From e76037947da2fd60b3e54b88e191ad6fc768829b Mon Sep 17 00:00:00 2001
From: SYN-cook <syncookongit@gmail.com>
Date: Sun, 9 Apr 2017 15:45:35 +0200
Subject: add x11 isolation

---
 etc/baloo_file.profile | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'etc')

diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile
index 1acb5def2..6696cbad2 100644
--- a/etc/baloo_file.profile
+++ b/etc/baloo_file.profile
@@ -20,9 +20,13 @@ nonewprivs
 noroot
 nosound
 protocol unix
-# Baloo makes ioprio_set system calls, which are blacklisted by default. 
+# Baloo makes ioprio_set system calls, which are blacklisted by default.
 # That's why we need to disable seccomp
 #seccomp
+# The Baloo file daemon can be isolated from X11. If there is an X11
+# abstract Unix socket, it must be disabled first by passing "-nolisten local"
+# to the X server. See the Firejail manual for further instructions
+#x11 none
 
 private-dev
 private-tmp
-- 
cgit v1.2.3-54-g00ecf