From b0a2c1c5800c30ecf37311885ce11f244102873e Mon Sep 17 00:00:00 2001 From: Sam Chudnick Date: Sat, 12 Feb 2022 17:54:06 -0500 Subject: Bunch of changes --- .config/firejail/neomutt.profile | 93 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 .config/firejail/neomutt.profile (limited to '.config/firejail') diff --git a/.config/firejail/neomutt.profile b/.config/firejail/neomutt.profile new file mode 100644 index 0000000..0a43c6f --- /dev/null +++ b/.config/firejail/neomutt.profile @@ -0,0 +1,93 @@ +# Local firejail profile for neomutt +name neomutt +quiet + +whitelist ${HOME}/.Mail +whitelist ${HOME}/.cache/mutt +whitelist ${HOME}/.mail +whitelist ${HOME}/.msmtprc +whitelist ${HOME}/.signature +whitelist ${HOME}/.vim +whitelist ${HOME}/.viminfo +whitelist ${HOME}/.vimrc +whitelist ${HOME}/.local/share/mail/ +whitelist ${HOME}/.config/mutt/ +whitelist ${HOME}/.mbsyncrc +whitelist ${HOME}/.config/mbsync +whitelist ${HOME}/.config/msmtp +whitelist ${HOME}/.w3m + +noblacklist ${HOME}/.Mail +noblacklist ${HOME}/.cache/mutt +noblacklist ${HOME}/.mail +noblacklist ${HOME}/.msmtprc +noblacklist ${HOME}/.signature +noblacklist ${HOME}/.vim +noblacklist ${HOME}/.viminfo +noblacklist ${HOME}/.vimrc +noblacklist ${HOME}/.local/share/mail/ +noblacklist ${HOME}/.config/mutt/ +noblacklist ${HOME}/.mbsyncrc +noblacklist ${HOME}/.config/mbsync +noblacklist ${HOME}/.config/msmtp +noblacklist ${HOME}/.w3m + +# Access to GPG for encrypting/decrypting/signing mail and passwords with pass +whitelist ${HOME}/.gnupg +noblacklist ${HOME}/.gnupg +whitelist ${RUNUSER}/gnupg + +# This assumes you keep mail account passwords under a separate directory named mail +# This to avoid exposing all passwords to the sandbox, only necessary ones +whitelist ${HOME}/.local/share/password-store/mail +noblacklist ${HOME}/.local/share/password-store/mail + +# abook +whitelist ${HOME}/.config/abook +whitelist ${HOME}/.local/share/abook + +#include whitelist-runuser-common.inc +writable-run-user +blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* + +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc + +# Required for using msmtp with passwordeval +apparmor +caps.drop all +netfilter +no3d +nodvd +nogroups +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +shell none +disable-mnt +machine-id + +whitelist /dev/mapper +whitelist /dev/fd +whitelist /dev/full +whitelist /dev/log +whitelist /dev/null +whitelist /dev/ptmx +whitelist /dev/pts +whitelist /dev/random +whitelist /dev/shm +whitelist /dev/stderr +whitelist /dev/stdin +whitelist /dev/stdout +whitelist /dev/tty +whitelist /dev/urandom +whitelist /dev/zero -- cgit v1.2.3