merged Various #542 pull request from Fred-Barclay

76 files changed, 293 insertions, 252 deletions

diff --git a/Makefile.in b/Makefile.in
index 6699ab732..ea6299b3e 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -188,6 +188,7 @@ realinstall:
         install -c -m 0644 .etc/konversation.profile $(DESTDIR)/$(sysconfdir)/firejail/.
         install -c -m 0644 .etc/psi-plus.profile $(DESTDIR)/$(sysconfdir)/firejail/.
         install -c -m 0644 .etc/brave.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/gitter.profile $(DESTDIR)/$(sysconfdir)/firejail/.
         sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
         sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
         rm -fr .etc
diff --git a/README b/README
index d926c8abe..437703b9b 100644
--- a/README
+++ b/README
@@ -79,7 +79,8 @@ Fred-Barclay (https://github.com/Fred-Barclay)
         - blacklisted g++
         - added xplayer, xreader, and xviewer profiles
         - added Brave profile
-        - added "shutdown" filter for x86_64 arch to seccomp
+        - added Gitter profile
+        - various organising
 Petter Reinholdtsen (pere@hungry.com)
         - Opera profile patch
 n1trux (https://github.com/n1trux)
diff --git a/README.md b/README.md
index c61543452..543565fe4 100644
--- a/README.md
+++ b/README.md
@@ -35,3 +35,7 @@ FAQ: https://firejail.wordpress.com/support/frequently-asked-questions/
 
 `````
 # Current development version: 0.9.41
+
+## New security profiles
+
+Gitter
diff --git a/RELNOTES b/RELNOTES
index 6c6bdb526..db3828354 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,3 +1,8 @@
+firejail (0.9.41) baseline; urgency=low
+  * work in progress...
+  * new profiles: Gitter
+ -- netblue30 <netblue30@yahoo.com>  Tue, 31 May 2016 08:00:00 -0500
+
 firejail (0.9.40) baseline; urgency=low
   * added --nice option
   * added --x11 option
@@ -25,7 +30,7 @@ firejail (0.9.40) baseline; urgency=low
   * new profiles: Aweather, Stellarium, gpredict, quiterss, cyberfox
   * new profiles: generic Ubuntu snap application profile, xplayer
   * new profiles: xreader, xviewer, mcabber, Psi+, Corebird, Konversation
-  * new profiles: Brave
+  * new profiles: Brave, Gitter
   * generic.profile renamed default.profile
   * build rpm packages using "make rpms"
   * bugfixes
diff --git a/etc/0ad.profile b/etc/0ad.profile
index e6540fb5d..3797ae5cd 100644
--- a/etc/0ad.profile
+++ b/etc/0ad.profile
@@ -7,12 +7,12 @@ include /etc/firejail/disable-programs.inc
 
 # Call these options
 caps.drop all
-seccomp
-protocol unix,inet,inet6,netlink
 netfilter
-tracelog
 noroot
 nonewprivs
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
 
 # Whitelists
 noblacklist ~/.cache/0ad
diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile
index 75dbebcf0..e719f070f 100644
--- a/etc/Mathematica.profile
+++ b/etc/Mathematica.profile
@@ -15,6 +15,6 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
 nonewprivs
 noroot
+seccomp
diff --git a/etc/abrowser.profile b/etc/abrowser.profile
index 6a06ce76b..65247e7d3 100644
--- a/etc/abrowser.profile
+++ b/etc/abrowser.profile
@@ -7,12 +7,12 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6,netlink
 netfilter
-tracelog
 nonewprivs
 noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
 
 whitelist ${DOWNLOADS}
 mkdir ~/.mozilla
@@ -41,13 +41,12 @@ whitelist ~/.config/lastpass
 
 
 #silverlight
-whitelist ~/.wine-pipelight 
-whitelist ~/.wine-pipelight64 
-whitelist ~/.config/pipelight-widevine 
+whitelist ~/.wine-pipelight
+whitelist ~/.wine-pipelight64
+whitelist ~/.config/pipelight-widevine
 whitelist ~/.config/pipelight-silverlight5.1
 
 include /etc/firejail/whitelist-common.inc
 
 # experimental features
 #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
-
