diff options
Diffstat (limited to 'etc/profile-m-z/mutt.profile')
-rw-r--r-- | etc/profile-m-z/mutt.profile | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index 1ce12f54f..24782c033 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile | |||
@@ -1,6 +1,7 @@ | |||
1 | # Firejail profile for mutt | 1 | # Firejail profile for mutt |
2 | # Description: Text-based mailreader supporting MIME, GPG, PGP and threading | 2 | # Description: Text-based mailreader supporting MIME, GPG, PGP and threading |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | ||
4 | # Persistent local customizations | 5 | # Persistent local customizations |
5 | include mutt.local | 6 | include mutt.local |
6 | # Persistent global definitions | 7 | # Persistent global definitions |
@@ -8,15 +9,18 @@ include globals.local | |||
8 | 9 | ||
9 | noblacklist /var/mail | 10 | noblacklist /var/mail |
10 | noblacklist /var/spool/mail | 11 | noblacklist /var/spool/mail |
12 | noblacklist ${DOCUMENTS} | ||
11 | noblacklist ${HOME}/.Mail | 13 | noblacklist ${HOME}/.Mail |
12 | noblacklist ${HOME}/.bogofilter | 14 | noblacklist ${HOME}/.bogofilter |
13 | noblacklist ${HOME}/.cache/mutt | 15 | noblacklist ${HOME}/.cache/mutt |
16 | noblacklist ${HOME}/.config/mutt | ||
14 | noblacklist ${HOME}/.config/nano | 17 | noblacklist ${HOME}/.config/nano |
15 | noblacklist ${HOME}/.elinks | 18 | noblacklist ${HOME}/.elinks |
16 | noblacklist ${HOME}/.emacs | 19 | noblacklist ${HOME}/.emacs |
17 | noblacklist ${HOME}/.emacs.d | 20 | noblacklist ${HOME}/.emacs.d |
18 | noblacklist ${HOME}/.gnupg | 21 | noblacklist ${HOME}/.gnupg |
19 | noblacklist ${HOME}/.mail | 22 | noblacklist ${HOME}/.mail |
23 | noblacklist ${HOME}/.mailcap | ||
20 | noblacklist ${HOME}/.msmtprc | 24 | noblacklist ${HOME}/.msmtprc |
21 | noblacklist ${HOME}/.mutt | 25 | noblacklist ${HOME}/.mutt |
22 | noblacklist ${HOME}/.muttrc | 26 | noblacklist ${HOME}/.muttrc |
@@ -34,15 +38,84 @@ noblacklist ${HOME}/sent | |||
34 | blacklist /tmp/.X11-unix | 38 | blacklist /tmp/.X11-unix |
35 | blacklist ${RUNUSER}/wayland-* | 39 | blacklist ${RUNUSER}/wayland-* |
36 | 40 | ||
41 | # Uncomment or put them in mutt.local for oauth.py,S/MIME | ||
42 | |||
43 | #include allow-perl.inc | ||
44 | #include allow-python2.inc | ||
45 | #include allow-python3.inc | ||
46 | |||
37 | include disable-common.inc | 47 | include disable-common.inc |
38 | include disable-devel.inc | 48 | include disable-devel.inc |
49 | include disable-exec.inc | ||
39 | include disable-interpreters.inc | 50 | include disable-interpreters.inc |
40 | include disable-passwdmgr.inc | 51 | include disable-passwdmgr.inc |
41 | include disable-programs.inc | 52 | include disable-programs.inc |
53 | include disable-xdg.inc | ||
42 | 54 | ||
55 | mkdir ${HOME}/.Mail | ||
56 | mkdir ${HOME}/.bogofilter | ||
57 | mkdir ${HOME}/.cache/mutt | ||
58 | mkdir ${HOME}/.config/mutt | ||
59 | mkdir ${HOME}/.config/nano | ||
60 | mkdir ${HOME}/.elinks | ||
61 | mkdir ${HOME}/.emacs.d | ||
