aboutsummaryrefslogtreecommitdiffstats
path: root/etc/profile-a-l/kmail.profile
blob: 8d99da3cfeb8243f4a4a2246b85989ab901d21fd (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137

# Firejail profile for kmail
# Description: Full featured graphical email client
# This file is overwritten after every install/update
# Persistent local customizations
include kmail.local
# Persistent global definitions
include globals.local

# kmail has problems launching akonadi in debian and ubuntu.
# one solution is to have akonadi already running when kmail is started

noblacklist ${HOME}/.gnupg
# noblacklist ${HOME}/.kde/
# noblacklist ${HOME}/.kde4/
noblacklist ${HOME}/.mozilla
noblacklist ${HOME}/.cache/akonadi*
noblacklist ${HOME}/.cache/kmail2
noblacklist ${HOME}/.config/akonadi*
noblacklist ${HOME}/.config/baloorc
noblacklist ${HOME}/.config/emaildefaults
noblacklist ${HOME}/.config/emailidentities
noblacklist ${HOME}/.config/kmail2rc
noblacklist ${HOME}/.config/kmailsearchindexingrc
noblacklist ${HOME}/.config/mailtransports
noblacklist ${HOME}/.config/specialmailcollectionsrc
noblacklist ${HOME}/.local/share/akonadi*
noblacklist ${HOME}/.local/share/apps/korganizer
noblacklist ${HOME}/.local/share/contacts
noblacklist ${HOME}/.local/share/emailidentities
noblacklist ${HOME}/.local/share/kmail2
noblacklist ${HOME}/.local/share/kxmlgui5/kmail
noblacklist ${HOME}/.local/share/kxmlgui5/kmail2
noblacklist ${HOME}/.local/share/local-mail
noblacklist ${HOME}/.local/share/notes
noblacklist /tmp/akonadi-*
noblacklist /var/mail
noblacklist /var/spool/mail

include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
include disable-xdg.inc

mkdir ${HOME}/.gnupg
# mkdir ${HOME}/.kde/
# mkdir ${HOME}/.kde4/
mkdir ${HOME}/.cache/akonadi*
mkdir ${HOME}/.cache/kmail2
mkdir ${HOME}/.config/akonadi*
mkdir ${HOME}/.config/baloorc
mkdir ${HOME}/.config/emaildefaults
mkdir ${HOME}/.config/emailidentities
mkdir ${HOME}/.config/kmail2rc
mkdir ${HOME}/.config/kmailsearchindexingrc
mkdir ${HOME}/.config/mailtransports
mkdir ${HOME}/.config/specialmailcollectionsrc
mkdir ${HOME}/.local/share/akonadi*
mkdir ${HOME}/.local/share/apps/korganizer
mkdir ${HOME}/.local/share/contacts
mkdir ${HOME}/.local/share/emailidentities
mkdir ${HOME}/.local/share/kmail2
mkdir ${HOME}/.local/share/kxmlgui5/kmail
mkdir ${HOME}/.local/share/kxmlgui5/kmail2
mkdir ${HOME}/.local/share/local-mail
mkdir ${HOME}/.local/share/notes
mkdir /tmp/akonadi-*
whitelist ${HOME}/.gnupg
# whitelist ${HOME}/.kde/
# whitelist ${HOME}/.kde4/
whitelist ${HOME}/.mozilla/firefox/profiles.ini
whitelist ${HOME}/.cache/akonadi*
whitelist ${HOME}/.cache/kmail2
whitelist ${HOME}/.config/akonadi*
whitelist ${HOME}/.config/baloorc
whitelist ${HOME}/.config/emaildefaults
whitelist ${HOME}/.config/emailidentities
whitelist ${HOME}/.config/kmail2rc
whitelist ${HOME}/.config/kmailsearchindexingrc
whitelist ${HOME}/.config/mailtransports
whitelist ${HOME}/.config/specialmailcollectionsrc
whitelist ${HOME}/.local/share/akonadi*
whitelist ${HOME}/.local/share/apps/korganizer
whitelist ${HOME}/.local/share/contacts
whitelist ${HOME}/.local/share/emailidentities
whitelist ${HOME}/.local/share/kmail2
whitelist ${HOME}/.local/share/kxmlgui5/kmail
whitelist ${HOME}/.local/share/kxmlgui5/kmail2
whitelist ${HOME}/.local/share/local-mail
whitelist ${HOME}/.local/share/notes
whitelist ${DOWNLOADS}
whitelist ${DOCUMENTS}
whitelist ${RUNUSER}/gnupg
whitelist /tmp/akonadi-*
whitelist /usr/share/akonadi
whitelist /usr/share/gnupg
whitelist /usr/share/gnupg2
whitelist /usr/share/kconf_update
whitelist /usr/share/kf5
whitelist /usr/share/kservices5
whitelist /usr/share/qlogging-categories5
whitelist /var/mail
whitelist /var/spool/mail
include whitelist-common.inc
include whitelist-runuser-common.inc
include whitelist-usr-share-common.inc
include whitelist-var-common.inc

apparmor
caps.drop all
netfilter
nodvd
nogroups
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol unix,inet,inet6,netlink
# we need to allow chroot, io_getevents, ioprio_set, io_setup, io_submit system calls
seccomp !chroot,!io_getevents,!io_setup,!io_submit,!ioprio_set
# tracelog

private-cache
private-dev
private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gcrypt,groups,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,mailname,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssl,xdg
# private-tmp - interrupts connection to akonadi, breaks opening of email attachments
writable-run-user
writable-var

# dbus-user none
dbus-system none

read-only ${HOME}/.mozilla/firefox/profiles.ini
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-08 16:24:53 +0000