diff --git a/etc/atril.profile b/etc/atril.profile
index b55f99cdd..8ee7da173 100644
--- a/etc/atril.profile
+++ b/etc/atril.profile
@@ -7,10 +7,10 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
+netfilter
 nonewprivs
 noroot
-tracelog
-netfilter
 nosound
+protocol unix,inet,inet6
+seccomp
+tracelog
diff --git a/etc/audacious.profile b/etc/audacious.profile
index 0a1598dee..e5275213c 100644
--- a/etc/audacious.profile
+++ b/etc/audacious.profile
@@ -5,7 +5,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 nonewprivs
 noroot
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile
index b7ccd132e..e63802c8a 100644
--- a/etc/bitlbee.profile
+++ b/etc/bitlbee.profile
@@ -4,9 +4,9 @@ noblacklist /usr/sbin
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 
-protocol unix,inet,inet6
+netfilter
+nonewprivs
 private
 private-dev
+protocol unix,inet,inet6
 seccomp
-netfilter
-nonewprivs
diff --git a/etc/brave.profile b/etc/brave.profile
index 24a0a31c9..4c42e9faa 100644
--- a/etc/brave.profile
+++ b/etc/brave.profile
@@ -6,10 +6,11 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6,netlink
 netfilter
+nonewprivs
 noroot
+protocol unix,inet,inet6,netlink
+seccomp
 
 whitelist ${DOWNLOADS}
 
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile
index b3a34fc9a..bc6fe1d86 100644
--- a/etc/cherrytree.profile
+++ b/etc/cherrytree.profile
@@ -15,11 +15,12 @@ mkdir ~/.local/share
 whitelist ${HOME}/.local/share/
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6,netlink
 netfilter
-tracelog
 nonewprivs
 noroot
-include /etc/firejail/whitelist-common.inc
 nosound
+seccomp
+protocol unix,inet,inet6,netlink
+tracelog
+
+include /etc/firejail/whitelist-common.inc
diff --git a/etc/clementine.profile b/etc/clementine.profile
index fb9dca2a9..5ce085358 100644
--- a/etc/clementine.profile
+++ b/etc/clementine.profile
@@ -5,7 +5,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 nonewprivs
 noroot
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/cmus.profile b/etc/cmus.profile
index 16b9c112d..2e2a6940c 100644
--- a/etc/cmus.profile
+++ b/etc/cmus.profile
@@ -7,11 +7,11 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 netfilter
 nonewprivs
 noroot
+protocol unix,inet,inet6
+seccomp
 
 private-bin cmus
 private-etc group
diff --git a/etc/conkeror.profile b/etc/conkeror.profile
index 0a7966e4b..e82eeec4c 100644
--- a/etc/conkeror.profile
+++ b/etc/conkeror.profile
@@ -4,11 +4,11 @@ include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 netfilter
 nonewprivs
 noroot
+protocol unix,inet,inet6
+seccomp
 
 whitelist ~/.conkeror.mozdev.org
 whitelist ~/Downloads
diff --git a/etc/corebird.profile b/etc/corebird.profile
index f3f73a44f..077ae30d0 100644
--- a/etc/corebird.profile
+++ b/etc/corebird.profile
@@ -6,7 +6,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 netfilter
 noroot
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile
index c5fb25e9a..0035b6be6 100644
--- a/etc/cyberfox.profile
+++ b/etc/cyberfox.profile
@@ -7,12 +7,12 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6,netlink
 netfilter
-tracelog
 nonewprivs
 noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
 
 whitelist ${DOWNLOADS}
 mkdir ~/.8pecxstudios
@@ -41,13 +41,12 @@ whitelist ~/.config/lastpass
 
 
 #silverlight
-whitelist ~/.wine-pipelight 
-whitelist ~/.wine-pipelight64 
-whitelist ~/.config/pipelight-widevine 
+whitelist ~/.wine-pipelight
+whitelist ~/.wine-pipelight64
+whitelist ~/.config/pipelight-widevine
 whitelist ~/.config/pipelight-silverlight5.1
 
 include /etc/firejail/whitelist-common.inc
 
 # experimental features
 #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
-
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile
index 9225ca16e..04abd0a92 100644
--- a/etc/deadbeef.profile
