1 files changed, 5 insertions, 6 deletions

diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile
index ed07485d6..3ecda698e 100644
--- a/etc/Xvfb.profile
+++ b/etc/Xvfb.profile
@@ -9,7 +9,7 @@ include globals.local
 #
 # This profile will sandbox Xvfb server itself when used with firejail --x11=xvfb.
 # The target program is sandboxed with its own profile. By default the this functionality
-# is disabled. To enable it, create a firejail-Xvfb  symlink in /usr/local/bin:
+# is disabled. To enable it, create a firejail-Xvfb symlink in /usr/local/bin:
 #
 #    $ sudo ln -s /usr/bin/firejail /usr/local/bin/Xvfb
 #
@@ -17,8 +17,6 @@ include globals.local
 # some Linux distributions. Also, older versions of Xpra use Xvfb.
 #
 
-blacklist /media
-
 whitelist /var/lib/xkb
 include whitelist-common.inc
 
@@ -36,10 +34,11 @@ protocol unix
 seccomp
 shell none
 
+disable-mnt
 # using a private home directory
 private
-# private-bin Xvfb,sh,xkbcomp
-# private-bin Xvfb,sh,xkbcomp,strace,bash,cat,ls
+# private-bin sh,xkbcomp,Xvfb
+# private-bin bash,cat,ls,sh,strace,xkbcomp,Xvfb
 private-dev
-private-etc alternatives,ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname
+private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,nsswitch.conf,resolv.conf
 private-tmp