aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--config.dot/firejail/mutt.profile.link78
1 files changed, 78 insertions, 0 deletions
diff --git a/config.dot/firejail/mutt.profile.link b/config.dot/firejail/mutt.profile.link
new file mode 100644
index 0000000..eca098d
--- /dev/null
+++ b/config.dot/firejail/mutt.profile.link
@@ -0,0 +1,78 @@
+# mutt profile
+blacklist /tmp/.X11-unix
+
+noblacklist /var/mail
+noblacklist /var/spool/mail
+noblacklist ${HOME}/.Mail
+noblacklist ${HOME}/.bogofilter
+noblacklist ${HOME}/.cache/mutt
+noblacklist ${HOME}/.elinks
+noblacklist ${HOME}/.emacs
+noblacklist ${HOME}/.emacs.d
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.mail
+noblacklist ${HOME}/.mailcap
+noblacklist ${HOME}/.msmtprc
+noblacklist ${HOME}/.mutt
+noblacklist ${HOME}/.muttrc
+noblacklist ${HOME}/.signature
+noblacklist ${HOME}/.vim
+noblacklist ${HOME}/.viminfo
+noblacklist ${HOME}/.vimrc
+noblacklist ${HOME}/.w3m
+noblacklist ${HOME}/Mail
+noblacklist ${HOME}/mail
+noblacklist ${HOME}/postponed
+noblacklist ${HOME}/sent
+
+# custom
+quiet
+noblacklist ~/.custom
+noblacklist ~/.msmtprc
+noblacklist ~/.procmailrc
+noblacklist ~/.fetchmailrc
+noblacklist ~/.getmail
+noblacklist ~/apps/utils-mail
+noblacklist /usr/bin/procmail
+noblacklist /usr/bin/fetchmail
+noblacklist /usr/bin/getmail
+noblacklist /usr/bin/getmails
+noblacklist /usr/bin/perl
+noblacklist /usr/bin/cpan*
+noblacklist /usr/share/perl*
+noblacklist /usr/lib/perl*
+
+# allow local mail
+whitelist /var/mail
+
+# allow write operations in non-default folders
+include whitelist-common.local
+
+include disable-common.inc
+include disable-devel.inc
+
+# These restrictions prevent the use of the getmails(1) script
+#include disable-interpreters.inc
+
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+caps.drop all
+netfilter
+no3d
+nodvd
+nogroups
+noroot
+nosound
+notv
+nou2f
+novideo
+writable-run-user
+
+# These restrictions prevent msmtp to use the passwordeval option
+#nonewprivs
+#protocol unix,inet,inet6
+#seccomp
+#shell none
+
+private-dev