+++ b/etc/deadbeef.profile
@@ -7,7 +7,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 nonewprivs
 noroot
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/default.profile b/etc/default.profile
index d836a9f5d..a2de72695 100644
--- a/etc/default.profile
+++ b/etc/default.profile
@@ -8,9 +8,8 @@ include /etc/firejail/disable-passwdmgr.inc
 #blacklist ${HOME}/.wine
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 netfilter
 nonewprivs
 noroot
-
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/deluge.profile b/etc/deluge.profile
index f7a2b98e4..277ecc15e 100644
--- a/etc/deluge.profile
+++ b/etc/deluge.profile
@@ -6,9 +6,9 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 netfilter
 nonewprivs
 noroot
 nosound
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/dillo.profile b/etc/dillo.profile
index 392000ade..2ddd363cb 100644
--- a/etc/dillo.profile
+++ b/etc/dillo.profile
@@ -7,12 +7,12 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 netfilter
-tracelog
 nonewprivs
 noroot
+protocol unix,inet,inet6
+seccomp
+tracelog
 
 whitelist ${DOWNLOADS}
 mkdir ~/.dillo
@@ -21,6 +21,3 @@ mkdir ~/.fltk
 whitelist ~/.fltk
 
 include /etc/firejail/whitelist-common.inc
-
-
-
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 633f9c548..1f86a0ebe 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -65,6 +65,7 @@ blacklist ${HOME}/.config/xchat
 blacklist ${HOME}/.Skype
 blacklist ${HOME}/.config/tox
 blacklist ${HOME}/.TelegramDesktop
+blacklist ${HOME}/.config/Gitter
 
 # Games
 blacklist ${HOME}/.hedgewars
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile
index 4459c40dd..6b199c34b 100644
--- a/etc/dnsmasq.profile
+++ b/etc/dnsmasq.profile
@@ -5,10 +5,11 @@ include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-devel.inc
+
 caps
-seccomp
-protocol unix,inet,inet6,netlink
 netfilter
+nonewprivs
 private
 private-dev
-nonewprivs
+protocol unix,inet,inet6,netlink
+seccomp
diff --git a/etc/dropbox.profile b/etc/dropbox.profile
index 568ab230a..2427c6af8 100644
--- a/etc/dropbox.profile
+++ b/etc/dropbox.profile
@@ -4,7 +4,7 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps
-seccomp
-protocol unix,inet,inet6
 nonewprivs
 noroot
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/empathy.profile b/etc/empathy.profile
index c08398e84..371100814 100644
--- a/etc/empathy.profile
+++ b/etc/empathy.profile
@@ -4,7 +4,7 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 netfilter
 nonewprivs
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/epiphany.profile b/etc/epiphany.profile
index 7783a05fd..57191429a 100644
--- a/etc/epiphany.profile
+++ b/etc/epiphany.profile
@@ -19,8 +19,9 @@ mkdir ${HOME}/.cache
 mkdir ${HOME}/.cache/epiphany
 whitelist ${HOME}/.cache/epiphany
 include /etc/firejail/whitelist-common.inc
+
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 netfilter
 nonewprivs
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/evince.profile b/etc/evince.profile
index 3c883d43c..8c84a1daa 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -5,8 +5,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 nonewprivs
 noroot
 nosound
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/fbreader.profile b/etc/fbreader.profile
index 7764a48c9..c4d84691c 100644
--- a/etc/fbreader.profile
+++ b/etc/fbreader.profile
@@ -7,9 +7,9 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 netfilter
 nonewprivs
 noroot
 nosound
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/filezilla.profile b/etc/filezilla.profile
index 1ab08b568..3cb4890e2 100644
--- a/etc/filezilla.profile
+++ b/etc/filezilla.profile
@@ -7,9 +7,9 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
+netfilter
 nonewprivs
 noroot
-netfilter
 nosound
