From b59225f5d987d0467c659b0b5c0630009d519e98 Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Tue, 18 Jun 2019 18:52:18 +0200
Subject: use 'x11 none' option

... instead of just blacklisting the X11 socket.

Systematically added to all profiles with 'net none' and
'blacklist /tmp/.X11-unix', and a few more
---
 etc/cpio.profile | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'etc/cpio.profile')

diff --git a/etc/cpio.profile b/etc/cpio.profile
index 0bb45f5cd..17a765700 100644
--- a/etc/cpio.profile
+++ b/etc/cpio.profile
@@ -10,8 +10,6 @@ include globals.local
 noblacklist /sbin
 noblacklist /usr/sbin
 
-blacklist /tmp/.X11-unix
-
 include disable-common.inc
 # include disable-devel.inc
 include disable-exec.inc
@@ -36,6 +34,7 @@ novideo
 seccomp
 shell none
 tracelog
+x11 none
 
 private-cache
 private-dev
-- 
cgit v1.2.3-54-g00ecf