | 14 | whitelist /usr/share/sylpheed |
15 | 15 | ||
16 | # private-bin curl,gpg,gpg2,gpg-agent,gpgsm,pinentry,pinentry-gtk-2,sylpheed | ||
17 | |||
18 | dbus-user filter | ||
19 | dbus-user.talk ca.desrt.dconf | ||
20 | dbus-user.talk org.freedesktop.secrets | ||
21 | dbus-user.talk org.gnome.keyring.SystemPrompter | ||
22 | # Uncomment below for notifications (or put them in your sylpheed.local) | ||
23 | # dbus-user.talk org.freedesktop.Notifications | ||
24 | |||
16 | # Redirect | 25 | # Redirect |
17 | include email-common.profile | 26 | include email-common.profile |