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/firefox.profile b/etc/firefox.profile
index 6796ef7c4..2cc4d3cd8 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -7,12 +7,12 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6,netlink
 netfilter
-tracelog
 nonewprivs
 noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
 
 whitelist ${DOWNLOADS}
 mkdir ~/.mozilla
@@ -41,14 +41,12 @@ whitelist ~/.config/lastpass
 
 
 #silverlight
-whitelist ~/.wine-pipelight 
-whitelist ~/.wine-pipelight64 
-whitelist ~/.config/pipelight-widevine 
+whitelist ~/.wine-pipelight
+whitelist ~/.wine-pipelight64
+whitelist ~/.config/pipelight-widevine
 whitelist ~/.config/pipelight-silverlight5.1
 
 include /etc/firejail/whitelist-common.inc
 
 # experimental features
 #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
-
-
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile
index 77a95aa17..f248c385a 100644
--- a/etc/flashpeak-slimjet.profile
+++ b/etc/flashpeak-slimjet.profile
@@ -15,11 +15,11 @@ include /etc/firejail/disable-programs.inc
 #
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6,netlink
 netfilter
 nonewprivs
 noroot
+protocol unix,inet,inet6,netlink
+seccomp
 
 whitelist ${DOWNLOADS}
 mkdir ~/.config
diff --git a/etc/gitter.profile b/etc/gitter.profile
new file mode 100644
index 000000000..0c2bd1353
--- /dev/null
+++ b/etc/gitter.profile
@@ -0,0 +1,13 @@
+# Firejail profile for Gitter
+noblacklist ~/.config/Gitter
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+
+caps.drop all
+netfilter
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile
index 010b19613..f15778534 100644
--- a/etc/gnome-mplayer.profile
+++ b/etc/gnome-mplayer.profile
@@ -5,7 +5,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 nonewprivs
 noroot
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile
index fe2f79901..b4cf8d9ac 100644
--- a/etc/google-play-music-desktop-player.profile
+++ b/etc/google-play-music-desktop-player.profile
@@ -7,11 +7,11 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6,netlink
 nonewprivs
 noroot
 netfilter
+protocol unix,inet,inet6,netlink
+seccomp
 
 #whitelist ~/.pulse
 #whitelist ~/.config/pulse
diff --git a/etc/gwenview.profile b/etc/gwenview.profile
index 87523d825..65cc084e6 100644
--- a/etc/gwenview.profile
+++ b/etc/gwenview.profile
@@ -5,16 +5,16 @@ include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
+
 caps.drop all
-seccomp
-protocol unix
 nonewprivs
 noroot
 nogroups
 private-dev
+protocol unix
+seccomp
 
 #Experimental:
 #shell none
 #private-bin gwenview
 #private-etc X11
-
diff --git a/etc/hexchat.profile b/etc/hexchat.profile
index 3eb350660..a584d25c5 100644
--- a/etc/hexchat.profile
+++ b/etc/hexchat.profile
@@ -7,11 +7,11 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 nonewprivs
 noroot
 netfilter
+protocol unix,inet,inet6
+seccomp
 
 mkdir ~/.config
 mkdir ~/.config/hexchat
diff --git a/etc/kmail.profile b/etc/kmail.profile
index a47945bc6..44a53e258 100644
--- a/etc/kmail.profile
+++ b/etc/kmail.profile
@@ -7,9 +7,9 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6,netlink
 netfilter
 nonewprivs
 noroot
+protocol unix,inet,inet6,netlink
+seccomp
 tracelog
diff --git a/etc/konversation.profile b/etc/konversation.profile
index d10decb8f..190061618 100644
--- a/etc/konversation.profile
+++ b/etc/konversation.profile
@@ -6,7 +6,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 netfilter
 noroot
+seccomp
+protocol unix,inet,inet6
diff --git a/etc/lxterminal.profile b/etc/lxterminal.profile
index b6acf2587..d1d0b8a0d 100644
--- a/etc/lxterminal.profile
+++ b/etc/lxterminal.profile
@@ -5,7 +5,7 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 netfilter
+protocol unix,inet,inet6
+seccomp
 #noroot - somehow this breaks on Debian Jessie!
