Switch mails to whitelisting #3607
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rusty-snake
reviewed
Aug 28, 2020
etc/profile-a-l/evolution.profile
Outdated
|
|
||
| disable-mnt |
There was a problem hiding this comment.
Is it common to attach files from USB-Sticks?
|
.... is it common to open a link in mail? |
yes |
|
So do you want to add profiles.ini,dbus talk,commented private-bin bash,sh,which,firefox to them? |
|
If the profile has no private-bin, add the lines from thunderbird. If it has a private-bin add it commented and a note about private-bin that you need to ignore or extend. |
rusty-snake
reviewed
Aug 29, 2020
|
@rusty-snake should we pull it in? |
|
IDK, I didn't see something against it. Testing it would be the best. |
Fred-Barclay
reviewed
Oct 3, 2020
|
I can test out kmail if/when it is ready. |
|
Should we merge now? |
|
all in, thanks! |
Merged
rusty-snake
added a commit
to rusty-snake/firejail
that referenced
this pull request
Feb 12, 2021
This reverts commit bd1819a, reversing changes made to 807af3d. The hole PR looks like a single crap, it is not even syntactically correct. Has anyone at least started kmail with this profile before it was merged? See netblue30#3979, thanks @creideiki for reporting. > First, there are syntax errors. Several mkdir lines have file names containing asterisks. > This gives the following error: > > Error: "${HOME}/.cache/akonadi*" is an invalid filename: rejected character: "*" > > I am not sure what they intend to do, but whatever it is it's not working. > Especially confusing is the line > > mkdir /tmp/akonadi-* > > Yes, Akonadi creates a directory in /tmp, but its name is random and seems to have been created > using mkstemp(3) or similar. I'm not sure how Firejail is supposed to be able to pre-create it. > > Removing the asterisks makes Firejail at least accept the profile syntactically and try to run > the program. It is rejected by syntax. Has anyone tested? > At startup, Firejail now prints the following warning: > > *** > *** Warning: cannot whitelist ${DOCUMENTS} directory > *** Any file saved in this directory will be lost when the sandbox is closed. > *** Why was 'include disable-xdg.inc' added together with 'whitelist ${DOCUMENTS}', but no 'nobalcklist ${DOCUMENTS}'? It can not work. > The actual error is that PostgreSQL needs access to /usr/lib64/postgresql-13/ in order to run. > Adding the following line to kmail.profile fixes that: > > whitelist /usr/share/postgresql* Again, has anyone thested this? > The next problem is this message on the console: > > kf.config.core: Couldn't write "/home/creideiki/.config/kmail2rc" . Disk full? > > Which may have something to do with the profile creating a directory with that name: > > mkdir ${HOME}/.config/kmail2rc > > when it's supposed to be a file: > > $ stat ~/.config/kmail2rc > File: /home/creideiki/.config/kmail2rc > Size: 24660 Blocks: 56 IO Block: 4096 regular file Has anyone tested this or is this just a blind copy of the noblacklist from above with noblacklist replaced by mkdir? > However, the error message > > kf.config.core: Couldn't write "/home/creideiki/.config/kmail2rc" . Disk full? > > still appears. Looks like netblue30#1793. HAS ANYONE TESTED THIS PROFILE??! > Finally, when exiting KMail, it crashes with a SIGSEGV: > > *** KMail got signal 11 (Exiting) > *** Dead letters dumped. > KCrash: crashing... crashRecursionCounter = 2 > KCrash: Application Name = kmail path = /usr/bin pid = 20 > KCrash: Arguments: /usr/bin/kmail Has any... > I tried restoring an older kmail.profile, from commit 319f2dc, and it has none of the above problems. ... I give up asking if anyone tested this. > Given the multitude of problems with commit 5532fbd, I'd suggest reverting it until it can be fixed. Yes, definitely.
6 tasks
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I might do kmail too, if I can. Will be same format, pushed in this PR.