From 27e0725798da5e56040b5a7c059091c0196fa0af Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Mon, 7 Dec 2020 07:49:12 -0300 Subject: Feat: mutt: firejail profile --- config.dot/firejail/mutt.profile.link | 78 +++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 config.dot/firejail/mutt.profile.link diff --git a/config.dot/firejail/mutt.profile.link b/config.dot/firejail/mutt.profile.link new file mode 100644 index 0000000..eca098d --- /dev/null +++ b/config.dot/firejail/mutt.profile.link @@ -0,0 +1,78 @@ +# mutt profile +blacklist /tmp/.X11-unix + +noblacklist /var/mail +noblacklist /var/spool/mail +noblacklist ${HOME}/.Mail +noblacklist ${HOME}/.bogofilter +noblacklist ${HOME}/.cache/mutt +noblacklist ${HOME}/.elinks +noblacklist ${HOME}/.emacs +noblacklist ${HOME}/.emacs.d +noblacklist ${HOME}/.gnupg +noblacklist ${HOME}/.mail +noblacklist ${HOME}/.mailcap +noblacklist ${HOME}/.msmtprc +noblacklist ${HOME}/.mutt +noblacklist ${HOME}/.muttrc +noblacklist ${HOME}/.signature +noblacklist ${HOME}/.vim +noblacklist ${HOME}/.viminfo +noblacklist ${HOME}/.vimrc +noblacklist ${HOME}/.w3m +noblacklist ${HOME}/Mail +noblacklist ${HOME}/mail +noblacklist ${HOME}/postponed +noblacklist ${HOME}/sent + +# custom +quiet +noblacklist ~/.custom +noblacklist ~/.msmtprc +noblacklist ~/.procmailrc +noblacklist ~/.fetchmailrc +noblacklist ~/.getmail +noblacklist ~/apps/utils-mail +noblacklist /usr/bin/procmail +noblacklist /usr/bin/fetchmail +noblacklist /usr/bin/getmail +noblacklist /usr/bin/getmails +noblacklist /usr/bin/perl +noblacklist /usr/bin/cpan* +noblacklist /usr/share/perl* +noblacklist /usr/lib/perl* + +# allow local mail +whitelist /var/mail + +# allow write operations in non-default folders +include whitelist-common.local + +include disable-common.inc +include disable-devel.inc + +# These restrictions prevent the use of the getmails(1) script +#include disable-interpreters.inc + +include disable-passwdmgr.inc +include disable-programs.inc + +caps.drop all +netfilter +no3d +nodvd +nogroups +noroot +nosound +notv +nou2f +novideo +writable-run-user + +# These restrictions prevent msmtp to use the passwordeval option +#nonewprivs +#protocol unix,inet,inet6 +#seccomp +#shell none + +private-dev -- cgit v1.2.3