diff options
-rw-r--r-- | etc/inc/disable-programs.inc | 3 | ||||
-rw-r--r-- | etc/profile-a-l/claws-mail.profile | 9 | ||||
-rw-r--r-- | etc/profile-a-l/email-common.profile | 25 | ||||
-rw-r--r-- | etc/profile-a-l/geary.profile | 79 | ||||
-rw-r--r-- | etc/profile-m-z/mutt.profile | 88 | ||||
-rw-r--r-- | etc/profile-m-z/neomutt.profile | 152 | ||||
-rw-r--r-- | etc/profile-m-z/sylpheed.profile | 9 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
8 files changed, 344 insertions, 22 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 384bdc1b0..05f82170d 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -324,11 +324,13 @@ blacklist ${HOME}/.config/mpd | |||
324 | blacklist ${HOME}/.config/mps-youtube | 324 | blacklist ${HOME}/.config/mps-youtube |
325 | blacklist ${HOME}/.config/mpv | 325 | blacklist ${HOME}/.config/mpv |
326 | blacklist ${HOME}/.config/mupen64plus | 326 | blacklist ${HOME}/.config/mupen64plus |
327 | blacklist ${HOME}/.config/mutt | ||
327 | blacklist ${HOME}/.config/mutter | 328 | blacklist ${HOME}/.config/mutter |
328 | blacklist ${HOME}/.config/mypaint | 329 | blacklist ${HOME}/.config/mypaint |
329 | blacklist ${HOME}/.config/nano | 330 | blacklist ${HOME}/.config/nano |
330 | blacklist ${HOME}/.config/nautilus | 331 | blacklist ${HOME}/.config/nautilus |
331 | blacklist ${HOME}/.config/nemo | 332 | blacklist ${HOME}/.config/nemo |
333 | blacklist ${HOME}/.config/neomutt | ||
332 | blacklist ${HOME}/.config/netsurf | 334 | blacklist ${HOME}/.config/netsurf |
333 | blacklist ${HOME}/.config/newsbeuter | 335 | blacklist ${HOME}/.config/newsbeuter |
334 | blacklist ${HOME}/.config/newsflash | 336 | blacklist ${HOME}/.config/newsflash |
@@ -918,6 +920,7 @@ blacklist ${HOME}/.cache/evolution | |||
918 | blacklist ${HOME}/.cache/falkon | 920 | blacklist ${HOME}/.cache/falkon |
919 | blacklist ${HOME}/.cache/feedreader | 921 | blacklist ${HOME}/.cache/feedreader |
920 | blacklist ${HOME}/.cache/flaska.net/trojita | 922 | blacklist ${HOME}/.cache/flaska.net/trojita |
923 | blacklist ${HOME}/.cache/folks | ||
921 | blacklist ${HOME}/.cache/font-manager | 924 | blacklist ${HOME}/.cache/font-manager |
922 | blacklist ${HOME}/.cache/fossamail | 925 | blacklist ${HOME}/.cache/fossamail |
923 | blacklist ${HOME}/.cache/fractal | 926 | blacklist ${HOME}/.cache/fractal |
diff --git a/etc/profile-a-l/claws-mail.profile b/etc/profile-a-l/claws-mail.profile index 69196c578..b4a8303a2 100644 --- a/etc/profile-a-l/claws-mail.profile +++ b/etc/profile-a-l/claws-mail.profile | |||
@@ -18,10 +18,13 @@ whitelist ${HOME}/.claws-mail | |||
18 | 18 | ||
19 | whitelist /usr/share/doc/claws-mail | 19 | whitelist /usr/share/doc/claws-mail |
20 | 20 | ||
21 | # private-bin claws-mail,curl,gpg,gpg2,gpg-agent,gpgsm,gpgme-config,pinentry,pinentry-gtk-2 | ||
22 | |||
23 | dbus-user filter | ||
24 | dbus-user.talk ca.desrt.dconf | ||
25 | dbus-user.talk org.gnome.keyring.SystemPrompter | ||
