aboutsummaryrefslogtreecommitdiffstats
path: root/etc/kmail.profile
diff options
context:
space:
mode:
Diffstat (limited to 'etc/kmail.profile')
-rw-r--r--etc/kmail.profile28
1 files changed, 25 insertions, 3 deletions
diff --git a/etc/kmail.profile b/etc/kmail.profile
index ca774f4ec..3e425b62e 100644
--- a/etc/kmail.profile
+++ b/etc/kmail.profile
@@ -5,13 +5,32 @@ include /etc/firejail/kmail.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# kmail has problems launching akonadi in debian and ubuntu.
9# one solution is to have akonadi already running when kmail is started
10
11noblacklist ${HOME}/.cache/akonadi*
12noblacklist ${HOME}/.cache/kmail2
13noblacklist ${HOME}/.config/akonadi*
14noblacklist ${HOME}/.config/baloorc
15noblacklist ${HOME}/.config/emailidentities
16noblacklist ${HOME}/.config/kmail2rc
8noblacklist ${HOME}/.gnupg 17noblacklist ${HOME}/.gnupg
18noblacklist ${HOME}/.local/share/akonadi*
19noblacklist ${HOME}/.local/share/contacts
20noblacklist ${HOME}/.local/share/emailidentities
21noblacklist ${HOME}/.local/share/kmail2
22noblacklist ${HOME}/.local/share/local-mail
23noblacklist ${HOME}/.local/share/notes
24noblacklist /tmp/akonadi-*
9 25
10include /etc/firejail/disable-common.inc 26include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 27include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 28include /etc/firejail/disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 29include /etc/firejail/disable-programs.inc
14 30
31include /etc/firejail/whitelist-var-common.inc
32
33# apparmor
15caps.drop all 34caps.drop all
16netfilter 35netfilter
17nodvd 36nodvd
@@ -22,11 +41,14 @@ nosound
22notv 41notv
23novideo 42novideo
24protocol unix,inet,inet6,netlink 43protocol unix,inet,inet6,netlink
25# blacklisting of chroot system calls breaks kmail 44# we need to allow chroot, io_getevents, ioprio_set, io_setup, io_submit system calls
26seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice 45seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
27# tracelog 46# tracelog
28# writable-run-user is needed for signing and encrypting emails 47# writable-run-user is needed for signing and encrypting emails
29writable-run-user 48writable-run-user
30 49
31private-dev 50private-dev
32# private-tmp - breaks akonadi and opening of email attachments 51# private-tmp - interrupts connection to akonadi, breaks opening of email attachments
52
53noexec ${HOME}
54noexec /tmp
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-02 01:03:47 +0000