From b0a2c1c5800c30ecf37311885ce11f244102873e Mon Sep 17 00:00:00 2001
From: Sam Chudnick <sam@chudnick.com>
Date: Sat, 12 Feb 2022 17:54:06 -0500
Subject: Bunch of changes

---
 .config/firejail/neomutt.profile | 93 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 93 insertions(+)
 create mode 100644 .config/firejail/neomutt.profile

(limited to '.config/firejail')

diff --git a/.config/firejail/neomutt.profile b/.config/firejail/neomutt.profile
new file mode 100644
index 0000000..0a43c6f
--- /dev/null
+++ b/.config/firejail/neomutt.profile
@@ -0,0 +1,93 @@
+# Local firejail profile for neomutt
+name neomutt
+quiet
+
+whitelist ${HOME}/.Mail
+whitelist ${HOME}/.cache/mutt
+whitelist ${HOME}/.mail
+whitelist ${HOME}/.msmtprc
+whitelist ${HOME}/.signature
+whitelist ${HOME}/.vim
+whitelist ${HOME}/.viminfo
+whitelist ${HOME}/.vimrc
+whitelist ${HOME}/.local/share/mail/
+whitelist ${HOME}/.config/mutt/
+whitelist ${HOME}/.mbsyncrc
+whitelist ${HOME}/.config/mbsync
+whitelist ${HOME}/.config/msmtp
+whitelist ${HOME}/.w3m
+
+noblacklist ${HOME}/.Mail
+noblacklist ${HOME}/.cache/mutt
+noblacklist ${HOME}/.mail
+noblacklist ${HOME}/.msmtprc
+noblacklist ${HOME}/.signature
+noblacklist ${HOME}/.vim
+noblacklist ${HOME}/.viminfo
+noblacklist ${HOME}/.vimrc
+noblacklist ${HOME}/.local/share/mail/
+noblacklist ${HOME}/.config/mutt/
+noblacklist ${HOME}/.mbsyncrc
+noblacklist ${HOME}/.config/mbsync
+noblacklist ${HOME}/.config/msmtp
+noblacklist ${HOME}/.w3m
+
+# Access to GPG for encrypting/decrypting/signing mail and passwords with pass
+whitelist ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
+whitelist ${RUNUSER}/gnupg
+
+# This assumes you keep mail account passwords under a separate directory named mail
+# This to avoid exposing all passwords to the sandbox, only necessary ones
+whitelist ${HOME}/.local/share/password-store/mail
+noblacklist ${HOME}/.local/share/password-store/mail
+
+# abook
+whitelist ${HOME}/.config/abook
+whitelist ${HOME}/.local/share/abook
+
+#include whitelist-runuser-common.inc
+writable-run-user
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
+
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+# Required for using msmtp with passwordeval 
+apparmor
+caps.drop all
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+disable-mnt
+machine-id
+
+whitelist /dev/mapper
+whitelist /dev/fd
+whitelist /dev/full
+whitelist /dev/log
+whitelist /dev/null
+whitelist /dev/ptmx
+whitelist /dev/pts
+whitelist /dev/random
+whitelist /dev/shm
+whitelist /dev/stderr
+whitelist /dev/stdin
+whitelist /dev/stdout
+whitelist /dev/tty
+whitelist /dev/urandom
+whitelist /dev/zero
-- 
cgit v1.2.3