21 | # if you use the notification plugin you need to uncomment the below (or put them in your claws-mail.local) | 26 | # if you use the notification plugin you need to uncomment the below (or put them in your claws-mail.local) |
22 | #ignore dbus-user none | 27 | # dbus-user.talk org.freedesktop.Notifications |
23 | #dbus-user filter | ||
24 | #dbus-user.talk org.freedesktop.Notifications | ||
25 | 28 | ||
26 | # Redirect | 29 | # Redirect |
27 | include email-common.profile | 30 | include email-common.profile |
diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile index df47f478d..6b55c2126 100644 --- a/etc/profile-a-l/email-common.profile +++ b/etc/profile-a-l/email-common.profile | |||
@@ -8,6 +8,7 @@ include email-common.local | |||
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.gnupg | 10 | noblacklist ${HOME}/.gnupg |
11 | noblacklist ${HOME}/.mozilla | ||
11 | noblacklist ${HOME}/.signature | 12 | noblacklist ${HOME}/.signature |
12 | # when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local | 13 | # when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local |
13 | # and 'blacklist' it in your disable-common.local too so it is kept hidden from other applications | 14 | # and 'blacklist' it in your disable-common.local too so it is kept hidden from other applications |
@@ -17,28 +18,34 @@ noblacklist ${DOCUMENTS} | |||
17 | 18 | ||
18 | include disable-common.inc | 19 | include disable-common.inc |
19 | include disable-devel.inc | 20 | include disable-devel.inc |
21 | include disable-exec.inc | ||
20 | include disable-interpreters.inc | 22 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
22 | include disable-programs.inc | 24 | include disable-programs.inc |
23 | include disable-xdg.inc | 25 | include disable-xdg.inc |
24 | 26 | ||
25 | whitelist ${DOCUMENTS} | ||
26 | whitelist ${DOWNLOADS} | ||
27 | mkfile ${HOME}/.config/mimeapps.list | ||
28 | mkdir ${HOME}/.gnupg | 27 | mkdir ${HOME}/.gnupg |
28 | mkfile ${HOME}/.config/mimeapps.list | ||
29 | mkfile ${HOME}/.signature | 29 | mkfile ${HOME}/.signature |
30 | whitelist ${HOME}/.config/mimeapps.list | 30 | whitelist ${HOME}/.config/mimeapps.list |
31 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | ||
31 | whitelist ${HOME}/.gnupg | 32 | whitelist ${HOME}/.gnupg |
32 | whitelist ${HOME}/.signature | 33 | whitelist ${HOME}/.signature |
34 | whitelist ${DOCUMENTS} | ||
35 | whitelist ${DOWNLOADS} | ||
33 | # when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local | 36 | # when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local |
34 | whitelist ${HOME}/Mail | 37 | whitelist ${HOME}/Mail |
38 | whitelist ${RUNUSER}/gnupg | ||
35 | whitelist /usr/share/gnupg | 39 | whitelist /usr/share/gnupg |
36 | whitelist /usr/share/gnupg2 | 40 | whitelist /usr/share/gnupg2 |
37 | include whitelist-common.inc | 41 | include whitelist-common.inc |
42 | include whitelist-runuser-common.inc | ||
38 | include whitelist-usr-share-common.inc | 43 | include whitelist-usr-share-common.inc |
39 | include whitelist-var-common.inc | 44 | include whitelist-var-common.inc |
