Unify all profiles

2026-05-21 06:45:29 -06:00 · 2017-08-07 01:22:08 -04:00 · 2017-08-07 01:22:08 -04:00 · 9e3ba319be
commit 9e3ba319be
parent 20fbc19e57
332 changed files with 3230 additions and 3639 deletions
--- a/etc/0ad.profile
+++ b/etc/0ad.profile
@ -1,28 +1,26 @@
-# Persistent global definitions go here
+# Firejail profile for 0ad
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/0ad.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/0ad.local
 # Firejail profile for 0ad.
 noblacklist ~/.cache/0ad
 noblacklist ~/.config/0ad
 noblacklist ~/.local/share/0ad
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 # Whitelists
 mkdir ~/.config/0ad
 whitelist ~/.config/0ad
 mkdir ~/.local/share/0ad
 whitelist ~/.local/share/0ad
 mkdir ~/.cache/0ad
 mkdir ~/.config/0ad
 mkdir ~/.local/share/0ad
 whitelist ~/.cache/0ad
 whitelist ~/.config/0ad
 whitelist ~/.local/share/0ad
 include /etc/firejail/whitelist-common.inc
 caps.drop all
 netfilter
@ -35,9 +33,9 @@ seccomp
 shell none
 tracelog
 disable-mnt
 private-dev
 private-tmp
 disable-mnt
 noexec ${HOME}
 noexec /tmp
--- a/etc/2048-qt.profile
+++ b/etc/2048-qt.profile
@ -1,20 +1,19 @@
-# Persistent global definitions go here
+# Firejail profile for 2048-qt
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/2048-qt.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/2048-qt.local
 noblacklist ~/.config/xiaoyong
 noblacklist ~/.config/2048-qt
 noblacklist ~/.config/xiaoyong
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 #ipc-namespace
 netfilter
 nogroups
 nonewprivs
@ -25,9 +24,9 @@ protocol unix
 seccomp
 shell none
 disable-mnt
 private-dev
 private-tmp
 disable-mnt
 noexec ${HOME}
 noexec /tmp
--- a/etc/7z.profile
+++ b/etc/7z.profile
@ -1,23 +1,22 @@
 # Firejail profile for 7z
 # This file is overwritten after every install/update
 quiet
-# Persistent global definitions go here
+# Persistent local customizations
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/7z.local
-
+# Persistent global definitions
-# 7zip crompression tool profile
+include /etc/firejail/globals.local
 ignore noroot
 include /etc/firejail/default.profile
 blacklist /tmp/.X11-unix
-tracelog
+ignore noroot
 net none
 no3d
 nosound
 nosound
 novideo
 shell none
 tracelog
 private-dev
-nosound
+
-no3d
+include /etc/firejail/default.profile
--- a/etc/Cryptocat.profile
+++ b/etc/Cryptocat.profile
@ -1,17 +1,16 @@
-# Persistent global definitions go here
+# Firejail profile for Cryptocat
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/Cryptocat.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/Cryptocat.local
 # Firejail profile for Cryptocat
 noblacklist ${HOME}/.config/Cryptocat
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
--- a/etc/Cyberfox.profile
+++ b/etc/Cyberfox.profile
@ -1,10 +1,5 @@
-# Persistent global definitions go here
+# Firejail profile alias for cyberfox
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/Cyberfox.local
 # Firejail profile for Cyberfox (based on Mozilla Firefox)
 include /etc/firejail/cyberfox.profile
--- a/etc/FossaMail.profile
+++ b/etc/FossaMail.profile
@ -1,9 +1,5 @@
-# Persistent global definitions go here
+# Firejail profile alias for fossamail
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/FossaMail.local
 # Firejail profile for FossaMail
 include /etc/firejail/fossamail.profile
--- a/etc/Mathematica.profile
+++ b/etc/Mathematica.profile
@ -1,26 +1,25 @@
-# Persistent global definitions go here
+# Firejail profile for Mathematica
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/Mathematica.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/Mathematica.local
 # Mathematica profile
 noblacklist ${HOME}/.Mathematica
 noblacklist ${HOME}/.Wolfram Research
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 mkdir ~/.Mathematica
 whitelist ~/.Mathematica
 mkdir ~/.Wolfram Research
 whitelist ~/.Mathematica
 whitelist ~/.Wolfram Research
 whitelist ~/Documents/Wolfram Mathematica
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 nonewprivs
 noroot
--- a/etc/Telegram.profile
+++ b/etc/Telegram.profile
@ -1,9 +1,5 @@
-# Persistent global definitions go here
+# Firejail profile alias for telegram
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/Telegram.local
 # Telegram profile
 include /etc/firejail/telegram.profile
--- a/etc/Thunar.profile
+++ b/etc/Thunar.profile
@ -1,19 +1,18 @@
-# Persistent global definitions go here
+# Firejail profile for Thunar
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/Thunar.local
 # Persistent global definitions
 include /etc/firejail/globals.local
-# This file is overwritten during software install.
+noblacklist ${HOME}/.local/share/Trash
 # Persistent customizations should go in a .local file.
 include /etc/firejail/Thunar.local
 # Firejail profile for thunar
 noblacklist ~/.config/Thunar
 noblacklist ~/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
 noblacklist ${HOME}/.local/share/Trash
 include /etc/firejail/disable-common.inc
 #include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 # include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
--- a/etc/VirtualBox.profile
+++ b/etc/VirtualBox.profile
@ -1,8 +1,5 @@
-# Persistent global definitions go here
+# Firejail profile alias for virtualbox
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/VirtualBox.local
 include /etc/firejail/virtualbox.profile
--- a/etc/Wire.profile
+++ b/etc/Wire.profile
@ -1,10 +1,5 @@
-# Persistent global definitions go here
+# Firejail profile alias for wire
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/Wire.local
 # wire messenger profile
 include /etc/firejail/wire.profile
--- a/etc/abrowser.profile
+++ b/etc/abrowser.profile
@ -1,17 +1,39 @@
-# Persistent global definitions go here
+# Firejail profile for abrowser
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/abrowser.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/abrowser.local
 # Firejail profile for Abrowser
 noblacklist ~/.mozilla
 noblacklist ~/.cache/mozilla
 noblacklist ~/.mozilla
 noblacklist ~/.pki
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 mkdir ~/.cache/mozilla/abrowser
 mkdir ~/.mozilla
 whitelist ${DOWNLOADS}
 whitelist ~/.cache/gnome-mplayer/plugin
 whitelist ~/.cache/mozilla/abrowser
 whitelist ~/.config/gnome-mplayer
 whitelist ~/.config/pipelight-silverlight5.1
 whitelist ~/.config/pipelight-widevine
 whitelist ~/.keysnail.js
 whitelist ~/.lastpass
 whitelist ~/.mozilla
 whitelist ~/.pentadactyl
 whitelist ~/.pentadactylrc
 whitelist ~/.pki
 whitelist ~/.vimperator
 whitelist ~/.vimperatorrc
 whitelist ~/.wine-pipelight
 whitelist ~/.wine-pipelight64
 whitelist ~/.zotero
 whitelist ~/dwhelper
 include /etc/firejail/whitelist-common.inc
 caps.drop all
 netfilter
@ -21,30 +43,4 @@ protocol unix,inet,inet6,netlink
 seccomp
 tracelog
-whitelist ${DOWNLOADS}
+# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
 mkdir ~/.mozilla
 whitelist ~/.mozilla
 mkdir ~/.cache/mozilla/abrowser
 whitelist ~/.cache/mozilla/abrowser
 whitelist ~/dwhelper
 whitelist ~/.zotero
 whitelist ~/.vimperatorrc
 whitelist ~/.vimperator
 whitelist ~/.pentadactylrc
 whitelist ~/.pentadactyl
 whitelist ~/.keysnail.js
 whitelist ~/.config/gnome-mplayer
 whitelist ~/.cache/gnome-mplayer/plugin
 whitelist ~/.pki
 whitelist ~/.lastpass
 # silverlight
 whitelist ~/.wine-pipelight
 whitelist ~/.wine-pipelight64
 whitelist ~/.config/pipelight-widevine
 whitelist ~/.config/pipelight-silverlight5.1
 include /etc/firejail/whitelist-common.inc
 # experimental features
 #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
--- a/etc/akregator.profile
+++ b/etc/akregator.profile
@ -1,34 +1,35 @@
-# Persistent global definitions go here
+# Firejail profile for akregator
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
-
+# Persistent local customizations
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/akregator.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/akregatorrc
 noblacklist ${HOME}/.local/share/akregator
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 #ipc-namespace
 netfilter
 no3d
 nogroups
 nonewprivs
 noroot
 #nosound
 novideo
 protocol unix,inet,inet6
 seccomp
 shell none
 disable-mnt
 private-dev
 private-tmp
 disable-mnt
 noexec ${HOME}
 noexec /tmp
 # CLOBBERED COMMENTS
 # nosound
--- a/etc/amarok.profile
+++ b/etc/amarok.profile
@ -1,26 +1,28 @@
-# Persistent global definitions go here
+# Firejail profile for amarok
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/amarok.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/amarok.local
 # amarok profile
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
 nogroups
 nonewprivs
 noroot
 shell none
 #seccomp
 protocol unix,inet,inet6
 shell none
-#private-bin amarok
+# private-bin amarok
 private-dev
 # private-etc none
 private-tmp
-#private-etc none
+
 # CLOBBERED COMMENTS
 # seccomp
--- a/etc/android-studio.profile
+++ b/etc/android-studio.profile
@ -1,11 +1,9 @@
-# Persistent global definitions go here
+# Firejail profile for android-studio
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
-
+# Persistent local customizations
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/android-studio.local
-
+# Persistent global definitions
-# Firejail profile for Android Studio
+include /etc/firejail/globals.local
 noblacklist ${HOME}/.AndroidStudio*
 noblacklist ${HOME}/.android
@ -25,13 +23,15 @@ netfilter
 nogroups
 nonewprivs
 noroot
 #nosound
 novideo
 protocol unix,inet,inet6
 seccomp
 shell none
 private-dev
-#private-tmp
+# private-tmp
 noexec /tmp
 # CLOBBERED COMMENTS
 # nosound
--- a/etc/apktool.profile
+++ b/etc/apktool.profile
@ -1,12 +1,12 @@
 # Firejail profile for apktool
 # This file is overwritten after every install/update
 quiet
-# Persistent global definitions go here
+# Persistent local customizations
 include /etc/firejail/apktool.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/apktool.local
 # Firejail profile for apktool
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
--- a/etc/arduino.profile
+++ b/etc/arduino.profile
@ -1,22 +1,20 @@
