From c62e7c77986f232e3bf6d6e765d013f302f736a3 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Fri, 12 May 2017 11:12:17 -0400
Subject: automatic X server sandboxing for --x11=xpra and --x11=xephyr

---
 etc/Xephyr.profile | 6 ++----
 etc/Xvfb.profile   | 2 +-
 etc/xpra.profile   | 8 +++-----
 3 files changed, 6 insertions(+), 10 deletions(-)

(limited to 'etc')

diff --git a/etc/Xephyr.profile b/etc/Xephyr.profile
index 362318bb1..d3349f7f7 100644
--- a/etc/Xephyr.profile
+++ b/etc/Xephyr.profile
@@ -4,13 +4,11 @@ include /etc/firejail/Xephyr.local
 
 #
 # This profile will sandbox Xephyr server itself when used with firejail --x11=xephyr.
-# The target program is sandboxed with its own profile. By default the this functionality
-# is disabled. To enable it, create a firejail-Xephyr  symlink in /usr/local/bin:
+# To enable it, create a firejail-Xephyr  symlink in /usr/local/bin:
 #
 #    $ sudo ln -s /usr/bin/firejail /usr/local/bin/Xephyr
 #
-# We have this functionality disabled by default because it creates problems on
-# some Linux distributions.
+# or run "sudo firecfg"
 #
 
 
diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile
index 9c919f432..0cf9b7e1c 100644
--- a/etc/Xvfb.profile
+++ b/etc/Xvfb.profile
@@ -10,7 +10,7 @@ include /etc/firejail/xvfb.local
 #    $ sudo ln -s /usr/bin/firejail /usr/local/bin/Xvfb
 #
 # We have this functionality disabled by default because it creates problems on
-# some Linux distributions.
+# some Linux distributions. Also, older versions of Xpra use Xvfb.
 #
 
 
diff --git a/etc/xpra.profile b/etc/xpra.profile
index f4f28f9de..11bfec7eb 100644
--- a/etc/xpra.profile
+++ b/etc/xpra.profile
@@ -5,14 +5,11 @@ include /etc/firejail/xpra.local
 
 #
 # This profile will sandbox Xpra server itself when used with firejail --x11=xpra.
-# The target program is sandboxed with its own profile. By default the this functionality
-# is disabled. To enable it, create a firejail-xpra  symlink in /usr/local/bin:
+# To enable it, create a firejail-xpra  symlink in /usr/local/bin:
 #
 #    $ sudo ln -s /usr/bin/firejail /usr/local/bin/xpra
 #
-# We have this functionality disabled by default because it creates problems on
-# some Linux distributions.
-#
+# or run "sudo firecfg"
 
 # private home directory doesn't work on some distros, so we go for a regular home
 #private
@@ -36,6 +33,7 @@ protocol unix
 
 private-dev
 private-tmp
+# older Xpra versions also use Xvfb
 #private-bin xpra,python,Xvfb,Xorg,sh,xkbcomp,xauth,dbus-launch,pactl,ldconfig,which,strace,bash,cat,ls
 #private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname,machine-id,xpra,X11
 
-- 
cgit v1.2.3-54-g00ecf