Merges + misc fixes

- Change some links in README to HTTPS
- Fixup some typos in firejail-profile manpage
- Cleanup dash from private-etc
- Fixup gradio
- Synchronize server profile with default profile

etc/ark.profile

@@ -31,7 +31,7 @@ protocol unix
 seccomp
 shell none
 
-private-bin ark,unrar,rar,unzip,zip,zipinfo,7z,p7zip,unar,lsar,lrzip,lzop,lz4,bash,dash,sh,tclsh
+private-bin ark,unrar,rar,unzip,zip,zipinfo,7z,p7zip,unar,lsar,lrzip,lzop,lz4,bash,sh,tclsh
 #private-etc smb.conf,samba,mtab,fonts,drirc,kde5rc,passwd,group,xdg
 
 private-dev

etc/bsdtar.profile

@@ -34,7 +34,7 @@ shell none
 tracelog
 
 # support compressed archives
-private-bin sh,bash,dash,bsdtar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop,lz4,libarchive
+private-bin sh,bash,bsdtar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop,lz4,libarchive
 private-dev
 private-etc passwd,group,localtime
 

etc/disable-common.inc

@@ -391,4 +391,4 @@ blacklist ${HOME}/*.local/share/flatpak
 blacklist /var/lib/flatpak
 blacklist /usr/share/flatpak
 # most of the time bwrap is SUID binary
-blacklist /usr/bin/bwrap
+blacklist ${PATH}/bwrap

etc/disable-programs.inc

@@ -393,6 +393,7 @@ blacklist ${HOME}/.local/share/gnome-photos
 blacklist ${HOME}/.local/share/gnome-recipes
 blacklist ${HOME}/.local/share/gnome-ring
 blacklist ${HOME}/.local/share/gnome-twitch
+blacklist ${HOME}/.local/share/gradio
 blacklist ${HOME}/.local/share/gwenview
 blacklist ${HOME}/.local/share/kaffeine
 blacklist ${HOME}/.local/share/kate
@@ -550,6 +551,7 @@ blacklist ${HOME}/.cache/google-chrome
 blacklist ${HOME}/.cache/google-chrome-beta
 blacklist ${HOME}/.cache/google-chrome-unstable
 blacklist ${HOME}/.cache/gnome-twitch
+blacklist ${HOME}/.cache/gradio
 blacklist ${HOME}/.cache/icedove
 blacklist ${HOME}/.cache/INRIA/Natron
 blacklist ${HOME}/.cache/inkscape

etc/gradio.profile

@@ -5,10 +5,8 @@ include /etc/firejail/gradio.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
+noblacklist ${HOME}/.cache/gradio
 noblacklist ${HOME}/.local/share/gradio
-mkdir ${HOME}/.local/share/gradio
-whitelist ${HOME}/.local/share/gradio
-whitelist ${HOME}/.cache/gradio
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
@@ -16,6 +14,10 @@ include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
+mkdir ${HOME}/.cache/gradio
+mkdir ${HOME}/.local/share/gradio
+whitelist ${HOME}/.cache/gradio
+whitelist ${HOME}/.local/share/gradio
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 

etc/server.profile

@@ -22,18 +22,24 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
 caps
+# ipc-namespace
+# netfilter /etc/firejail/webserver.net
 no3d
+# nodbus
 nodvd
+# nogroups
+# nonewprivs
+# noroot
 nosound
 notv
 novideo
 seccomp
-
-# netfilter /etc/firejail/webserver.net
+# shell none
 
 # disable-mnt
 private
 # private-bin program
+# private-cache
 private-dev
 # private-etc none
 # private-lib