40 | 45 | ||
46 | apparmor | ||
41 | caps.drop all | 47 | caps.drop all |
48 | machine-id | ||
42 | netfilter | 49 | netfilter |
43 | no3d | 50 | no3d |
44 | nodvd | 51 | nodvd |
@@ -51,22 +58,26 @@ nou2f | |||
51 | novideo | 58 | novideo |
52 | protocol unix,inet,inet6 | 59 | protocol unix,inet,inet6 |
53 | seccomp | 60 | seccomp |
61 | seccomp.block-secondary | ||
54 | shell none | 62 | shell none |
55 | tracelog | 63 | tracelog |
56 | 64 | ||
65 | # disable-mnt | ||
57 | private-cache | 66 | private-cache |
58 | private-dev | 67 | private-dev |
68 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gnupg,groups,gtk-2.0,gtk-3.0,hostname,hosts,hosts.conf,mailname,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssl,xdg | ||
59 | private-tmp | 69 | private-tmp |
60 | |||
61 | dbus-user none | ||
62 | dbus-system none | ||
63 | |||
64 | # encrypting and signing email | 70 | # encrypting and signing email |
65 | writable-run-user | 71 | writable-run-user |
66 | 72 | ||
73 | dbus-system none | ||
74 | |||
67 | # If you want to read local mail stored in /var/mail, add the following to email-common.local: | 75 | # If you want to read local mail stored in /var/mail, add the following to email-common.local: |
68 | #noblacklist /var/mail | 76 | #noblacklist /var/mail |
69 | #noblacklist /var/spool/mail | 77 | #noblacklist /var/spool/mail |
70 | #whitelist /var/mail | 78 | #whitelist /var/mail |
71 | #whitelist /var/spool/mail | 79 | #whitelist /var/spool/mail |
72 | #writable-var | 80 | #writable-var |
81 | |||
82 | read-only ${HOME}/.mozilla/firefox/profiles.ini | ||
83 | read-only ${HOME}/.signature | ||
diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile index f4e5a392f..b11863c6a 100644 --- a/etc/profile-a-l/geary.profile +++ b/etc/profile-a-l/geary.profile | |||
@@ -4,28 +4,83 @@ | |||
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include geary.local | 5 | include geary.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | # added by included profile | 7 | include globals.local |
8 | #include globals.local | ||
9 | |||
10 | # Users have Geary set to open a browser by clicking a link in an email | ||
11 | # We are not allowed to blacklist browser-specific directories | ||
12 | |||
13 | ignore dbus-user filter | ||
14 | ignore dbus-system none | ||
15 | ignore private-tmp | ||
16 | 8 | ||
9 | noblacklist ${HOME}/.cache/evolution | ||
10 | noblacklist ${HOME}/.cache/folks | ||
17 | noblacklist ${HOME}/.cache/geary | 11 | noblacklist ${HOME}/.cache/geary |
12 | noblacklist ${HOME}/.config/evolution | ||
18 | noblacklist ${HOME}/.config/geary | 13 | noblacklist ${HOME}/.config/geary |
14 | noblacklist ${HOME}/.local/share/evolution | ||
19 | noblacklist ${HOME}/.local/share/geary | 15 | noblacklist ${HOME}/.local/share/geary |
16 | noblacklist ${HOME}/.mozilla | ||
17 | |||
18 | include disable-common.inc | ||
19 | include disable-devel.inc | ||
20 | include disable-exec.inc | ||
21 | include disable-interpreters.inc | ||
