1 files changed, 67 insertions, 12 deletions
diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile
index f4e5a392f..b11863c6a 100644
--- a/etc/profile-a-l/geary.profile
+++ b/etc/profile-a-l/geary.profile
@@ -4,28 +4,83 @@
 # Persistent local customizations
 include geary.local
 # Persistent global definitions
-# added by included profile
+include globals.local
-#include globals.local
-# Users have Geary set to open a browser by clicking a link in an email
-# We are not allowed to blacklist browser-specific directories
-ignore dbus-user filter
-ignore dbus-system none
-ignore private-tmp
+noblacklist ${HOME}/.cache/evolution
+noblacklist ${HOME}/.cache/folks
 noblacklist ${HOME}/.cache/geary
+noblacklist ${HOME}/.config/evolution
 noblacklist ${HOME}/.config/geary
+noblacklist ${HOME}/.local/share/evolution
 noblacklist ${HOME}/.local/share/geary
+noblacklist ${HOME}/.mozilla
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.cache/evolution
+mkdir ${HOME}/.cache/folks
 mkdir ${HOME}/.cache/geary
+mkdir ${HOME}/.config/evolution
 mkdir ${HOME}/.config/geary
+mkdir ${HOME}/.local/share/evolution
 mkdir ${HOME}/.local/share/geary
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/evolution
+whitelist ${HOME}/.cache/folks
 whitelist ${HOME}/.cache/geary
+whitelist ${HOME}/.config/evolution
 whitelist ${HOME}/.config/geary
+whitelist ${HOME}/.local/share/evolution
 whitelist ${HOME}/.local/share/geary
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
 whitelist /usr/share/geary
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+# disable-mnt
+# Add 'ignore private-bin' to geary.local for hyperlink support
+private-bin geary
+private-cache
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,pki,resolv.conf,ssl,xdg
+private-tmp
+dbus-user filter
+dbus-user.own org.gnome.Geary
+dbus-user.talk ca.desrt.dconf
+dbus-user.talk org.freedesktop.secrets
+dbus-user.talk org.gnome.Contacts
+dbus-user.talk org.gnome.OnlineAccounts
+dbus-user.talk org.gnome.evolution.dataserver.AddressBook10
+dbus-user.talk org.gnome.evolution.dataserver.Sources5
+dbus-system none
-# allow Mozilla browsers
+read-only ${HOME}/.mozilla/firefox/profiles.ini
-# Redirect
-include firefox.profile

diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile index f4e5a392f..b11863c6a 100644 --- a/etc/profile-a-l/geary.profile +++ b/etc/profile-a-l/geary.profile
@@ -4,28 +4,83 @@
4	# Persistent local customizations	4	# Persistent local customizations
5	include geary.local	5	include geary.local
6	# Persistent global definitions	6	# Persistent global definitions
7	# added by included profile	7	include globals.local
8	#include globals.local
9
10	# Users have Geary set to open a browser by clicking a link in an email
11	# We are not allowed to blacklist browser-specific directories
12
13	ignore dbus-user filter
14	ignore dbus-system none
15	ignore private-tmp
16		8
		9	noblacklist ${HOME}/.cache/evolution
		10	noblacklist ${HOME}/.cache/folks
17	noblacklist ${HOME}/.cache/geary	11	noblacklist ${HOME}/.cache/geary
		12	noblacklist ${HOME}/.config/evolution
18	noblacklist ${HOME}/.config/geary	13	noblacklist ${HOME}/.config/geary
		14	noblacklist ${HOME}/.local/share/evolution
19	noblacklist ${HOME}/.local/share/geary	15	noblacklist ${HOME}/.local/share/geary
		16	noblacklist ${HOME}/.mozilla
		17
		18	include disable-common.inc
		19	include disable-devel.inc
		20	include disable-exec.inc
		21	include disable-interpreters.inc
		22	include disable-passwdmgr.inc
		23	include disable-programs.inc
		24	include disable-shell.inc
		25	include disable-xdg.inc
20		26
		27	mkdir ${HOME}/.cache/evolution
		28	mkdir ${HOME}/.cache/folks
21	mkdir ${HOME}/.cache/geary	29	mkdir ${HOME}/.cache/geary
		30	mkdir ${HOME}/.config/evolution
22	mkdir ${HOME}/.config/geary	31	mkdir ${HOME}/.config/geary
		32	mkdir ${HOME}/.local/share/evolution
23	mkdir ${HOME}/.local/share/geary	33	mkdir ${HOME}/.local/share/geary
		34	whitelist ${DOWNLOADS}
		35	whitelist ${HOME}/.cache/evolution
		36	whitelist ${HOME}/.cache/folks
24	whitelist ${HOME}/.cache/geary	37	whitelist ${HOME}/.cache/geary
		38	whitelist ${HOME}/.config/evolution
25	whitelist ${HOME}/.config/geary	39	whitelist ${HOME}/.config/geary
		40	whitelist ${HOME}/.local/share/evolution
26	whitelist ${HOME}/.local/share/geary	41	whitelist ${HOME}/.local/share/geary
		42	whitelist ${HOME}/.mozilla/firefox/profiles.ini
27	whitelist /usr/share/geary	43	whitelist /usr/share/geary
		44	include whitelist-common.inc
		45	include whitelist-runuser-common.inc
		46	include whitelist-usr-share-common.inc
		47	include whitelist-var-common.inc
		48
		49	apparmor
		50	caps.drop all
		51	machine-id
		52	netfilter
		53	no3d
		54	nodvd
		55	nogroups
		56	nonewprivs
		57	noroot
		58	nosound
		59	notv
		60	nou2f
		61	novideo
		62	protocol unix,inet,inet6
		63	seccomp
		64	seccomp.block-secondary
		65	shell none
		66	tracelog
		67
		68	# disable-mnt
		69	# Add 'ignore private-bin' to geary.local for hyperlink support
		70	private-bin geary
		71	private-cache
		72	private-dev
		73	private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,pki,resolv.conf,ssl,xdg
		74	private-tmp
		75
		76	dbus-user filter
		77	dbus-user.own org.gnome.Geary
		78	dbus-user.talk ca.desrt.dconf
		79	dbus-user.talk org.freedesktop.secrets
		80	dbus-user.talk org.gnome.Contacts
		81	dbus-user.talk org.gnome.OnlineAccounts
		82	dbus-user.talk org.gnome.evolution.dataserver.AddressBook10
		83	dbus-user.talk org.gnome.evolution.dataserver.Sources5
		84	dbus-system none
28		85
29	# allow Mozilla browsers	86	read-only ${HOME}/.mozilla/firefox/profiles.ini
30	# Redirect
31	include firefox.profile