-# Persistent global definitions go here
+# Firejail profile for arduino
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/arduino.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/arduino.local
 # Firejail profile for arduino
 noblacklist ${HOME}/.arduino15
 noblacklist ${HOME}/Arduino
 noblacklist ${HOME}/.java
 noblacklist ${HOME}/Arduino
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 #ipc-namespace
 netfilter
 no3d
 nogroups
--- a/etc/ark.profile
+++ b/etc/ark.profile
@ -1,17 +1,16 @@
-# Persistent global definitions go here
+# Firejail profile for ark
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/ark.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/ark.local
 # ark profile
 noblacklist ~/.config/arkrc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
@ -19,11 +18,11 @@ nogroups
 nonewprivs
 noroot
 nosound
 shell none
 seccomp
 protocol unix
 seccomp
 shell none
 # private-bin
 private-dev
 private-tmp
 # private-etc
 private-tmp
--- a/etc/arm.profile
+++ b/etc/arm.profile
@ -1,11 +1,9 @@
 # Persistent global definitions go here
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/arm.local
 # Firejail profile for arm
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/arm.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.arm
@ -33,7 +31,7 @@ shell none
 tracelog
 disable-mnt
-#private-bin arm,tor,sh,python2,python2.7,ps,lsof,ldconfig
+# private-bin arm,tor,sh,python2,python2.7,ps,lsof,ldconfig
 private-dev
 private-etc tor,passwd
 private-tmp
--- a/etc/atom-beta.profile
+++ b/etc/atom-beta.profile
@ -1,17 +1,16 @@
-# Persistent global definitions go here
+# Firejail profile for atom-beta
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/atom-beta.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/atom-beta.local
 # Firejail profile for Atom Beta.
 noblacklist ~/.atom
 noblacklist ~/.config/Atom
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
--- a/etc/atom.profile
+++ b/etc/atom.profile
@ -1,17 +1,16 @@
-# Persistent global definitions go here
+# Firejail profile for atom
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/atom.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/atom.local
 # Firejail profile for Atom.
 noblacklist ~/.atom
 noblacklist ~/.config/Atom
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
--- a/etc/atool.profile
+++ b/etc/atool.profile
@ -1,18 +1,20 @@
-# Persistent global definitions go here
+# Firejail profile for atool
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/atool.local
 # Persistent global definitions
 include /etc/firejail/globals.local
-# This file is overwritten during software install.
+blacklist /tmp/.X11-unix
 # Persistent customizations should go in a .local file.
 include /etc/firejail/atool.local
 # atool profile
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 # include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
 no3d
 nogroups
 nonewprivs
 noroot
@ -20,13 +22,10 @@ nosound
 novideo
 protocol unix
 seccomp
 no3d
 shell none
 tracelog
 blacklist /tmp/.X11-unix
 # private-bin atool
 private-tmp
 private-dev
 private-etc none
 private-tmp
--- a/etc/atril.profile
+++ b/etc/atril.profile
@ -1,17 +1,17 @@
-# Persistent global definitions go here
+# Firejail profile for atril
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/atril.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/atril.local
 # Atril profile
 noblacklist ~/.config/atril
 noblacklist ~/.local/share
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 nogroups
--- a/etc/audacious.profile
+++ b/etc/audacious.profile
@ -1,17 +1,17 @@
-# Persistent global definitions go here
+# Firejail profile for audacious
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/audacious.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/audacious.local
 # Audacious media player profile
 noblacklist ~/.config/audacious
 noblacklist ~/.config/Audaciousrc
 noblacklist ~/.config/audacious
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
--- a/etc/audacity.profile
+++ b/etc/audacity.profile
@ -1,11 +1,10 @@
-# Persistent global definitions go here
+# Firejail profile for audacity
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/audacity.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/audacity.local
 # Audacity profile
 noblacklist ~/.audacity-data
 include /etc/firejail/disable-common.inc
@ -14,7 +13,6 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 #ipc-namespace
 net none
 no3d
 nogroups
--- a/etc/aweather.profile
+++ b/etc/aweather.profile
@ -1,20 +1,20 @@
-# Persistent global definitions go here
+# Firejail profile for aweather
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/aweather.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/aweather.local
 # Firejail profile for aweather.
 noblacklist ~/.config/aweather
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 # Whitelist
 mkdir ~/.config/aweather
 whitelist ~/.config/aweather
 include /etc/firejail/whitelist-common.inc
 caps.drop all
 netfilter
--- a/etc/baobab.profile
+++ b/etc/baobab.profile
@ -1,15 +1,15 @@
-# Persistent global definitions go here
+# Firejail profile for baobab
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/baobab.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/baobab.local
 # Firejail profile for Baobab
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
-#include /etc/firejail/disable-programs.inc
+# include /etc/firejail/disable-programs.inc
 caps.drop all
 net none
--- a/etc/bibletime.profile
+++ b/etc/bibletime.profile
@ -1,11 +1,13 @@
-# Persistent global definitions go here
+# Firejail profile for bibletime
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/bibletime.local
 # Persistent global definitions
 include /etc/firejail/globals.local
-# This file is overwritten during software install.
+blacklist ~/.Xauthority
-# Persistent customizations should go in a .local file.
+blacklist ~/.bashrc
 include /etc/firejail/bibletime.local
 # Firejail profile for BibleTime
 noblacklist ~/.bibletime
 noblacklist ~/.config/qt5ct
 noblacklist ~/.sword
@ -15,13 +17,10 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 blacklist ~/.bashrc
 blacklist ~/.Xauthority
 whitelist ${HOME}/.bibletime
 whitelist ${HOME}/.config/qt5ct
 whitelist ${HOME}/.sword
-
+include /etc/firejail/whitelist-common.inc
 caps.drop all
 netfilter
@ -35,7 +34,7 @@ seccomp
 shell none
 tracelog
-#private-bin bibletime,qt5ct
+# private-bin bibletime,qt5ct
 private-etc fonts,resolv.conf,sword,sword.conf,passwd
 private-dev
 private-etc fonts,resolv.conf,sword,sword.conf,passwd
 private-tmp
--- a/etc/bitlbee.profile
+++ b/etc/bitlbee.profile
@ -1,13 +1,13 @@
-# Persistent global definitions go here
+# Firejail profile for bitlbee
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/bitlbee.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/bitlbee.local
 # BitlBee instant messaging profile
 noblacklist /sbin
 noblacklist /usr/sbin
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
@ -16,16 +16,16 @@ include /etc/firejail/disable-programs.inc
 netfilter
 no3d
 nonewprivs
 private
 private-dev
 protocol unix,inet,inet6
 seccomp
 nosound
 novideo
-read-write /var/lib/bitlbee
+protocol unix,inet,inet6
 seccomp
 disable-mnt
 private
 private-dev
 private-dev
 private-tmp
-disable-mnt
+read-write /var/lib/bitlbee
 noexec /tmp
--- a/etc/bleachbit.profile
+++ b/etc/bleachbit.profile
@ -1,18 +1,17 @@
-# Persistent global definitions go here
+# Firejail profile for bleachbit
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/bleachbit.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/bleachbit.local
 # bleachbit profile
 include /etc/firejail/disable-common.inc
 # include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 # include /etc/firejail/disable-programs.inc
 caps.drop all
 #ipc-namespace
 net none
 no3d
 nogroups
@ -26,8 +25,8 @@ shell none
 # private-bin
 # private-dev
 # private-tmp
 # private-etc
 # private-tmp
 memory-deny-write-execute
 noexec ${HOME}
--- a/etc/blender.profile
+++ b/etc/blender.profile
@ -1,15 +1,16 @@
-# Persistent global definitions go here
+# Firejail profile for blender
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/blender.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/blender.local
 noblacklist ~/.config/blender
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
--- a/etc/bless.profile
+++ b/etc/bless.profile
@ -1,26 +1,18 @@
-# Persistent global definitions go here
+# Firejail profile for bless
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/bless.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/bless.local
 #
 #Profile for bless
 #
 #No Blacklist Paths
 noblacklist ${HOME}/.config/bless
 #Blacklist Paths
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 #Options
 caps.drop all
 #ipc-namespace
 net none
 no3d
 nogroups
--- a/etc/brasero.profile
+++ b/etc/brasero.profile
@ -1,20 +1,18 @@
-# Persistent global definitions go here
+# Firejail profile for brasero
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/brasero.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/brasero.local
 # brasero profile
 noblacklist ~/.config/brasero
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 #ipc-namespace
 nogroups
 nonewprivs
 noroot
--- a/etc/caja.profile
+++ b/etc/caja.profile
@ -1,24 +1,18 @@
-# Persistent global definitions go here
+# Firejail profile for caja
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/caja.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/caja.local
 # Caja profile for Firejail
 # Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there
 # is already a caja process running on MATE desktops firejail will have no effect.
 noblacklist ~/.config/caja
 noblacklist ~/.local/share/caja-python
 noblacklist ~/.local/share/Trash
 noblacklist ~/.local/share/caja-python
 include /etc/firejail/disable-common.inc
 # caja needs to be able to start arbitrary applications so we cannot blacklist their files
 #include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 # include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
