1 files changed, 7 insertions, 3 deletions

diff --git a/.config/firejail/neomutt.profile b/.config/firejail/neomutt.profile
index 0a43c6f..0934bd1 100644
--- a/.config/firejail/neomutt.profile
+++ b/.config/firejail/neomutt.profile
@@ -16,6 +16,7 @@ whitelist ${HOME}/.mbsyncrc
 whitelist ${HOME}/.config/mbsync
 whitelist ${HOME}/.config/msmtp
 whitelist ${HOME}/.w3m
+whitelist ${HOME}/attachments
 
 noblacklist ${HOME}/.Mail
 noblacklist ${HOME}/.cache/mutt
@@ -31,22 +32,25 @@ noblacklist ${HOME}/.mbsyncrc
 noblacklist ${HOME}/.config/mbsync
 noblacklist ${HOME}/.config/msmtp
 noblacklist ${HOME}/.w3m
+whitelist ${HOME}/attachments
 
 # Access to GPG for encrypting/decrypting/signing mail and passwords with pass
-whitelist ${HOME}/.gnupg
 noblacklist ${HOME}/.gnupg
-whitelist ${RUNUSER}/gnupg
+whitelist ${HOME}/.gnupg
+noblacklist ${RUNUSER}/gnupg
 
 # This assumes you keep mail account passwords under a separate directory named mail
 # This to avoid exposing all passwords to the sandbox, only necessary ones
+noblacklist ${HOME}/.local/share/password-store
 whitelist ${HOME}/.local/share/password-store/mail
-noblacklist ${HOME}/.local/share/password-store/mail
 
 # abook
 whitelist ${HOME}/.config/abook
 whitelist ${HOME}/.local/share/abook
 
+# Breaks GPG when enabled
 #include whitelist-runuser-common.inc
+
 writable-run-user
 blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}/wayland-*