From a8a8e33bc17263db763cd7bd803314f8d5dbd2c5 Mon Sep 17 00:00:00 2001 From: bbhtt <62639087+bbhtt@users.noreply.github.com> Date: Mon, 28 Dec 2020 13:10:15 +0000 Subject: [PATCH 01/13] Add whitelisting to mutt; improve geary, new profile for neomutt --- etc/inc/disable-programs.inc | 2 + etc/profile-a-l/geary.profile | 61 +++++++++++--- etc/profile-m-z/mutt.profile | 75 ++++++++++++++++- etc/profile-m-z/neomutt.profile | 143 ++++++++++++++++++++++++++++++++ 4 files changed, 268 insertions(+), 13 deletions(-) create mode 100644 etc/profile-m-z/neomutt.profile diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 07fefec8c37..60b586ae220 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -316,11 +316,13 @@ blacklist ${HOME}/.config/mpd blacklist ${HOME}/.config/mps-youtube blacklist ${HOME}/.config/mpv blacklist ${HOME}/.config/mupen64plus +blacklist ${HOME}/.config/mutt blacklist ${HOME}/.config/mutter blacklist ${HOME}/.config/mypaint blacklist ${HOME}/.config/nano blacklist ${HOME}/.config/nautilus blacklist ${HOME}/.config/nemo +blacklist ${HOME}/.config/neomutt blacklist ${HOME}/.config/netsurf blacklist ${HOME}/.config/newsbeuter blacklist ${HOME}/.config/newsflash diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile index f4e5a392f7d..3f96d8b25c5 100644 --- a/etc/profile-a-l/geary.profile +++ b/etc/profile-a-l/geary.profile @@ -4,19 +4,21 @@ # Persistent local customizations include geary.local # Persistent global definitions -# added by included profile -#include globals.local - -# Users have Geary set to open a browser by clicking a link in an email -# We are not allowed to blacklist browser-specific directories - -ignore dbus-user filter -ignore dbus-system none -ignore private-tmp +include globals.local noblacklist ${HOME}/.cache/geary noblacklist ${HOME}/.config/geary noblacklist ${HOME}/.local/share/geary +noblacklist ${HOME}/.mozilla + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc mkdir ${HOME}/.cache/geary mkdir ${HOME}/.config/geary @@ -24,8 +26,43 @@ mkdir ${HOME}/.local/share/geary whitelist ${HOME}/.cache/geary whitelist ${HOME}/.config/geary whitelist ${HOME}/.local/share/geary +whitelist ${HOME}/.mozilla/firefox/profiles.ini +whitelist ${DOWNLOADS} whitelist /usr/share/geary +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +netfilter +no3d +nodvd +nogroups +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +# disable-mnt +# Add ignore private-bin to geary.local for hyperlink support +private-bin geary +private-cache +private-dev +private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,pki,resolv.conf,selinux,ssl,xdg +private-tmp + +dbus-user filter +dbus-user.own org.gnome.Geary +dbus-user.talk ca.desrt.dconf +dbus-user.talk org.freedesktop.secrets +dbus-system none -# allow Mozilla browsers -# Redirect -include firefox.profile +read-only ${HOME}/.mozilla/firefox/profiles.ini diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index 1ce12f54f15..87e7c7f0654 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile @@ -1,5 +1,6 @@ # Firejail profile for mutt # Description: Text-based mailreader supporting MIME, GPG, PGP and threading +quiet # This file is overwritten after every install/update # Persistent local customizations include mutt.local @@ -10,13 +11,14 @@ noblacklist /var/mail noblacklist /var/spool/mail noblacklist ${HOME}/.Mail noblacklist ${HOME}/.bogofilter -noblacklist ${HOME}/.cache/mutt +noblacklist ${HOME}/.config/mutt noblacklist ${HOME}/.config/nano noblacklist ${HOME}/.elinks noblacklist ${HOME}/.emacs noblacklist ${HOME}/.emacs.d noblacklist ${HOME}/.gnupg noblacklist ${HOME}/.mail +noblacklist ${HOME}/.mailcap noblacklist ${HOME}/.msmtprc noblacklist ${HOME}/.mutt noblacklist ${HOME}/.muttrc @@ -34,14 +36,77 @@ noblacklist ${HOME}/sent blacklist /tmp/.X11-unix blacklist ${RUNUSER}/wayland-* +include allow-perl.inc +include allow-python.inc + include disable-common.inc include disable-devel.inc +include disable-exec.inc include disable-interpreters.inc include disable-passwdmgr.inc include disable-programs.inc +include disable-xdg.inc +mkfile ${HOME}/.elinks +mkfile ${HOME}/.emacs +mkfile ${HOME}/.mailcap +mkfile ${HOME}/.msmtprc +mkfile ${HOME}/.muttrc +mkfile ${HOME}/.nanorc +mkfile ${HOME}/.signature +mkfile ${HOME}/.vimrc +mkfile ${HOME}/.viminfo +mkfile ${HOME}/.vimrc +mkfile ${HOME}/.w3m +mkdir ${HOME}/.Mail +mkdir ${HOME}/.bogofilter +mkdir ${HOME}/.config/mutt +mkdir ${HOME}/.config/nano +mkdir ${HOME}/.emacs.d +mkdir ${HOME}/.gnupg +mkdir ${HOME}/.mail +mkdir ${HOME}/.mutt +mkdir ${HOME}/.vim +mkdir ${HOME}/Mail +mkdir ${HOME}/mail +mkdir ${HOME}/postponed +mkdir ${HOME}/sent +whitelist ${HOME}/.Mail +whitelist ${HOME}/.bogofilter +whitelist ${HOME}/.config/mutt +whitelist ${HOME}/.config/nano +whitelist ${HOME}/.elinks +whitelist ${HOME}/.emacs +whitelist ${HOME}/.emacs.d +whitelist ${HOME}/.gnupg +whitelist ${HOME}/.mail +whitelist ${HOME}/.mailcap +whitelist ${HOME}/.msmtprc +whitelist ${HOME}/.mutt +whitelist ${HOME}/.muttrc +whitelist ${HOME}/.nanorc +whitelist ${HOME}/.signature +whitelist ${HOME}/.vim +whitelist ${HOME}/.viminfo +whitelist ${HOME}/.vimrc +whitelist ${HOME}/.w3m +whitelist ${HOME}/Mail +whitelist ${HOME}/mail +whitelist ${HOME}/postponed +whitelist ${HOME}/sent +whitelist ${DOCUMENTS} +whitelist ${DOWNLOADS} +whitelist /usr/share/gnupg +whitelist /usr/share/gnupg2 +whitelist /usr/share/mutt +whitelist /var/mail +whitelist /var/spool/mail +include whitelist-common.inc include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc +apparmor caps.drop all netfilter no3d @@ -56,7 +121,15 @@ novideo protocol unix,inet,inet6 seccomp shell none +tracelog +# disable-mnt +private-cache private-dev +private-etc alternatives,ca-certificates,crypto-policies,fonts,gai.conf,gcrypt,gnupg,gnutls,hostname,hosts,hosts.conf,mail,mailname,Mutt,Muttrc,Muttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,terminfo,xdg +private-tmp writable-run-user writable-var + +dbus-user none +dbus-system none diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile new file mode 100644 index 00000000000..d71dc618bf0 --- /dev/null +++ b/etc/profile-m-z/neomutt.profile @@ -0,0 +1,143 @@ +# Firejail profile for neomutt +# Description: Mutt fork with advanced features and better documentation +quiet +# This file is overwritten after every install/update +# Persistent local customizations +include neomutt.local +# Persistent global definitions +include globals.local + +noblacklist /var/mail +noblacklist /var/spool/mail +noblacklist ${HOME}/.Mail +noblacklist ${HOME}/.bogofilter +noblacklist ${HOME}/.config/mutt +noblacklist ${HOME}/.config/nano +noblacklist ${HOME}/.config/neomutt +noblacklist ${HOME}/.elinks +noblacklist ${HOME}/.emacs +noblacklist ${HOME}/.emacs.d +noblacklist ${HOME}/.gnupg +noblacklist ${HOME}/.mail +noblacklist ${HOME}/.mailcap +noblacklist ${HOME}/.msmtprc +noblacklist ${HOME}/.mutt +noblacklist ${HOME}/.muttrc +noblacklist ${HOME}/.nanorc +noblacklist ${HOME}/.neomutt +noblacklist ${HOME}/.neomuttrc +noblacklist ${HOME}/.signature +noblacklist ${HOME}/.vim +noblacklist ${HOME}/.viminfo +noblacklist ${HOME}/.vimrc +noblacklist ${HOME}/.w3m +noblacklist ${HOME}/Mail +noblacklist ${HOME}/mail +noblacklist ${HOME}/postponed +noblacklist ${HOME}/sent + +blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* + +include allow-lua.inc + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +mkfile ${HOME}/.elinks +mkfile ${HOME}/.emacs +mkfile ${HOME}/.mailcap +mkfile ${HOME}/.msmtprc +mkfile ${HOME}/.muttrc +mkfile ${HOME}/.nanorc +mkfile ${HOME}/.neomuttrc +mkfile ${HOME}/.signature +mkfile ${HOME}/.vimrc +mkfile ${HOME}/.viminfo +mkfile ${HOME}/.vimrc +mkfile ${HOME}/.w3m +mkdir ${HOME}/.Mail +mkdir ${HOME}/.bogofilter +mkdir ${HOME}/.config/mutt +mkdir ${HOME}/.config/nano +mkdir ${HOME}/.config/neomutt +mkdir ${HOME}/.emacs.d +mkdir ${HOME}/.gnupg +mkdir ${HOME}/.mail +mkdir ${HOME}/.mutt +mkdir ${HOME}/.neomutt +mkdir ${HOME}/.vim +mkdir ${HOME}/Mail +mkdir ${HOME}/mail +mkdir ${HOME}/postponed +mkdir ${HOME}/sent +whitelist ${HOME}/.Mail +whitelist ${HOME}/.bogofilter +whitelist ${HOME}/.config/mutt +whitelist ${HOME}/.config/nano +whitelist ${HOME}/.config/neomutt +whitelist ${HOME}/.elinks +whitelist ${HOME}/.emacs +whitelist ${HOME}/.emacs.d +whitelist ${HOME}/.gnupg +whitelist ${HOME}/.mail +whitelist ${HOME}/.mailcap +whitelist ${HOME}/.msmtprc +whitelist ${HOME}/.mutt +whitelist ${HOME}/.muttrc +whitelist ${HOME}/.nanorc +whitelist ${HOME}/.neomutt +whitelist ${HOME}/.neomuttrc +whitelist ${HOME}/.signature +whitelist ${HOME}/.vim +whitelist ${HOME}/.viminfo +whitelist ${HOME}/.vimrc +whitelist ${HOME}/.w3m +whitelist ${HOME}/Mail +whitelist ${HOME}/mail +whitelist ${HOME}/postponed +whitelist ${HOME}/sent +whitelist ${DOCUMENTS} +whitelist ${DOWNLOADS} +whitelist /usr/share/gnupg +whitelist /usr/share/gnupg2 +whitelist /usr/share/neomutt +whitelist /var/mail +whitelist /var/spool/mail +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +netfilter +no3d +nodvd +nogroups +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +# disable-mnt +private-cache +private-dev +private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gnupg,hostname,hosts,hosts.conf,mail,mailname,Mutt,Muttrc,Muttrc.d,neomuttrc,neomuttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,xdg +private-tmp +writable-run-user +writable-var + +dbus-user none +dbus-system none From a9218d475ff2d56ed9f566e2162789769d4d1ebb Mon Sep 17 00:00:00 2001 From: bbhtt <62639087+bbhtt@users.noreply.github.com> Date: Mon, 28 Dec 2020 13:12:30 +0000 Subject: [PATCH 02/13] Add neomutt to firefg.config --- src/firecfg/firecfg.config | 1 + 1 file changed, 1 insertion(+) diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 3f1591cbd92..eb16a87d892 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -528,6 +528,7 @@ mypaint mypaint-ora-thumbnailer natron ncdu +neomutt netactview nethack netsurf From d652bfba57b4231a720121100255a40719d7bd39 Mon Sep 17 00:00:00 2001 From: bbhtt <62639087+bbhtt@users.noreply.github.com> Date: Tue, 29 Dec 2020 03:48:06 +0000 Subject: [PATCH 03/13] Add Evolution and folks directories coming from evolution data server common to both geary and evolution; add dbus permissions fromflatpak --- etc/profile-a-l/geary.profile | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile index 3f96d8b25c5..fbd9a011a96 100644 --- a/etc/profile-a-l/geary.profile +++ b/etc/profile-a-l/geary.profile @@ -6,8 +6,12 @@ include geary.local # Persistent global definitions include globals.local +noblacklist ${HOME}/.cache/evolution +noblacklist ${HOME}/.cache/folks noblacklist ${HOME}/.cache/geary +noblacklist ${HOME}/.config/evolution noblacklist ${HOME}/.config/geary +noblacklist ${HOME}/.local/share/evolution noblacklist ${HOME}/.local/share/geary noblacklist ${HOME}/.mozilla @@ -20,11 +24,19 @@ include disable-programs.inc include disable-shell.inc include disable-xdg.inc +mkdir ${HOME}/.cache/evolution +mkdir ${HOME}/.cache/folks mkdir ${HOME}/.cache/geary +mkdir ${HOME}/.config/evolution mkdir ${HOME}/.config/geary +mkdir ${HOME}/.local/share/evolution mkdir ${HOME}/.local/share/geary +whitelist ${HOME}/.cache/evolution +whitelist ${HOME}/.cache/folks whitelist ${HOME}/.cache/geary +whitelist ${HOME}/.config/evolution whitelist ${HOME}/.config/geary +whitelist ${HOME}/.local/share/evolution whitelist ${HOME}/.local/share/geary whitelist ${HOME}/.mozilla/firefox/profiles.ini whitelist ${DOWNLOADS} @@ -36,6 +48,7 @@ include whitelist-var-common.inc apparmor caps.drop all +machine-id netfilter no3d nodvd @@ -62,6 +75,10 @@ private-tmp dbus-user filter dbus-user.own org.gnome.Geary dbus-user.talk ca.desrt.dconf +dbus-user.talk org.gnome.Contacts +dbus-user.talk org.gnome.OnlineAccounts +dbus-user.talk org.gnome.evolution.dataserver.AddressBook10 +dbus-user.talk org.gnome.evolution.dataserver.Sources5 dbus-user.talk org.freedesktop.secrets dbus-system none From 6b9bfad377a0f0bcd076dd230553795ea190e11f Mon Sep 17 00:00:00 2001 From: bbhtt <62639087+bbhtt@users.noreply.github.com> Date: Tue, 29 Dec 2020 03:49:16 +0000 Subject: [PATCH 04/13] Fix python; add read-only to editors/cli browsers;re-add cache directory --- etc/profile-m-z/mutt.profile | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index 87e7c7f0654..26b8233b0d5 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile @@ -1,7 +1,7 @@ # Firejail profile for mutt # Description: Text-based mailreader supporting MIME, GPG, PGP and threading -quiet # This file is overwritten after every install/update +quiet # Persistent local customizations include mutt.local # Persistent global definitions @@ -9,8 +9,10 @@ include globals.local noblacklist /var/mail noblacklist /var/spool/mail +noblacklist ${DOCUMENTS} noblacklist ${HOME}/.Mail noblacklist ${HOME}/.bogofilter +noblacklist ${HOME}/.cache/mutt noblacklist ${HOME}/.config/mutt noblacklist ${HOME}/.config/nano noblacklist ${HOME}/.elinks @@ -37,7 +39,8 @@ blacklist /tmp/.X11-unix blacklist ${RUNUSER}/wayland-* include allow-perl.inc -include allow-python.inc +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc @@ -60,6 +63,7 @@ mkfile ${HOME}/.vimrc mkfile ${HOME}/.w3m mkdir ${HOME}/.Mail mkdir ${HOME}/.bogofilter +mkdir ${HOME}/.cache/mutt mkdir ${HOME}/.config/mutt mkdir ${HOME}/.config/nano mkdir ${HOME}/.emacs.d @@ -73,6 +77,7 @@ mkdir ${HOME}/postponed mkdir ${HOME}/sent whitelist ${HOME}/.Mail whitelist ${HOME}/.bogofilter +whitelist ${HOME}/.cache/mutt whitelist ${HOME}/.config/mutt whitelist ${HOME}/.config/nano whitelist ${HOME}/.elinks @@ -133,3 +138,15 @@ writable-var dbus-user none dbus-system none + +read-only ${HOME}/.elinks +read-only ${HOME}/.emacs +read-only ${HOME}/.mailcap +read-only ${HOME}/.msmtprc +read-only ${HOME}/.muttrc +read-only ${HOME}/.nanorc +read-only ${HOME}/.signature +read-only ${HOME}/.vimrc +read-only ${HOME}/.viminfo +read-only ${HOME}/.vimrc +read-only ${HOME}/.w3m From ad2c61f161b2e4036050c247233e3c36dcfde0a8 Mon Sep 17 00:00:00 2001 From: bbhtt <62639087+bbhtt@users.noreply.github.com> Date: Tue, 29 Dec 2020 03:50:08 +0000 Subject: [PATCH 05/13] Add folks cache directory --- etc/inc/disable-programs.