@ -31,6 +25,11 @@ shell none
 tracelog
 # private-bin caja
 # private-tmp
 # private-dev
 # private-etc fonts
 # private-tmp
 # CLOBBERED COMMENTS
 # Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there
 # caja needs to be able to start arbitrary applications so we cannot blacklist their files
 # is already a caja process running on MATE desktops firejail will have no effect.
--- a/etc/calibre.profile
+++ b/etc/calibre.profile
@ -1,20 +1,19 @@
-# Persistent global definitions go here
+# Firejail profile for calibre
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/calibre.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/calibre.local
 noblacklist ~/.config/calibre
 noblacklist ~/.cache/calibre
 noblacklist ~/.config/calibre
 include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-programs.inc
+# include /etc/firejail/disable-devel.inc
 #include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 #ipc-namespace
 netfilter
 no3d
 nogroups
@ -27,7 +26,7 @@ seccomp
 shell none
 tracelog
-#private-bin
+# private-bin
 private-dev
 private-tmp
--- a/etc/catfish.profile
+++ b/etc/catfish.profile
@ -1,15 +1,12 @@
-# Persistent global definitions go here
+# Firejail profile for catfish
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/catfish.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/catfish.local
 # Firejail profile for catfish
 noblacklist ~/.config/catfish
 # We can't blacklist much since catfish
 # is for finding files/content
 include /etc/firejail/disable-devel.inc
 caps.drop all
@ -25,8 +22,12 @@ seccomp
 shell none
 tracelog
 # private-bin bash,catfish,env,locate,ls,mlocate,python,python2,python2.7,python3,python3.5,python3.5m,python3m
 # private-dev
 # private-tmp
 # CLOBBERED COMMENTS
 # These options work but are disabled in case
 # We can't blacklist much since catfish
 # a users wants to search in these directories.
-#private-bin bash,catfish,env,locate,ls,mlocate,python,python2,python2.7,python3,python3.5,python3.5m,python3m
+# is for finding files/content
 #private-dev
 #private-tmp
--- a/etc/cherrytree.profile
+++ b/etc/cherrytree.profile
@ -1,22 +1,20 @@
-# Persistent global definitions go here
+# Firejail profile for cherrytree
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/cherrytree.local
 # Persistent global definitions
 include /etc/firejail/globals.local
-# This file is overwritten during software install.
+noblacklist ${HOME}/.config/cherrytree
 # Persistent customizations should go in a .local file.
 include /etc/firejail/cherrytree.local
 # cherrytree note taking application
 noblacklist /usr/bin/python2*
 noblacklist /usr/lib/python3*
 noblacklist ${HOME}/.config/cherrytree
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 #ipc-namespace
 netfilter
 no3d
 nogroups
@ -34,3 +32,6 @@ private-tmp
 noexec ${HOME}
 noexec /tmp
 # CLOBBERED COMMENTS
 # cherrytree note taking application
--- a/etc/chromium-browser.profile
+++ b/etc/chromium-browser.profile
@ -1,9 +1,5 @@
-# Persistent global definitions go here
+# Firejail profile alias for chromium
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/chromium-browser.local
 # Chromium browser profile
 include /etc/firejail/chromium.profile
--- a/etc/chromium.profile
+++ b/etc/chromium.profile
@ -1,41 +1,41 @@
-# Persistent global definitions go here
+# Firejail profile for chromium
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/chromium.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/chromium.local
 # Chromium browser profile
 noblacklist ~/.config/chromium
 noblacklist ~/.cache/chromium
-noblacklist ~/.pki
+noblacklist ~/.config/chromium
 # specific to Arch
 noblacklist ~/.config/chromium-flags.conf
 noblacklist ~/.pki
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 # chromium is distributed with a perl script on Arch
 # include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 whitelist ${DOWNLOADS}
 mkdir ~/.config/chromium
 whitelist ~/.config/chromium
 mkdir ~/.cache/chromium
-whitelist ~/.cache/chromium
+mkdir ~/.config/chromium
 mkdir ~/.pki
-whitelist ~/.pki
+whitelist ${DOWNLOADS}
 whitelist ~/.cache/chromium
 whitelist ~/.config/chromium
 whitelist ~/.config/chromium-flags.conf
-
+whitelist ~/.pki
 include /etc/firejail/whitelist-common.inc
 caps.keep sys_chroot,sys_admin
 #ipc-namespace
 netfilter
 nogroups
 shell none
 private-dev
-#private-tmp - problems with multiple browser sessions
+# private-tmp - problems with multiple browser sessions
 #disable-mnt
 noexec ${HOME}
 noexec /tmp
 # CLOBBERED COMMENTS
 # chromium is distributed with a perl script on Arch
 # disable-mnt
 # specific to Arch
--- a/etc/claws-mail.profile
+++ b/etc/claws-mail.profile
@ -1,25 +1,24 @@
-# Persistent global definitions go here
+# Firejail profile for claws-mail
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/claws-mail.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/claws-mail.local
 # claws-mail profile
 noblacklist ~/.claws-mail
 noblacklist ~/.signature
 noblacklist ~/.gnupg
 noblacklist ~/.signature
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
 nogroups
 nonewprivs
 noroot
 nogroups
 nosound
 protocol unix,inet,inet6
 seccomp
--- a/etc/clementine.profile
+++ b/etc/clementine.profile
@ -1,20 +1,22 @@
-# Persistent global definitions go here
+# Firejail profile for clementine
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/clementine.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/clementine.local
 # Clementine media player profile
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 nonewprivs
 noroot
 novideo
 protocol unix,inet,inet6
 # Clementine makes ioprio_set system calls, which are blacklisted by default.
 seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,name_to_handle_at,open_by_handle_at,create_module,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,chroot,tuxcall,reboot,mfsservctl,get_kernel_syms,bpf,clock_settime,personality,process_vm_writev,query_module,settimeofday,stime,umount,userfaultfd,ustat,vm86,vm86old
 # CLOBBERED COMMENTS
 # Clementine makes ioprio_set system calls, which are blacklisted by default.
--- a/etc/clipit.profile
+++ b/etc/clipit.profile
@ -1,16 +1,17 @@
-# Persistent global definitions go here
+# Firejail profile for clipit
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/clipit.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/clipit.local
 noblacklist ${HOME}/.local/share/clipit
 noblacklist ${HOME}/.config/clipit
 noblacklist ${HOME}/.local/share/clipit
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
@ -24,9 +25,9 @@ protocol unix
 seccomp
 shell none
 disable-mnt
 private-dev
 private-tmp
 disable-mnt
 noexec ${HOME}
 noexec /tmp
--- a/etc/cmus.profile
+++ b/etc/cmus.profile
@ -1,17 +1,16 @@
-# Persistent global definitions go here
+# Firejail profile for cmus
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/cmus.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/cmus.local
 # cmus profile
 noblacklist ${HOME}/.config/cmus
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
@ -19,7 +18,7 @@ nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
 shell none
 private-bin cmus
 private-etc group
 shell none
--- a/etc/conkeror.profile
+++ b/etc/conkeror.profile
@ -1,31 +1,31 @@
-# Persistent global definitions go here
+# Firejail profile for conkeror
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/conkeror.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/conkeror.local
 # Firejail profile for Conkeror web browser profile
 noblacklist ${HOME}/.conkeror.mozdev.org
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 whitelist ~/.conkeror.mozdev.org
 whitelist ~/.conkerorrc
 whitelist ~/.gtkrc-2.0
 whitelist ~/.lastpass
 whitelist ~/.pentadactyl
 whitelist ~/.pentadactylrc
 whitelist ~/.vimperator
 whitelist ~/.vimperatorrc
 whitelist ~/.zotero
 whitelist ~/Downloads
 whitelist ~/dwhelper
 include /etc/firejail/whitelist-common.inc
 caps.drop all
 netfilter
 nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
 whitelist ~/.conkeror.mozdev.org
 whitelist ~/Downloads
 whitelist ~/dwhelper
 whitelist ~/.zotero
 whitelist ~/.lastpass
 whitelist ~/.gtkrc-2.0
 whitelist ~/.vimperatorrc
 whitelist ~/.vimperator
 whitelist ~/.pentadactylrc
 whitelist ~/.pentadactyl
 whitelist ~/.conkerorrc
 include /etc/firejail/whitelist-common.inc
--- a/etc/corebird.profile
+++ b/etc/corebird.profile
@ -1,15 +1,15 @@
-# Persistent global definitions go here
+# Firejail profile for corebird
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/corebird.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/corebird.local
 # Firejail corebird profile
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
--- a/etc/cpio.profile
+++ b/etc/cpio.profile
@ -1,28 +1,31 @@
 # Firejail profile for cpio
 # This file is overwritten after every install/update
 quiet
-# Persistent global definitions go here
+# Persistent local customizations
 include /etc/firejail/cpio.local
 # Persistent global definitions
 include /etc/firejail/globals.local
-# This file is overwritten during software install.
