From 20fa0d580ae50f4104de82d30cefe40a9da5ab85 Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Sat, 23 Nov 2019 10:54:42 +0000 Subject: Add new electron-mail profile (#3053) * Create electron-mail.profile * Add electron-mail to disable-programs.inc * Add electron-mail to firecfg.config --- etc/disable-programs.inc | 1 + etc/electron-mail.profile | 52 ++++++++++++++++++++++++++++++++++++++++++++++ src/firecfg/firecfg.config | 1 + 3 files changed, 54 insertions(+) create mode 100644 etc/electron-mail.profile diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index d65bb6fc4..4db110af7 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -159,6 +159,7 @@ blacklist ${HOME}/.config/dnox blacklist ${HOME}/.config/dolphinrc blacklist ${HOME}/.config/dragonplayerrc blacklist ${HOME}/.config/d-feet +blacklist ${HOME}/.config/electron-mail blacklist ${HOME}/.config/emaildefaults blacklist ${HOME}/.config/emailidentities blacklist ${HOME}/.config/enchant diff --git a/etc/electron-mail.profile b/etc/electron-mail.profile new file mode 100644 index 000000000..2945b9c37 --- /dev/null +++ b/etc/electron-mail.profile @@ -0,0 +1,52 @@ +# Firejail profile for electron-mail +# Description: Unofficial desktop app for several E2E encrypted email providers +# This file is overwritten after every install/update +# Persistent local customizations +include electron-mail.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/electron-mail + +whitelist ${DOWNLOADS} + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +mkdir ${HOME}/.config/electron-mail +whitelist ${HOME}/.config/electron-mail + +include whitelist-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +netfilter +no3d +# nodbus - breaks tray functionality +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix,inet,inet6,netlink +seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice +shell none +# tracelog - breaks on Arch + +private-bin electron-mail +private-cache +private-dev +private-etc alternatives,fonts +private-opt ElectronMail +private-tmp + +# memory-deny-write-execute - breaks on Arch diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index e997598af..b4a425356 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -155,6 +155,7 @@ dropbox d-feet easystroke ebook-viewer +electron-mail electrum elinks empathy -- cgit v1.2.3-54-g00ecf