22 | include disable-passwdmgr.inc | ||
23 | include disable-programs.inc | ||
24 | include disable-shell.inc | ||
25 | include disable-xdg.inc | ||
20 | 26 | ||
27 | mkdir ${HOME}/.cache/evolution | ||
28 | mkdir ${HOME}/.cache/folks | ||
21 | mkdir ${HOME}/.cache/geary | 29 | mkdir ${HOME}/.cache/geary |
30 | mkdir ${HOME}/.config/evolution | ||
22 | mkdir ${HOME}/.config/geary | 31 | mkdir ${HOME}/.config/geary |
32 | mkdir ${HOME}/.local/share/evolution | ||
23 | mkdir ${HOME}/.local/share/geary | 33 | mkdir ${HOME}/.local/share/geary |
34 | whitelist ${DOWNLOADS} | ||
35 | whitelist ${HOME}/.cache/evolution | ||
36 | whitelist ${HOME}/.cache/folks | ||
24 | whitelist ${HOME}/.cache/geary | 37 | whitelist ${HOME}/.cache/geary |
38 | whitelist ${HOME}/.config/evolution | ||
25 | whitelist ${HOME}/.config/geary | 39 | whitelist ${HOME}/.config/geary |
40 | whitelist ${HOME}/.local/share/evolution | ||
26 | whitelist ${HOME}/.local/share/geary | 41 | whitelist ${HOME}/.local/share/geary |
42 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | ||
27 | whitelist /usr/share/geary | 43 | whitelist /usr/share/geary |
44 | include whitelist-common.inc | ||
45 | include whitelist-runuser-common.inc | ||
46 | include whitelist-usr-share-common.inc | ||
47 | include whitelist-var-common.inc | ||
48 | |||
49 | apparmor | ||
50 | caps.drop all | ||
51 | machine-id | ||
52 | netfilter | ||
53 | no3d | ||
54 | nodvd | ||
55 | nogroups | ||
56 | nonewprivs | ||
57 | noroot | ||
58 | nosound | ||
59 | notv | ||
60 | nou2f | ||
61 | novideo | ||
62 | protocol unix,inet,inet6 | ||
63 | seccomp | ||
64 | seccomp.block-secondary | ||
65 | shell none | ||
66 | tracelog | ||
67 | |||
68 | # disable-mnt | ||
69 | # Add 'ignore private-bin' to geary.local for hyperlink support | ||
70 | private-bin geary | ||
71 | private-cache | ||
72 | private-dev | ||
73 | private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,pki,resolv.conf,ssl,xdg | ||
74 | private-tmp | ||
75 | |||
76 | dbus-user filter | ||
77 | dbus-user.own org.gnome.Geary | ||
78 | dbus-user.talk ca.desrt.dconf | ||
79 | dbus-user.talk org.freedesktop.secrets | ||
80 | dbus-user.talk org.gnome.Contacts | ||
81 | dbus-user.talk org.gnome.OnlineAccounts | ||
82 | dbus-user.talk org.gnome.evolution.dataserver.AddressBook10 | ||
83 | dbus-user.talk org.gnome.evolution.dataserver.Sources5 | ||
84 | dbus-system none | ||
28 | 85 | ||
29 | # allow Mozilla browsers | 86 | read-only ${HOME}/.mozilla/firefox/profiles.ini |
30 | # Redirect | ||
31 | include firefox.profile | ||
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index 1ce12f54f..24782c033 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile | |||
@@ -1,6 +1,7 @@ | |||
1 | # Firejail profile for mutt | 1 | # Firejail profile for mutt |
2 | # Description: Text-based mailreader supporting MIME, GPG, PGP and threading | 2 | # Description: Text-based mailreader supporting MIME, GPG, PGP and threading |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | ||