+blacklist /tmp/.X11-unix
 # Persistent customizations should go in a .local file.
 include /etc/firejail/cpio.local
 # cpio profile
 # /sbin and /usr/sbin are visible inside the sandbox
 # /boot is not visible and /var is heavily modified
 noblacklist /sbin
 noblacklist /usr/sbin
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
-private-dev
+include /etc/firejail/disable-common.inc
-seccomp
+include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 net none
 net none
 no3d
 nosound
 seccomp
 shell none
 tracelog
 net none
 nosound
 no3d
-blacklist /tmp/.X11-unix
+private-dev
 # CLOBBERED COMMENTS
 # /boot is not visible and /var is heavily modified
 # /sbin and /usr/sbin are visible inside the sandbox
--- a/etc/cryptocat.profile
+++ b/etc/cryptocat.profile
@ -1,8 +1,5 @@
-# Persistent global definitions go here
+# Firejail profile alias for Cryptocat
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/cryptocat.local
 include /etc/Cryptocat.profile
--- a/etc/curl.profile
+++ b/etc/curl.profile
@ -1,19 +1,20 @@
 # Firejail profile for curl
 # This file is overwritten after every install/update
 quiet
-# Persistent global definitions go here
+# Persistent local customizations
 include /etc/firejail/curl.local
 # Persistent global definitions
 include /etc/firejail/globals.local
-# This file is overwritten during software install.
+blacklist /tmp/.X11-unix
 # Persistent customizations should go in a .local file.
 include /etc/firejail/curl.local
 # curl profile
 noblacklist ~/.curlrc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 #ipc-namespace
 netfilter
 no3d
 nogroups
@ -24,8 +25,6 @@ protocol unix,inet,inet6
 seccomp
 shell none
 blacklist /tmp/.X11-unix
 # private-bin curl
 private-dev
 # private-etc resolv.conf
--- a/etc/cvlc.profile
+++ b/etc/cvlc.profile
@ -1,17 +1,16 @@
-# Persistent global definitions go here
+# Firejail profile for cvlc
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/cvlc.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/vlc.local
 # Firejail profile for CVLC
 noblacklist ${HOME}/.config/vlc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
@ -23,9 +22,11 @@ seccomp
 shell none
 tracelog
-# clvc doesn't like private-bin
+# private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc
 #private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc
 private-dev
 private-tmp
 memory-deny-write-execute
 # CLOBBERED COMMENTS
 # clvc doesn't like private-bin
--- a/etc/cyberfox.profile
+++ b/etc/cyberfox.profile
@ -1,28 +1,56 @@
-# Persistent global definitions go here
+# Firejail profile for cyberfox
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/cyberfox.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/cyberfox.local
 # Firejail profile for Cyberfox (based on Mozilla Firefox)
 noblacklist ~/.8pecxstudios
 noblacklist ~/.cache/8pecxstudios
 noblacklist ~/.config/qpdfview
 noblacklist ~/.local/share/qpdfview
 noblacklist ~/.kde4/share/apps/okular
 noblacklist ~/.kde/share/apps/okular
 noblacklist ~/.local/share/okular
 noblacklist ~/.config/okularpartrc
 noblacklist ~/.config/okularrc
 noblacklist ~/.config/qpdfview
 noblacklist ~/.kde/share/apps/okular
 noblacklist ~/.kde4/share/apps/okular
 noblacklist ~/.local/share/okular
 noblacklist ~/.local/share/qpdfview
 noblacklist ~/.pki
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 mkdir ~/.8pecxstudios
 mkdir ~/.cache/8pecxstudios
 mkdir ~/.pki
 whitelist ${DOWNLOADS}
 whitelist ~/.8pecxstudios
 whitelist ~/.cache/8pecxstudios
 whitelist ~/.cache/gnome-mplayer/plugin
 whitelist ~/.config/gnome-mplayer
 whitelist ~/.config/okularpartrc
 whitelist ~/.config/okularrc
 whitelist ~/.config/pipelight-silverlight5.1
 whitelist ~/.config/pipelight-widevine
 whitelist ~/.config/qpdfview
 whitelist ~/.kde/share/apps/okular
 whitelist ~/.kde4/share/apps/okular
 whitelist ~/.keysnail.js
 whitelist ~/.lastpass
 whitelist ~/.local/share/okular
 whitelist ~/.local/share/qpdfview
 whitelist ~/.pentadactyl
 whitelist ~/.pentadactylrc
 whitelist ~/.pki
 whitelist ~/.vimperator
 whitelist ~/.vimperatorrc
 whitelist ~/.wine-pipelight
 whitelist ~/.wine-pipelight64
 whitelist ~/.zotero
 whitelist ~/dwhelper
 include /etc/firejail/whitelist-common.inc
 caps.drop all
 # ipc-namespace crashes cyberfox on some setups
 netfilter
 nogroups
 nonewprivs
@ -32,44 +60,10 @@ seccomp
 shell none
 tracelog
-whitelist ${DOWNLOADS}
+# private-bin cyberfox,which,sh,dbus-launch,dbus-send,env
 mkdir ~/.8pecxstudios
 whitelist ~/.8pecxstudios
 mkdir ~/.cache/8pecxstudios
 whitelist ~/.cache/8pecxstudios
 whitelist ~/dwhelper
 whitelist ~/.zotero
 whitelist ~/.vimperatorrc
 whitelist ~/.vimperator
 whitelist ~/.pentadactylrc
 whitelist ~/.pentadactyl
 whitelist ~/.keysnail.js
 whitelist ~/.config/gnome-mplayer
 whitelist ~/.cache/gnome-mplayer/plugin
 mkdir ~/.pki
 whitelist ~/.pki
 whitelist ~/.lastpass
 whitelist ~/.config/qpdfview
 whitelist ~/.local/share/qpdfview
 whitelist ~/.config/okularrc
 whitelist ~/.config/okularpartrc
 whitelist ~/.kde4/share/apps/okular
 whitelist ~/.kde/share/apps/okular
 whitelist ~/.local/share/okular
 # silverlight
 whitelist ~/.wine-pipelight
 whitelist ~/.wine-pipelight64
 whitelist ~/.config/pipelight-widevine
 whitelist ~/.config/pipelight-silverlight5.1
 include /etc/firejail/whitelist-common.inc
 # experimental features
 #private-bin cyberfox,which,sh,dbus-launch,dbus-send,env
 #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,cyberfox,mime.types,mailcap,asound.conf,pulse
 # private-dev might prevent video calls going out
 private-dev
 # private-dev might prevent video calls going out
 # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,cyberfox,mime.types,mailcap,asound.conf,pulse
 private-tmp
 noexec ${HOME}
--- a/etc/darktable.profile
+++ b/etc/darktable.profile
@ -1,19 +1,19 @@
-# Persistent global definitions go here
+# Firejail profile for darktable
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
-
+# Persistent local customizations
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/darktable.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 noblacklist ~/.cache/darktable
 noblacklist ~/.config/darktable
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 #ipc-namespace
 netfilter
 nogroups
 nonewprivs
--- a/etc/deadbeef.profile
+++ b/etc/deadbeef.profile
@ -1,20 +1,18 @@
-# Persistent global definitions go here
+# Firejail profile for deadbeef
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/deadbeef.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/deadbeef.local
 # DeaDBeeF media player profile
 noblacklist ${HOME}/.config/deadbeef
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 #ipc-namespace
 netfilter
 no3d
 nogroups
--- a/etc/deluge.profile
+++ b/etc/deluge.profile
@ -1,22 +1,20 @@
-# Persistent global definitions go here
+# Firejail profile for deluge
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/deluge.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/deluge.local
 # deluge bittorrent client profile
 noblacklist ${HOME}/.config/deluge
 include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-programs.inc
+# include /etc/firejail/disable-devel.inc
 # deluge is using python on Debian
 #include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 mkdir ${HOME}/.config/deluge
 whitelist ${HOME}/.config/deluge
 whitelist  ${DOWNLOADS}
 whitelist ${HOME}/.config/deluge
 include /etc/firejail/whitelist-common.inc
 caps.drop all
@ -27,8 +25,11 @@ nosound
 novideo
 protocol unix,inet,inet6
 seccomp
 shell none
-#private-bin deluge,sh,python,uname
+
 # private-bin deluge,sh,python,uname
 private-dev
 private-tmp
 # CLOBBERED COMMENTS
 # deluge is using python on Debian
--- a/etc/dex2jar.profile
+++ b/etc/dex2jar.profile
@ -1,12 +1,12 @@
 # Firejail profile for dex2jar
 # This file is overwritten after every install/update
 quiet
-# Persistent global definitions go here
+# Persistent local customizations
 include /etc/firejail/dex2jar.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/dex2jar.local
 # Firejail profile for dex2jar
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
--- a/etc/dia.profile
+++ b/etc/dia.profile
@ -1,15 +1,16 @@
-# Persistent global definitions go here
+# Firejail profile for dia
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/dia.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/dia.local
 noblacklist ~/.dia
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
@ -23,9 +24,9 @@ protocol unix
 seccomp
 shell none
 disable-mnt
 private-dev
 private-tmp
 disable-mnt
 noexec ${HOME}
 noexec /tmp
--- a/etc/digikam.profile
+++ b/etc/digikam.profile
@ -1,36 +1,35 @@
-# Persistent global definitions go here
+# Firejail profile for digikam
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/digikam.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/digikam.local
