From b59225f5d987d0467c659b0b5c0630009d519e98 Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Tue, 18 Jun 2019 18:52:18 +0200
Subject: use 'x11 none' option

... instead of just blacklisting the X11 socket.

Systematically added to all profiles with 'net none' and
'blacklist /tmp/.X11-unix', and a few more
---
 etc/exiftool.profile | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'etc/exiftool.profile')

diff --git a/etc/exiftool.profile b/etc/exiftool.profile
index 52e090b89..e76a4ca4c 100644
--- a/etc/exiftool.profile
+++ b/etc/exiftool.profile
@@ -9,8 +9,6 @@ include globals.local
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
 
-blacklist /tmp/.X11-unix
-
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -37,6 +35,7 @@ protocol unix
 seccomp
 shell none
 tracelog
+x11 none
 
 # To support exiftool in private-bin on Arch Linux (and derivatives), symlink /usr/bin/vendor_perl/exiftool to /usr/bin/exiftool and uncomment the below.
 # Users on non-Arch Linux distributions can safely uncomment (or put in exiftool.local) the line below to enable extra hardening.
-- 
cgit v1.2.3-70-g09d2