From dfaf7a7660689c055ba45a935e42b1b548669c57 Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Sat, 4 Jul 2020 12:22:46 +0000
Subject: clarify writing to /var/mail and /var/spool/mail in apparmor (#3487)

* clarify writing to /var/mail and /var/spool/mail in apparmor

Thunderbird seems to be our only mail client profile that enables the `apparmor` option. Users need this when they follow instructions on how to allow reading local mail.

* fix mail clients rule in firejail-default
---
 etc/apparmor/firejail-default | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'etc/apparmor')

diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default
index fc6690752..04a38f0ce 100644
--- a/etc/apparmor/firejail-default
+++ b/etc/apparmor/firejail-default
@@ -49,6 +49,10 @@ owner /{,run/firejail/mnt/oroot/}{,var/}run/firejail/mnt/trace w,
 owner /{,run/firejail/mnt/oroot/}{,var/}run/user/[0-9]*/** w,
 owner /{,run/firejail/mnt/oroot/}{run,dev}/shm/** w,
 
+# Allow writing to /var/mail and /var/spool/mail (for mail clients)
+# Uncomment to enable
+#owner /var/{mail,spool/mail}/** w,
+
 # Allow writing to removable media
 owner /{,var/}run/media/** w,
 
-- 
cgit v1.2.3-54-g00ecf