 noblacklist ${HOME}/.kde4/share/apps/digikam
 noblacklist ${HOME}/.kde/share/apps/digikam
 noblacklist ${HOME}/.config/digikamrc
 noblacklist ${HOME}/.kde/share/apps/digikam
 noblacklist ${HOME}/.kde4/share/apps/digikam
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
 nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6,netlink
 # This is a seccomp whitelist profile for  Debian jessie, Kubuntu 17.04.
 # Uncomment seccomp.keep line and try it out. By default only the regular seccomp blacklist profile is enabled.
 #seccomp.keep fallocate,getrusage,openat,access,arch_prctl,bind,brk,chdir,chmod,clock_getres,clone,close,connect,dup2,dup3,eventfd2,execve,fadvise64,fcntl,fdatasync,flock,fstat,fstatfs,ftruncate,futex,getcwd,getdents,getegid,geteuid,getgid,getpeername,getpgrp,getpid,getppid,getrandom,getresgid,getresuid,getrlimit,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,mbind,memfd_create,mkdir,mmap,mprotect,msync,munmap,nanosleep,open,pipe,pipe2,poll,ppoll,prctl,pread64,pwrite64,read,readlink,readlinkat,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,rt_sigreturn,sched_getaffinity,sched_getparam,sched_get_priority_max,sched_get_priority_min,sched_getscheduler,sched_setscheduler,sched_yield,sendmsg,sendto,setgid,setresgid,setresuid,set_robust_list,setsid,setsockopt,set_tid_address,setuid,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,timerfd_create,umask,uname,unlink,wait4,waitid,write,writev,fchmod,fchown,unshare,exit,exit_group
 seccomp
 nogroups
 shell none
 # private-bin program
 # private-etc none
 # private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device
 # private-etc none
 private-tmp
 noexec ${HOME}
 noexec /tmp
 # CLOBBERED COMMENTS
 # seccomp.keep fallocate,getrusage,openat,access,arch_prctl,bind,brk,chdir,chmod,clock_getres,clone,close,connect,dup2,dup3,eventfd2,execve,fadvise64,fcntl,fdatasync,flock,fstat,fstatfs,ftruncate,futex,getcwd,getdents,getegid,geteuid,getgid,getpeername,getpgrp,getpid,getppid,getrandom,getresgid,getresuid,getrlimit,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,mbind,memfd_create,mkdir,mmap,mprotect,msync,munmap,nanosleep,open,pipe,pipe2,poll,ppoll,prctl,pread64,pwrite64,read,readlink,readlinkat,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,rt_sigreturn,sched_getaffinity,sched_getparam,sched_get_priority_max,sched_get_priority_min,sched_getscheduler,sched_setscheduler,sched_yield,sendmsg,sendto,setgid,setresgid,setresuid,set_robust_list,setsid,setsockopt,set_tid_address,setuid,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,timerfd_create,umask,uname,unlink,wait4,waitid,write,writev,fchmod,fchown,unshare,exit,exit_group
--- a/etc/dillo.profile
+++ b/etc/dillo.profile
@ -1,16 +1,23 @@
-# Persistent global definitions go here
+# Firejail profile for dillo
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/dillo.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/dillo.local
 # Firejail profile for Dillo web browser
 noblacklist ~/.dillo
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 mkdir ~/.dillo
 mkdir ~/.fltk
 whitelist ${DOWNLOADS}
 whitelist ~/.dillo
 whitelist ~/.fltk
 include /etc/firejail/whitelist-common.inc
 caps.drop all
 netfilter
@ -19,11 +26,3 @@ noroot
 protocol unix,inet,inet6
 seccomp
 tracelog
 whitelist ${DOWNLOADS}
 mkdir ~/.dillo
 whitelist ~/.dillo
 mkdir ~/.fltk
 whitelist ~/.fltk
 include /etc/firejail/whitelist-common.inc
--- a/etc/dino.profile
+++ b/etc/dino.profile
@ -1,11 +1,10 @@
-# Persistent global definitions go here
+# Firejail profile for dino
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/dino.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/dino.local
 # Firejail profile for Dino
 noblacklist ${HOME}/.local/share/dino
 include /etc/firejail/disable-common.inc
@ -13,13 +12,12 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 whitelist ${HOME}/Downloads
 mkdir ${HOME}/.local/share/dino
 whitelist ${HOME}/.local/share/dino
 whitelist ${HOME}/Downloads
 include /etc/firejail/whitelist-common.inc
 caps.drop all
 #ipc-namespace
 netfilter
 no3d
 nogroups
@ -31,11 +29,11 @@ protocol unix,inet,inet6
 seccomp
 shell none
 private-bin dino
 #private-etc fonts #breaks server connection
 private-dev
 private-tmp
 disable-mnt
 private-bin dino
 private-dev
 # private-etc fonts # breaks server connection
 private-tmp
 noexec ${HOME}
 noexec /tmp
--- a/etc/display.profile
+++ b/etc/display.profile
@ -1,20 +1,20 @@
-# Persistent global definitions go here
+# Firejail profile for display
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/display.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/display.local
 # display (ImageMagick tool) image viewer profile
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 net none
 nonewprivs
 nogroups
 nonewprivs
 noroot
 nosound
 protocol unix
@ -23,6 +23,6 @@ shell none
 x11 xorg
 private-bin display
 private-tmp
 private-dev
 private-etc none
 private-tmp
--- a/etc/dnscrypt-proxy.profile
+++ b/etc/dnscrypt-proxy.profile
@ -1,20 +1,21 @@
-# Persistent global definitions go here
+# Firejail profile for dnscrypt-proxy
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/dnscrypt-proxy.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/dnscrypt-proxy.local
 # security profile for dnscrypt-proxy
 noblacklist /sbin
 noblacklist /usr/sbin
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 no3d
 nosound
 seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open
 private
 private-dev
 nosound
 no3d
 seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open
--- a/etc/dnsmasq.profile
+++ b/etc/dnsmasq.profile
@ -1,26 +1,26 @@
-# Persistent global definitions go here
+# Firejail profile for dnsmasq
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/dnsmasq.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/dnsmasq.local
 # dnsmasq profile
 noblacklist /sbin
 noblacklist /usr/sbin
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps
 netfilter
 nonewprivs
 private
 private-dev
 nosound
 no3d
 nonewprivs
 nosound
 protocol unix,inet,inet6,netlink
 seccomp
 disable-mnt
 private
 private-dev
--- a/etc/dolphin.profile
+++ b/etc/dolphin.profile
@ -1,34 +1,33 @@
-# Persistent global definitions go here
+# Firejail profile for dolphin
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/dolphin.local
 # Persistent global definitions
 include /etc/firejail/globals.local
-# This file is overwritten during software install.
+noblacklist ${HOME}/.local/share/Trash
 # Persistent customizations should go in a .local file.
 include /etc/firejail/dolphin.local
 # dolphin profile
 # warning: firejail is currently not effectively constraining dolphin since used services are started by kdeinit5
 noblacklist ~/.config/dolphinrc
 noblacklist ~/.local/share/dolphin
 noblacklist ${HOME}/.local/share/Trash
 include /etc/firejail/disable-common.inc
 # dolphin needs to be able to start arbitrary applications so we cannot blacklist their files
 #include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 # include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
 nogroups
 nonewprivs
 noroot
 shell none
 seccomp
 protocol unix
 seccomp
 shell none
 # private-bin
 # private-dev
 # private-tmp
 # private-etc
 # private-tmp
 # CLOBBERED COMMENTS
 # dolphin needs to be able to start arbitrary applications so we cannot blacklist their files
 # warning: firejail is currently not effectively constraining dolphin since used services are started by kdeinit5
--- a/etc/dosbox.profile
+++ b/etc/dosbox.profile
@ -1,17 +1,16 @@
-# Persistent global definitions go here
+# Firejail profile for dosbox
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/dosbox.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/dosbox.local
 # Firejail profile for dosbox
 noblacklist ~/.dosbox
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
--- a/etc/dragon.profile
+++ b/etc/dragon.profile
@ -1,17 +1,16 @@
-# Persistent global definitions go here
+# Firejail profile for dragon
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/dragon.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/dragon.local
 # dragon player profile
 noblacklist ~/.config/dragonplayerrc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
@ -19,14 +18,14 @@ nogroups
 nonewprivs
 noroot
 novideo
 shell none
 seccomp
 protocol unix,inet,inet6
 seccomp
 shell none
 private-bin dragon
 private-dev
 private-tmp
 # private-etc
 private-tmp
 noexec ${HOME}
 noexec /tmp
--- a/etc/dropbox.profile
+++ b/etc/dropbox.profile
@ -1,27 +1,27 @@
-# Persistent global definitions go here
+# Firejail profile for dropbox
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/dropbox.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/dropbox.local
 # dropbox profile
 noblacklist ~/.config/autostart
 noblacklist ~/.dropbox-dist
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 mkdir ~/Dropbox
 whitelist ~/Dropbox
 mkdir ~/.dropbox
 whitelist ~/.dropbox
 mkdir ~/.dropbox-dist
-whitelist ~/.dropbox-dist
+mkdir ~/Dropbox
 mkfile ~/.config/autostart/dropbox.desktop
 whitelist ~/.config/autostart/dropbox.desktop
 whitelist ~/.dropbox
 whitelist ~/.dropbox-dist
 whitelist ~/Dropbox
 include /etc/firejail/whitelist-common.inc
 caps.drop all
 netfilter
--- a/etc/ebook-viewer.profile
+++ b/etc/ebook-viewer.profile
@ -1,10 +1,7 @@
-# Persistent global definitions go here
+# Firejail profile alias for calibre
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/ebook-viewer.local
 # Firejail profile for ebook-viewer (Calibre)
 include /etc/firejail/calibre.profile
 net none
 include /etc/firejail/calibre.profile
--- a/etc/electron.profile
+++ b/etc/electron.profile
@ -1,7 +1,14 @@
-# Generic Firejail profile for Electron applications.