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 60b586ae220..63133f4c7a6 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -900,6 +900,7 @@ blacklist ${HOME}/.cache/evolution blacklist ${HOME}/.cache/falkon blacklist ${HOME}/.cache/feedreader blacklist ${HOME}/.cache/flaska.net/trojita +blacklist ${HOME}/.cache/folks blacklist ${HOME}/.cache/font-manager blacklist ${HOME}/.cache/fossamail blacklist ${HOME}/.cache/fractal From 144aee26f56156cb4ec0c674062c447d261802a4 Mon Sep 17 00:00:00 2001 From: bbhtt <62639087+bbhtt@users.noreply.github.com> Date: Thu, 31 Dec 2020 03:58:57 +0000 Subject: [PATCH 06/13] Improve whitelisting and dbus of Sylpheed and Claws-mail --- etc/profile-a-l/claws-mail.profile | 10 +++++++--- etc/profile-a-l/email-common.profile | 22 ++++++++++++++++------ etc/profile-m-z/sylpheed.profile | 10 ++++++++++ 3 files changed, 33 insertions(+), 9 deletions(-) diff --git a/etc/profile-a-l/claws-mail.profile b/etc/profile-a-l/claws-mail.profile index 69196c578a3..c060279df68 100644 --- a/etc/profile-a-l/claws-mail.profile +++ b/etc/profile-a-l/claws-mail.profile @@ -18,10 +18,14 @@ whitelist ${HOME}/.claws-mail whitelist /usr/share/doc/claws-mail +# private-bin claws-mail,curl,gpg,gpg2,gpg-agent,gpgsm,gpgme-config,pinentry,pinentry-gtk-2 + +dbus-user filter +dbus-user.talk ca.desrt.dconf +dbus-user.talk org.gnome.keyring.SystemPrompter # if you use the notification plugin you need to uncomment the below (or put them in your claws-mail.local) -#ignore dbus-user none -#dbus-user filter -#dbus-user.talk org.freedesktop.Notifications +# dbus-user.talk org.freedesktop.Notifications +dbus-system none # Redirect include email-common.profile diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile index df47f478d96..9e7c15a9daa 100644 --- a/etc/profile-a-l/email-common.profile +++ b/etc/profile-a-l/email-common.profile @@ -8,6 +8,7 @@ include email-common.local #include globals.local noblacklist ${HOME}/.gnupg +noblacklist ${HOME}/.mozilla noblacklist ${HOME}/.signature # when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local # and 'blacklist' it in your disable-common.local too so it is kept hidden from other applications @@ -17,28 +18,35 @@ noblacklist ${DOCUMENTS} include disable-common.inc include disable-devel.inc +include disable-exec.inc include disable-interpreters.inc include disable-passwdmgr.inc include disable-programs.inc include disable-xdg.inc -whitelist ${DOCUMENTS} -whitelist ${DOWNLOADS} mkfile ${HOME}/.config/mimeapps.list -mkdir ${HOME}/.gnupg mkfile ${HOME}/.signature +mkdir ${HOME}/.gnupg whitelist ${HOME}/.config/mimeapps.list +whitelist ${HOME}/.mozilla/firefox/profiles.ini whitelist ${HOME}/.gnupg whitelist ${HOME}/.signature +whitelist ${DOCUMENTS} +whitelist ${DOWNLOADS} # when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local whitelist ${HOME}/Mail + +whitelist ${RUNUSER}/gnupg whitelist /usr/share/gnupg whitelist /usr/share/gnupg2 include whitelist-common.inc +include whitelist-runuser-common.inc include whitelist-usr-share-common.inc include whitelist-var-common.inc +apparmor caps.drop all +machine-id netfilter no3d nodvd @@ -54,13 +62,12 @@ seccomp shell none tracelog +# disable-mnt private-cache private-dev +private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gnupg,groups,gtk-2.0,gtk-3.0,hostname,hosts,hosts.conf,mailname,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssl,xdg private-tmp -dbus-user none -dbus-system none - # encrypting and signing email writable-run-user @@ -70,3 +77,6 @@ writable-run-user #whitelist /var/mail #whitelist /var/spool/mail #writable-var + +read-only ${HOME}/.mozilla/firefox/profiles.ini +read-only ${HOME}/.signature diff --git a/etc/profile-m-z/sylpheed.profile b/etc/profile-m-z/sylpheed.profile index 4344fe73a0c..39d3befd22e 100644 --- a/etc/profile-m-z/sylpheed.profile +++ b/etc/profile-m-z/sylpheed.profile @@ -13,5 +13,15 @@ whitelist ${HOME}/.sylpheed-2.0 whitelist /usr/share/sylpheed +# private-bin curl,gpg,gpg2,gpg-agent,gpgsm,pinentry,pinentry-gtk-2,sylpheed + +dbus-user filter +dbus-user.talk ca.desrt.dconf +dbus-user.talk org.gnome.keyring.SystemPrompter +dbus-user.talk org.freedesktop.secrets +# Uncomment below for notifications (or put them in your sylpheed.local) +# dbus-user.talk org.freedesktop.Notifications +dbus-system none + # Redirect include email-common.profile From 927ba159d4a590ede6aa807d2167a0d9d6752700 Mon Sep 17 00:00:00 2001 From: bbhtt <62639087+bbhtt@users.noreply.github.com> Date: Thu, 31 Dec 2020 03:59:52 +0000 Subject: [PATCH 07/13] Add seccomp.block-secondary per @rusty-snake --- etc/profile-a-l/geary.profile | 1 + 1 file changed, 1 insertion(+) diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile index fbd9a011a96..0bd0bfd9c6a 100644 --- a/etc/profile-a-l/geary.profile +++ b/etc/profile-a-l/geary.profile @@ -61,6 +61,7 @@ nou2f novideo protocol unix,inet,inet6 seccomp +seccomp.block-secondary shell none tracelog From 2ef998dc9bd2e438643b36e51ceb132857cdffdd Mon Sep 17 00:00:00 2001 From: bbhtt <62639087+bbhtt@users.noreply.github.com> Date: Thu, 31 Dec 2020 04:01:09 +0000 Subject: [PATCH 08/13] Rearrange and fixes per comments --- etc/profile-m-z/mutt.profile | 29 +++++++++++------------------ etc/profile-m-z/neomutt.profile | 32 +++++++++++++++++++------------- 2 files changed, 30 insertions(+), 31 deletions(-) diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index 26b8233b0d5..592a695994c 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile @@ -50,17 +50,6 @@ include disable-passwdmgr.inc include disable-programs.inc include disable-xdg.inc -mkfile ${HOME}/.elinks -mkfile ${HOME}/.emacs -mkfile ${HOME}/.mailcap -mkfile ${HOME}/.msmtprc -mkfile ${HOME}/.muttrc -mkfile ${HOME}/.nanorc -mkfile ${HOME}/.signature -mkfile ${HOME}/.vimrc -mkfile ${HOME}/.viminfo -mkfile ${HOME}/.vimrc -mkfile ${HOME}/.w3m mkdir ${HOME}/.Mail mkdir ${HOME}/.bogofilter mkdir ${HOME}/.cache/mutt @@ -75,6 +64,17 @@ mkdir ${HOME}/Mail mkdir ${HOME}/mail mkdir ${HOME}/postponed mkdir ${HOME}/sent +mkfile ${HOME}/.elinks +mkfile ${HOME}/.emacs +mkfile ${HOME}/.mailcap +mkfile ${HOME}/.msmtprc +mkfile ${HOME}/.muttrc +mkfile ${HOME}/.nanorc +mkfile ${HOME}/.signature +mkfile ${HOME}/.vimrc +mkfile ${HOME}/.viminfo +mkfile ${HOME}/.vimrc +mkfile ${HOME}/.w3m whitelist ${HOME}/.Mail whitelist ${HOME}/.bogofilter whitelist ${HOME}/.cache/mutt @@ -140,13 +140,6 @@ dbus-user none dbus-system none read-only ${HOME}/.elinks -read-only ${HOME}/.emacs -read-only ${HOME}/.mailcap -read-only ${HOME}/.msmtprc -read-only ${HOME}/.muttrc read-only ${HOME}/.nanorc read-only ${HOME}/.signature -read-only ${HOME}/.vimrc -read-only ${HOME}/.viminfo -read-only ${HOME}/.vimrc read-only ${HOME}/.w3m diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile index d71dc618bf0..9d90afadb0c 100644 --- a/etc/profile-m-z/neomutt.profile +++ b/etc/profile-m-z/neomutt.profile @@ -1,7 +1,7 @@ # Firejail profile for neomutt # Description: Mutt fork with advanced features and better documentation -quiet # This file is overwritten after every install/update +quiet # Persistent local customizations include neomutt.local # Persistent global definitions @@ -9,6 +9,7 @@ include globals.local noblacklist /var/mail noblacklist /var/spool/mail +noblacklist ${DOCUMENTS} noblacklist ${HOME}/.Mail noblacklist ${HOME}/.bogofilter noblacklist ${HOME}/.config/mutt @@ -49,18 +50,6 @@ include disable-passwdmgr.inc include disable-programs.inc include disable-xdg.inc -mkfile ${HOME}/.elinks -mkfile ${HOME}/.emacs -mkfile ${HOME}/.mailcap -mkfile ${HOME}/.msmtprc -mkfile ${HOME}/.muttrc -mkfile ${HOME}/.nanorc -mkfile ${HOME}/.neomuttrc -mkfile ${HOME}/.signature -mkfile ${HOME}/.vimrc -mkfile ${HOME}/.viminfo -mkfile ${HOME}/.vimrc -mkfile ${HOME}/.w3m mkdir ${HOME}/.Mail mkdir ${HOME}/.bogofilter mkdir ${HOME}/.config/mutt @@ -76,6 +65,18 @@ mkdir ${HOME}/Mail mkdir ${HOME}/mail mkdir ${HOME}/postponed mkdir ${HOME}/sent +mkfile ${HOME}/.elinks +mkfile ${HOME}/.emacs +mkfile ${HOME}/.mailcap +mkfile ${HOME}/.msmtprc +mkfile ${HOME}/.muttrc +mkfile ${HOME}/.nanorc +mkfile ${HOME}/.neomuttrc +mkfile ${HOME}/.signature +mkfile ${HOME}/.vimrc +mkfile ${HOME}/.viminfo +mkfile ${HOME}/.vimrc +mkfile ${HOME}/.w3m whitelist ${HOME}/.Mail whitelist ${HOME}/.bogofilter whitelist ${HOME}/.config/mutt @@ -141,3 +142,8 @@ writable-var dbus-user none dbus-system none + +read-only ${HOME}/.elinks +read-only ${HOME}/.nanorc +read-only ${HOME}/.signature +read-only ${HOME}/.w3m From 08bf7ac3f32b99569b3aba2052f9b57bf94c141f Mon Sep 17 00:00:00 2001 From: bbhtt <62639087+bbhtt@users.noreply.github.com> Date: Thu, 31 Dec 2020 15:11:40 +0000 Subject: [PATCH 09/13] Some sorting per @kmk3 --- etc/profile-a-l/geary.profile | 4 ++-- etc/profile-m-z/mutt.profile | 5 ++--- etc/profile-m-z/neomutt.profile | 9 ++++----- etc/profile-m-z/sylpheed.profile | 2 +- 4 files changed, 9 insertions(+), 11 deletions(-) diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile index 0bd0bfd9c6a..a6491fd1071 100644 --- a/etc/profile-a-l/geary.profile +++ b/etc/profile-a-l/geary.profile @@ -31,6 +31,7 @@ mkdir ${HOME}/.config/evolution mkdir ${HOME}/.config/geary mkdir ${HOME}/.local/share/evolution mkdir ${HOME}/.local/share/geary +whitelist ${DOWNLOADS} whitelist ${HOME}/.cache/evolution whitelist ${HOME}/.cache/folks whitelist ${HOME}/.cache/geary @@ -39,7 +40,6 @@ whitelist ${HOME}/.config/geary whitelist ${HOME}/.local/share/evolution whitelist ${HOME}/.local/share/geary whitelist ${HOME}/.mozilla/firefox/profiles.ini -whitelist ${DOWNLOADS} whitelist /usr/share/geary include whitelist-common.inc include whitelist-runuser-common.inc @@ -76,11 +76,11 @@ private-tmp dbus-user filter dbus-user.own org.gnome.Geary dbus-user.talk ca.desrt.dconf +dbus-user.talk org.freedesktop.secrets dbus-user.talk org.gnome.Contacts dbus-user.talk org.gnome.OnlineAccounts dbus-user.talk org.gnome.evolution.dataserver.AddressBook10 dbus-user.talk org.gnome.evolution.dataserver.Sources5 -dbus-user.talk org.freedesktop.secrets dbus-system none read-only ${HOME}/.mozilla/firefox/profiles.ini diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index 592a695994c..e9367ab4971 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile @@ -71,10 +71,11 @@ mkfile ${HOME}/.msmtprc mkfile ${HOME}/.muttrc mkfile ${HOME}/.nanorc mkfile ${HOME}/.signature -mkfile ${HOME}/.vimrc mkfile ${HOME}/.viminfo mkfile ${HOME}/.vimrc mkfile ${HOME}/.w3m +whitelist ${DOCUMENTS} +whitelist ${DOWNLOADS} whitelist ${HOME}/.Mail whitelist ${HOME}/.bogofilter whitelist ${HOME}/.cache/mutt @@ -99,8 +100,6 @@ whitelist ${HOME}/Mail whitelist ${HOME}/mail whitelist ${HOME}/postponed whitelist ${HOME}/sent -whitelist ${DOCUMENTS} -whitelist ${DOWNLOADS} whitelist /usr/share/gnupg whitelist /usr/share/gnupg2 whitelist /usr/share/mutt diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile index 9d90afadb0c..2798f130782 100644 --- a/etc/profile-m-z/neomutt.profile +++ b/etc/profile-m-z/neomutt.profile @@ -7,8 +7,6 @@ include neomutt.local # Persistent global definitions include globals.local -noblacklist /var/mail -noblacklist /var/spool/mail noblacklist ${DOCUMENTS} noblacklist ${HOME}/.Mail noblacklist ${HOME}/.bogofilter @@ -36,6 +34,8 @@ noblacklist ${HOME}/Mail noblacklist ${HOME}/mail noblacklist ${HOME}/postponed noblacklist ${HOME}/sent +noblacklist /var/mail +noblacklist /var/spool/mail blacklist /tmp/.X11-unix blacklist ${RUNUSER}/wayland-* @@ -73,10 +73,11 @@ mkfile ${HOME}/.muttrc mkfile ${HOME}/.nanorc mkfile ${HOME}/.neomuttrc mkfile ${HOME}/.signature -mkfile ${HOME}/.vimrc mkfile ${HOME}/.viminfo mkfile ${HOME}/.vimrc mkfile ${HOME}/.w3m +whitelist ${DOCUMENTS} +whitelist ${DOWNLOADS} whitelist ${HOME}/.Mail whitelist ${HOME}/.bogofilter whitelist ${HOME}/.config/mutt @@ -103,8 +104,6 @@ whitelist ${HOME}/Mail whitelist ${HOME}/mail whitelist ${HOME}/postponed whitelist ${HOME}/sent -whitelist ${DOCUMENTS} -whitelist ${DOWNLOADS} whitelist /usr/share/gnupg whitelist /usr/share/gnupg2 whitelist /usr/share/neomutt diff --git a/etc/profile-m-z/sylpheed.profile b/etc/profile-m-z/sylpheed.profile index 39d3befd22e..da69208f568 100644 --- a/etc/profile-m-z/sylpheed.profile +++ b/etc/profile-m-z/sylpheed.profile @@ -17,8 +17,8 @@ whitelist /usr/share/sylpheed dbus-user filter dbus-user.talk ca.desrt.dconf -dbus-user.talk org.gnome.keyring.SystemPrompter dbus-user.talk org.freedesktop.secrets +dbus-user.talk org.gnome.keyring.SystemPrompter # Uncomment below for notifications (or put them in your sylpheed.local) # dbus-user.talk org.freedesktop.Notifications dbus-system none From 548ee9c03034dfaefaa925c4bf1c464248d7c007 Mon Sep 17 00:00:00 2001 From: bbhtt <62639087+bbhtt@users.noreply.github.com> Date: Thu, 31 Dec 2020 15:42:43 +0000 Subject: [PATCH 10/13] Add dbus-system none back to email-common.profile --- etc/profile-a-l/claws-mail.profile | 1 - etc/profile-a-l/email-common.profile | 2 ++ etc/profile-m-z/sylpheed.profile | 1 - 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/etc/profile-a-l/claws-mail.profile b/etc/profile-a-l/claws-mail.profile index c060279df68..b4a8303a271 100644 --- a/etc/profile-a-l/claws-mail.profile +++ b/etc/profile-a-l/claws-mail.profile @@ -25,7 +25,6 @@ dbus-user.talk ca.desrt.dconf dbus-user.talk org.gnome.keyring.SystemPrompter # if you use the notification plugin you need to uncomment the below (or put them in your claws-mail.local) # dbus-user.talk org.freedesktop.Notifications -dbus-system none # Redirect include email-common.profile diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile index 9e7c15a9daa..96d61654861 100644 --- a/etc/profile-a-l/email-common.profile +++ b/etc/profile-a-l/email-common.profile @@ -71,6 +71,8 @@ private-tmp # encrypting and signing email writable-run-user +dbus-system none + # If you want to read local mail stored in /var/mail, add the following to email-common.local: #noblacklist /var/mail #noblacklist /var/spool/mail diff --git a/etc/profile-m-z/sylpheed.profile b/etc/profile-m-z/sylpheed.profile index da69208f568..50506d100e2 100644 --- a/etc/profile-m-z/sylpheed.profile +++ b/etc/profile-m-z/sylpheed.profile @@ -21,7 +21,6 @@ dbus-user.talk org.freedesktop.secrets dbus-user.talk org.gnome.keyring.SystemPrompter # Uncomment below for notifications (or put them in your sylpheed.local) # dbus-user.talk org.freedesktop.Notifications -dbus-system none # Redirect include email-common.profile From 4d8c7ad991dbbaffcc724d58d03a10be7025f6e8 Mon Sep 17 00:00:00 2001 From: bbhtt <62639087+bbhtt@users.noreply.github.com> Date: Thu, 31 Dec 2020 15:44:12 +0000 Subject: [PATCH 11/13] Add ipc-namespace, machine-id --- etc/profile-m-z/mutt.profile | 2 ++ etc/profile-m-z/neomutt.profile | 2 ++ 2 files changed, 4 insertions(+) diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index e9367ab4971..9842b09fde3 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile @@ -112,6 +112,8 @@ include whitelist-var-common.inc apparmor caps.drop all +ipc-namespace +machine-id netfilter no3d nodvd diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile index 2798f130782..c9dbb3b09d7 100644 --- a/etc/profile-m-z/neomutt.profile +++ b/etc/profile-m-z/neomutt.profile @@ -116,6 +116,8 @@ include whitelist-var-common.inc apparmor caps.drop all +ipc-namespace +machine-id netfilter no3d nodvd From 77c3bac1d2e653ff421dc9d41c8d0e186d134322 Mon Sep 17 00:00:00 2001 From: bbhtt <62639087+bbhtt@users.noreply.github.com> Date: Mon, 4 Jan 2021 05:54:33 +0000 Subject: [PATCH 12/13] Add seccomp.block-secondary to email-common,mutt,neomutt; add mdwe to mutt,neomuut; some sorting --- etc/profile-a-l/email-common.profile | 5 +++-- etc/profile-m-z/mutt.profile | 9 ++++++--- etc/profile-m-z/neomutt.profile | 9 ++++++--- 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile index 96d61654861..87edbe6f23b 100644 --- a/etc/profile-a-l/email-common.profile +++ b/etc/profile-a-l/email-common.profile @@ -24,9 +24,9 @@ include disable-passwdmgr.inc include disable-programs.inc include disable-xdg.inc +mkdir ${HOME}/.gnupg mkfile ${HOME}/.config/mimeapps.list mkfile ${HOME}/.signature -mkdir ${HOME}/.gnupg whitelist ${HOME}/.config/mimeapps.list whitelist ${HOME}/.mozilla/firefox/profiles.ini whitelist ${HOME}/.gnupg @@ -59,6 +59,7 @@ nou2f novideo protocol unix,inet,inet6 seccomp +seccomp.block-secondary shell none tracelog @@ -81,4 +82,4 @@ dbus-system none #writable-var read-only ${HOME}/.mozilla/firefox/profiles.ini -read-only ${HOME}/.signature +read-only ${HOME}/.signature \ No newline at end of file diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index 9842b09fde3..581a2636835 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile @@ -55,16 +55,17 @@ mkdir ${HOME}/.bogofilter mkdir ${HOME}/.cache/mutt mkdir ${HOME}/.config/mutt mkdir ${HOME}/.config/nano +mkdir ${HOME}/.elinks mkdir ${HOME}/.emacs.d mkdir ${HOME}/.gnupg mkdir ${HOME}/.mail mkdir ${HOME}/.mutt mkdir ${HOME}/.vim +mkdir ${HOME}/.w3m mkdir ${HOME}/Mail mkdir ${HOME}/mail mkdir ${HOME}/postponed mkdir ${HOME}/sent -mkfile ${HOME}/.elinks mkfile ${HOME}/.emacs mkfile ${HOME}/.mailcap mkfile ${HOME}/.msmtprc @@ -73,7 +74,6 @@ mkfile ${HOME}/.nanorc mkfile ${HOME}/.signature mkfile ${HOME}/.viminfo mkfile ${HOME}/.vimrc -mkfile ${HOME}/.w3m whitelist ${DOCUMENTS} whitelist ${DOWNLOADS} whitelist ${HOME}/.Mail @@ -126,6 +126,7 @@ nou2f novideo protocol unix,inet,inet6 seccomp +seccomp.block-secondary shell none tracelog @@ -140,7 +141,9 @@ writable-var dbus-user none dbus-system none +memory-deny-write-execute + read-only ${HOME}/.elinks read-only ${HOME}/.nanorc read-only ${HOME}/.signature -read-only ${HOME}/.w3m +read-only ${HOME}/.w3m \ No newline at end of file diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile index c9dbb3b09d7..dc07fa5eb6b 100644 --- a/etc/profile-m-z/neomutt.profile +++ b/etc/profile-m-z/neomutt.profile @@ -55,17 +55,18 @@ mkdir ${HOME}/.bogofilter mkdir ${HOME}/.config/mutt mkdir ${HOME}/.config/nano mkdir ${HOME}/.config/neomutt +mkdir ${HOME}/.elinks mkdir ${HOME}/.emacs.d mkdir ${HOME}/.gnupg mkdir ${HOME}/.mail mkdir ${HOME}/.mutt mkdir ${HOME}/.neomutt mkdir ${HOME}/.vim +mkdir ${HOME}/.w3m mkdir ${HOME}/Mail mkdir ${HOME}/mail mkdir ${HOME}/postponed mkdir ${HOME}/sent -mkfile ${HOME}/.elinks mkfile ${HOME}/.emacs mkfile ${HOME}/.mailcap mkfile ${HOME}/.msmtprc @@ -75,7 +76,6 @@ mkfile ${HOME}/.neomuttrc mkfile ${HOME}/.signature mkfile ${HOME}/.viminfo mkfile ${HOME}/.vimrc -mkfile ${HOME}/.w3m whitelist ${DOCUMENTS} whitelist ${DOWNLOADS} whitelist ${HOME}/.Mail @@ -130,6 +130,7 @@ nou2f novideo protocol unix,inet,inet6 seccomp +seccomp.block-secondary shell none tracelog @@ -144,7 +145,9 @@ writable-var dbus-user none dbus-system none +memory-deny-write-execute + read-only ${HOME}/.elinks read-only ${HOME}/.nanorc read-only ${HOME}/.signature -read-only ${HOME}/.w3m +read-only ${HOME}/.w3m \ No newline at end of file From 1e9040e62b895ddddec9ebd8e2c602db42dae697 Mon Sep 17 00:00:00 2001 From: bbhtt <62639087+bbhtt@users.noreply.github.com> Date: Sat, 9 Jan 2021 16:38:10 +0000 Subject: [PATCH 13/13] Some minor changes --- etc/profile-a-l/email-common.profile | 4 +--- etc/profile-a-l/geary.profile | 4 ++-- etc/profile-m-z/mutt.profile | 11 ++++++----- etc/profile-m-z/neomutt.profile | 3 +-- 4 files changed, 10 insertions(+), 12 deletions(-) diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile index 87edbe6f23b..6b55c212642 100644 --- a/etc/profile-a-l/email-common.profile +++ b/etc/profile-a-l/email-common.profile @@ -35,7 +35,6 @@ whitelist ${DOCUMENTS} whitelist ${DOWNLOADS} # when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local whitelist ${HOME}/Mail - whitelist ${RUNUSER}/gnupg whitelist /usr/share/gnupg whitelist /usr/share/gnupg2 @@ -68,7 +67,6 @@ private-cache private-dev private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gnupg,groups,gtk-2.0,gtk-3.0,hostname,hosts,hosts.conf,mailname,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssl,xdg private-tmp - # encrypting and signing email writable-run-user @@ -82,4 +80,4 @@ dbus-system none #writable-var read-only ${HOME}/.mozilla/firefox/profiles.ini -read-only ${HOME}/.signature \ No newline at end of file +read-only ${HOME}/.signature diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile index a6491fd1071..b11863c6a70 100644 --- a/etc/profile-a-l/geary.profile +++ b/etc/profile-a-l/geary.profile @@ -66,11 +66,11 @@ shell none tracelog # disable-mnt -# Add ignore private-bin to geary.local for hyperlink support +# Add 'ignore private-bin' to geary.local for hyperlink support private-bin geary private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,pki,resolv.conf,selinux,ssl,xdg +private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,pki,resolv.conf,ssl,xdg private-tmp dbus-user filter diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index 581a2636835..24782c03302 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile @@ -38,9 +38,11 @@ noblacklist ${HOME}/sent blacklist /tmp/.X11-unix blacklist ${RUNUSER}/wayland-* -include allow-perl.inc -include allow-python2.inc -include allow-python3.inc +# Uncomment or put them in mutt.local for oauth.py,S/MIME + +#include allow-perl.inc +#include allow-python2.inc +#include allow-python3.inc include disable-common.inc include disable-devel.inc @@ -142,8 +144,7 @@ dbus-user none dbus-system none memory-deny-write-execute - read-only ${HOME}/.elinks read-only ${HOME}/.nanorc read-only ${HOME}/.signature -read-only ${HOME}/.w3m \ No newline at end of file +read-only ${HOME}/.w3m diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile index dc07fa5eb6b..26865b90a62 100644 --- a/etc/profile-m-z/neomutt.profile +++ b/etc/profile-m-z/neomutt.profile @@ -146,8 +146,7 @@ dbus-user none dbus-system none memory-deny-write-execute - read-only ${HOME}/.elinks read-only ${HOME}/.nanorc read-only ${HOME}/.signature -read-only ${HOME}/.w3m \ No newline at end of file +read-only ${HOME}/.w3m