1 files changed, 60 insertions, 0 deletions
diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile
new file mode 100644
index 000000000..198b05a11
--- /dev/null
+++ b/etc/profile-a-l/kmail.profile
@@ -0,0 +1,60 @@
+# Firejail profile for kmail
+# Description: Full featured graphical email client
+# This file is overwritten after every install/update
+# Persistent local customizations
+include kmail.local
+# Persistent global definitions
+include globals.local
+# kmail has problems launching akonadi in debian and ubuntu.
+# one solution is to have akonadi already running when kmail is started
+noblacklist ${HOME}/.cache/akonadi*
+noblacklist ${HOME}/.cache/kmail2
+noblacklist ${HOME}/.config/akonadi*
+noblacklist ${HOME}/.config/baloorc
+noblacklist ${HOME}/.config/emaildefaults
+noblacklist ${HOME}/.config/emailidentities
+noblacklist ${HOME}/.config/kmail2rc
+noblacklist ${HOME}/.config/kmailsearchindexingrc
+noblacklist ${HOME}/.config/mailtransports
+noblacklist ${HOME}/.config/specialmailcollectionsrc
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.local/share/akonadi*
+noblacklist ${HOME}/.local/share/apps/korganizer
+noblacklist ${HOME}/.local/share/contacts
+noblacklist ${HOME}/.local/share/emailidentities
+noblacklist ${HOME}/.local/share/kmail2
+noblacklist ${HOME}/.local/share/local-mail
+noblacklist ${HOME}/.local/share/notes
+noblacklist /tmp/akonadi-*
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include whitelist-var-common.inc
+# apparmor
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+# we need to allow chroot, io_getevents, ioprio_set, io_setup, io_submit system calls
+seccomp !chroot,!io_getevents,!io_setup,!io_submit,!ioprio_set
+# tracelog
+private-dev
+# private-tmp - interrupts connection to akonadi, breaks opening of email attachments
+# writable-run-user is needed for signing and encrypting emails
+writable-run-user

diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile new file mode 100644 index 000000000..198b05a11 --- /dev/null +++ b/etc/profile-a-l/kmail.profile
@@ -0,0 +1,60 @@
	1	# Firejail profile for kmail
	2	# Description: Full featured graphical email client
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include kmail.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	# kmail has problems launching akonadi in debian and ubuntu.
	10	# one solution is to have akonadi already running when kmail is started
	11
	12	noblacklist ${HOME}/.cache/akonadi*
	13	noblacklist ${HOME}/.cache/kmail2
	14	noblacklist ${HOME}/.config/akonadi*
	15	noblacklist ${HOME}/.config/baloorc
	16	noblacklist ${HOME}/.config/emaildefaults
	17	noblacklist ${HOME}/.config/emailidentities
	18	noblacklist ${HOME}/.config/kmail2rc
	19	noblacklist ${HOME}/.config/kmailsearchindexingrc
	20	noblacklist ${HOME}/.config/mailtransports
	21	noblacklist ${HOME}/.config/specialmailcollectionsrc
	22	noblacklist ${HOME}/.gnupg
	23	noblacklist ${HOME}/.local/share/akonadi*
	24	noblacklist ${HOME}/.local/share/apps/korganizer
	25	noblacklist ${HOME}/.local/share/contacts
	26	noblacklist ${HOME}/.local/share/emailidentities
	27	noblacklist ${HOME}/.local/share/kmail2
	28	noblacklist ${HOME}/.local/share/local-mail
	29	noblacklist ${HOME}/.local/share/notes
	30	noblacklist /tmp/akonadi-*
	31
	32	include disable-common.inc
	33	include disable-devel.inc
	34	include disable-exec.inc
	35	include disable-interpreters.inc
	36	include disable-passwdmgr.inc
	37	include disable-programs.inc
	38
	39	include whitelist-var-common.inc
	40
	41	# apparmor
	42	caps.drop all
	43	netfilter
	44	nodvd
	45	nogroups
	46	nonewprivs
	47	noroot
	48	nosound
	49	notv
	50	nou2f
	51	novideo
	52	protocol unix,inet,inet6,netlink
	53	# we need to allow chroot, io_getevents, ioprio_set, io_setup, io_submit system calls
	54	seccomp !chroot,!io_getevents,!io_setup,!io_submit,!ioprio_set
	55	# tracelog
	56
	57	private-dev
	58	# private-tmp - interrupts connection to akonadi, breaks opening of email attachments
	59	# writable-run-user is needed for signing and encrypting emails
	60	writable-run-user