1 files changed, 88 insertions, 0 deletions
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile
index 1ce12f54f..24782c033 100644
--- a/etc/profile-m-z/mutt.profile
+++ b/etc/profile-m-z/mutt.profile
@@ -1,6 +1,7 @@
 # Firejail profile for mutt
 # Description: Text-based mailreader supporting MIME, GPG, PGP and threading
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include mutt.local
 # Persistent global definitions
@@ -8,15 +9,18 @@ include globals.local
 noblacklist /var/mail
 noblacklist /var/spool/mail
+noblacklist ${DOCUMENTS}
 noblacklist ${HOME}/.Mail
 noblacklist ${HOME}/.bogofilter
 noblacklist ${HOME}/.cache/mutt
+noblacklist ${HOME}/.config/mutt
 noblacklist ${HOME}/.config/nano
 noblacklist ${HOME}/.elinks
 noblacklist ${HOME}/.emacs
 noblacklist ${HOME}/.emacs.d
 noblacklist ${HOME}/.gnupg
 noblacklist ${HOME}/.mail
+noblacklist ${HOME}/.mailcap
 noblacklist ${HOME}/.msmtprc
 noblacklist ${HOME}/.mutt
 noblacklist ${HOME}/.muttrc
@@ -34,15 +38,84 @@ noblacklist ${HOME}/sent
 blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}/wayland-*
+# Uncomment or put them in mutt.local for oauth.py,S/MIME
+#include allow-perl.inc
+#include allow-python2.inc
+#include allow-python3.inc
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.Mail
+mkdir ${HOME}/.bogofilter
+mkdir ${HOME}/.cache/mutt
+mkdir ${HOME}/.config/mutt
+mkdir ${HOME}/.config/nano
+mkdir ${HOME}/.elinks
+mkdir ${HOME}/.emacs.d
+mkdir ${HOME}/.gnupg
+mkdir ${HOME}/.mail
+mkdir ${HOME}/.mutt
+mkdir ${HOME}/.vim
+mkdir ${HOME}/.w3m
+mkdir ${HOME}/Mail
+mkdir ${HOME}/mail
+mkdir ${HOME}/postponed
+mkdir ${HOME}/sent
+mkfile ${HOME}/.emacs
+mkfile ${HOME}/.mailcap
+mkfile ${HOME}/.msmtprc
+mkfile ${HOME}/.muttrc
+mkfile ${HOME}/.nanorc
+mkfile ${HOME}/.signature
+mkfile ${HOME}/.viminfo
+mkfile ${HOME}/.vimrc
+whitelist ${DOCUMENTS}
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.Mail
+whitelist ${HOME}/.bogofilter
+whitelist ${HOME}/.cache/mutt
+whitelist ${HOME}/.config/mutt
+whitelist ${HOME}/.config/nano
+whitelist ${HOME}/.elinks
+whitelist ${HOME}/.emacs
+whitelist ${HOME}/.emacs.d
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.mail
+whitelist ${HOME}/.mailcap
+whitelist ${HOME}/.msmtprc
+whitelist ${HOME}/.mutt
+whitelist ${HOME}/.muttrc
+whitelist ${HOME}/.nanorc
+whitelist ${HOME}/.signature
+whitelist ${HOME}/.vim
+whitelist ${HOME}/.viminfo
+whitelist ${HOME}/.vimrc
+whitelist ${HOME}/.w3m
+whitelist ${HOME}/Mail
+whitelist ${HOME}/mail
+whitelist ${HOME}/postponed
+whitelist ${HOME}/sent
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
+whitelist /usr/share/mutt
+whitelist /var/mail
+whitelist /var/spool/mail
+include whitelist-common.inc
 include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
 caps.drop all
+ipc-namespace
+machine-id
 netfilter
 no3d
 nodvd
@@ -55,8 +128,23 @@ nou2f
 novideo
 protocol unix,inet,inet6
