2 files changed, 8 insertions, 133 deletions
diff --git a/etc/profile-a-l/evolution.profile b/etc/profile-a-l/evolution.profile
index 1355c4337..422200ffe 100644
--- a/etc/profile-a-l/evolution.profile
+++ b/etc/profile-a-l/evolution.profile
@@ -6,16 +6,15 @@ include evolution.local
 # Persistent global definitions
 include globals.local
+noblacklist /var/mail
+noblacklist /var/spool/mail
 noblacklist ${HOME}/.bogofilter
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.mozilla
-noblacklist ${HOME}/.pki
 noblacklist ${HOME}/.cache/evolution
 noblacklist ${HOME}/.config/evolution
+noblacklist ${HOME}/.gnupg
 noblacklist ${HOME}/.local/share/evolution
+noblacklist ${HOME}/.pki
 noblacklist ${HOME}/.local/share/pki
-noblacklist /var/mail
-noblacklist /var/spool/mail
 include disable-common.inc
 include disable-devel.inc
@@ -23,42 +22,13 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-include disable-shell.inc
-include disable-xdg.inc
-mkdir ${HOME}/.bogofilter
-mkdir ${HOME}/.gnupg
-mkdir ${HOME}/.pki
-mkdir ${HOME}/.cache/evolution
-mkdir ${HOME}/.config/evolution
-mkdir ${HOME}/.local/share/evolution
-mkdir ${HOME}/.local/share/pki
-whitelist ${HOME}/.bogofilter
-whitelist ${HOME}/.gnupg
-whitelist ${HOME}/.mozilla/firefox/profiles.ini
-whitelist ${HOME}/.pki
-whitelist ${HOME}/.cache/evolution
-whitelist ${HOME}/.config/evolution
-whitelist ${HOME}/.local/share/evolution
-whitelist ${HOME}/.local/share/pki
-whitelist ${DOCUMENTS}
-whitelist ${DOWNLOADS}
-whitelist ${RUNUSER}/gnupg
-whitelist /usr/share/evolution
-whitelist /usr/share/gnupg
-whitelist /usr/share/gnupg2
-whitelist /var/mail
-whitelist /var/spool/mail
-include whitelist-common.inc
 include whitelist-runuser-common.inc
-include whitelist-usr-share-common.inc
-include whitelist-var-common.inc
-apparmor
 caps.drop all
 netfilter
 # no3d breaks under wayland
-# no3d
+#no3d
 nodvd
 nogroups
 nonewprivs
@@ -70,27 +40,7 @@ novideo
 protocol unix,inet,inet6
 seccomp
 shell none
-tracelog
-# disable-mnt
-# Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg
-# To use private-bin add all evolution,gpg,pinentry binaries and follow firefox.profile for hyperlink support
-# private-bin evolution
-private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,groups,gtk-2.0,gtk-3.0,hostname,hosts,mailname,passwd,pki,resolv.conf,selinux,ssl,xdg
