From a8a8e33bc17263db763cd7bd803314f8d5dbd2c5 Mon Sep 17 00:00:00 2001
From: bbhtt <62639087+bbhtt@users.noreply.github.com>
Date: Mon, 28 Dec 2020 13:10:15 +0000
Subject: Add whitelisting to mutt; improve geary, new profile for neomutt

---
 etc/profile-m-z/mutt.profile | 75 +++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 74 insertions(+), 1 deletion(-)

(limited to 'etc/profile-m-z/mutt.profile')

diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile
index 1ce12f54f..87e7c7f06 100644
--- a/etc/profile-m-z/mutt.profile
+++ b/etc/profile-m-z/mutt.profile
@@ -1,5 +1,6 @@
 # Firejail profile for mutt
 # Description: Text-based mailreader supporting MIME, GPG, PGP and threading
+quiet
 # This file is overwritten after every install/update
 # Persistent local customizations
 include mutt.local
@@ -10,13 +11,14 @@ noblacklist /var/mail
 noblacklist /var/spool/mail
 noblacklist ${HOME}/.Mail
 noblacklist ${HOME}/.bogofilter
-noblacklist ${HOME}/.cache/mutt
+noblacklist ${HOME}/.config/mutt
 noblacklist ${HOME}/.config/nano
 noblacklist ${HOME}/.elinks
 noblacklist ${HOME}/.emacs
 noblacklist ${HOME}/.emacs.d
 noblacklist ${HOME}/.gnupg
 noblacklist ${HOME}/.mail
+noblacklist ${HOME}/.mailcap
 noblacklist ${HOME}/.msmtprc
 noblacklist ${HOME}/.mutt
 noblacklist ${HOME}/.muttrc
@@ -34,14 +36,77 @@ noblacklist ${HOME}/sent
 blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}/wayland-*
 
+include allow-perl.inc
+include allow-python.inc
+
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-xdg.inc
 
+mkfile ${HOME}/.elinks
+mkfile ${HOME}/.emacs
+mkfile ${HOME}/.mailcap
+mkfile ${HOME}/.msmtprc
+mkfile ${HOME}/.muttrc
+mkfile ${HOME}/.nanorc
+mkfile ${HOME}/.signature
+mkfile ${HOME}/.vimrc
+mkfile ${HOME}/.viminfo
+mkfile ${HOME}/.vimrc
+mkfile ${HOME}/.w3m
+mkdir ${HOME}/.Mail
+mkdir ${HOME}/.bogofilter
+mkdir ${HOME}/.config/mutt
+mkdir ${HOME}/.config/nano
+mkdir ${HOME}/.emacs.d
+mkdir ${HOME}/.gnupg
+mkdir ${HOME}/.mail
+mkdir ${HOME}/.mutt
+mkdir ${HOME}/.vim
+mkdir ${HOME}/Mail
+mkdir ${HOME}/mail
+mkdir ${HOME}/postponed
+mkdir ${HOME}/sent
+whitelist ${HOME}/.Mail
+whitelist ${HOME}/.bogofilter
+whitelist ${HOME}/.config/mutt
+whitelist ${HOME}/.config/nano
+whitelist ${HOME}/.elinks
+whitelist ${HOME}/.emacs
+whitelist ${HOME}/.emacs.d
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.mail
+whitelist ${HOME}/.mailcap
+whitelist ${HOME}/.msmtprc
+whitelist ${HOME}/.mutt
+whitelist ${HOME}/.muttrc
+whitelist ${HOME}/.nanorc
+whitelist ${HOME}/.signature
+whitelist ${HOME}/.vim
+whitelist ${HOME}/.viminfo
+whitelist ${HOME}/.vimrc
+whitelist ${HOME}/.w3m
+whitelist ${HOME}/Mail
+whitelist ${HOME}/mail
+whitelist ${HOME}/postponed
+whitelist ${HOME}/sent
+whitelist ${DOCUMENTS}
+whitelist ${DOWNLOADS}
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
+whitelist /usr/share/mutt
+whitelist /var/mail
+whitelist /var/spool/mail
+include whitelist-common.inc
 include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
 
+apparmor
 caps.drop all
 netfilter
 no3d
@@ -56,7 +121,15 @@ novideo
 protocol unix,inet,inet6
 seccomp
 shell none
+tracelog
 
+# disable-mnt
+private-cache
 private-dev
+private-etc alternatives,ca-certificates,crypto-policies,fonts,gai.conf,gcrypt,gnupg,gnutls,hostname,hosts,hosts.conf,mail,mailname,Mutt,Muttrc,Muttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,terminfo,xdg
+private-tmp
 writable-run-user
 writable-var
+
+dbus-user none
+dbus-system none
-- 
cgit v1.2.3-70-g09d2