From dc906acf8f278115a1dc791d2ca4e5e2ae76e143 Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Fri, 3 Jul 2020 15:22:28 +0000
Subject: [PATCH 1/2] clarify writing to /var/mail and /var/spool/mail in
 apparmor

Thunderbird seems to be our only mail client profile that enables the `apparmor` option. Users need this when they follow instructions on how to allow reading local mail.
---
 etc/apparmor/firejail-default | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default
index fc6690752b2..8894d1e98e6 100644
--- a/etc/apparmor/firejail-default
+++ b/etc/apparmor/firejail-default
@@ -49,6 +49,10 @@ owner /{,run/firejail/mnt/oroot/}{,var/}run/firejail/mnt/trace w,
 owner /{,run/firejail/mnt/oroot/}{,var/}run/user/[0-9]*/** w,
 owner /{,run/firejail/mnt/oroot/}{run,dev}/shm/** w,
 
+# Allow writing to /var/mail and /var/spool/mail (for mail clients)
+# Uncomment to enable
+#owner /{,var/}{mail,spool/mail}/** w,
+
 # Allow writing to removable media
 owner /{,var/}run/media/** w,
 

From 9f62720ca3f2e53bb21d2fc066fe0c46ba1c6f97 Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Sat, 4 Jul 2020 10:24:05 +0000
Subject: [PATCH 2/2] fix mail clients rule in firejail-default

---
 etc/apparmor/firejail-default | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default
index 8894d1e98e6..04a38f0cefc 100644
--- a/etc/apparmor/firejail-default
+++ b/etc/apparmor/firejail-default
@@ -51,7 +51,7 @@ owner /{,run/firejail/mnt/oroot/}{run,dev}/shm/** w,
 
 # Allow writing to /var/mail and /var/spool/mail (for mail clients)
 # Uncomment to enable
-#owner /{,var/}{mail,spool/mail}/** w,
+#owner /var/{mail,spool/mail}/** w,
 
 # Allow writing to removable media
 owner /{,var/}run/media/** w,