diff --git a/etc/mcabber.profile b/etc/mcabber.profile
index 1536194b2..6b236a9a7 100644
--- a/etc/mcabber.profile
+++ b/etc/mcabber.profile
@@ -8,11 +8,11 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol inet,inet6
 netfilter
 nonewprivs
 noroot
+protocol inet,inet6
+seccomp
 
 private-bin mcabber
 private-etc null
diff --git a/etc/midori.profile b/etc/midori.profile
index 568687058..c4055fa83 100644
--- a/etc/midori.profile
+++ b/etc/midori.profile
@@ -5,8 +5,8 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 netfilter
 nonewprivs
 noroot
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile
index c9a99bede..d4b442df8 100644
--- a/etc/mupen64plus.profile
+++ b/etc/mupen64plus.profile
@@ -16,8 +16,8 @@ mkdir ${HOME}/.config
 mkdir ${HOME}/.config/mupen64plus
 whitelist ${HOME}/.config/mupen64plus/
 
+caps.drop all
+net none
 nonewprivs
 noroot
-caps.drop all
 seccomp
-net none
diff --git a/etc/netsurf.profile b/etc/netsurf.profile
index e01cace7f..3de6be238 100644
--- a/etc/netsurf.profile
+++ b/etc/netsurf.profile
@@ -7,12 +7,12 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6,netlink
 netfilter
-tracelog
 nonewprivs
 noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
 
 whitelist ${DOWNLOADS}
 mkdir ~/.config
@@ -30,6 +30,3 @@ whitelist ~/.lastpass
 whitelist ~/.config/lastpass
 
 include /etc/firejail/whitelist-common.inc
-
-
-
diff --git a/etc/okular.profile b/etc/okular.profile
index 5179da787..b1efc4753 100644
--- a/etc/okular.profile
+++ b/etc/okular.profile
@@ -6,17 +6,17 @@ include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
+
 caps.drop all
-seccomp
-protocol unix
 nonewprivs
-noroot
 nogroups
+noroot
 private-dev
+protocol unix
+seccomp
 
 #Experimental:
 #net none
 #shell none
 #private-bin okular,kbuildsycoca4,kbuildsycoca5
 #private-etc X11
-
diff --git a/etc/openbox.profile b/etc/openbox.profile
index 6e2e5d6fd..f812768a1 100644
--- a/etc/openbox.profile
+++ b/etc/openbox.profile
@@ -5,8 +5,7 @@
 include /etc/firejail/disable-common.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 netfilter
 noroot
-
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/palemoon.profile b/etc/palemoon.profile
index 4db9b7adc..a74954ddb 100644
--- a/etc/palemoon.profile
+++ b/etc/palemoon.profile
@@ -12,12 +12,12 @@ include /etc/firejail/whitelist-common.inc
 
 # Options
 caps.drop all
-seccomp
-protocol unix,inet,inet6,netlink
 netfilter
-tracelog
 nonewprivs
 noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
 
 whitelist ${DOWNLOADS}
 mkdir ~/.moonchild productions
@@ -41,9 +41,9 @@ whitelist ~/.cache/moonchild productions/pale moon
 #whitelist ~/.pki
 
 # For silverlight
-#whitelist ~/.wine-pipelight 
-#whitelist ~/.wine-pipelight64 
-#whitelist ~/.config/pipelight-widevine 
+#whitelist ~/.wine-pipelight
+#whitelist ~/.wine-pipelight64
+#whitelist ~/.config/pipelight-widevine
 #whitelist ~/.config/pipelight-silverlight5.1
 
 
diff --git a/etc/parole.profile b/etc/parole.profile
index c0be0453b..1440a9ef7 100644
--- a/etc/parole.profile
+++ b/etc/parole.profile
@@ -8,9 +8,9 @@ private-etc passwd,group,fonts
 private-bin parole,dbus-launch
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 netfilter
 nonewprivs
 noroot
+protocol unix,inet,inet6
+seccomp
 shell none
diff --git a/etc/pidgin.profile b/etc/pidgin.profile
index 767da5f55..091456d76 100644
--- a/etc/pidgin.profile
+++ b/etc/pidgin.profile
@@ -6,7 +6,7 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 nonewprivs
 noroot
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/polari.profile b/etc/polari.profile