 private-tmp
-writable-run-user
 writable-var
-dbus-user filter
-dbus-user.own org.gnome.Evolution
-dbus-user.talk ca.desrt.dconf
-# Uncomment to have keyring access
-# dbus-user.talk org.freedesktop.secrets
-dbus-user.talk org.gnome.keyring.SystemPrompter
-dbus-user.talk org.gnome.OnlineAccounts
-dbus-user.talk org.freedesktop.Notifications
-dbus-system none
-read-only ${HOME}/.mozilla/firefox/profiles.ini
diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile
index 8d99da3cf..ab4ff10b9 100644
--- a/etc/profile-a-l/kmail.profile
+++ b/etc/profile-a-l/kmail.profile
@@ -9,10 +9,6 @@ include globals.local
 # kmail has problems launching akonadi in debian and ubuntu.
 # one solution is to have akonadi already running when kmail is started
-noblacklist ${HOME}/.gnupg
-# noblacklist ${HOME}/.kde/
-# noblacklist ${HOME}/.kde4/
-noblacklist ${HOME}/.mozilla
 noblacklist ${HOME}/.cache/akonadi*
 noblacklist ${HOME}/.cache/kmail2
 noblacklist ${HOME}/.config/akonadi*
@@ -23,6 +19,7 @@ noblacklist ${HOME}/.config/kmail2rc
 noblacklist ${HOME}/.config/kmailsearchindexingrc
 noblacklist ${HOME}/.config/mailtransports
 noblacklist ${HOME}/.config/specialmailcollectionsrc
+noblacklist ${HOME}/.gnupg
 noblacklist ${HOME}/.local/share/akonadi*
 noblacklist ${HOME}/.local/share/apps/korganizer
 noblacklist ${HOME}/.local/share/contacts
@@ -33,8 +30,6 @@ noblacklist ${HOME}/.local/share/kxmlgui5/kmail2
 noblacklist ${HOME}/.local/share/local-mail
 noblacklist ${HOME}/.local/share/notes
 noblacklist /tmp/akonadi-*
-noblacklist /var/mail
-noblacklist /var/spool/mail
 include disable-common.inc
 include disable-devel.inc
@@ -42,73 +37,10 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-include disable-xdg.inc
-mkdir ${HOME}/.gnupg
-# mkdir ${HOME}/.kde/
-# mkdir ${HOME}/.kde4/
-mkdir ${HOME}/.cache/akonadi*
-mkdir ${HOME}/.cache/kmail2
-mkdir ${HOME}/.config/akonadi*
-mkdir ${HOME}/.config/baloorc
-mkdir ${HOME}/.config/emaildefaults
-mkdir ${HOME}/.config/emailidentities
-mkdir ${HOME}/.config/kmail2rc
-mkdir ${HOME}/.config/kmailsearchindexingrc
-mkdir ${HOME}/.config/mailtransports
-mkdir ${HOME}/.config/specialmailcollectionsrc
-mkdir ${HOME}/.local/share/akonadi*
-mkdir ${HOME}/.local/share/apps/korganizer
-mkdir ${HOME}/.local/share/contacts
-mkdir ${HOME}/.local/share/emailidentities
-mkdir ${HOME}/.local/share/kmail2
-mkdir ${HOME}/.local/share/kxmlgui5/kmail
-mkdir ${HOME}/.local/share/kxmlgui5/kmail2
-mkdir ${HOME}/.local/share/local-mail
-mkdir ${HOME}/.local/share/notes
-mkdir /tmp/akonadi-*
-whitelist ${HOME}/.gnupg
-# whitelist ${HOME}/.kde/
-# whitelist ${HOME}/.kde4/
-whitelist ${HOME}/.mozilla/firefox/profiles.ini
-whitelist ${HOME}/.cache/akonadi*
-whitelist ${HOME}/.cache/kmail2
-whitelist ${HOME}/.config/akonadi*
-whitelist ${HOME}/.config/baloorc
-whitelist ${HOME}/.config/emaildefaults
-whitelist ${HOME}/.config/emailidentities
-whitelist ${HOME}/.config/kmail2rc
-whitelist ${HOME}/.config/kmailsearchindexingrc
-whitelist ${HOME}/.config/mailtransports
-whitelist ${HOME}/.config/specialmailcollectionsrc
-whitelist ${HOME}/.local/share/akonadi*
-whitelist ${HOME}/.local/share/apps/korganizer
-whitelist ${HOME}/.local/share/contacts
-whitelist ${HOME}/.local/share/emailidentities
-whitelist ${HOME}/.local/share/kmail2
-whitelist ${HOME}/.local/share/kxmlgui5/kmail
-whitelist ${HOME}/.local/share/kxmlgui5/kmail2
-whitelist ${HOME}/.local/share/local-mail
-whitelist ${HOME}/.local/share/notes
-whitelist ${DOWNLOADS}
-whitelist ${DOCUMENTS}
