github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 22:01:33 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

Switch kmail to whitelisting

Browse source
This commit is contained in:
kortewegdevries 2020-08-29 06:44:22 +00:00
parent 0c63e85425
commit 5532fbdb97
No known key found for this signature in database
GPG key ID: 52E52CFB336F32C2
2 changed files with 76 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
etc/profile-a-l/evolution.profile
View file

@ -39,6 +39,7 @@ whitelist ${HOME}/.cache/evolution
whitelist ${HOME}/.config/evolution
whitelist ${HOME}/.local/share/evolution
whitelist ${HOME}/.local/share/pki
whitelist ${DOCUMENTS}
whitelist ${DOWNLOADS}
whitelist ${RUNUSER}/gnupg
whitelist /usr/share/evolution
@ -70,6 +71,7 @@ shell none
tracelog
# disable-mnt
# Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg
# private-bin evolution
private-cache
private-dev

77
etc/profile-a-l/kmail.profile
View file

@ -9,6 +9,9 @@ include globals.local
# kmail has problems launching akonadi in debian and ubuntu.
# one solution is to have akonadi already running when kmail is started
noblacklist ${HOME}/.gnupg
# noblacklist ${HOME}/.kde/
# noblacklist ${HOME}/.kde4/
noblacklist ${HOME}/.cache/akonadi*
noblacklist ${HOME}/.cache/kmail2
noblacklist ${HOME}/.config/akonadi*
@ -19,7 +22,6 @@ noblacklist ${HOME}/.config/kmail2rc
noblacklist ${HOME}/.config/kmailsearchindexingrc
noblacklist ${HOME}/.config/mailtransports
noblacklist ${HOME}/.config/specialmailcollectionsrc
noblacklist ${HOME}/.gnupg
noblacklist ${HOME}/.local/share/akonadi*
noblacklist ${HOME}/.local/share/apps/korganizer
noblacklist ${HOME}/.local/share/contacts
@ -30,6 +32,8 @@ noblacklist ${HOME}/.local/share/kxmlgui5/kmail2
noblacklist ${HOME}/.local/share/local-mail
noblacklist ${HOME}/.local/share/notes
noblacklist /tmp/akonadi-*
noblacklist /var/mail
noblacklist /var/spool/mail
include disable-common.inc
include disable-devel.inc
@ -37,10 +41,72 @@ include disable-exec.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
include disable-xdg.inc
mkdir ${HOME}/.gnupg
# mkdir ${HOME}/.kde/
# mkdir ${HOME}/.kde4/
mkdir ${HOME}/.cache/akonadi*
mkdir ${HOME}/.cache/kmail2
mkdir ${HOME}/.config/akonadi*
mkdir ${HOME}/.config/baloorc
mkdir ${HOME}/.config/emaildefaults
mkdir ${HOME}/.config/emailidentities
mkdir ${HOME}/.config/kmail2rc
mkdir ${HOME}/.config/kmailsearchindexingrc
mkdir ${HOME}/.config/mailtransports
mkdir ${HOME}/.config/specialmailcollectionsrc
mkdir ${HOME}/.local/share/akonadi*
mkdir ${HOME}/.local/share/apps/korganizer
mkdir ${HOME}/.local/share/contacts
mkdir ${HOME}/.local/share/emailidentities
mkdir ${HOME}/.local/share/kmail2
mkdir ${HOME}/.local/share/kxmlgui5/kmail
mkdir ${HOME}/.local/share/kxmlgui5/kmail2
mkdir ${HOME}/.local/share/local-mail
mkdir ${HOME}/.local/share/notes
mkdir /tmp/akonadi-*
whitelist ${HOME}/.gnupg
# whitelist ${HOME}/.kde/
# whitelist ${HOME}/.kde4/
whitelist ${HOME}/.cache/akonadi*
whitelist ${HOME}/.cache/kmail2
whitelist ${HOME}/.config/akonadi*
whitelist ${HOME}/.config/baloorc
whitelist ${HOME}/.config/emaildefaults
whitelist ${HOME}/.config/emailidentities
whitelist ${HOME}/.config/kmail2rc
whitelist ${HOME}/.config/kmailsearchindexingrc
whitelist ${HOME}/.config/mailtransports
whitelist ${HOME}/.config/specialmailcollectionsrc
whitelist ${HOME}/.local/share/akonadi*
whitelist ${HOME}/.local/share/apps/korganizer
whitelist ${HOME}/.local/share/contacts
whitelist ${HOME}/.local/share/emailidentities
whitelist ${HOME}/.local/share/kmail2
whitelist ${HOME}/.local/share/kxmlgui5/kmail
whitelist ${HOME}/.local/share/kxmlgui5/kmail2
whitelist ${HOME}/.local/share/local-mail
whitelist ${HOME}/.local/share/notes
whitelist ${DOWNLOADS}
whitelist ${DOCUMENTS}
whitelist ${RUNUSER}/gnupg
whitelist /tmp/akonadi-*
whitelist /usr/share/akonadi
whitelist /usr/share/gnupg
whitelist /usr/share/gnupg2
whitelist /usr/share/kconf_update
whitelist /usr/share/kf5
whitelist /usr/share/kservices5
whitelist /usr/share/qlogging-categories5
whitelist /var/mail
whitelist /var/spool/mail
include whitelist-common.inc
include whitelist-runnuser-common.inc
include whitelist-usr-share-common.inc
include whitelist-var-common.inc
# apparmor
apparmor
caps.drop all
netfilter
nodvd
@ -56,7 +122,12 @@ protocol unix,inet,inet6,netlink
seccomp !chroot,!io_getevents,!io_setup,!io_submit,!ioprio_set
# tracelog
private-cache
private-dev
private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gcrypt,gtk-2.0,gtk-3.0,groups,hostname,hosts,ld.so.preload,ld.so.cache,mailname,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssl,xdg
# private-tmp - interrupts connection to akonadi, breaks opening of email attachments
# writable-run-user is needed for signing and encrypting emails
writable-run-user
writable-var
# dbus-user none
dbus-system none