index 7910f4e9b..366883c83 100644
--- a/etc/polari.profile
+++ b/etc/polari.profile
@@ -22,9 +22,8 @@ whitelist ${HOME}/.purple
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
+netfilter
 nonewprivs
 noroot
-netfilter
-
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile
index 8194da74f..9380237be 100644
--- a/etc/psi-plus.profile
+++ b/etc/psi-plus.profile
@@ -21,7 +21,7 @@ whitelist ~/.cache/psi+
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 netfilter
 noroot
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile
index 858fdda4d..cbf898502 100644
--- a/etc/qbittorrent.profile
+++ b/etc/qbittorrent.profile
@@ -5,9 +5,9 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 netfilter
 nonewprivs
 noroot
 nosound
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/qtox.profile b/etc/qtox.profile
index ca34e932a..3a19efa3a 100644
--- a/etc/qtox.profile
+++ b/etc/qtox.profile
@@ -10,7 +10,7 @@ whitelist ${DOWNLOADS}
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 nonewprivs
 noroot
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/quassel.profile b/etc/quassel.profile
index e68315c1c..f92dfeb9f 100644
--- a/etc/quassel.profile
+++ b/etc/quassel.profile
@@ -4,8 +4,8 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 nonewprivs
 noroot
 netfilter
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/quiterss.profile b/etc/quiterss.profile
index 5ad7ead1a..3e5dde36e 100644
--- a/etc/quiterss.profile
+++ b/etc/quiterss.profile
@@ -16,15 +16,16 @@ mkdir ~/.cache/QuiteRss
 whitelist ${HOME}/.cache/QuiteRss
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 netfilter
-tracelog
 nonewprivs
-noroot
 nogroups
-shell none
-private-dev
+noroot
 private-bin quiterss
+private-dev
 #private-etc X11,ssl
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+
 include /etc/firejail/whitelist-common.inc
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile
index 09d10b0bb..b590f0ef1 100644
--- a/etc/qutebrowser.profile
+++ b/etc/qutebrowser.profile
@@ -7,12 +7,12 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6,netlink
 netfilter
-tracelog
 nonewprivs
 noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
 
 whitelist ${DOWNLOADS}
 mkdir ~/.config/qutebrowser
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile
index ee0832863..0782a653d 100644
--- a/etc/rhythmbox.profile
+++ b/etc/rhythmbox.profile
@@ -5,8 +5,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
+netfilter
 nonewprivs
 noroot
-netfilter
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile
index 9ae2206c1..0be5e15d1 100644
--- a/etc/rtorrent.profile
+++ b/etc/rtorrent.profile
@@ -5,9 +5,9 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 netfilter
 nonewprivs
 noroot
 nosound
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile
index 886af0f67..9ce4164c1 100644
--- a/etc/seamonkey.profile
+++ b/etc/seamonkey.profile
@@ -6,12 +6,12 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6,netlink
 netfilter
-tracelog
 nonewprivs
 noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
 
 whitelist ${DOWNLOADS}
 mkdir ~/.mozilla
@@ -42,11 +42,10 @@ whitelist ~/.lastpass
 whitelist ~/.config/lastpass
 
 #silverlight
-whitelist ~/.wine-pipelight 
-whitelist ~/.wine-pipelight64 
-whitelist ~/.config/pipelight-widevine 
+whitelist ~/.wine-pipelight
+whitelist ~/.wine-pipelight64
+whitelist ~/.config/pipelight-widevine
 whitelist ~/.config/pipelight-silverlight5.1
 
 # experimental features
 #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