+# Firejail profile for electron
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/electron.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
--- a/etc/elinks.profile
+++ b/etc/elinks.profile
@ -1,19 +1,21 @@
-# Persistent global definitions go here
+# Firejail profile for elinks
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/elinks.local
 # Persistent global definitions
 include /etc/firejail/globals.local
-# This file is overwritten during software install.
+blacklist /tmp/.X11-unix
 # Persistent customizations should go in a .local file.
 include /etc/firejail/elinks.local
 # elinks profile
 noblacklist ~/.elinks
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
 no3d
 nogroups
 nonewprivs
@ -22,13 +24,10 @@ nosound
 novideo
 protocol unix,inet,inet6
 seccomp
 netfilter
 shell none
 tracelog
 blacklist /tmp/.X11-unix
 # private-bin elinks
 private-tmp
 private-dev
 # private-etc none
 private-tmp
--- a/etc/emacs.profile
+++ b/etc/emacs.profile
@ -1,23 +1,21 @@
-# Persistent global definitions go here
+# Firejail profile for emacs
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/emacs.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/emacs.local
 # emacs profile
 noblacklist ~/.emacs
 noblacklist ~/.emacs.d
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
-
+include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
 nogroups
 nonewprivs
 noroot
 nogroups
 protocol unix,inet,inet6
 seccomp
--- a/etc/empathy.profile
+++ b/etc/empathy.profile
@ -1,19 +1,19 @@
-# Persistent global definitions go here
+# Firejail profile for empathy
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/empathy.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/empathy.local
 # Empathy instant messaging profile
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
 nonewprivs
 nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
--- a/etc/enchant.profile
+++ b/etc/enchant.profile
@ -1,17 +1,16 @@
-# Persistent global definitions go here
+# Firejail profile for enchant
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/enchant.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/enchant.local
 # enchant profile
 noblacklist ~/.config/enchant
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
@ -25,6 +24,6 @@ shell none
 tracelog
 # private-bin enchant
 # private-tmp
 # private-dev
 # private-etc fonts
 # private-tmp
--- a/etc/engrampa.profile
+++ b/etc/engrampa.profile
@ -1,15 +1,15 @@
-# Persistent global definitions go here
+# Firejail profile for engrampa
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/engrampa.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/engrampa.local
 # engrampa profile
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
@ -24,6 +24,6 @@ shell none
 tracelog
 # private-bin engrampa
 # private-tmp
 private-dev
 # private-etc fonts
 # private-tmp
--- a/etc/eog.profile
+++ b/etc/eog.profile
@ -1,23 +1,21 @@
-# Persistent global definitions go here
+# Firejail profile for eog
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/eog.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/eog.local
 # eog (gnome image viewer) profile
 noblacklist ~/.config/eog
 noblacklist ~/.Steam
-noblacklist ~/.steam
+noblacklist ~/.config/eog
 noblacklist ~/.local/share/Trash
 noblacklist ~/.steam
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 #ipc-namespace
 net none
 no3d
 nogroups
--- a/etc/eom.profile
+++ b/etc/eom.profile
@ -1,20 +1,19 @@
-# Persistent global definitions go here
+# Firejail profile for eom
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/eom.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/eom.local
 # Firejail profile for Eye of Mate (eom)
 noblacklist ~/.config/mate/eom
 noblacklist ~/.Steam
-noblacklist ~/.steam
+noblacklist ~/.config/mate/eom
 noblacklist ~/.local/share/Trash
 noblacklist ~/.steam
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 nogroups
--- a/etc/epiphany.profile
+++ b/etc/epiphany.profile
@ -1,26 +1,25 @@
-# Persistent global definitions go here
+# Firejail profile for epiphany
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/epiphany.local
 # Persistent global definitions
 include /etc/firejail/globals.local
-# This file is overwritten during software install.
+noblacklist ${HOME}/.cache/epiphany
 # Persistent customizations should go in a .local file.
 include /etc/firejail/epiphany.local
 # Epiphany browser profile
 noblacklist ${HOME}/.config/epiphany
 noblacklist ${HOME}/.local/share/epiphany
 noblacklist ${HOME}/.cache/epiphany
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 whitelist ${DOWNLOADS}
 mkdir ${HOME}/.local/share/epiphany
 whitelist ${HOME}/.local/share/epiphany
 mkdir ${HOME}/.config/epiphany
 whitelist ${HOME}/.config/epiphany
 mkdir ${HOME}/.cache/epiphany
 mkdir ${HOME}/.config/epiphany
 mkdir ${HOME}/.local/share/epiphany
 whitelist ${DOWNLOADS}
 whitelist ${HOME}/.cache/epiphany
 whitelist ${HOME}/.config/epiphany
 whitelist ${HOME}/.local/share/epiphany
 include /etc/firejail/whitelist-common.inc
 caps.drop all
--- a/etc/etr.profile
+++ b/etc/etr.profile
@ -1,41 +1,34 @@
-# Persistent global definitions go here
+# Firejail profile for etr
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/etr.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/etr.local
 ################################
 # Extreme Tux Racer profile
 ################################
 noblacklist ~/.etr
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 mkdir ~/.etr
 whitelist ~/.etr
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 net none
 nogroups
 nonewprivs
 noroot
 protocol unix,netlink
 seccomp
 #
 # depending on your usage, you can enable some of the commands below:
 #
 net none
 nogroups
 shell none
-#private-bin etr
+
-# private-etc none
+# private-bin etr
 private-dev
 # private-etc none
 private-tmp
 # CLOBBERED COMMENTS
 # depending on your usage, you can enable some of the commands below:
 # nosound
--- a/etc/evince.profile
+++ b/etc/evince.profile
@ -1,20 +1,18 @@
-# Persistent global definitions go here
+# Firejail profile for evince
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/evince.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/evince.local
 # evince pdf reader profile
 noblacklist ~/.config/evince
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 #ipc-namespace
 netfilter
 no3d
 nogroups
@ -30,9 +28,11 @@ tracelog
 private-bin evince,evince-previewer,evince-thumbnailer
 private-dev
 private-etc fonts
 # evince needs access to /tmp/mozilla* to work in firefox
 # private-tmp
 memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
 # CLOBBERED COMMENTS
 # evince needs access to /tmp/mozilla* to work in firefox
--- a/etc/evolution.profile
+++ b/etc/evolution.profile
@ -1,29 +1,26 @@
-# Persistent global definitions go here
+# Firejail profile for evolution
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/evolution.local
 # Persistent global definitions
 include /etc/firejail/globals.local
-# This file is overwritten during software install.
+noblacklist /var/mail
-# Persistent customizations should go in a .local file.
+noblacklist /var/spool/mail
-include /etc/firejail/evolution.local
+noblacklist ~/.bogofilter
 # evolution profile
 noblacklist ~/.config/evolution
 noblacklist ~/.local/share/evolution
 noblacklist ~/.cache/evolution
 noblacklist ~/.config/evolution
 noblacklist ~/.gnupg
 noblacklist ~/.local/share/evolution
 noblacklist ~/.pki
 noblacklist ~/.pki/nssdb
 noblacklist ~/.gnupg
 noblacklist ~/.bogofilter
 noblacklist /var/spool/mail
 noblacklist /var/mail
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 #ipc-namespace
 netfilter
 no3d
 nogroups
--- a/etc/exiftool.profile
+++ b/etc/exiftool.profile
@ -1,36 +1,35 @@
 # Firejail profile for exiftool
 # This file is overwritten after every install/update
 quiet
-# Persistent global definitions go here
+# Persistent local customizations
 include /etc/firejail/exiftool.local
 # Persistent global definitions
 include /etc/firejail/globals.local
-# This file is overwritten during software install.