62 | mkdir ${HOME}/.gnupg | ||
63 | mkdir ${HOME}/.mail | ||
64 | mkdir ${HOME}/.mutt | ||
65 | mkdir ${HOME}/.vim | ||
66 | mkdir ${HOME}/.w3m | ||
67 | mkdir ${HOME}/Mail | ||
68 | mkdir ${HOME}/mail | ||
69 | mkdir ${HOME}/postponed | ||
70 | mkdir ${HOME}/sent | ||
71 | mkfile ${HOME}/.emacs | ||
72 | mkfile ${HOME}/.mailcap | ||
73 | mkfile ${HOME}/.msmtprc | ||
74 | mkfile ${HOME}/.muttrc | ||
75 | mkfile ${HOME}/.nanorc | ||
76 | mkfile ${HOME}/.signature | ||
77 | mkfile ${HOME}/.viminfo | ||
78 | mkfile ${HOME}/.vimrc | ||
79 | whitelist ${DOCUMENTS} | ||
80 | whitelist ${DOWNLOADS} | ||
81 | whitelist ${HOME}/.Mail | ||
82 | whitelist ${HOME}/.bogofilter | ||
83 | whitelist ${HOME}/.cache/mutt | ||
84 | whitelist ${HOME}/.config/mutt | ||
85 | whitelist ${HOME}/.config/nano | ||
86 | whitelist ${HOME}/.elinks | ||
87 | whitelist ${HOME}/.emacs | ||
88 | whitelist ${HOME}/.emacs.d | ||
89 | whitelist ${HOME}/.gnupg | ||
90 | whitelist ${HOME}/.mail | ||
91 | whitelist ${HOME}/.mailcap | ||
92 | whitelist ${HOME}/.msmtprc | ||
93 | whitelist ${HOME}/.mutt | ||
94 | whitelist ${HOME}/.muttrc | ||
95 | whitelist ${HOME}/.nanorc | ||
96 | whitelist ${HOME}/.signature | ||
97 | whitelist ${HOME}/.vim | ||
98 | whitelist ${HOME}/.viminfo | ||
99 | whitelist ${HOME}/.vimrc | ||
100 | whitelist ${HOME}/.w3m | ||
101 | whitelist ${HOME}/Mail | ||
102 | whitelist ${HOME}/mail | ||
103 | whitelist ${HOME}/postponed | ||
104 | whitelist ${HOME}/sent | ||
105 | whitelist /usr/share/gnupg | ||
106 | whitelist /usr/share/gnupg2 | ||
107 | whitelist /usr/share/mutt | ||
108 | whitelist /var/mail | ||
109 | whitelist /var/spool/mail | ||
110 | include whitelist-common.inc | ||
43 | include whitelist-runuser-common.inc | 111 | include whitelist-runuser-common.inc |
112 | include whitelist-usr-share-common.inc | ||
113 | include whitelist-var-common.inc | ||
44 | 114 | ||
115 | apparmor | ||
45 | caps.drop all | 116 | caps.drop all |
117 | ipc-namespace | ||
118 | machine-id | ||
46 | netfilter | 119 | netfilter |
47 | no3d | 120 | no3d |
48 | nodvd | 121 | nodvd |
@@ -55,8 +128,23 @@ nou2f | |||
55 | novideo | 128 | novideo |
56 | protocol unix,inet,inet6 | 129 | protocol unix,inet,inet6 |
57 | seccomp | 130 | seccomp |
131 | seccomp.block-secondary | ||
58 | shell none | 132 | shell none |
133 | tracelog | ||
59 | 134 | ||
135 | # disable-mnt | ||
136 | private-cache | ||
60 | private-dev | 137 | private-dev |
138 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gai.conf,gcrypt,gnupg,gnutls,hostname,hosts,hosts.conf,mail,mailname,Mutt,Muttrc,Muttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,terminfo,xdg | ||
139 | private-tmp | ||
61 | writable-run-user | 140 | writable-run-user |
62 | writable-var | 141 | writable-var |
142 | |||
143 | dbus-user none | ||
144 | dbus-system none | ||
145 | |||
146 | memory-deny-write-execute | ||
147 | read-only ${HOME}/.elinks | ||
148 | read-only ${HOME}/.nanorc | ||
149 | read-only ${HOME}/.signature | ||
150 | read-only ${HOME}/.w3m | ||