 seccomp
+seccomp.block-secondary
 shell none
+tracelog
+# disable-mnt
+private-cache
 private-dev
+private-etc alternatives,ca-certificates,crypto-policies,fonts,gai.conf,gcrypt,gnupg,gnutls,hostname,hosts,hosts.conf,mail,mailname,Mutt,Muttrc,Muttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,terminfo,xdg
+private-tmp
 writable-run-user
 writable-var
+dbus-user none
+dbus-system none
+memory-deny-write-execute
+read-only ${HOME}/.elinks
+read-only ${HOME}/.nanorc
+read-only ${HOME}/.signature
+read-only ${HOME}/.w3m

diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index 1ce12f54f..24782c033 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile
@@ -1,6 +1,7 @@
1	# Firejail profile for mutt	1	# Firejail profile for mutt
2	# Description: Text-based mailreader supporting MIME, GPG, PGP and threading	2	# Description: Text-based mailreader supporting MIME, GPG, PGP and threading
3	# This file is overwritten after every install/update	3	# This file is overwritten after every install/update
		4	quiet
4	# Persistent local customizations	5	# Persistent local customizations
5	include mutt.local	6	include mutt.local
6	# Persistent global definitions	7	# Persistent global definitions
@@ -8,15 +9,18 @@ include globals.local
8		9
9	noblacklist /var/mail	10	noblacklist /var/mail
10	noblacklist /var/spool/mail	11	noblacklist /var/spool/mail
		12	noblacklist ${DOCUMENTS}
11	noblacklist ${HOME}/.Mail	13	noblacklist ${HOME}/.Mail
12	noblacklist ${HOME}/.bogofilter	14	noblacklist ${HOME}/.bogofilter
13	noblacklist ${HOME}/.cache/mutt	15	noblacklist ${HOME}/.cache/mutt
		16	noblacklist ${HOME}/.config/mutt
14	noblacklist ${HOME}/.config/nano	17	noblacklist ${HOME}/.config/nano
15	noblacklist ${HOME}/.elinks	18	noblacklist ${HOME}/.elinks
16	noblacklist ${HOME}/.emacs	19	noblacklist ${HOME}/.emacs
17	noblacklist ${HOME}/.emacs.d	20	noblacklist ${HOME}/.emacs.d
18	noblacklist ${HOME}/.gnupg	21	noblacklist ${HOME}/.gnupg
19	noblacklist ${HOME}/.mail	22	noblacklist ${HOME}/.mail
		23	noblacklist ${HOME}/.mailcap
20	noblacklist ${HOME}/.msmtprc	24	noblacklist ${HOME}/.msmtprc
21	noblacklist ${HOME}/.mutt	25	noblacklist ${HOME}/.mutt
22	noblacklist ${HOME}/.muttrc	26	noblacklist ${HOME}/.muttrc
@@ -34,15 +38,84 @@ noblacklist ${HOME}/sent
34	blacklist /tmp/.X11-unix	38	blacklist /tmp/.X11-unix
35	blacklist ${RUNUSER}/wayland-*	39	blacklist ${RUNUSER}/wayland-*
36		40
		41	# Uncomment or put them in mutt.local for oauth.py,S/MIME
		42
		43	#include allow-perl.inc
		44	#include allow-python2.inc
		45	#include allow-python3.inc
		46
37	include disable-common.inc	47	include disable-common.inc
38	include disable-devel.inc	48	include disable-devel.inc
		49	include disable-exec.inc
39	include disable-interpreters.inc	50	include disable-interpreters.inc
40	include disable-passwdmgr.inc	51	include disable-passwdmgr.inc