+blacklist /tmp/.X11-unix
 # Persistent customizations should go in a .local file.
 include /etc/firejail/exiftool.local
 # exiftool profile
 noblacklist /usr/bin/perl
 noblacklist /usr/share/perl*
 noblacklist /usr/lib/perl*
 noblacklist /usr/share/perl*
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 net none
 no3d
 nogroups
 nonewprivs
 noroot
 nosound
 protocol unix
 seccomp
 no3d
 shell none
 tracelog
 blacklist /tmp/.X11-unix
 # private-bin exiftool,perl
 private-tmp
 private-dev
 private-etc none
 private-tmp
--- a/etc/fbreader.profile
+++ b/etc/fbreader.profile
@ -1,17 +1,16 @@
-# Persistent global definitions go here
+# Firejail profile for fbreader
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/fbreader.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/fbreader.local
 # fbreader ebook reader profile
 noblacklist ${HOME}/.FBReader
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
@ -20,8 +19,8 @@ noroot
 nosound
 protocol unix,inet,inet6
 seccomp
 shell none
 private-bin fbreader,FBReader
 private-dev
 private-tmp
--- a/etc/feh.profile
+++ b/etc/feh.profile
@ -1,15 +1,15 @@
-# Persistent global definitions go here
+# Firejail profile for feh
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/feh.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/feh.local
 # feh image viewer profile
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 net none
--- a/etc/file-roller.profile
+++ b/etc/file-roller.profile
@ -1,18 +1,17 @@
-# Persistent global definitions go here
+# Firejail profile for file-roller
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/file-roller.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/file-roller.local
 # file-roller profile
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 #ipc-namespace
 net none
 no3d
 nogroups
@ -26,9 +25,9 @@ shell none
 tracelog
 # private-bin file-roller
 # private-tmp
 private-dev
 # private-etc fonts
 # private-tmp
 memory-deny-write-execute
 noexec ${HOME}
--- a/etc/file.profile
+++ b/etc/file.profile
@ -1,15 +1,16 @@
 # Firejail profile for file
 # This file is overwritten after every install/update
 quiet
-# Persistent global definitions go here
+# Persistent local customizations
 include /etc/firejail/file.local
 # Persistent global definitions
 include /etc/firejail/globals.local
-# This file is overwritten during software install.
+blacklist /tmp/.X11-unix
 # Persistent customizations should go in a .local file.
 include /etc/firejail/file.local
 # file profile
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 hostname file
@ -17,7 +18,6 @@ net none
 no3d
 nogroups
 nonewprivs
 #noroot
 nosound
 protocol unix
 seccomp
@ -25,8 +25,9 @@ shell none
 tracelog
 x11 none
 blacklist /tmp/.X11-unix
 private-dev
 private-bin file
 private-dev
 private-etc magic.mgc,magic,localtime
 # CLOBBERED COMMENTS
 # noroot
--- a/etc/filezilla.profile
+++ b/etc/filezilla.profile
@ -1,17 +1,16 @@
-# Persistent global definitions go here
+# Firejail profile for filezilla
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/filezilla.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/filezilla.local
 # FileZilla ftp profile
 noblacklist ${HOME}/.filezilla
 noblacklist ${HOME}/.config/filezilla
 noblacklist ${HOME}/.filezilla
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
--- a/etc/firefox-esr.profile
+++ b/etc/firefox-esr.profile
@ -1,9 +1,9 @@
-# Persistent global definitions go here
+# Firejail profile for firefox-esr
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/firefox-esr.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/firefox-esr.local
 # Firejail profile for Mozilla Firefox ESR
 include /etc/firejail/firefox.profile
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@ -1,28 +1,56 @@
-# Persistent global definitions go here
+# Firejail profile for firefox
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/firefox.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/firefox.local
 # Firejail profile for Mozilla Firefox (Iceweasel in Debian)
 noblacklist ~/.mozilla
 noblacklist ~/.cache/mozilla
 noblacklist ~/.config/qpdfview
 noblacklist ~/.local/share/qpdfview
 noblacklist ~/.kde4/share/apps/okular
 noblacklist ~/.kde/share/apps/okular
 noblacklist ~/.local/share/okular
 noblacklist ~/.config/okularpartrc
 noblacklist ~/.config/okularrc
 noblacklist ~/.config/qpdfview
 noblacklist ~/.kde/share/apps/okular
 noblacklist ~/.kde4/share/apps/okular
 noblacklist ~/.local/share/okular
 noblacklist ~/.local/share/qpdfview
 noblacklist ~/.mozilla
 noblacklist ~/.pki
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 mkdir ~/.cache/mozilla/firefox
 mkdir ~/.mozilla
 mkdir ~/.pki
 whitelist ${DOWNLOADS}
 whitelist ~/.cache/gnome-mplayer/plugin
 whitelist ~/.cache/mozilla/firefox
 whitelist ~/.config/gnome-mplayer
 whitelist ~/.config/okularpartrc
 whitelist ~/.config/okularrc
 whitelist ~/.config/pipelight-silverlight5.1
 whitelist ~/.config/pipelight-widevine
 whitelist ~/.config/qpdfview
 whitelist ~/.kde/share/apps/okular
 whitelist ~/.kde4/share/apps/okular
 whitelist ~/.keysnail.js
 whitelist ~/.lastpass
 whitelist ~/.local/share/okular
 whitelist ~/.local/share/qpdfview
 whitelist ~/.mozilla
 whitelist ~/.pentadactyl
 whitelist ~/.pentadactylrc
 whitelist ~/.pki
 whitelist ~/.vimperator
 whitelist ~/.vimperatorrc
 whitelist ~/.wine-pipelight
 whitelist ~/.wine-pipelight64
 whitelist ~/.zotero
 whitelist ~/dwhelper
 include /etc/firejail/whitelist-common.inc
 caps.drop all
 # ipc-namespace crashes firefox on some setups
 netfilter
 nogroups
 nonewprivs
@ -32,46 +60,14 @@ seccomp
 shell none
 tracelog
-whitelist ${DOWNLOADS}
+# private-bin firefox,which,sh,dbus-launch,dbus-send,env
 mkdir ~/.mozilla
 whitelist ~/.mozilla
 mkdir ~/.cache/mozilla/firefox
 whitelist ~/.cache/mozilla/firefox
 whitelist ~/dwhelper
 whitelist ~/.zotero
 whitelist ~/.vimperatorrc
 whitelist ~/.vimperator
 whitelist ~/.pentadactylrc
 whitelist ~/.pentadactyl
 whitelist ~/.keysnail.js
 whitelist ~/.config/gnome-mplayer
 whitelist ~/.cache/gnome-mplayer/plugin
 mkdir ~/.pki
 whitelist ~/.pki
 whitelist ~/.lastpass
 whitelist ~/.config/qpdfview
 whitelist ~/.local/share/qpdfview
 whitelist ~/.config/okularrc
 whitelist ~/.config/okularpartrc
 whitelist ~/.kde4/share/apps/okular
 whitelist ~/.kde/share/apps/okular
 whitelist ~/.local/share/okular
 # silverlight
 whitelist ~/.wine-pipelight
 whitelist ~/.wine-pipelight64
 whitelist ~/.config/pipelight-widevine
 whitelist ~/.config/pipelight-silverlight5.1
 include /etc/firejail/whitelist-common.inc
 # experimental features
 #private-bin firefox,which,sh,dbus-launch,dbus-send,env
 #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse
 # private-dev might prevent video calls going out
 private-dev
 # private-dev might prevent video calls going out
 # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse
 private-tmp
 #disable-mnt
 noexec ${HOME}
 noexec /tmp
 # CLOBBERED COMMENTS
 # disable-mnt
--- a/etc/flashpeak-slimjet.profile
+++ b/etc/flashpeak-slimjet.profile
@ -1,26 +1,26 @@
-# Persistent global definitions go here
+# Firejail profile for flashpeak-slimjet
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/flashpeak-slimjet.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/flashpeak-slimjet.local
 # SlimJet browser profile
 # This is a whitelisted profile, the internal browser sandbox
 # is disabled because it requires sudo password. The command
 # to run it is as follows:
 #
 #  firejail flashpeak-slimjet --no-sandbox
 #
 noblacklist ~/.config/slimjet
 noblacklist ~/.cache/slimjet
 noblacklist ~/.config/slimjet
 noblacklist ~/.pki
 include /etc/firejail/disable-common.inc
 # include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
-# chromium is distributed with a perl script on Arch
+mkdir ~/.cache/slimjet
-# include /etc/firejail/disable-devel.inc
+mkdir ~/.config/slimjet
-#
+mkdir ~/.pki
 whitelist ${DOWNLOADS}
 whitelist ~/.cache/slimjet
 whitelist ~/.config/slimjet
 whitelist ~/.pki
 include /etc/firejail/whitelist-common.inc
 caps.drop all
 netfilter
@ -29,12 +29,8 @@ noroot
 protocol unix,inet,inet6,netlink
 seccomp
-whitelist ${DOWNLOADS}
+# CLOBBERED COMMENTS
-mkdir ~/.config/slimjet
+#  firejail flashpeak-slimjet --no-sandbox
-whitelist ~/.config/slimjet
+# chromium is distributed with a perl script on Arch
-mkdir ~/.cache/slimjet
+# is disabled because it requires sudo password. The command
-whitelist ~/.cache/slimjet
+# to run it is as follows:
 mkdir ~/.pki
 whitelist ~/.pki
 include /etc/firejail/whitelist-common.inc
--- a/etc/flowblade.profile
+++ b/etc/flowblade.profile
@ -1,18 +1,17 @@
-# Persistent global definitions go here
+# Firejail profile for flowblade
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/flowblade.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/flowblade.local
 # FlowBlade profile
 noblacklist ${HOME}/.flowblade
 noblacklist ${HOME}/.config/flowblade
 noblacklist ${HOME}/.flowblade
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
--- a/etc/fontforge.profile
+++ b/etc/fontforge.profile
@ -1,16 +1,16 @@
-# Persistent global definitions go here
+# Firejail profile for fontforge
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
-
+# Persistent local customizations
