1 files changed, 45 insertions, 0 deletions
diff --git a/etc/akonadi_control.profile b/etc/akonadi_control.profile
new file mode 100644
index 000000000..0443774dd
--- /dev/null
+++ b/etc/akonadi_control.profile
@@ -0,0 +1,45 @@
+# Firejail profile for akonadi_control
+# Persistent local customizations
+include /etc/firejail/akonadi_control.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.cache/akonadi*
+noblacklist ${HOME}/.config/akonadi*
+noblacklist ${HOME}/.config/baloorc
+noblacklist ${HOME}/.local/share/akonadi/*
+noblacklist ${HOME}/.local/share/contacts
+noblacklist ${HOME}/.local/share/local-mail
+noblacklist /usr/sbin
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/whitelist-var-common.inc
+# depending on your setup it might be possible to
+# enable some of the commented options below
+# apparmor
+caps.drop all
+ipc-namespace
+no3d
+netfilter
+nodvd
+nogroups
+# nonewprivs
+# noroot
+nosound
+notv
+novideo
+# protocol unix,inet,inet6
+# seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice
+tracelog
+private-dev
+# private-tmp - breaks programs that depend on akonadi
+noexec ${HOME}
+noexec /tmp

diff --git a/etc/akonadi_control.profile b/etc/akonadi_control.profile new file mode 100644 index 000000000..0443774dd --- /dev/null +++ b/etc/akonadi_control.profile
@@ -0,0 +1,45 @@
	1	# Firejail profile for akonadi_control
	2	# Persistent local customizations
	3	include /etc/firejail/akonadi_control.local
	4	# Persistent global definitions
	5	include /etc/firejail/globals.local
	6
	7	noblacklist ${HOME}/.cache/akonadi*
	8	noblacklist ${HOME}/.config/akonadi*
	9	noblacklist ${HOME}/.config/baloorc
	10	noblacklist ${HOME}/.local/share/akonadi/*
	11	noblacklist ${HOME}/.local/share/contacts
	12	noblacklist ${HOME}/.local/share/local-mail
	13	noblacklist /usr/sbin
	14
	15	include /etc/firejail/disable-common.inc
	16	include /etc/firejail/disable-devel.inc
	17	include /etc/firejail/disable-passwdmgr.inc
	18	include /etc/firejail/disable-programs.inc
	19
	20	include /etc/firejail/whitelist-var-common.inc
	21
	22	# depending on your setup it might be possible to
	23	# enable some of the commented options below
	24
	25	# apparmor
	26	caps.drop all
	27	ipc-namespace
	28	no3d
	29	netfilter
	30	nodvd
	31	nogroups
	32	# nonewprivs
	33	# noroot
	34	nosound
	35	notv
	36	novideo
	37	# protocol unix,inet,inet6
	38	# seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice
	39	tracelog
	40
	41	private-dev
	42	# private-tmp - breaks programs that depend on akonadi
	43
	44	noexec ${HOME}
	45	noexec /tmp