-
Notifications
You must be signed in to change notification settings - Fork 8
/
mbsync
49 lines (39 loc) · 1.19 KB
/
mbsync
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# AppArmor profile for mbsync/isync IMAP mailbox synchronizer
# Version of program profiled: 1.4.4
# Homepage: https://github.com/krathalan/apparmor-profiles
# Copyright 2020-2024 (C) krathalan; Licensed under GPLv3
abi <abi/3.0>,
include <tunables/global>
profile mbsync /usr/bin/mbsync {
include if exists <local/mbsync>
include <abstractions/base>
# Networking
include <abstractions/ssl_certs>
include <abstractions/krathalans-networking>
network netlink raw,
network inet dgram,
network inet stream,
network inet6 dgram,
network inet6 stream,
# Config
owner @{HOME}/.mbsyncrc r,
# Mail storage
owner @{HOME}/.local/share/mail/{,**} rw,
owner @{HOME}/.local/share/mail/{,**}/{.mbsyncstate.lock,.uidvalidity} k,
# GPG
/usr/bin/dash rix,
/usr/bin/gpg rCx,
profile gpg /usr/bin/gpg {
include if exists <local/mbsync-gpg>
include <abstractions/base>
include <abstractions/gnupg>
network inet stream,
/usr/bin/gpg r,
owner @{HOME}/.gnupg/gpg.conf r,
owner @{HOME}/.gnupg/pubring.kbx.{lock,tmp} rwl,
owner @{HOME}/.gnupg/*lk* rwl,
owner @{HOME}/.gnupg/random_seed k,
# Deny unnecessary permissions
deny network inet6 stream,
}
}