On 2019-01-09 8:57 p.m., Simon Deziel wrote:
> Could you give a try to the attached profile and report back?
Actually, please use this new attached profile which is identical in
purpose but uses better names.
Thanks,
Simon
# Author: Simon Deziel <si...@sdeziel.info>
#include <tunables/global>
/usr/bin/msmtp flags=(attach_disconnected) {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/p11-kit>
#include <abstractions/ssl_certs>
#include <abstractions/ssl_keys>
/usr/bin/msmtp mr,
/etc/aliases r,
/etc/msmtprc r,
/etc/netrc r,
owner @{HOME}/.msmtp* r,
owner @{HOME}/.netrc r,
owner @{HOME}/.tls-crls r,
owner @{HOME}/.msmtp*.log wk,
/var/log/msmtp wk,
@{PROC}/@{pid}/loginuid r,
/tmp/ rw,
owner /tmp/* rw,
# to type password interactively
owner /dev/pts/[0-9]* rw,
# secret helpers
/{,usr/}bin/bash Cx -> helpers,
/{,usr/}bin/dash Cx -> helpers,
profile helpers {
#include <abstractions/base>
/{,usr/}bin/bash mr,
/{,usr/}bin/dash mr,
/tmp/ rw,
owner /tmp/* rw,
/usr/bin/secret-tool PUx,
/usr/bin/gpg{,2} PUx,
}
#include <local/usr.bin.msmtp>
}
