From 8562ec98523e78aab1dec28cce574f7f18342ccb Mon Sep 17 00:00:00 2001 From: pirate486743186 <> Date: Wed, 5 Oct 2022 17:48:25 +0200 Subject: electron-mail.profile: refactor and redirect to electron.profile Changes: - redirect to electron.profile - fix program name - update program description - allow /bin/sh - allow opening links in Firefox - remove no3d, nonewprivs, noroot, protocol, seccomp - add machine-id, nosound - remove private-bin, disable-mnt - harden private-etc - allow D-Bus notifications, secrets --- etc/profile-a-l/electron-mail.profile | 68 +++++++++++++++-------------------- 1 file changed, 28 insertions(+), 40 deletions(-) (limited to 'etc/profile-a-l/electron-mail.profile') diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile index 0e5c35167..d0d0f2168 100644 --- a/etc/profile-a-l/electron-mail.profile +++ b/etc/profile-a-l/electron-mail.profile @@ -1,55 +1,43 @@ -# Firejail profile for electron-mail -# Description: Unofficial desktop app for several E2E encrypted email providers +# Firejail profile for ElectronMail +# Description: Unofficial desktop app for the Proton Mail E2E encrypted email provider # This file is overwritten after every install/update # Persistent local customizations include electron-mail.local # Persistent global definitions include globals.local +ignore dbus-user none +ignore disable-mnt + noblacklist ${HOME}/.config/electron-mail -include disable-common.inc -include disable-devel.inc -include disable-exec.inc -include disable-interpreters.inc -include disable-programs.inc +# sh is needed to allow Firefox to open links +include allow-bin-sh.inc + include disable-shell.inc -include disable-xdg.inc mkdir ${HOME}/.config/electron-mail whitelist ${HOME}/.config/electron-mail -whitelist ${DOWNLOADS} - -include whitelist-common.inc -include whitelist-runuser-common.inc -include whitelist-usr-share-common.inc -include whitelist-var-common.inc - -apparmor -caps.drop all -netfilter -no3d -nodvd -nogroups -noinput -nonewprivs -noroot -notv -nou2f -novideo -protocol unix,inet,inet6,netlink -seccomp !chroot -# tracelog - breaks on Arch - -private-bin electron-mail -private-cache -private-dev -private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,selinux,ssl,xdg + +# The lines below are needed to find the default Firefox profile name, to allow +# opening links in an existing instance of Firefox (note that it still fails if +# there isn't a Firefox instance running with the default profile; see #5352) +noblacklist ${HOME}/.mozilla +whitelist ${HOME}/.mozilla/firefox/profiles.ini +read-only ${HOME}/.mozilla/firefox/profiles.ini + +machine-id +nosound + +private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl private-opt ElectronMail -private-tmp -# breaks tray functionality -# dbus-user none -dbus-system none +dbus-user filter +dbus-user.talk org.freedesktop.Notifications +dbus-user.talk org.freedesktop.secrets +dbus-user.talk org.gnome.keyring.SystemPrompter +# allow D-Bus communication with firefox for opening links +dbus-user.talk org.mozilla.* -# memory-deny-write-execute - breaks on Arch +# Redirect +include electron.profile -- cgit v1.2.3-70-g09d2