1 files changed, 10 insertions, 0 deletions
diff --git a/.config/firejail/newsboat.profile b/.config/firejail/newsboat.profile
index 0de5928..ebdc76e 100644
--- a/.config/firejail/newsboat.profile
+++ b/.config/firejail/newsboat.profile
@@ -24,6 +24,16 @@ include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-var-common.inc
+# Access to GPG for encrypting/decrypting/signing mail and passwords with pass
+noblacklist ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
+noblacklist ${RUNUSER}/gnupg
+# This assumes you keep mail account passwords under a separate directory named mail
+# This to avoid exposing all passwords to the sandbox, only necessary ones
+noblacklist ${HOME}/.local/share/password-store
+whitelist ${HOME}/.local/share/password-store/homelab/freshrss
 caps.drop all
 ipc-namespace
 netfilter

diff --git a/.config/firejail/newsboat.profile b/.config/firejail/newsboat.profile index 0de5928..ebdc76e 100644 --- a/.config/firejail/newsboat.profile +++ b/.config/firejail/newsboat.profile
@@ -24,6 +24,16 @@ include whitelist-common.inc
24	include whitelist-runuser-common.inc	24	include whitelist-runuser-common.inc
25	include whitelist-var-common.inc	25	include whitelist-var-common.inc
26		26
		27	# Access to GPG for encrypting/decrypting/signing mail and passwords with pass
		28	noblacklist ${HOME}/.gnupg
		29	whitelist ${HOME}/.gnupg
		30	noblacklist ${RUNUSER}/gnupg
		31
		32	# This assumes you keep mail account passwords under a separate directory named mail
		33	# This to avoid exposing all passwords to the sandbox, only necessary ones
		34	noblacklist ${HOME}/.local/share/password-store
		35	whitelist ${HOME}/.local/share/password-store/homelab/freshrss
		36
27	caps.drop all	37	caps.drop all
28	ipc-namespace	38	ipc-namespace
29	netfilter	39	netfilter