4 | # Persistent local customizations | 5 | # Persistent local customizations |
5 | include mutt.local | 6 | include mutt.local |
6 | # Persistent global definitions | 7 | # Persistent global definitions |
@@ -8,15 +9,18 @@ include globals.local | |||
8 | 9 | ||
9 | noblacklist /var/mail | 10 | noblacklist /var/mail |
10 | noblacklist /var/spool/mail | 11 | noblacklist /var/spool/mail |
12 | noblacklist ${DOCUMENTS} | ||
11 | noblacklist ${HOME}/.Mail | 13 | noblacklist ${HOME}/.Mail |
12 | noblacklist ${HOME}/.bogofilter | 14 | noblacklist ${HOME}/.bogofilter |
13 | noblacklist ${HOME}/.cache/mutt | 15 | noblacklist ${HOME}/.cache/mutt |
16 | noblacklist ${HOME}/.config/mutt | ||
14 | noblacklist ${HOME}/.config/nano | 17 | noblacklist ${HOME}/.config/nano |
15 | noblacklist ${HOME}/.elinks | 18 | noblacklist ${HOME}/.elinks |
16 | noblacklist ${HOME}/.emacs | 19 | noblacklist ${HOME}/.emacs |
17 | noblacklist ${HOME}/.emacs.d | 20 | noblacklist ${HOME}/.emacs.d |
18 | noblacklist ${HOME}/.gnupg | 21 | noblacklist ${HOME}/.gnupg |
19 | noblacklist ${HOME}/.mail | 22 | noblacklist ${HOME}/.mail |
23 | noblacklist ${HOME}/.mailcap | ||
20 | noblacklist ${HOME}/.msmtprc | 24 | noblacklist ${HOME}/.msmtprc |
21 | noblacklist ${HOME}/.mutt | 25 | noblacklist ${HOME}/.mutt |
22 | noblacklist ${HOME}/.muttrc | 26 | noblacklist ${HOME}/.muttrc |
@@ -34,15 +38,84 @@ noblacklist ${HOME}/sent | |||
34 | blacklist /tmp/.X11-unix | 38 | blacklist /tmp/.X11-unix |
35 | blacklist ${RUNUSER}/wayland-* | 39 | blacklist ${RUNUSER}/wayland-* |
36 | 40 | ||
41 | # Uncomment or put them in mutt.local for oauth.py,S/MIME | ||
42 | |||
43 | #include allow-perl.inc | ||
44 | #include allow-python2.inc | ||
45 | #include allow-python3.inc | ||
46 | |||
37 | include disable-common.inc | 47 | include disable-common.inc |
38 | include disable-devel.inc | 48 | include disable-devel.inc |
49 | include disable-exec.inc | ||
39 | include disable-interpreters.inc | 50 | include disable-interpreters.inc |
40 | include disable-passwdmgr.inc | 51 | include disable-passwdmgr.inc |
41 | include disable-programs.inc | 52 | include disable-programs.inc |
53 | include disable-xdg.inc | ||
42 | 54 | ||
55 | mkdir ${HOME}/.Mail | ||
56 | mkdir ${HOME}/.bogofilter | ||
57 | mkdir ${HOME}/.cache/mutt | ||
58 | mkdir ${HOME}/.config/mutt | ||
59 | mkdir ${HOME}/.config/nano | ||
60 | mkdir ${HOME}/.elinks | ||
61 | mkdir ${HOME}/.emacs.d | ||
62 | mkdir ${HOME}/.gnupg | ||
63 | mkdir ${HOME}/.mail | ||
64 | mkdir ${HOME}/.mutt | ||
65 | mkdir ${HOME}/.vim | ||
66 | mkdir ${HOME}/.w3m | ||
67 | mkdir ${HOME}/Mail | ||
68 | mkdir ${HOME}/mail | ||
69 | mkdir ${HOME}/postponed | ||
70 | mkdir ${HOME}/sent | ||
71 | mkfile ${HOME}/.emacs | ||
72 | mkfile ${HOME}/.mailcap | ||
73 | mkfile ${HOME}/.msmtprc | ||
74 | mkfile ${HOME}/.muttrc | ||
75 | mkfile ${HOME}/.nanorc | ||
76 | mkfile ${HOME}/.signature | ||
77 | mkfile ${HOME}/.viminfo | ||
78 | mkfile ${HOME}/.vimrc | ||
79 | whitelist ${DOCUMENTS} | ||
80 | whitelist ${DOWNLOADS} | ||