-whitelist ${RUNUSER}/gnupg
-whitelist /tmp/akonadi-*
-whitelist /usr/share/akonadi
-whitelist /usr/share/gnupg
-whitelist /usr/share/gnupg2
-whitelist /usr/share/kconf_update
-whitelist /usr/share/kf5
-whitelist /usr/share/kservices5
-whitelist /usr/share/qlogging-categories5
-whitelist /var/mail
-whitelist /var/spool/mail
-include whitelist-common.inc
-include whitelist-runuser-common.inc
-include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
-apparmor
+# apparmor
 caps.drop all
 netfilter
 nodvd
@@ -124,14 +56,7 @@ protocol unix,inet,inet6,netlink
 seccomp !chroot,!io_getevents,!io_setup,!io_submit,!ioprio_set
 # tracelog
-private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gcrypt,groups,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,mailname,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssl,xdg
 # private-tmp - interrupts connection to akonadi, breaks opening of email attachments
+# writable-run-user is needed for signing and encrypting emails
 writable-run-user
-writable-var
-# dbus-user none
-dbus-system none
-read-only ${HOME}/.mozilla/firefox/profiles.ini
-\ No newline at end of file

diff --git a/etc/profile-a-l/evolution.profile b/etc/profile-a-l/evolution.profile index 1355c4337..422200ffe 100644 --- a/etc/profile-a-l/evolution.profile +++ b/etc/profile-a-l/evolution.profile
@@ -6,16 +6,15 @@ include evolution.local
6	# Persistent global definitions	6	# Persistent global definitions
7	include globals.local	7	include globals.local
8		8
		9	noblacklist /var/mail
		10	noblacklist /var/spool/mail
9	noblacklist ${HOME}/.bogofilter	11	noblacklist ${HOME}/.bogofilter
10	noblacklist ${HOME}/.gnupg
11	noblacklist ${HOME}/.mozilla
12	noblacklist ${HOME}/.pki
13	noblacklist ${HOME}/.cache/evolution	12	noblacklist ${HOME}/.cache/evolution
14	noblacklist ${HOME}/.config/evolution	13	noblacklist ${HOME}/.config/evolution
		14	noblacklist ${HOME}/.gnupg
15	noblacklist ${HOME}/.local/share/evolution	15	noblacklist ${HOME}/.local/share/evolution
		16	noblacklist ${HOME}/.pki
16	noblacklist ${HOME}/.local/share/pki	17	noblacklist ${HOME}/.local/share/pki
17	noblacklist /var/mail
18	noblacklist /var/spool/mail
19		18
20	include disable-common.inc	19	include disable-common.inc
21	include disable-devel.inc	20	include disable-devel.inc
@@ -23,42 +22,13 @@ include disable-exec.inc
23	include disable-interpreters.inc	22	include disable-interpreters.inc
24	include disable-passwdmgr.inc	23	include disable-passwdmgr.inc
25	include disable-programs.inc	24	include disable-programs.inc
26	include disable-shell.inc
27	include disable-xdg.inc
28		25
29	mkdir ${HOME}/.bogofilter
30	mkdir ${HOME}/.gnupg
31	mkdir ${HOME}/.pki
32	mkdir ${HOME}/.cache/evolution
33	mkdir ${HOME}/.config/evolution
34	mkdir ${HOME}/.local/share/evolution
35	mkdir ${HOME}/.local/share/pki
36	whitelist ${HOME}/.bogofilter
37	whitelist ${HOME}/.gnupg
38	whitelist ${HOME}/.mozilla/firefox/profiles.ini
39	whitelist ${HOME}/.pki
40	whitelist ${HOME}/.cache/evolution
41	whitelist ${HOME}/.config/evolution
42	whitelist ${HOME}/.local/share/evolution
43	whitelist ${HOME}/.local/share/pki
44	whitelist ${DOCUMENTS}
45	whitelist ${DOWNLOADS}
46	whitelist ${RUNUSER}/gnupg
47	whitelist /usr/share/evolution
48	whitelist /usr/share/gnupg
49	whitelist /usr/share/gnupg2
50	whitelist /var/mail
51	whitelist /var/spool/mail
52	include whitelist-common.inc
53	include whitelist-runuser-common.inc	26	include whitelist-runuser-common.inc
54	include whitelist-usr-share-common.inc
55	include whitelist-var-common.inc
