diff --git a/README.md b/README.md
index e333df314..374d6f456 100644
--- a/README.md
+++ b/README.md
@@ -175,4 +175,5 @@ Run ./profstats -h for help.
 
 ### New profiles:
 
-gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal, gnome-screenshot
+gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal,
+gnome-screenshot, ripperX, sound-juicer
diff --git a/etc/asunder.profile b/etc/asunder.profile
index 1f3acd735..fceac7cf9 100644
--- a/etc/asunder.profile
+++ b/etc/asunder.profile
@@ -20,21 +20,25 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
 apparmor
 caps.drop all
 netfilter
+no3d
 nodbus
 # nogroups
 nonewprivs
 noroot
 nou2f
+notv
 novideo
 protocol unix,inet,inet6
 seccomp
 shell none
 
+private-cache
 private-dev
 private-tmp
 
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 0786ba7d2..b54c1cce3 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -305,6 +305,7 @@ blacklist ${HOME}/.config/slimjet
 blacklist ${HOME}/.config/smplayer
 blacklist ${HOME}/.config/smtube
 blacklist ${HOME}/.config/snox
+blacklist ${HOME}/.config/sound-juicer
 blacklist ${HOME}/.config/specialmailcollectionsrc
 blacklist ${HOME}/.config/spotify
 blacklist ${HOME}/.config/sqlitebrowser
@@ -650,6 +651,7 @@ blacklist ${HOME}/.remmina
 blacklist ${HOME}/.repo_.gitconfig.json
 blacklist ${HOME}/.repoconfig
 blacklist ${HOME}/.retroshare
+blacklist ${HOME}/.ripperXrc
 blacklist ${HOME}/.scorched3d
 blacklist ${HOME}/.scribus
 blacklist ${HOME}/.scribusrc
diff --git a/etc/ripperx.profile b/etc/ripperx.profile
new file mode 100644
index 000000000..b572aa1b4
--- /dev/null
+++ b/etc/ripperx.profile
@@ -0,0 +1,41 @@
+# Firejail profile for mpv
+# Description: Graphical audio CD ripper and encoder
+# This file is overwritten after every install/update
+# Persistent local customizations
+include ripperx.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.ripperXrc
+noblacklist ${MUSIC}
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+netfilter
+no3d
+nodbus
+nogroups
+nonewprivs
+noroot
+nou2f
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+
+private-cache
+private-dev
+private-tmp
diff --git a/etc/sound-juicer.profile b/etc/sound-juicer.profile
new file mode 100644
index 000000000..ebd321573
--- /dev/null
+++ b/etc/sound-juicer.profile
@@ -0,0 +1,41 @@
+# Firejail profile for mpv
+# Description: Graphical audio CD ripper and encoder
+# This file is overwritten after every install/update
+# Persistent local customizations
+include sound-juicer.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/sound-juicer
+noblacklist ${MUSIC}
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+netfilter
+no3d
+#nodbus
+nogroups
+nonewprivs
+noroot
+nosound
+nou2f
+notv
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+tracelog
+
+private-cache
+private-dev
+private-tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index c2401ee32..2798605d5 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -552,6 +552,7 @@ rhythmbox-client
 ricochet
 riot-desktop
 riot-web
+ripperx
 ristretto
 rocketchat
 rtorrent
@@ -584,6 +585,7 @@ smtube
 snox
 soffice
 sol
+sound-juicer
 soundconverter
 spotify
 sqlitebrowser