81 | whitelist ${HOME}/.Mail | ||
82 | whitelist ${HOME}/.bogofilter | ||
83 | whitelist ${HOME}/.cache/mutt | ||
84 | whitelist ${HOME}/.config/mutt | ||
85 | whitelist ${HOME}/.config/nano | ||
86 | whitelist ${HOME}/.elinks | ||
87 | whitelist ${HOME}/.emacs | ||
88 | whitelist ${HOME}/.emacs.d | ||
89 | whitelist ${HOME}/.gnupg | ||
90 | whitelist ${HOME}/.mail | ||
91 | whitelist ${HOME}/.mailcap | ||
92 | whitelist ${HOME}/.msmtprc | ||
93 | whitelist ${HOME}/.mutt | ||
94 | whitelist ${HOME}/.muttrc | ||
95 | whitelist ${HOME}/.nanorc | ||
96 | whitelist ${HOME}/.signature | ||
97 | whitelist ${HOME}/.vim | ||
98 | whitelist ${HOME}/.viminfo | ||
99 | whitelist ${HOME}/.vimrc | ||
100 | whitelist ${HOME}/.w3m | ||
101 | whitelist ${HOME}/Mail | ||
102 | whitelist ${HOME}/mail | ||
103 | whitelist ${HOME}/postponed | ||
104 | whitelist ${HOME}/sent | ||
105 | whitelist /usr/share/gnupg | ||
106 | whitelist /usr/share/gnupg2 | ||
107 | whitelist /usr/share/mutt | ||
108 | whitelist /var/mail | ||
109 | whitelist /var/spool/mail | ||
110 | include whitelist-common.inc | ||
43 | include whitelist-runuser-common.inc | 111 | include whitelist-runuser-common.inc |
112 | include whitelist-usr-share-common.inc | ||
113 | include whitelist-var-common.inc | ||
44 | 114 | ||
115 | apparmor | ||
45 | caps.drop all | 116 | caps.drop all |
117 | ipc-namespace | ||
118 | machine-id | ||
46 | netfilter | 119 | netfilter |
47 | no3d | 120 | no3d |
48 | nodvd | 121 | nodvd |
@@ -55,8 +128,23 @@ nou2f | |||
55 | novideo | 128 | novideo |
56 | protocol unix,inet,inet6 | 129 | protocol unix,inet,inet6 |
57 | seccomp | 130 | seccomp |
131 | seccomp.block-secondary | ||
58 | shell none | 132 | shell none |
133 | tracelog | ||
59 | 134 | ||
135 | # disable-mnt | ||
136 | private-cache | ||
60 | private-dev | 137 | private-dev |
138 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gai.conf,gcrypt,gnupg,gnutls,hostname,hosts,hosts.conf,mail,mailname,Mutt,Muttrc,Muttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,terminfo,xdg | ||
139 | private-tmp | ||
61 | writable-run-user | 140 | writable-run-user |
62 | writable-var | 141 | writable-var |
142 | |||
143 | dbus-user none | ||
144 | dbus-system none | ||
145 | |||
146 | memory-deny-write-execute | ||
147 | read-only ${HOME}/.elinks | ||
148 | read-only ${HOME}/.nanorc | ||
149 | read-only ${HOME}/.signature | ||
150 | read-only ${HOME}/.w3m | ||
diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile new file mode 100644 index 000000000..26865b90a --- /dev/null +++ b/etc/profile-m-z/neomutt.profile | |||
@@ -0,0 +1,152 @@ | |||
1 | # Firejail profile for neomutt | ||
2 | # Description: Mutt fork with advanced features and better documentation | ||
3 | # This file is overwritten after every install/update | ||
4 | quiet | ||
5 | # Persistent local customizations | ||
6 | include neomutt.local | ||
7 | # Persistent global definitions | ||
8 | include globals.local | ||
9 | |||
10 | noblacklist ${DOCUMENTS} | ||
