diff options
-rw-r--r-- | etc/profile-a-l/evolution.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/kmail.profile | 77 |
2 files changed, 76 insertions, 3 deletions
diff --git a/etc/profile-a-l/evolution.profile b/etc/profile-a-l/evolution.profile index 2967218c7..4f0ebf630 100644 --- a/etc/profile-a-l/evolution.profile +++ b/etc/profile-a-l/evolution.profile | |||
@@ -39,6 +39,7 @@ whitelist ${HOME}/.cache/evolution | |||
39 | whitelist ${HOME}/.config/evolution | 39 | whitelist ${HOME}/.config/evolution |
40 | whitelist ${HOME}/.local/share/evolution | 40 | whitelist ${HOME}/.local/share/evolution |
41 | whitelist ${HOME}/.local/share/pki | 41 | whitelist ${HOME}/.local/share/pki |
42 | whitelist ${DOCUMENTS} | ||
42 | whitelist ${DOWNLOADS} | 43 | whitelist ${DOWNLOADS} |
43 | whitelist ${RUNUSER}/gnupg | 44 | whitelist ${RUNUSER}/gnupg |
44 | whitelist /usr/share/evolution | 45 | whitelist /usr/share/evolution |
@@ -70,6 +71,7 @@ shell none | |||
70 | tracelog | 71 | tracelog |
71 | 72 | ||
72 | # disable-mnt | 73 | # disable-mnt |
74 | # Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg | ||
73 | # private-bin evolution | 75 | # private-bin evolution |
74 | private-cache | 76 | private-cache |
75 | private-dev | 77 | private-dev |
diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile index ab4ff10b9..635f698a8 100644 --- a/etc/profile-a-l/kmail.profile +++ b/etc/profile-a-l/kmail.profile | |||
@@ -9,6 +9,9 @@ include globals.local | |||
9 | # kmail has problems launching akonadi in debian and ubuntu. | 9 | # kmail has problems launching akonadi in debian and ubuntu. |
10 | # one solution is to have akonadi already running when kmail is started | 10 | # one solution is to have akonadi already running when kmail is started |
11 | 11 | ||
12 | noblacklist ${HOME}/.gnupg | ||
13 | # noblacklist ${HOME}/.kde/ | ||
14 | # noblacklist ${HOME}/.kde4/ | ||
12 | noblacklist ${HOME}/.cache/akonadi* | 15 | noblacklist ${HOME}/.cache/akonadi* |
13 | noblacklist ${HOME}/.cache/kmail2 | 16 | noblacklist ${HOME}/.cache/kmail2 |
14 | noblacklist ${HOME}/.config/akonadi* | 17 | noblacklist ${HOME}/.config/akonadi* |
@@ -19,7 +22,6 @@ noblacklist ${HOME}/.config/kmail2rc | |||
19 | noblacklist ${HOME}/.config/kmailsearchindexingrc | 22 | noblacklist ${HOME}/.config/kmailsearchindexingrc |
20 | noblacklist ${HOME}/.config/mailtransports | 23 | noblacklist ${HOME}/.config/mailtransports |
21 | noblacklist ${HOME}/.config/specialmailcollectionsrc | 24 | noblacklist ${HOME}/.config/specialmailcollectionsrc |
22 | noblacklist ${HOME}/.gnupg | ||
23 | noblacklist ${HOME}/.local/share/akonadi* | 25 | noblacklist ${HOME}/.local/share/akonadi* |
24 | noblacklist ${HOME}/.local/share/apps/korganizer | 26 | noblacklist ${HOME}/.local/share/apps/korganizer |
25 | noblacklist ${HOME}/.local/share/contacts | 27 | noblacklist ${HOME}/.local/share/contacts |
@@ -30,6 +32,8 @@ noblacklist ${HOME}/.local/share/kxmlgui5/kmail2 | |||
30 | noblacklist ${HOME}/.local/share/local-mail | 32 | noblacklist ${HOME}/.local/share/local-mail |
31 | noblacklist ${HOME}/.local/share/notes | 33 | noblacklist ${HOME}/.local/share/notes |
32 | noblacklist /tmp/akonadi-* | 34 | noblacklist /tmp/akonadi-* |
35 | noblacklist /var/mail | ||
36 | noblacklist /var/spool/mail | ||
33 | 37 | ||
34 | include disable-common.inc | 38 | include disable-common.inc |
35 | include disable-devel.inc | 39 | include disable-devel.inc |
@@ -37,10 +41,72 @@ include disable-exec.inc | |||
37 | include disable-interpreters.inc | 41 | include disable-interpreters.inc |
38 | include disable-passwdmgr.inc | 42 | include disable-passwdmgr.inc |
39 | include disable-programs.inc | 43 | include disable-programs.inc |
44 | include disable-xdg.inc | ||
40 | 45 | ||
46 | mkdir ${HOME}/.gnupg | ||
47 | # mkdir ${HOME}/.kde/ | ||
