diff options
Diffstat (limited to 'etc/kmail.profile')
-rw-r--r-- | etc/kmail.profile | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/etc/kmail.profile b/etc/kmail.profile index 952af55c8..e33eae84f 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
@@ -5,20 +5,22 @@ include /etc/firejail/kmail.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # if akonadi has a mysql backend, starting it inside this sandbox will fail. | 8 | # kmail has problems launching akonadi in debian and ubuntu. |
9 | # one solution is to have akonadi already running when kmail is launched | 9 | # one solution is to have akonadi already running when kmail is started |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/akonadi* | 11 | noblacklist ${HOME}/.cache/akonadi* |
12 | noblacklist ${HOME}/.config/akonadi* | 12 | noblacklist ${HOME}/.config/akonadi* |
13 | noblacklist ${HOME}/.config/baloorc | 13 | noblacklist ${HOME}/.config/baloorc |
14 | noblacklist ${HOME}/.config/emailidentities | 14 | noblacklist ${HOME}/.config/emailidentities |
15 | noblacklist ${HOME}/.config/kmail2rc | 15 | noblacklist ${HOME}/.config/kmail2rc |
16 | noblacklist ${HOME}/.local/share/akonadi/* | 16 | noblacklist ${HOME}/.gnupg |
17 | noblacklist ${HOME}/.local/share/akonadi* | ||
17 | noblacklist ${HOME}/.local/share/contacts | 18 | noblacklist ${HOME}/.local/share/contacts |
18 | noblacklist ${HOME}/.local/share/emailidentities | 19 | noblacklist ${HOME}/.local/share/emailidentities |
19 | noblacklist ${HOME}/.local/share/kmail2 | 20 | noblacklist ${HOME}/.local/share/kmail2 |
20 | noblacklist ${HOME}/.local/share/local-mail | 21 | noblacklist ${HOME}/.local/share/local-mail |
21 | noblacklist ${HOME}/.gnupg | 22 | noblacklist ${HOME}/.local/share/notes |
23 | noblacklist /tmp/akonadi-* | ||
22 | 24 | ||
23 | include /etc/firejail/disable-common.inc | 25 | include /etc/firejail/disable-common.inc |
24 | include /etc/firejail/disable-devel.inc | 26 | include /etc/firejail/disable-devel.inc |
@@ -36,8 +38,8 @@ nosound | |||
36 | notv | 38 | notv |
37 | novideo | 39 | novideo |
38 | protocol unix,inet,inet6,netlink | 40 | protocol unix,inet,inet6,netlink |
39 | # we need to allow chroot and ioprio_set system calls | 41 | # we need to allow chroot, io_getevents, ioprio_set, io_setup, io_submit system calls |
40 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | 42 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice |
41 | # tracelog | 43 | # tracelog |
42 | # writable-run-user is needed for signing and encrypting emails | 44 | # writable-run-user is needed for signing and encrypting emails |
43 | writable-run-user | 45 | writable-run-user |