From 3801eb32b4098c7d3d1789c01ca880cfeadd378f Mon Sep 17 00:00:00 2001 From: kortewegdevries Date: Wed, 2 Sep 2020 10:47:54 +0000 Subject: [PATCH] Fix private-etc of electron-mail, fix geary,minitube (#3588) * Fix private-etc of electron-mail * Fix dbus of geary * Fix geary again, remove GPG * Fix seccomp on Arch --- etc/inc/disable-programs.inc | 2 ++ etc/profile-a-l/electron-mail.profile | 10 +++++----- etc/profile-a-l/geary.profile | 12 ++++++------ etc/profile-m-z/minitube.profile | 2 +- 4 files changed, 14 insertions(+), 12 deletions(-) diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index dba60fcbae9..6b0c16d5f74 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -216,6 +216,7 @@ blacklist ${HOME}/.config/gajim blacklist ${HOME}/.config/galculator blacklist ${HOME}/.config/gconf blacklist ${HOME}/.config/geany +blacklist ${HOME}/.config/geary blacklist ${HOME}/.config/gedit blacklist ${HOME}/.config/geeqie blacklist ${HOME}/.config/ghb @@ -865,6 +866,7 @@ blacklist ${HOME}/.cache/fossamail blacklist ${HOME}/.cache/fractal blacklist ${HOME}/.cache/freecol blacklist ${HOME}/.cache/gajim +blacklist ${HOME}/.cache/geary blacklist ${HOME}/.cache/gegl-0.4 blacklist ${HOME}/.cache/geeqie blacklist ${HOME}/.cache/gfeeds diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile index 39366470ff6..a77bca0f866 100644 --- a/etc/profile-a-l/electron-mail.profile +++ b/etc/profile-a-l/electron-mail.profile @@ -8,8 +8,6 @@ include globals.local noblacklist ${HOME}/.config/electron-mail -whitelist ${DOWNLOADS} - include disable-common.inc include disable-devel.inc include disable-exec.inc @@ -21,8 +19,10 @@ include disable-xdg.inc mkdir ${HOME}/.config/electron-mail whitelist ${HOME}/.config/electron-mail +whitelist ${DOWNLOADS} include whitelist-common.inc +include whitelist-runuser-common.inc include whitelist-usr-share-common.inc include whitelist-var-common.inc @@ -45,12 +45,12 @@ shell none private-bin electron-mail private-cache private-dev -private-etc alternatives,fonts +private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,nsswitch.conf,pki,resolv.conf,ssl,selinux,xdg private-opt ElectronMail private-tmp # breaks tray functionality # dbus-user none -# dbus-system none +dbus-system none -# memory-deny-write-execute - breaks on Arch +# memory-deny-write-execute - breaks on Arch \ No newline at end of file diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile index fa01d04b771..118ed62caa0 100644 --- a/etc/profile-a-l/geary.profile +++ b/etc/profile-a-l/geary.profile @@ -10,24 +10,24 @@ include geary.local # Users have Geary set to open a browser by clicking a link in an email # We are not allowed to blacklist browser-specific directories -ignore dbus-user none +ignore dbus-user filter ignore dbus-system none ignore private-tmp -noblacklist ${HOME}/.gnupg +noblacklist ${HOME}/.cache/geary +noblacklist ${HOME}/.config/geary noblacklist ${HOME}/.local/share/geary -mkdir ${HOME}/.gnupg +mkdir ${HOME}/.cache/geary mkdir ${HOME}/.config/geary mkdir ${HOME}/.local/share/geary -whitelist ${HOME}/.gnupg +whitelist ${HOME}/.cache/geary whitelist ${HOME}/.config/geary whitelist ${HOME}/.local/share/geary +whitelist /usr/share/geary read-only ${HOME}/.config/mimeapps.list -whitelist /usr/share/geary - # allow Mozilla browsers # Redirect include firefox.profile diff --git a/etc/profile-m-z/minitube.profile b/etc/profile-m-z/minitube.profile index 2c70978a9cd..39ecc7127f3 100644 --- a/etc/profile-m-z/minitube.profile +++ b/etc/profile-m-z/minitube.profile @@ -46,7 +46,7 @@ notv nou2f novideo protocol unix,inet,inet6,netlink -seccomp +seccomp !kcmp shell none tracelog