fix akonadi_control, enable it in firecfg for a better default

etc/akonadi_control.profile

@@ -22,6 +22,7 @@ include /etc/firejail/whitelist-var-common.inc
 # depending on your setup it might be possible to
 # enable some of the commented options below
 
+# apparmor
 caps.drop all
 ipc-namespace
 no3d
@@ -34,7 +35,7 @@ nosound
 notv
 novideo
 # protocol unix,inet,inet6
-# seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice # we need to allow io_getevents, ioprio_set, io_setup, io_submit system calls
+# seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice
 tracelog
 
 private-dev

etc/kmail.profile

@@ -5,8 +5,8 @@ include /etc/firejail/kmail.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-# akonadi with mysql backend fails to run inside this sandbox
-# and should be started in advance
+# if akonadi has a mysql backend, starting it inside this sandbox will fail
+# one solution is to have akonadi already running when kmail is launched
 
 noblacklist ${HOME}/.cache/akonadi*
 noblacklist ${HOME}/.config/akonadi*
@@ -24,6 +24,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
+# apparmor
 caps.drop all
 netfilter
 nodvd

src/firecfg/firecfg.config

@@ -16,7 +16,7 @@ VirtualBox
 Wire
 Xephyr
 abrowser
-# akonadi_control - enable later
+akonadi_control
 akregator
 amarok
 amule