summaryrefslogtreecommitdiff
path: root/.config/firejail/neomutt.profile
diff options
context:
space:
mode:
Diffstat (limited to '.config/firejail/neomutt.profile')
-rw-r--r--.config/firejail/neomutt.profile93
1 files changed, 93 insertions, 0 deletions
diff --git a/.config/firejail/neomutt.profile b/.config/firejail/neomutt.profile
new file mode 100644
index 0000000..0a43c6f
--- /dev/null
+++ b/.config/firejail/neomutt.profile
@@ -0,0 +1,93 @@
1# Local firejail profile for neomutt
2name neomutt
3quiet
4
5whitelist ${HOME}/.Mail
6whitelist ${HOME}/.cache/mutt
7whitelist ${HOME}/.mail
8whitelist ${HOME}/.msmtprc
9whitelist ${HOME}/.signature
10whitelist ${HOME}/.vim
11whitelist ${HOME}/.viminfo
12whitelist ${HOME}/.vimrc
13whitelist ${HOME}/.local/share/mail/
14whitelist ${HOME}/.config/mutt/
15whitelist ${HOME}/.mbsyncrc
16whitelist ${HOME}/.config/mbsync
17whitelist ${HOME}/.config/msmtp
18whitelist ${HOME}/.w3m
19
20noblacklist ${HOME}/.Mail
21noblacklist ${HOME}/.cache/mutt
22noblacklist ${HOME}/.mail
23noblacklist ${HOME}/.msmtprc
24noblacklist ${HOME}/.signature
25noblacklist ${HOME}/.vim
26noblacklist ${HOME}/.viminfo
27noblacklist ${HOME}/.vimrc
28noblacklist ${HOME}/.local/share/mail/
29noblacklist ${HOME}/.config/mutt/
30noblacklist ${HOME}/.mbsyncrc
31noblacklist ${HOME}/.config/mbsync
32noblacklist ${HOME}/.config/msmtp
33noblacklist ${HOME}/.w3m
34
35# Access to GPG for encrypting/decrypting/signing mail and passwords with pass
36whitelist ${HOME}/.gnupg
37noblacklist ${HOME}/.gnupg
38whitelist ${RUNUSER}/gnupg
39
40# This assumes you keep mail account passwords under a separate directory named mail
41# This to avoid exposing all passwords to the sandbox, only necessary ones
42whitelist ${HOME}/.local/share/password-store/mail
43noblacklist ${HOME}/.local/share/password-store/mail
44
45# abook
46whitelist ${HOME}/.config/abook
47whitelist ${HOME}/.local/share/abook
48
49#include whitelist-runuser-common.inc
50writable-run-user
51blacklist /tmp/.X11-unix
52blacklist ${RUNUSER}/wayland-*
53
54include disable-common.inc
55include disable-devel.inc
56include disable-interpreters.inc
57include disable-passwdmgr.inc
58include disable-programs.inc
59
60# Required for using msmtp with passwordeval
61apparmor
62caps.drop all
63netfilter
64no3d
65nodvd
66nogroups
67nonewprivs
68noroot
69nosound
70notv
71nou2f
72novideo
73protocol unix,inet,inet6
74seccomp
75shell none
76disable-mnt
77machine-id
78
79whitelist /dev/mapper
80whitelist /dev/fd
81whitelist /dev/full
82whitelist /dev/log
83whitelist /dev/null
84whitelist /dev/ptmx
85whitelist /dev/pts
86whitelist /dev/random
87whitelist /dev/shm
88whitelist /dev/stderr
89whitelist /dev/stdin
90whitelist /dev/stdout
91whitelist /dev/tty
92whitelist /dev/urandom
93whitelist /dev/zero