diff options
| author |  Kelvin M. Klann <kmk3.code@protonmail.com> | 2024-09-13 08:50:32 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2024-09-13 08:50:32 +0000 |
| commit | 1c059149c3cbab2b679065dcc96ea261634b4360 (patch) | |
| tree | c1b04a151885947d6dd6246f7c069c99f64a0ed5 /etc | |
| parent | profiles: video: add ~/.dvdcss (#6468) (diff) | |
| download | firejail-1c059149c3cbab2b679065dcc96ea261634b4360.tar.gz firejail-1c059149c3cbab2b679065dcc96ea261634b4360.tar.zst firejail-1c059149c3cbab2b679065dcc96ea261634b4360.zip | |
profiles: evolution: add /tmp/evolution-* & disable private-tmp (#6469)
These paths are apparently used for attachments.
Disable private-tmp to make it easier to open attachments with external
programs.
Relates to #5101.
Reported-by: @githlp
Suggested-by: @rusty-snake
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/disable-programs.inc | 1 | ||||
| -rw-r--r-- | etc/profile-a-l/evolution.profile | 3 |
2 files changed, 3 insertions, 1 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index a233eaca1..371680b7b 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
| @@ -1262,6 +1262,7 @@ blacklist ${RUNUSER}/qutebrowser | |||
| 1262 | blacklist /etc/ssmtp | 1262 | blacklist /etc/ssmtp |
| 1263 | blacklist /tmp/.wine-* | 1263 | blacklist /tmp/.wine-* |
| 1264 | blacklist /tmp/akonadi-* | 1264 | blacklist /tmp/akonadi-* |
| 1265 | blacklist /tmp/evolution-* | ||
| 1265 | blacklist /tmp/i3-* | 1266 | blacklist /tmp/i3-* |
| 1266 | blacklist /tmp/lwjgl_* | 1267 | blacklist /tmp/lwjgl_* |
| 1267 | blacklist /var/games/nethack | 1268 | blacklist /var/games/nethack |
diff --git a/etc/profile-a-l/evolution.profile b/etc/profile-a-l/evolution.profile index 517bb6206..e703938eb 100644 --- a/etc/profile-a-l/evolution.profile +++ b/etc/profile-a-l/evolution.profile | |||
| @@ -6,6 +6,7 @@ include evolution.local | |||
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist /tmp/evolution-* | ||
| 9 | noblacklist /var/mail | 10 | noblacklist /var/mail |
| 10 | noblacklist /var/spool/mail | 11 | noblacklist /var/spool/mail |
| 11 | noblacklist ${HOME}/.bogofilter | 12 | noblacklist ${HOME}/.bogofilter |
| @@ -41,7 +42,7 @@ protocol unix,inet,inet6 | |||
| 41 | seccomp | 42 | seccomp |
| 42 | 43 | ||
| 43 | private-dev | 44 | private-dev |
| 44 | private-tmp | 45 | #private-tmp |
| 45 | writable-var | 46 | writable-var |
| 46 | 47 | ||
| 47 | restrict-namespaces | 48 | restrict-namespaces |