-
diff --git a/etc/skype.profile b/etc/skype.profile
index 4c4a34980..9cbcd5117 100644
--- a/etc/skype.profile
+++ b/etc/skype.profile
@@ -8,5 +8,5 @@ caps.drop all
 netfilter
 nonewprivs
 noroot
-seccomp
 protocol unix,inet,inet6
+seccomp
diff --git a/etc/spotify.profile b/etc/spotify.profile
index 1ee379dea..9ba25b818 100644
--- a/etc/spotify.profile
+++ b/etc/spotify.profile
@@ -7,8 +7,8 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
-# Whitelist the folders needed by Spotify - This is more restrictive 
-# than a blacklist though, but this is all spotify requires for 
+# Whitelist the folders needed by Spotify - This is more restrictive
+# than a blacklist though, but this is all spotify requires for
 # streaming audio
 mkdir ${HOME}/.config
 mkdir ${HOME}/.config/spotify
@@ -23,9 +23,8 @@ whitelist ${HOME}/.cache/spotify
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6,netlink
 netfilter
 nonewprivs
 noroot
-
+protocol unix,inet,inet6,netlink
+seccomp
diff --git a/etc/ssh.profile b/etc/ssh.profile
index 0c4621f66..a6d52c5a5 100644
--- a/etc/ssh.profile
+++ b/etc/ssh.profile
@@ -6,8 +6,8 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 netfilter
 nonewprivs
 noroot
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/steam.profile b/etc/steam.profile
index ae5e93829..b15a54be9 100644
--- a/etc/steam.profile
+++ b/etc/steam.profile
@@ -10,5 +10,5 @@ caps.drop all
 netfilter
 nonewprivs
 noroot
-seccomp
 protocol unix,inet,inet6
+seccomp
diff --git a/etc/telegram.profile b/etc/telegram.profile
index 62a0fa404..819cd8f3a 100644
--- a/etc/telegram.profile
+++ b/etc/telegram.profile
@@ -5,11 +5,11 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
+netfilter
 nonewprivs
 noroot
-netfilter
+protocol unix,inet,inet6
+seccomp
 
 whitelist ~/Downloads/Telegram Desktop
 mkdir ${HOME}/.TelegramDesktop
diff --git a/etc/totem.profile b/etc/totem.profile
index f2bce5dee..252b46979 100644
--- a/etc/totem.profile
+++ b/etc/totem.profile
@@ -8,8 +8,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 nonewprivs
 noroot
 netfilter
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index e27873f88..5aef32d45 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -8,10 +8,10 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 netfilter
 nonewprivs
 noroot
-tracelog
 nosound
+protocol unix,inet,inet6
+seccomp
+tracelog
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile
index 2caa923d8..d8ab1c60d 100644
--- a/etc/transmission-qt.profile
+++ b/etc/transmission-qt.profile
@@ -8,10 +8,10 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 netfilter
 nonewprivs
 noroot
-tracelog
 nosound
+protocol unix,inet,inet6
+seccomp
+tracelog
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile
index 86e7be6fd..02c7f56bf 100644
--- a/etc/uget-gtk.profile
+++ b/etc/uget-gtk.profile
@@ -6,11 +6,11 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 netfilter
 nonewprivs
 noroot
+protocol unix,inet,inet6
+seccomp
 
 whitelist ${DOWNLOADS}
 mkdir ~/.config
diff --git a/etc/vlc.profile b/etc/vlc.profile
index d26034748..f8eebd376 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -7,8 +7,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
+netfilter
 nonewprivs
 noroot
-netfilter
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/weechat.profile b/etc/weechat.profile
index 11b5bd10f..6cfe58420 100644
--- a/etc/weechat.profile
+++ b/etc/weechat.profile
@@ -4,9 +4,8 @@ include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 netfilter
 nonewprivs
 noroot
-netfilter
