1 files changed, 49 insertions, 0 deletions
diff --git a/etc/akonadi_control.profile b/etc/akonadi_control.profile
new file mode 100644
index 000000000..3a4404b28
--- /dev/null
+++ b/etc/akonadi_control.profile
@@ -0,0 +1,49 @@
+# Firejail profile for akonadi_control
+# Persistent local customizations
+include /etc/firejail/akonadi_control.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.cache/akonadi*
+noblacklist ${HOME}/.config/akonadi*
+noblacklist ${HOME}/.config/baloorc
+noblacklist ${HOME}/.config/emailidentities
+noblacklist ${HOME}/.config/kmail2rc
+noblacklist ${HOME}/.local/share/akonadi*
+noblacklist ${HOME}/.local/share/contacts
+noblacklist ${HOME}/.local/share/local-mail
+noblacklist ${HOME}/.local/share/notes
+noblacklist /tmp/akonadi-*
+noblacklist /usr/sbin
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/whitelist-var-common.inc
+# disabled options below are not compatible with the apparmor profile for mysqld-akonadi.
+# this affects ubuntu and debian currently
+# apparmor
+caps.drop all
+ipc-namespace
+no3d
+netfilter
+nodvd
+nogroups
+# nonewprivs
+noroot
+nosound
+notv
+novideo
+# protocol unix,inet,inet6
+# seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice
+tracelog
+private-dev
+# private-tmp - breaks programs that depend on akonadi
+noexec ${HOME}
+noexec /tmp

diff --git a/etc/akonadi_control.profile b/etc/akonadi_control.profile new file mode 100644 index 000000000..3a4404b28 --- /dev/null +++ b/etc/akonadi_control.profile
@@ -0,0 +1,49 @@
	1	# Firejail profile for akonadi_control
	2	# Persistent local customizations
	3	include /etc/firejail/akonadi_control.local
	4	# Persistent global definitions
	5	include /etc/firejail/globals.local
	6
	7	noblacklist ${HOME}/.cache/akonadi*
	8	noblacklist ${HOME}/.config/akonadi*
	9	noblacklist ${HOME}/.config/baloorc
	10	noblacklist ${HOME}/.config/emailidentities
	11	noblacklist ${HOME}/.config/kmail2rc
	12	noblacklist ${HOME}/.local/share/akonadi*
	13	noblacklist ${HOME}/.local/share/contacts
	14	noblacklist ${HOME}/.local/share/local-mail
	15	noblacklist ${HOME}/.local/share/notes
	16	noblacklist /tmp/akonadi-*
	17	noblacklist /usr/sbin
	18
	19	include /etc/firejail/disable-common.inc
	20	include /etc/firejail/disable-devel.inc
	21	include /etc/firejail/disable-passwdmgr.inc
	22	include /etc/firejail/disable-programs.inc
	23
	24	include /etc/firejail/whitelist-var-common.inc
	25
	26	# disabled options below are not compatible with the apparmor profile for mysqld-akonadi.
	27	# this affects ubuntu and debian currently
	28
	29	# apparmor
	30	caps.drop all
	31	ipc-namespace
	32	no3d
	33	netfilter
	34	nodvd
	35	nogroups
	36	# nonewprivs
	37	noroot
	38	nosound
	39	notv
	40	novideo
	41	# protocol unix,inet,inet6
	42	# seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice
	43	tracelog
	44
	45	private-dev
	46	# private-tmp - breaks programs that depend on akonadi
	47
	48	noexec ${HOME}
	49	noexec /tmp