56		27
57	apparmor
58	caps.drop all	28	caps.drop all
59	netfilter	29	netfilter
60	# no3d breaks under wayland	30	# no3d breaks under wayland
61	# no3d	31	#no3d
62	nodvd	32	nodvd
63	nogroups	33	nogroups
64	nonewprivs	34	nonewprivs
@@ -70,27 +40,7 @@ novideo
70	protocol unix,inet,inet6	40	protocol unix,inet,inet6
71	seccomp	41	seccomp
72	shell none	42	shell none
73	tracelog
74		43
75	# disable-mnt
76	# Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg
77	# To use private-bin add all evolution,gpg,pinentry binaries and follow firefox.profile for hyperlink support
78	# private-bin evolution
79	private-cache
80	private-dev	44	private-dev
81	private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,groups,gtk-2.0,gtk-3.0,hostname,hosts,mailname,passwd,pki,resolv.conf,selinux,ssl,xdg
82	private-tmp	45	private-tmp
83	writable-run-user
84	writable-var	46	writable-var
85
86	dbus-user filter
87	dbus-user.own org.gnome.Evolution
88	dbus-user.talk ca.desrt.dconf
89	# Uncomment to have keyring access
90	# dbus-user.talk org.freedesktop.secrets
91	dbus-user.talk org.gnome.keyring.SystemPrompter
92	dbus-user.talk org.gnome.OnlineAccounts
93	dbus-user.talk org.freedesktop.Notifications
94	dbus-system none
95
96	read-only ${HOME}/.mozilla/firefox/profiles.ini


diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile index 8d99da3cf..ab4ff10b9 100644 --- a/etc/profile-a-l/kmail.profile +++ b/etc/profile-a-l/kmail.profile
@@ -9,10 +9,6 @@ include globals.local
9	# kmail has problems launching akonadi in debian and ubuntu.	9	# kmail has problems launching akonadi in debian and ubuntu.
10	# one solution is to have akonadi already running when kmail is started	10	# one solution is to have akonadi already running when kmail is started
11		11
12	noblacklist ${HOME}/.gnupg
13	# noblacklist ${HOME}/.kde/
14	# noblacklist ${HOME}/.kde4/
15	noblacklist ${HOME}/.mozilla
16	noblacklist ${HOME}/.cache/akonadi*	12	noblacklist ${HOME}/.cache/akonadi*
17	noblacklist ${HOME}/.cache/kmail2	13	noblacklist ${HOME}/.cache/kmail2
18	noblacklist ${HOME}/.config/akonadi*	14	noblacklist ${HOME}/.config/akonadi*
@@ -23,6 +19,7 @@ noblacklist ${HOME}/.config/kmail2rc
23	noblacklist ${HOME}/.config/kmailsearchindexingrc	19	noblacklist ${HOME}/.config/kmailsearchindexingrc
24	noblacklist ${HOME}/.config/mailtransports	20	noblacklist ${HOME}/.config/mailtransports
25	noblacklist ${HOME}/.config/specialmailcollectionsrc	21	noblacklist ${HOME}/.config/specialmailcollectionsrc
		22	noblacklist ${HOME}/.gnupg
26	noblacklist ${HOME}/.local/share/akonadi*	23	noblacklist ${HOME}/.local/share/akonadi*
27	noblacklist ${HOME}/.local/share/apps/korganizer	24	noblacklist ${HOME}/.local/share/apps/korganizer
28	noblacklist ${HOME}/.local/share/contacts	25	noblacklist ${HOME}/.local/share/contacts
@@ -33,8 +30,6 @@ noblacklist ${HOME}/.local/share/kxmlgui5/kmail2
33	noblacklist ${HOME}/.local/share/local-mail	30	noblacklist ${HOME}/.local/share/local-mail
34	noblacklist ${HOME}/.local/share/notes	31	noblacklist ${HOME}/.local/share/notes
35	noblacklist /tmp/akonadi-*	32	noblacklist /tmp/akonadi-*
36	noblacklist /var/mail
37	noblacklist /var/spool/mail
38		33
39	include disable-common.inc	34	include disable-common.inc
40	include disable-devel.inc	35	include disable-devel.inc
@@ -42,73 +37,10 @@ include disable-exec.inc
42	include disable-interpreters.inc	37	include disable-interpreters.inc
43	include disable-passwdmgr.inc	38	include disable-passwdmgr.inc
44	include disable-programs.inc	39	include disable-programs.inc