11 | noblacklist ${HOME}/.Mail | ||
12 | noblacklist ${HOME}/.bogofilter | ||
13 | noblacklist ${HOME}/.config/mutt | ||
14 | noblacklist ${HOME}/.config/nano | ||
15 | noblacklist ${HOME}/.config/neomutt | ||
16 | noblacklist ${HOME}/.elinks | ||
17 | noblacklist ${HOME}/.emacs | ||
18 | noblacklist ${HOME}/.emacs.d | ||
19 | noblacklist ${HOME}/.gnupg | ||
20 | noblacklist ${HOME}/.mail | ||
21 | noblacklist ${HOME}/.mailcap | ||
22 | noblacklist ${HOME}/.msmtprc | ||
23 | noblacklist ${HOME}/.mutt | ||
24 | noblacklist ${HOME}/.muttrc | ||
25 | noblacklist ${HOME}/.nanorc | ||
26 | noblacklist ${HOME}/.neomutt | ||
27 | noblacklist ${HOME}/.neomuttrc | ||
28 | noblacklist ${HOME}/.signature | ||
29 | noblacklist ${HOME}/.vim | ||
30 | noblacklist ${HOME}/.viminfo | ||
31 | noblacklist ${HOME}/.vimrc | ||
32 | noblacklist ${HOME}/.w3m | ||
33 | noblacklist ${HOME}/Mail | ||
34 | noblacklist ${HOME}/mail | ||
35 | noblacklist ${HOME}/postponed | ||
36 | noblacklist ${HOME}/sent | ||
37 | noblacklist /var/mail | ||
38 | noblacklist /var/spool/mail | ||
39 | |||
40 | blacklist /tmp/.X11-unix | ||
41 | blacklist ${RUNUSER}/wayland-* | ||
42 | |||
43 | include allow-lua.inc | ||
44 | |||
45 | include disable-common.inc | ||
46 | include disable-devel.inc | ||
47 | include disable-exec.inc | ||
48 | include disable-interpreters.inc | ||
49 | include disable-passwdmgr.inc | ||
50 | include disable-programs.inc | ||
51 | include disable-xdg.inc | ||
52 | |||
53 | mkdir ${HOME}/.Mail | ||
54 | mkdir ${HOME}/.bogofilter | ||
55 | mkdir ${HOME}/.config/mutt | ||
56 | mkdir ${HOME}/.config/nano | ||
57 | mkdir ${HOME}/.config/neomutt | ||
58 | mkdir ${HOME}/.elinks | ||
59 | mkdir ${HOME}/.emacs.d | ||
60 | mkdir ${HOME}/.gnupg | ||
61 | mkdir ${HOME}/.mail | ||
62 | mkdir ${HOME}/.mutt | ||
63 | mkdir ${HOME}/.neomutt | ||
64 | mkdir ${HOME}/.vim | ||
65 | mkdir ${HOME}/.w3m | ||
66 | mkdir ${HOME}/Mail | ||
67 | mkdir ${HOME}/mail | ||
68 | mkdir ${HOME}/postponed | ||
69 | mkdir ${HOME}/sent | ||
70 | mkfile ${HOME}/.emacs | ||
71 | mkfile ${HOME}/.mailcap | ||
72 | mkfile ${HOME}/.msmtprc | ||
73 | mkfile ${HOME}/.muttrc | ||
74 | mkfile ${HOME}/.nanorc | ||
75 | mkfile ${HOME}/.neomuttrc | ||
76 | mkfile ${HOME}/.signature | ||
77 | mkfile ${HOME}/.viminfo | ||
78 | mkfile ${HOME}/.vimrc | ||
79 | whitelist ${DOCUMENTS} | ||
80 | whitelist ${DOWNLOADS} | ||
81 | whitelist ${HOME}/.Mail | ||
82 | whitelist ${HOME}/.bogofilter | ||
83 | whitelist ${HOME}/.config/mutt | ||
84 | whitelist ${HOME}/.config/nano | ||
85 | whitelist ${HOME}/.config/neomutt | ||
86 | whitelist ${HOME}/.elinks | ||
87 | whitelist ${HOME}/.emacs | ||
88 | whitelist ${HOME}/.emacs.d | ||
89 | whitelist ${HOME}/.gnupg | ||
90 | whitelist ${HOME}/.mail | ||
91 | whitelist ${HOME}/.mailcap | ||
92 | whitelist ${HOME}/.msmtprc | ||
93 | whitelist ${HOME}/.mutt | ||
94 | whitelist ${HOME}/.muttrc | ||
95 | whitelist ${HOME}/.nanorc | ||
96 | whitelist ${HOME}/.neomutt | ||
97 | whitelist ${HOME}/.neomuttrc | ||