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile
index 61a87d994..cd0c6406f 100644
--- a/etc/wesnoth.profile
+++ b/etc/wesnoth.profile
@@ -9,10 +9,10 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 nonewprivs
 noroot
+protocol unix,inet,inet6
+seccomp
 
 private-dev
 
diff --git a/etc/xchat.profile b/etc/xchat.profile
index f4b273693..061c4f3da 100644
--- a/etc/xchat.profile
+++ b/etc/xchat.profile
@@ -6,7 +6,7 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
 nonewprivs
 noroot
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/xplayer.profile b/etc/xplayer.profile
index fb0e3c910..cd9cbed45 100644
--- a/etc/xplayer.profile
+++ b/etc/xplayer.profile
@@ -8,9 +8,9 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
+netfilter
 nonewprivs
 noroot
+protocol unix,inet,inet6
+seccomp
 tracelog
-netfilter
diff --git a/etc/xreader.profile b/etc/xreader.profile
index 267330c1f..2cf109f09 100644
--- a/etc/xreader.profile
+++ b/etc/xreader.profile
@@ -9,10 +9,10 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
+netfilter
 nonewprivs
 noroot
-tracelog
-netfilter
 nosound
+protocol unix,inet,inet6
+seccomp
+tracelog
diff --git a/etc/xviewer.profile b/etc/xviewer.profile
index a0c91f0f3..51949526d 100644
--- a/etc/xviewer.profile
+++ b/etc/xviewer.profile
@@ -6,9 +6,9 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6
+netfilter
 noroot
 nonewprivs
+protocol unix,inet,inet6
+seccomp
 tracelog
-netfilter
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 7da95eb68..7ae5ca1b9 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -102,3 +102,4 @@
 /etc/firejail/konversation.profile
 /etc/firejail/psi-plus.profile
 /etc/firejail/brave.profile
+/etc/firejail/gitter.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 567f97c69..566fb156f 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -6,88 +6,114 @@
 gpredict
 stellarium
 
-# weather/climate
-aweather
+# bittorrent/ftp
+deluge
+dropbox
+filezilla
+qbittorrent
+rtorrent
+transmission-gtk
+transmission-qt
+uget-gtk
 
 # browsers/email
-firefox
-iceweasel
-chromium-browser
+abrowser
+brave
 chromium
+chromium-browser
 conkeror
-thunderbird
-epiphany
+cyberfox
+firefox
 flashpeak-slimjet
+epiphany
+dillo
+google-chrome
 google-chrome-beta
 google-chrome-stable
 google-chrome-unstable
-google-chrome
+iceweasel
 icecat
 icedove
 kmail
 midori
+netsurf
 opera-beta
 opera
 qutebrowser
 seamonkey
 seamonkey-bin
+thunderbird
 vivaldi-beta
 vivaldi
-dillo
-netsurf
-brave
-
-# bittorrent/ftp
-deluge
-filezilla
-qbittorrent
-rtorrent
-transmission-gtk
-transmission-qt
-
-# office
-cherrytree
-evince
-fbreader
-localc
-lodraw
-loffice
-lofromtemplate
-loimpress
-lomath
-loweb
-lowriter
-Mathematica
-mathematica
-gwenview
-okular
-atril
-xreader
-
-# Media
-vlc
-audacious
-clementine
-deadbeef
-parole
-rhythmbox
-totem
-cmus
-xplayer
-xviewer
 
 # chat/messaging
 bitlbee
+corebird
 empathy
-gnome-mplayer
+gitter
 hexchat
+konversation
 pidgin
+polari
+psi-plus
 qtox
 quassel
+skype
+telegram
+weechat
+weechat-curses
 xchat
 
+# dns
+dnscrypt-proxy
+dnsmaq
+unbound
+
+# emulators/compatibility layers
+mupen64plus
+wine
+
 # games
 0ad
 hedgewars
+steam
 wesnot
 warzone2100
+
+# Media
+audacious
+clementine
+cmus
+deadbeef
+gnome-mplayer
+google-play-music-desktop-player
+parole
+rhythmbox
+spotify
+totem
+vlc
+xplayer
+xviewer
+
+# news readers
+quiterss
+
+# office
+atril
+cherrytree
+evince
+fbreader
+gwenview
+Mathematica
+mathematica
+okular
+xreader
+
+# other
+lxterminal
+openbox
+snap
+ssh
+
+# weather/climate
+aweather