github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #1215] Nylas Mail Profile #831

New issue

Closed

opened 2026-05-05 06:56:25 -06:00 by gitea-mirror · 6 comments

gitea-mirror commented

2026-05-05 06:56:25 -06:00

Owner

Originally created by @mustaqimM on GitHub (Apr 13, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1215

include /etc/firejail/nylas.local

# nylas mail profile
noblacklist ~/.config/Nylas Mail
whitelist ~/.config/Nylas Mail
noblacklist ~/.nylas-mail
whitelist ~/.nylas-mail
whitelist ${DOWNLOADS}

include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-passwdmgr.inc

caps.drop all
netfilter
nonewprivs
nogroups
noroot
protocol unix,inet,inet6,netlink
seccomp

include /etc/firejail/whitelist-common.inc

ignore private-tmp
private-dev

@Fred-Barclay I finally got it to work now with the above profile. But I might have added an option that isn't needed, so could you please review it.

Originally created by @mustaqimM on GitHub (Apr 13, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1215 ``` include /etc/firejail/nylas.local # nylas mail profile noblacklist ~/.config/Nylas Mail whitelist ~/.config/Nylas Mail noblacklist ~/.nylas-mail whitelist ~/.nylas-mail whitelist ${DOWNLOADS} include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all netfilter nonewprivs nogroups noroot protocol unix,inet,inet6,netlink seccomp include /etc/firejail/whitelist-common.inc ignore private-tmp private-dev ``` @Fred-Barclay I finally got it to work now with the above profile. But I might have added an option that isn't needed, so could you please review it.

gitea-mirror

2026-05-05 06:56:25 -06:00

closed this issue
added the
enhancement
label

gitea-mirror commented

2026-05-05 06:56:32 -06:00

Author

Owner

@netblue30 commented on GitHub (Apr 14, 2017):

Take a look in /home/username/.cache directory if there is a directory created by nylas - something like ~/.cache/nylas or similar.

Some mail clients use to move deleted emails over in ~/.cache. Thunderbird does it this way. We will have to blacklist that directory in disable-programs.inc file. Thanks for the profile.

@netblue30 commented on GitHub (Apr 14, 2017): Take a look in /home/username/.cache directory if there is a directory created by nylas - something like ~/.cache/nylas or similar. Some mail clients use to move deleted emails over in ~/.cache. Thunderbird does it this way. We will have to blacklist that directory in disable-programs.inc file. Thanks for the profile.

gitea-mirror commented

2026-05-05 06:56:36 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Apr 14, 2017):

@mustaqimM That looks pretty good! I agree with @netblue30: there might be a .cache/nylas directory that would need to be whitelisted.
ignore private-tmp shouldn't be necessary.
Also, can you replace the protocol unix,inet,inet6,netlink line with protocol unix,inet,inet6? I don't know if it'll work but it's worth a try.

@Fred-Barclay commented on GitHub (Apr 14, 2017): @mustaqimM That looks pretty good! I agree with @netblue30: there might be a .cache/nylas directory that would need to be whitelisted. `ignore private-tmp` shouldn't be necessary. Also, can you replace the `protocol unix,inet,inet6,netlink` line with `protocol unix,inet,inet6`? I don't know if it'll work but it's worth a try.

gitea-mirror commented

2026-05-05 06:56:39 -06:00

Author

Owner

@mustaqimM commented on GitHub (Apr 14, 2017):

@netblue30 There isn't one in cache because all actions occur in ~/.nylas-mail/, including downloading of attachments. Nylas doesn't download emails like Thunderbird.
@Fred-Barclay It requires netlink or it won't start. Also whitelist ${DOWNLOADS} should be added so the Save dialog can choose to save to it

@mustaqimM commented on GitHub (Apr 14, 2017): @netblue30 There isn't one in `cache` because all actions occur in `~/.nylas-mail/`, including downloading of attachments. Nylas doesn't download emails like Thunderbird. @Fred-Barclay It requires `netlink` or it won't start. Also `whitelist ${DOWNLOADS}` should be added so the Save dialog can choose to save to it

gitea-mirror commented

2026-05-05 06:56:42 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Apr 14, 2017):

Thanks! Would you like to open a pull request for this, or would you rather me just copy the profile over?

@Fred-Barclay commented on GitHub (Apr 14, 2017): Thanks! Would you like to open a pull request for this, or would you rather me just copy the profile over?

gitea-mirror commented

2026-05-05 06:56:43 -06:00

Author

Owner

@mustaqimM commented on GitHub (Apr 14, 2017):

@Fred-Barclay I'm fine with whatever you feel is easier

@mustaqimM commented on GitHub (Apr 14, 2017): @Fred-Barclay I'm fine with whatever you feel is easier

gitea-mirror commented

2026-05-05 06:56:45 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Apr 14, 2017):

It's been added: e08c80d0a9
Thanks @mustaqimM!

@Fred-Barclay commented on GitHub (Apr 14, 2017): It's been added: e08c80d0a9fbf3def45c5957a7048d597de6e966 Thanks @mustaqimM!

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#831

No description provided.

Rows
Columns