45	include disable-xdg.inc
46		40
47	mkdir ${HOME}/.gnupg
48	# mkdir ${HOME}/.kde/
49	# mkdir ${HOME}/.kde4/
50	mkdir ${HOME}/.cache/akonadi*
51	mkdir ${HOME}/.cache/kmail2
52	mkdir ${HOME}/.config/akonadi*
53	mkdir ${HOME}/.config/baloorc
54	mkdir ${HOME}/.config/emaildefaults
55	mkdir ${HOME}/.config/emailidentities
56	mkdir ${HOME}/.config/kmail2rc
57	mkdir ${HOME}/.config/kmailsearchindexingrc
58	mkdir ${HOME}/.config/mailtransports
59	mkdir ${HOME}/.config/specialmailcollectionsrc
60	mkdir ${HOME}/.local/share/akonadi*
61	mkdir ${HOME}/.local/share/apps/korganizer
62	mkdir ${HOME}/.local/share/contacts
63	mkdir ${HOME}/.local/share/emailidentities
64	mkdir ${HOME}/.local/share/kmail2
65	mkdir ${HOME}/.local/share/kxmlgui5/kmail
66	mkdir ${HOME}/.local/share/kxmlgui5/kmail2
67	mkdir ${HOME}/.local/share/local-mail
68	mkdir ${HOME}/.local/share/notes
69	mkdir /tmp/akonadi-*
70	whitelist ${HOME}/.gnupg
71	# whitelist ${HOME}/.kde/
72	# whitelist ${HOME}/.kde4/
73	whitelist ${HOME}/.mozilla/firefox/profiles.ini
74	whitelist ${HOME}/.cache/akonadi*
75	whitelist ${HOME}/.cache/kmail2
76	whitelist ${HOME}/.config/akonadi*
77	whitelist ${HOME}/.config/baloorc
78	whitelist ${HOME}/.config/emaildefaults
79	whitelist ${HOME}/.config/emailidentities
80	whitelist ${HOME}/.config/kmail2rc
81	whitelist ${HOME}/.config/kmailsearchindexingrc
82	whitelist ${HOME}/.config/mailtransports
83	whitelist ${HOME}/.config/specialmailcollectionsrc
84	whitelist ${HOME}/.local/share/akonadi*
85	whitelist ${HOME}/.local/share/apps/korganizer
86	whitelist ${HOME}/.local/share/contacts
87	whitelist ${HOME}/.local/share/emailidentities
88	whitelist ${HOME}/.local/share/kmail2
89	whitelist ${HOME}/.local/share/kxmlgui5/kmail
90	whitelist ${HOME}/.local/share/kxmlgui5/kmail2
91	whitelist ${HOME}/.local/share/local-mail
92	whitelist ${HOME}/.local/share/notes
93	whitelist ${DOWNLOADS}
94	whitelist ${DOCUMENTS}
95	whitelist ${RUNUSER}/gnupg
96	whitelist /tmp/akonadi-*
97	whitelist /usr/share/akonadi
98	whitelist /usr/share/gnupg
99	whitelist /usr/share/gnupg2
100	whitelist /usr/share/kconf_update
101	whitelist /usr/share/kf5
102	whitelist /usr/share/kservices5
103	whitelist /usr/share/qlogging-categories5
104	whitelist /var/mail
105	whitelist /var/spool/mail
106	include whitelist-common.inc
107	include whitelist-runuser-common.inc
108	include whitelist-usr-share-common.inc
109	include whitelist-var-common.inc	41	include whitelist-var-common.inc
110		42
111	apparmor	43	# apparmor
112	caps.drop all	44	caps.drop all
113	netfilter	45	netfilter
114	nodvd	46	nodvd
@@ -124,14 +56,7 @@ protocol unix,inet,inet6,netlink
124	seccomp !chroot,!io_getevents,!io_setup,!io_submit,!ioprio_set	56	seccomp !chroot,!io_getevents,!io_setup,!io_submit,!ioprio_set
125	# tracelog	57	# tracelog
126		58
127	private-cache
128	private-dev	59	private-dev
129	private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gcrypt,groups,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,mailname,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssl,xdg
130	# private-tmp - interrupts connection to akonadi, breaks opening of email attachments	60	# private-tmp - interrupts connection to akonadi, breaks opening of email attachments
		61	# writable-run-user is needed for signing and encrypting emails
131	writable-run-user	62	writable-run-user
132	writable-var
133
134	# dbus-user none
135	dbus-system none
136
137	read-only ${HOME}/.mozilla/firefox/profiles.ini \ No newline at end of file