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/fontforge.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.FontForge
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
--- a/etc/fossamail.profile
+++ b/etc/fossamail.profile
@ -1,22 +1,20 @@
-# Persistent global definitions go here
+# Firejail profile for fossamail
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/fossamail.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/fossamail.local
 # Firejail profile for FossaMail
 noblacklist ~/.gnupg
 mkdir ~/.gnupg
 whitelist ~/.gnupg
 noblacklist ~/.fossamail
 mkdir ~/.fossamail
 whitelist ~/.fossamail
 noblacklist ~/.cache/fossamail
 noblacklist ~/.fossamail
 noblacklist ~/.gnupg
 mkdir ~/.cache/fossamail
 mkdir ~/.fossamail
 mkdir ~/.gnupg
 whitelist ~/.cache/fossamail
 whitelist ~/.fossamail
 whitelist ~/.gnupg
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/firefox.profile
--- a/etc/franz.profile
+++ b/etc/franz.profile
@ -1,30 +1,28 @@
-# Persistent global definitions go here
+# Firejail profile for franz
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/franz.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/franz.local
 # Franz profile
 noblacklist ~/.config/Franz
 noblacklist ~/.cache/Franz
 noblacklist ~/.config/Franz
 noblacklist ~/.pki
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 whitelist ${DOWNLOADS}
 mkdir ~/.config/Franz
 whitelist ~/.config/Franz
 mkdir ~/.cache/Franz
-whitelist ~/.cache/Franz
+mkdir ~/.config/Franz
 mkdir ~/.pki
 whitelist ${DOWNLOADS}
 whitelist ~/.cache/Franz
 whitelist ~/.config/Franz
 whitelist ~/.pki
 include /etc/firejail/whitelist-common.inc
 caps.drop all
 #ipc-namespace
 netfilter
 nogroups
 nonewprivs
@ -32,11 +30,13 @@ noroot
 protocol unix,inet,inet6,netlink
 seccomp
 shell none
 #tracelog
 disable-mnt
 private-dev
 private-tmp
 disable-mnt
 noexec ${HOME}
 noexec /tmp
 # CLOBBERED COMMENTS
 # tracelog
--- a/etc/frozen-bubble.profile
+++ b/etc/frozen-bubble.profile
@ -1,38 +1,34 @@
-# Persistent global definitions go here
+# Firejail profile for frozen-bubble
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/frozen-bubble.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/frozen-bubble.local
 ################################
 # Frozen Bubble profile
 ################################
 noblacklist ~/.frozen-bubble
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 mkdir ~/.frozen-bubble
 whitelist ~/.frozen-bubble
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 net none
 nogroups
 nonewprivs
 noroot
 protocol unix,netlink
 seccomp
 #
 # depending on your usage, you can enable some of the commands below:
 #
 net none
 nogroups
 shell none
 #private-bin frozen-bubble
 # private-etc none
 private-dev
 private-tmp
 # nosound
 # private-bin frozen-bubble
 private-dev
 # private-etc none
 private-tmp
 # CLOBBERED COMMENTS
 # depending on your usage, you can enable some of the commands below:
 # nosound
--- a/etc/gajim.profile
+++ b/etc/gajim.profile
@ -1,34 +1,30 @@
-# Persistent global definitions go here
+# Firejail profile for gajim
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/gajim.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/gajim.local
 # Firejail profile for Gajim
 noblacklist ${HOME}/.local/share/gajim
 noblacklist ${HOME}/.config/gajim
 noblacklist ${HOME}/.cache/gajim
-
+noblacklist ${HOME}/.config/gajim
-mkdir ${HOME}/.cache/gajim
+noblacklist ${HOME}/.local/share/gajim
 mkdir ${HOME}/.local/share/gajim
 mkdir ${HOME}/.config/gajim
 mkdir ${HOME}/Downloads
 # Allow the local python 2.7 site packages, in case any plugins are using these
 mkdir ${HOME}/.local/lib/python2.7/site-packages/
 whitelist ${HOME}/.local/lib/python2.7/site-packages/
 read-only ${HOME}/.local/lib/python2.7/site-packages/
 whitelist ${HOME}/.cache/gajim
 whitelist ${HOME}/.local/share/gajim
 whitelist ${HOME}/.config/gajim
 whitelist ${HOME}/Downloads
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
-include /etc/firejail/disable-devel.inc
+
 mkdir ${HOME}/.cache/gajim
 mkdir ${HOME}/.config/gajim
 mkdir ${HOME}/.local/lib/python2.7/site-packages/
 mkdir ${HOME}/.local/share/gajim
 mkdir ${HOME}/Downloads
 whitelist ${HOME}/.cache/gajim
 whitelist ${HOME}/.config/gajim
 whitelist ${HOME}/.local/lib/python2.7/site-packages/
 whitelist ${HOME}/.local/share/gajim
 whitelist ${HOME}/Downloads
 include /etc/firejail/whitelist-common.inc
 caps.drop all
 netfilter
@ -39,8 +35,12 @@ protocol unix,inet,inet6
 seccomp
 shell none
 #private-bin python2.7 gajim
 #private-etc fonts
 private-dev
 #private-tmp
 disable-mnt
 # private-bin python2.7 gajim
 private-dev
 # private-etc fonts
 # private-tmp
 read-only ${HOME}/.local/lib/python2.7/site-packages/
 # CLOBBERED COMMENTS
 # Allow the local python 2.7 site packages, in case any plugins are using these
--- a/etc/galculator.profile
+++ b/etc/galculator.profile
@ -1,20 +1,20 @@
-# Persistent global definitions go here
+# Firejail profile for galculator
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/galculator.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/firejail.local
 # Firejail profile for XYZ
 noblacklist ~/.config/galculator
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 mkdir ~/.config/galculator
 whitelist ~/.config/galculator
 include /etc/firejail/whitelist-common.inc
 caps.drop all
 net none
--- a/etc/geany.profile
+++ b/etc/geany.profile
@ -1,14 +1,15 @@
-# Persistent global definitions go here
+# Firejail profile for geany
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/geany.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/geany.local
 noblacklist ${HOME}/.config/geany
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
--- a/etc/geary.profile
+++ b/etc/geary.profile
@ -1,28 +1,29 @@
-# Persistent global definitions go here
+# Firejail profile for geary
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/geary.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/geary.local
 # Firejail profile for Gnome Geary
 # Users have Geary set to open a browser by clicking a link in an email
 # We are not allowed to blacklist browser-specific directories
 noblacklist ~/.gnupg
 mkdir ~/.gnupg
 whitelist ~/.gnupg
 noblacklist ~/.local/share/geary
 mkdir ~/.local/share/geary
 whitelist ~/.local/share/geary
 mkdir ~/.gnupg
 mkdir ~/.local/share/geary
 whitelist ~/.config/mimeapps.list
-read-only ~/.config/mimeapps.list
+whitelist ~/.gnupg
 whitelist ~/.local/share/applications
 whitelist ~/.local/share/geary
 include /etc/firejail/whitelist-common.inc
 ignore private-tmp
 read-only ~/.config/mimeapps.list
 read-only ~/.local/share/applications
 # allow browsers
 ignore private-tmp
 include /etc/firejail/firefox.profile
-#include /etc/firejail/chromium.profile - chromium runs as suid!
+
 # CLOBBERED COMMENTS
 # Users have Geary set to open a browser by clicking a link in an email
 # We are not allowed to blacklist browser-specific directories
 # allow browsers
--- a/etc/gedit.profile
+++ b/etc/gedit.profile
@ -1,23 +1,18 @@
-# Persistent global definitions go here
+# Firejail profile for gedit
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
-
+# Persistent local customizations
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/gedit.local
-
+# Persistent global definitions
-# gedit profile
+include /etc/firejail/globals.local
 # when gedit is started via gnome-shell, firejail is not applied because systemd will start it
 noblacklist ~/.config/gedit
 include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-programs.inc
+# include /etc/firejail/disable-devel.inc
 #include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 #ipc-namespace
 net none
 no3d
 nogroups
@ -36,3 +31,6 @@ private-tmp
 noexec ${HOME}
 noexec /tmp
 # CLOBBERED COMMENTS
 # when gedit is started via gnome-shell, firejail is not applied because systemd will start it
--- a/etc/geeqie.profile
+++ b/etc/geeqie.profile
@ -1,30 +1,31 @@
-# Persistent global definitions go here
+# Firejail profile for geeqie
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/geeqie.local
 # Persistent global definitions
 include /etc/firejail/globals.local
-# This file is overwritten during software install.
+noblacklist ~/.cache/geeqie
 # Persistent customizations should go in a .local file.
 include /etc/firejail/geeqie.local
 # Firejail profile for Geeqie
 noblacklist ~/.config/geeqie
 noblacklist ~/.local/share/geeqie
-noblacklist ~/.cache/geeqie
+
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 nogroups
 nonewprivs
 noroot
 nosound
 protocol unix
 seccomp
 nosound
 private-dev
 #Experimental:
 shell none
-#private-bin geeqie
+
-#private-etc X11
+# private-bin geeqie
 private-dev
 # private-etc X11
 # CLOBBERED COMMENTS
 # Experimental:
--- a/etc/ghb.profile
+++ b/etc/ghb.profile
@ -1,9 +1,8 @@
-# Persistent global definitions go here
+# Firejail profile alias for handbrake
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/ghb.local
 # HandBrake
 include /etc/firejail/handbrake.profile
 # CLOBBERED COMMENTS
 # HandBrake
--- a/etc/gimp-2.8.profile
+++ b/etc/gimp-2.8.profile
@ -1,8 +1,5 @@
-# Persistent global definitions go here
+# Firejail profile alias for gimp
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
 include /etc/firejail/gimp-2.8.local
 include /etc/firejail/gimp.profile
--- a/Show more
+++ b/Show more