41	include disable-programs.inc	52	include disable-programs.inc
		53	include disable-xdg.inc
42		54
		55	mkdir ${HOME}/.Mail
		56	mkdir ${HOME}/.bogofilter
		57	mkdir ${HOME}/.cache/mutt
		58	mkdir ${HOME}/.config/mutt
		59	mkdir ${HOME}/.config/nano
		60	mkdir ${HOME}/.elinks
		61	mkdir ${HOME}/.emacs.d
		62	mkdir ${HOME}/.gnupg
		63	mkdir ${HOME}/.mail
		64	mkdir ${HOME}/.mutt
		65	mkdir ${HOME}/.vim
		66	mkdir ${HOME}/.w3m
		67	mkdir ${HOME}/Mail
		68	mkdir ${HOME}/mail
		69	mkdir ${HOME}/postponed
		70	mkdir ${HOME}/sent
		71	mkfile ${HOME}/.emacs
		72	mkfile ${HOME}/.mailcap
		73	mkfile ${HOME}/.msmtprc
		74	mkfile ${HOME}/.muttrc
		75	mkfile ${HOME}/.nanorc
		76	mkfile ${HOME}/.signature
		77	mkfile ${HOME}/.viminfo
		78	mkfile ${HOME}/.vimrc
		79	whitelist ${DOCUMENTS}
		80	whitelist ${DOWNLOADS}
		81	whitelist ${HOME}/.Mail
		82	whitelist ${HOME}/.bogofilter
		83	whitelist ${HOME}/.cache/mutt
		84	whitelist ${HOME}/.config/mutt
		85	whitelist ${HOME}/.config/nano
		86	whitelist ${HOME}/.elinks
		87	whitelist ${HOME}/.emacs
		88	whitelist ${HOME}/.emacs.d
		89	whitelist ${HOME}/.gnupg
		90	whitelist ${HOME}/.mail
		91	whitelist ${HOME}/.mailcap
		92	whitelist ${HOME}/.msmtprc
		93	whitelist ${HOME}/.mutt
		94	whitelist ${HOME}/.muttrc
		95	whitelist ${HOME}/.nanorc
		96	whitelist ${HOME}/.signature
		97	whitelist ${HOME}/.vim
		98	whitelist ${HOME}/.viminfo
		99	whitelist ${HOME}/.vimrc
		100	whitelist ${HOME}/.w3m
		101	whitelist ${HOME}/Mail
		102	whitelist ${HOME}/mail
		103	whitelist ${HOME}/postponed
		104	whitelist ${HOME}/sent
		105	whitelist /usr/share/gnupg
		106	whitelist /usr/share/gnupg2
		107	whitelist /usr/share/mutt
		108	whitelist /var/mail
		109	whitelist /var/spool/mail
		110	include whitelist-common.inc
43	include whitelist-runuser-common.inc	111	include whitelist-runuser-common.inc
		112	include whitelist-usr-share-common.inc
		113	include whitelist-var-common.inc
44		114
		115	apparmor
45	caps.drop all	116	caps.drop all
		117	ipc-namespace
		118	machine-id
46	netfilter	119	netfilter
47	no3d	120	no3d
48	nodvd	121	nodvd
@@ -55,8 +128,23 @@ nou2f
55	novideo	128	novideo
56	protocol unix,inet,inet6	129	protocol unix,inet,inet6
57	seccomp	130	seccomp
		131	seccomp.block-secondary
58	shell none	132	shell none
		133	tracelog
59		134
		135	# disable-mnt
		136	private-cache
60	private-dev	137	private-dev
		138	private-etc alternatives,ca-certificates,crypto-policies,fonts,gai.conf,gcrypt,gnupg,gnutls,hostname,hosts,hosts.conf,mail,mailname,Mutt,Muttrc,Muttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,terminfo,xdg
		139	private-tmp
61	writable-run-user	140	writable-run-user
62	writable-var	141	writable-var
		142
		143	dbus-user none
		144	dbus-system none
		145
		146	memory-deny-write-execute
		147	read-only ${HOME}/.elinks
		148	read-only ${HOME}/.nanorc
		149	read-only ${HOME}/.signature
		150	read-only ${HOME}/.w3m