From 605453cb75120ca456e655ab15670ab7beed7fca Mon Sep 17 00:00:00 2001
From: SYN-cook <syncookongit@gmail.com>
Date: Sun, 9 Apr 2017 16:32:22 +0200
Subject: improve x11 isolation

taken from tracker.profile
---
 etc/baloo_file.profile | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'etc')

diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile
index 6696cbad2..d9c37911b 100644
--- a/etc/baloo_file.profile
+++ b/etc/baloo_file.profile
@@ -23,10 +23,8 @@ protocol unix
 # Baloo makes ioprio_set system calls, which are blacklisted by default.
 # That's why we need to disable seccomp
 #seccomp
-# The Baloo file daemon can be isolated from X11. If there is an X11
-# abstract Unix socket, it must be disabled first by passing "-nolisten local"
-# to the X server. See the Firejail manual for further instructions
-#x11 none
+
+blacklist /tmp/.X11-unix
 
 private-dev
 private-tmp
-- 
cgit v1.2.3-54-g00ecf