Configuration file updates and additions.

author: Sam Chudnick <sam@chudnick.com> 2023-06-11 08:00:24 -0400
committer: Sam Chudnick <sam@chudnick.com> 2023-06-11 08:00:24 -0400
commit: 12ce8bdd65d3b5fcd6e8227eaecd5f772a90f8da (patch)
tree: 5be7566c5ef41877e1d03a013667fdae1aedf252 /.config/firejail/newsboat.profile
parent: 9e82c96713989a7565eadac505b36e3dbe91cd5a (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/.config/firejail/newsboat.profile b/.config/firejail/newsboat.profile
index 0de5928..ebdc76e 100644
--- a/.config/firejail/newsboat.profile
+++ b/.config/firejail/newsboat.profile
@@ -24,6 +24,16 @@ include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-var-common.inc
+# Access to GPG for encrypting/decrypting/signing mail and passwords with pass
+noblacklist ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
+noblacklist ${RUNUSER}/gnupg
+# This assumes you keep mail account passwords under a separate directory named mail
+# This to avoid exposing all passwords to the sandbox, only necessary ones
+noblacklist ${HOME}/.local/share/password-store
+whitelist ${HOME}/.local/share/password-store/homelab/freshrss
 caps.drop all
 ipc-namespace
 netfilter
author	Sam Chudnick <sam@chudnick.com>	2023-06-11 08:00:24 -0400
committer	Sam Chudnick <sam@chudnick.com>	2023-06-11 08:00:24 -0400
commit	12ce8bdd65d3b5fcd6e8227eaecd5f772a90f8da (patch)
tree	5be7566c5ef41877e1d03a013667fdae1aedf252 /.config/firejail/newsboat.profile
parent	9e82c96713989a7565eadac505b36e3dbe91cd5a (diff)

diff --git a/.config/firejail/newsboat.profile b/.config/firejail/newsboat.profile index 0de5928..ebdc76e 100644 --- a/.config/firejail/newsboat.profile +++ b/.config/firejail/newsboat.profile
@@ -24,6 +24,16 @@ include whitelist-common.inc
24	include whitelist-runuser-common.inc	24	include whitelist-runuser-common.inc
25	include whitelist-var-common.inc	25	include whitelist-var-common.inc
26		26
		27	# Access to GPG for encrypting/decrypting/signing mail and passwords with pass
		28	noblacklist ${HOME}/.gnupg
		29	whitelist ${HOME}/.gnupg
		30	noblacklist ${RUNUSER}/gnupg
		31
		32	# This assumes you keep mail account passwords under a separate directory named mail
		33	# This to avoid exposing all passwords to the sandbox, only necessary ones
		34	noblacklist ${HOME}/.local/share/password-store
		35	whitelist ${HOME}/.local/share/password-store/homelab/freshrss
		36
27	caps.drop all	37	caps.drop all
28	ipc-namespace	38	ipc-namespace
29	netfilter	39	netfilter