4 files changed, 30 insertions, 41 deletions

diff --git a/etc/ids.config b/etc/ids.config
index 1217d4a3a..880ec6ab5 100644
--- a/etc/ids.config
+++ b/etc/ids.config
@@ -128,6 +128,7 @@ ${HOME}/.local/share/autostart
 /etc/apparmor*
 /etc/chkrootkit.conf
 /etc/cracklib
+/etc/doas.conf
 /etc/libaudit.conf
 /etc/group*
 /etc/gshadow*
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index 5918ee640..23886f1b6 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -479,6 +479,7 @@ blacklist ${PATH}/chage
 blacklist ${PATH}/chfn
 blacklist ${PATH}/chsh
 blacklist ${PATH}/crontab
+blacklist ${PATH}/doas
 blacklist ${PATH}/evtest
 blacklist ${PATH}/expiry
 blacklist ${PATH}/fusermount
diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile
index 0e5c35167..d0d0f2168 100644
--- a/etc/profile-a-l/electron-mail.profile
+++ b/etc/profile-a-l/electron-mail.profile
@@ -1,55 +1,43 @@
-# Firejail profile for electron-mail
-# Description: Unofficial desktop app for several E2E encrypted email providers
+# Firejail profile for ElectronMail
+# Description: Unofficial desktop app for the Proton Mail E2E encrypted email provider
 # This file is overwritten after every install/update
 # Persistent local customizations
 include electron-mail.local
 # Persistent global definitions
 include globals.local
 
+ignore dbus-user none
+ignore disable-mnt
+
 noblacklist ${HOME}/.config/electron-mail
 
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-programs.inc
+# sh is needed to allow Firefox to open links
+include allow-bin-sh.inc
+
 include disable-shell.inc
-include disable-xdg.inc
 
 mkdir ${HOME}/.config/electron-mail
 whitelist ${HOME}/.config/electron-mail
-whitelist ${DOWNLOADS}
-
-include whitelist-common.inc
-include whitelist-runuser-common.inc
-include whitelist-usr-share-common.inc
-include whitelist-var-common.inc
-
-apparmor
-caps.drop all
-netfilter
-no3d
-nodvd
-nogroups
-noinput
-nonewprivs
-noroot
-notv
-nou2f
-novideo
-protocol unix,inet,inet6,netlink
-seccomp !chroot
-# tracelog - breaks on Arch
-
-private-bin electron-mail
-private-cache
-private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,selinux,ssl,xdg
+
+# The lines below are needed to find the default Firefox profile name, to allow
+# opening links in an existing instance of Firefox (note that it still fails if
+# there isn't a Firefox instance running with the default profile; see #5352)
+noblacklist ${HOME}/.mozilla
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
+read-only ${HOME}/.mozilla/firefox/profiles.ini
+
+machine-id
+nosound
+
+private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl
 private-opt ElectronMail
-private-tmp
 
-# breaks tray functionality
-# dbus-user none
-dbus-system none
+dbus-user filter
+dbus-user.talk org.freedesktop.Notifications
+dbus-user.talk org.freedesktop.secrets
+dbus-user.talk org.gnome.keyring.SystemPrompter
+# allow D-Bus communication with firefox for opening links
+dbus-user.talk org.mozilla.*
 
-# memory-deny-write-execute - breaks on Arch
+# Redirect
+include electron.profile
diff --git a/etc/profile-m-z/mpv.profile b/etc/profile-m-z/mpv.profile
index 36c7edecb..4ea5740c2 100644
--- a/etc/profile-m-z/mpv.profile
+++ b/etc/profile-m-z/mpv.profile
@@ -58,7 +58,6 @@ whitelist ${HOME}/.config/yt-dlp.conf
 whitelist ${HOME}/.netrc
 whitelist ${HOME}/yt-dlp.conf
 whitelist ${HOME}/yt-dlp.conf.txt
-whitelist /usr/lib/mpv-mpris
 whitelist /usr/share/lua
 whitelist /usr/share/lua*
 whitelist /usr/share/vulkan