diff options
author | Your Name <you@example.com> | 2018-03-24 19:59:50 -0400 |
---|---|---|
committer | Your Name <you@example.com> | 2018-03-24 19:59:50 -0400 |
commit | 5ae3e801d91f386ab36dbe8fc3d8b50cd30004db (patch) | |
tree | 2379164b209d33056b4ae0aadfe9fa72ba25e7fc /etc/thunderbird-beta.profile | |
parent | fix akonadi_control, enable it in firecfg for a better default (diff) | |
download | firejail-5ae3e801d91f386ab36dbe8fc3d8b50cd30004db.tar.gz firejail-5ae3e801d91f386ab36dbe8fc3d8b50cd30004db.tar.zst firejail-5ae3e801d91f386ab36dbe8fc3d8b50cd30004db.zip |
fix
Diffstat (limited to 'etc/thunderbird-beta.profile')
-rw-r--r-- | etc/thunderbird-beta.profile | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/etc/thunderbird-beta.profile b/etc/thunderbird-beta.profile new file mode 100644 index 000000000..fb1ee46e2 --- /dev/null +++ b/etc/thunderbird-beta.profile | |||
@@ -0,0 +1,35 @@ | |||
1 | # Firejail profile for thunderbird | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/thunderbird.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | # Users have thunderbird set to open a browser by clicking a link in an email | ||
9 | # We are not allowed to blacklist browser-specific directories | ||
10 | whitelist /opt/thunderbird-beta | ||
11 | noblacklist ${HOME}/.cache/thunderbird | ||
12 | noblacklist ${HOME}/.gnupg | ||
13 | # noblacklist ${HOME}/.icedove | ||
14 | noblacklist ${HOME}/.thunderbird | ||
15 | |||
16 | mkdir ${HOME}/.cache/thunderbird | ||
17 | mkdir ${HOME}/.gnupg | ||
18 | # mkdir ${HOME}/.icedove | ||
19 | mkdir ${HOME}/.thunderbird | ||
20 | whitelist ${HOME}/.cache/thunderbird | ||
21 | whitelist ${HOME}/.gnupg | ||
22 | # whitelist ${HOME}/.icedove | ||
23 | whitelist ${HOME}/.thunderbird | ||
24 | |||
25 | # We need the real /tmp for data exchange when xdg-open handles email attachments on KDE | ||
26 | ignore private-tmp | ||
27 | # machine-id breaks audio in browsers; enable it when sound is not required | ||
28 | # machine-id | ||
29 | read-only ${HOME}/.config/mimeapps.list | ||
30 | # writable-run-user is needed for signing and encrypting emails | ||
31 | writable-run-user | ||
32 | |||
33 | # allow browsers | ||
34 | # Redirect | ||
35 | include /etc/firejail/firefox.profile | ||