diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/akonadi_control.profile | 3 | ||||
-rw-r--r-- | etc/kmail.profile | 5 |
2 files changed, 5 insertions, 3 deletions
diff --git a/etc/akonadi_control.profile b/etc/akonadi_control.profile index fb299a518..0443774dd 100644 --- a/etc/akonadi_control.profile +++ b/etc/akonadi_control.profile | |||
@@ -22,6 +22,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
22 | # depending on your setup it might be possible to | 22 | # depending on your setup it might be possible to |
23 | # enable some of the commented options below | 23 | # enable some of the commented options below |
24 | 24 | ||
25 | # apparmor | ||
25 | caps.drop all | 26 | caps.drop all |
26 | ipc-namespace | 27 | ipc-namespace |
27 | no3d | 28 | no3d |
@@ -34,7 +35,7 @@ nosound | |||
34 | notv | 35 | notv |
35 | novideo | 36 | novideo |
36 | # protocol unix,inet,inet6 | 37 | # protocol unix,inet,inet6 |
37 | # seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice # we need to allow io_getevents, ioprio_set, io_setup, io_submit system calls | 38 | # seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice |
38 | tracelog | 39 | tracelog |
39 | 40 | ||
40 | private-dev | 41 | private-dev |
diff --git a/etc/kmail.profile b/etc/kmail.profile index 1b3255d61..3ee8370cb 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
@@ -5,8 +5,8 @@ include /etc/firejail/kmail.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # akonadi with mysql backend fails to run inside this sandbox | 8 | # if akonadi has a mysql backend, starting it inside this sandbox will fail |
9 | # and should be started in advance | 9 | # one solution is to have akonadi already running when kmail is launched |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/akonadi* | 11 | noblacklist ${HOME}/.cache/akonadi* |
12 | noblacklist ${HOME}/.config/akonadi* | 12 | noblacklist ${HOME}/.config/akonadi* |
@@ -24,6 +24,7 @@ include /etc/firejail/disable-devel.inc | |||
24 | include /etc/firejail/disable-passwdmgr.inc | 24 | include /etc/firejail/disable-passwdmgr.inc |
25 | include /etc/firejail/disable-programs.inc | 25 | include /etc/firejail/disable-programs.inc |
26 | 26 | ||
27 | # apparmor | ||
27 | caps.drop all | 28 | caps.drop all |
28 | netfilter | 29 | netfilter |
29 | nodvd | 30 | nodvd |