98 | whitelist ${HOME}/.signature | ||
99 | whitelist ${HOME}/.vim | ||
100 | whitelist ${HOME}/.viminfo | ||
101 | whitelist ${HOME}/.vimrc | ||
102 | whitelist ${HOME}/.w3m | ||
103 | whitelist ${HOME}/Mail | ||
104 | whitelist ${HOME}/mail | ||
105 | whitelist ${HOME}/postponed | ||
106 | whitelist ${HOME}/sent | ||
107 | whitelist /usr/share/gnupg | ||
108 | whitelist /usr/share/gnupg2 | ||
109 | whitelist /usr/share/neomutt | ||
110 | whitelist /var/mail | ||
111 | whitelist /var/spool/mail | ||
112 | include whitelist-common.inc | ||
113 | include whitelist-runuser-common.inc | ||
114 | include whitelist-usr-share-common.inc | ||
115 | include whitelist-var-common.inc | ||
116 | |||
117 | apparmor | ||
118 | caps.drop all | ||
119 | ipc-namespace | ||
120 | machine-id | ||
121 | netfilter | ||
122 | no3d | ||
123 | nodvd | ||
124 | nogroups | ||
125 | nonewprivs | ||
126 | noroot | ||
127 | nosound | ||
128 | notv | ||
129 | nou2f | ||
130 | novideo | ||
131 | protocol unix,inet,inet6 | ||
132 | seccomp | ||
133 | seccomp.block-secondary | ||
134 | shell none | ||
135 | tracelog | ||
136 | |||
137 | # disable-mnt | ||
138 | private-cache | ||
139 | private-dev | ||
140 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gnupg,hostname,hosts,hosts.conf,mail,mailname,Mutt,Muttrc,Muttrc.d,neomuttrc,neomuttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,xdg | ||
141 | private-tmp | ||
142 | writable-run-user | ||
143 | writable-var | ||
144 | |||
145 | dbus-user none | ||
146 | dbus-system none | ||
147 | |||
148 | memory-deny-write-execute | ||
149 | read-only ${HOME}/.elinks | ||
150 | read-only ${HOME}/.nanorc | ||
151 | read-only ${HOME}/.signature | ||
152 | read-only ${HOME}/.w3m | ||
diff --git a/etc/profile-m-z/sylpheed.profile b/etc/profile-m-z/sylpheed.profile index 4344fe73a..50506d100 100644 --- a/etc/profile-m-z/sylpheed.profile +++ b/etc/profile-m-z/sylpheed.profile | |||
@@ -13,5 +13,14 @@ whitelist ${HOME}/.sylpheed-2.0 | |||
13 | 13 | ||
14 | whitelist /usr/share/sylpheed | 14 | whitelist /usr/share/sylpheed |
15 | 15 | ||
16 | # private-bin curl,gpg,gpg2,gpg-agent,gpgsm,pinentry,pinentry-gtk-2,sylpheed | ||
17 | |||
18 | dbus-user filter | ||
19 | dbus-user.talk ca.desrt.dconf | ||
20 | dbus-user.talk org.freedesktop.secrets | ||
21 | dbus-user.talk org.gnome.keyring.SystemPrompter | ||
22 | # Uncomment below for notifications (or put them in your sylpheed.local) | ||
23 | # dbus-user.talk org.freedesktop.Notifications | ||
24 | |||
16 | # Redirect | 25 | # Redirect |
17 | include email-common.profile | 26 | include email-common.profile |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 55e76ad04..ad0fdd06a 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -537,6 +537,7 @@ mypaint | |||
537 | mypaint-ora-thumbnailer | 537 | mypaint-ora-thumbnailer |
538 | natron | 538 | natron |
539 | ncdu | 539 | ncdu |
540 | neomutt | ||
540 | netactview | 541 | netactview |
541 | nethack | 542 | nethack |
542 | netsurf | 543 | netsurf |