diff --git a/Makefile.in b/Makefile.in
index cb897c23d..c15ecd7dd 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -169,6 +169,8 @@ realinstall:
 	install -c -m 0644 .etc/okular.profile $(DESTDIR)/$(sysconfdir)/firejail/.
 	install -c -m 0644 .etc/gwenview.profile $(DESTDIR)/$(sysconfdir)/firejail/.
 	install -c -m 0644 .etc/gpredict.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/aweather.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/stellarium.profile $(DESTDIR)/$(sysconfdir)/firejail/.
 	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
 	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
 	rm -fr .etc
diff --git a/README b/README
index d0a7aaf8d..7919bdaad 100644
--- a/README
+++ b/README
@@ -19,9 +19,9 @@ Firejail Authors:
 
 netblue30 (netblue30@yahoo.com)
 curiosity-seeker (https://github.com/curiosity-seeker)
-        - tightening unbound and dnscrypt-proxy profiles
-        - dnsmasq profile
-        - okular and gwenview profiles
+    - tightening unbound and dnscrypt-proxy profiles
+    - dnsmasq profile
+    - okular and gwenview profiles
 Matthew Gyurgyik (https://github.com/pyther)
 	- rpm spec and several fixes
 Joan Figueras (https://github.com/figue)
@@ -35,6 +35,7 @@ Fred-Barclay (https://github.com/Fred-Barclay)
 	- added Warzone2100 profile
 	- blacklisted VeraCrypt
 	- added Gpredict profile
+	- added Aweather, Stellarium profiles
 avoidr (https://github.com/avoidr)
 	- whitelist fix
 	- recently-used.xbel fix
diff --git a/README.md b/README.md
index ca7927fff..5b2626288 100644
--- a/README.md
+++ b/README.md
@@ -282,5 +282,5 @@ $ man firejail-profile
 ## New security profiles
 lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox,
 OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf,
-Warzone2100, okular, gwenview, Gpredict
+Warzone2100, okular, gwenview, Gpredict, Aweather, Stellarium
 
diff --git a/etc/aweather.profile b/etc/aweather.profile
new file mode 100644
index 000000000..d7f510a7e
--- /dev/null
+++ b/etc/aweather.profile
@@ -0,0 +1,23 @@
+# Firejail profile for aweather.
+
+# Noblacklist
+noblacklist ~/.config/aweather
+
+# Include
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+# Call these options
+caps.drop all
+netfilter
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
+
+# Whitelist
+mkdir ~/.config
+mkdir ~/.config/aweather
+whitelist ~/.config/aweather
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 6c5515894..317ac082f 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -5,10 +5,13 @@ blacklist ${HOME}/.FBReader
 blacklist ${HOME}/.wine
 blacklist ${HOME}/.Mathematica
 blacklist ${HOME}/.Wolfram Research
+blacklist ${HOME}/.stellarium
 blacklist ${HOME}/.config/mupen64plus
 blacklist ${HOME}/.config/transmission
 blacklist ${HOME}/.config/uGet
 blacklist ${HOME}/.config/Gpredict
+blacklist ${HOME}/.config/aweather
+blacklist ${HOME}/.config/stellarium
 blacklist ~/.kde/share/apps/okular
 blacklist ~/.kde/share/config/okularrc
 blacklist ~/.kde/share/config/okularpartrc
diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile
new file mode 100644
index 000000000..56d09d5b2
--- /dev/null
+++ b/etc/google-play-music-desktop-player.profile
@@ -0,0 +1,16 @@
+# Google Play Music desktop player profile
+noblacklist ~/.config/Google Play Music Desktop Player
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+
+caps.drop all
+seccomp
+protocol unix,inet,inet6,netlink
+noroot
+
+#whitelist ~/.pulse
+#whitelist ~/.config/pulse
+whitelist ~/.config/Google Play Music Desktop Player
diff --git a/etc/stellarium.profile b/etc/stellarium.profile
new file mode 100644
index 000000000..7cb74eeaa
--- /dev/null
+++ b/etc/stellarium.profile
@@ -0,0 +1,27 @@
+# Firejail profile for Stellarium.
+
+# Noblacklist
+noblacklist ~/.stellarium
+noblacklist ~/.config/stellarium
+
+# Include
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+# Call these options
+caps.drop all
+netfilter
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
+
+# Whitelist
+mkdir ~/.stellarium
+whitelist ~/.stellarium
+
+mkdir ~/.config
+mkdir ~/.config/stellarium
+whitelist ~/.config/stellarium
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 6f5b564a0..7ce729d6e 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -88,3 +88,5 @@
 /etc/firejail/okular.profile
 /etc/firejail/gwenview.profile
 /etc/firejail/gpredict.profile
+/etc/firejail/aweather.profile
+/etc/firejail/stellarium.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 8bebf76af..3812ee7d8 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -4,6 +4,10 @@
 
 # astronomy
 gpredict
+stellarium
+
+# weather/climate
+aweather
 
 # browsers/email
 firefox
@@ -78,6 +82,7 @@ quassel
 xchat
 
 # games
+0ad
 hedgewars
 wesnot
 warzone2100
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index af1ddf93b..4c2510021 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -726,7 +726,16 @@ static void disable_firejail_config(void) {
 // build a basic read-only filesystem
 void fs_basic_fs(void) {
 	if (arg_debug)
-		printf("Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr, /etc, /var\n");
+		printf("Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr");
+	if (!arg_writable_etc) {
+		fs_rdonly("/etc");
+		if (arg_debug) printf(", /etc");
+	}
+	if (!arg_writable_var) {
+		fs_rdonly("/var");
+		if (arg_debug) printf(", /var");
+	}
+	if (arg_debug) printf("\n");
 	fs_rdonly("/bin");
 	fs_rdonly("/sbin");
 	fs_rdonly("/lib");
@@ -734,10 +743,6 @@ void fs_basic_fs(void) {
 	fs_rdonly("/lib32");
 	fs_rdonly("/libx32");
 	fs_rdonly("/usr");
-	if (!arg_writable_etc)
-		fs_rdonly("/etc");
-	if (!arg_writable_var)
-		fs_rdonly("/var");
 
 	// update /var directory in order to support multiple sandboxes running on the same root directory
 	if (!arg_private_dev)