48 | # mkdir ${HOME}/.kde4/ | ||
49 | mkdir ${HOME}/.cache/akonadi* | ||
50 | mkdir ${HOME}/.cache/kmail2 | ||
51 | mkdir ${HOME}/.config/akonadi* | ||
52 | mkdir ${HOME}/.config/baloorc | ||
53 | mkdir ${HOME}/.config/emaildefaults | ||
54 | mkdir ${HOME}/.config/emailidentities | ||
55 | mkdir ${HOME}/.config/kmail2rc | ||
56 | mkdir ${HOME}/.config/kmailsearchindexingrc | ||
57 | mkdir ${HOME}/.config/mailtransports | ||
58 | mkdir ${HOME}/.config/specialmailcollectionsrc | ||
59 | mkdir ${HOME}/.local/share/akonadi* | ||
60 | mkdir ${HOME}/.local/share/apps/korganizer | ||
61 | mkdir ${HOME}/.local/share/contacts | ||
62 | mkdir ${HOME}/.local/share/emailidentities | ||
63 | mkdir ${HOME}/.local/share/kmail2 | ||
64 | mkdir ${HOME}/.local/share/kxmlgui5/kmail | ||
65 | mkdir ${HOME}/.local/share/kxmlgui5/kmail2 | ||
66 | mkdir ${HOME}/.local/share/local-mail | ||
67 | mkdir ${HOME}/.local/share/notes | ||
68 | mkdir /tmp/akonadi-* | ||
69 | whitelist ${HOME}/.gnupg | ||
70 | # whitelist ${HOME}/.kde/ | ||
71 | # whitelist ${HOME}/.kde4/ | ||
72 | whitelist ${HOME}/.cache/akonadi* | ||
73 | whitelist ${HOME}/.cache/kmail2 | ||
74 | whitelist ${HOME}/.config/akonadi* | ||
75 | whitelist ${HOME}/.config/baloorc | ||
76 | whitelist ${HOME}/.config/emaildefaults | ||
77 | whitelist ${HOME}/.config/emailidentities | ||
78 | whitelist ${HOME}/.config/kmail2rc | ||
79 | whitelist ${HOME}/.config/kmailsearchindexingrc | ||
80 | whitelist ${HOME}/.config/mailtransports | ||
81 | whitelist ${HOME}/.config/specialmailcollectionsrc | ||
82 | whitelist ${HOME}/.local/share/akonadi* | ||
83 | whitelist ${HOME}/.local/share/apps/korganizer | ||
84 | whitelist ${HOME}/.local/share/contacts | ||
85 | whitelist ${HOME}/.local/share/emailidentities | ||
86 | whitelist ${HOME}/.local/share/kmail2 | ||
87 | whitelist ${HOME}/.local/share/kxmlgui5/kmail | ||
88 | whitelist ${HOME}/.local/share/kxmlgui5/kmail2 | ||
89 | whitelist ${HOME}/.local/share/local-mail | ||
90 | whitelist ${HOME}/.local/share/notes | ||
91 | whitelist ${DOWNLOADS} | ||
92 | whitelist ${DOCUMENTS} | ||
93 | whitelist ${RUNUSER}/gnupg | ||
94 | whitelist /tmp/akonadi-* | ||
95 | whitelist /usr/share/akonadi | ||
96 | whitelist /usr/share/gnupg | ||
97 | whitelist /usr/share/gnupg2 | ||
98 | whitelist /usr/share/kconf_update | ||
99 | whitelist /usr/share/kf5 | ||
100 | whitelist /usr/share/kservices5 | ||
101 | whitelist /usr/share/qlogging-categories5 | ||
102 | whitelist /var/mail | ||
103 | whitelist /var/spool/mail | ||
104 | include whitelist-common.inc | ||
105 | include whitelist-runnuser-common.inc | ||
106 | include whitelist-usr-share-common.inc | ||
41 | include whitelist-var-common.inc | 107 | include whitelist-var-common.inc |
42 | 108 | ||
43 | # apparmor | 109 | apparmor |
44 | caps.drop all | 110 | caps.drop all |
45 | netfilter | 111 | netfilter |
46 | nodvd | 112 | nodvd |
@@ -56,7 +122,12 @@ protocol unix,inet,inet6,netlink | |||
56 | seccomp !chroot,!io_getevents,!io_setup,!io_submit,!ioprio_set | 122 | seccomp !chroot,!io_getevents,!io_setup,!io_submit,!ioprio_set |
57 | # tracelog | 123 | # tracelog |
58 | 124 | ||
125 | private-cache | ||
59 | private-dev | 126 | private-dev |
127 | private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gcrypt,gtk-2.0,gtk-3.0,groups,hostname,hosts,ld.so.preload,ld.so.cache,mailname,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssl,xdg | ||
60 | # private-tmp - interrupts connection to akonadi, breaks opening of email attachments | 128 | # private-tmp - interrupts connection to akonadi, breaks opening of email attachments |
61 | # writable-run-user is needed for signing and encrypting emails | ||
62 | writable-run-user | 129 | writable-run-user |
130 | writable-var | ||
131 | |||
132 | # dbus-user none | ||
133 | dbus-system none | ||