-
Notifications
You must be signed in to change notification settings - Fork 10
/
mutt.profile
45 lines (35 loc) · 2.16 KB
/
mutt.profile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
ignore private-tmp
ignore private-dev
ignore net
include ${HOME}/.config/firejail/common.inc
include ${HOME}/.config/firejail/noexec-home.inc
include ${HOME}/.config/firejail/noexec-tmp.inc
# Necessary to get Mutt working
whitelist ${HOME}/.mutt
whitelist ${HOME}/.muttrc
whitelist ${HOME}/.mutt_certificates
whitelist ${HOME}/.signatures
whitelist ${HOME}/.mailcap
whitelist ${HOME}/sent
whitelist ${HOME}/.mutt_cache
whitelist ${HOME}/Mail
whitelist ${HOME}/.gnupg
whitelist ${HOME}/.rolo
# To store files
whitelist ${HOME}/Downloads
whitelist /tmp/user/1000/emacs1000/
whitelist /tmp/user/1000/mutt1000/
# Enhance security
private-bin sh,dash,mutt,mutt_dotlock,bash,emacsclient,emacsclient.emacs25,elinks,gpg,gpg-agent,gpgsm,pinentry,dig,awk,pinentry-gtk-2,mutt_vc_query
private-lib x86_64-linux-gnu/sasl2,nss,libdb-5.3.so,libcrypt-2.27.so,libcrypto.so.1.1,gconv,libapparmor.so.1,libtinfo.so.6,libtic.so.6,terminfo
# private-dev
whitelist /dev/stdout
whitelist /dev/stdin
whitelist /dev/stderr
whitelist /dev/urandom
whitelist /dev/random
whitelist /dev/null
whitelist /dev/tty
private-etc Muttrc.d/,Muttrc,alternatives/,resolv.conf,ssl/,mime.types
seccomp.keep open,access,prctl,fstat,mmap,write,read,close,munmap,chown,unshare,fcntl,execve,brk,mprotect,arch_prctl,getpid,getuid,getgid,geteuid,getegid,rt_sigprocmask,rt_sigaction,uname,stat,getppid,getpgrp,getrlimit,getpeername,set_tid_address,set_robust_list,futex,getrusage,umask,ioctl,socket,connect,lseek,getsid,pipe,clone,dup2,wait4,openat,rt_sigreturn,getdents,exit_group,faccessat,lstat,pread64,pwrite64,ftruncate,select,unlink,mkdir,link,rmdir,alarm,readlink,sendto,fdatasync,recvfrom,chmod,getcwd,setrlimit,utime,mlock,clock_gettime,setresgid,chdir,fsync,nanosleep,poll,sendmmsg,bind,getsockname,recvmsg,writev,mremap,rename,truncate,sched_yield,sysinfo,kill,sendmsg,setresuid,setsid,listen,pselect6,accept,getsockopt,tgkill,madvise,exit,statfs,getrandom,fchmod,fchown,gettid,sigaltstack,epoll_create,getgroups,epoll_ctl,rt_sigsuspend,setsockopt,epoll_wait,inotify_init,inotify_add_watch,prlimit64,getresuid,getresgid,dup,eventfd2,munlock,fstatfs,fadvise64,shmget,shmat,shmctl,shmdt,symlink,restart_syscall,getdents64
writable-run-user