phase 1

86 files changed, 53 insertions, 8570 deletions

diff --git a/Makefile.in b/Makefile.in
index cbcf252df..c09b1cd4c 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,6 +1,6 @@
 all: apps man filters
 MYLIBS = src/lib
-APPS = src/firejail src/firemon src/fsec-print src/fsec-optimize src/firecfg src/fnetfilter src/libtrace src/libtracelog src/ftee src/faudit src/fnet src/fseccomp src/fbuilder src/fcopy src/fldd src/libpostexecseccomp
+APPS = src/firejail src/firemon src/fsec-print src/fsec-optimize src/firecfg src/fnetfilter src/libtrace src/libtracelog src/ftee src/fnet src/fseccomp src/fcopy src/libpostexecseccomp
 MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 firejail-users.5
 SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx
 
@@ -93,12 +93,9 @@ endif
         install -c -m 0755 src/fshaper/fshaper.sh $(DESTDIR)/$(libdir)/firejail/.
 
         install -c -m 0644 src/firecfg/firecfg.config $(DESTDIR)/$(libdir)/firejail/.
-        install -c -m 0755 src/faudit/faudit $(DESTDIR)/$(libdir)/firejail/.
         install -c -m 0755 src/fnet/fnet $(DESTDIR)/$(libdir)/firejail/.
         install -c -m 0755 src/fnetfilter/fnetfilter $(DESTDIR)/$(libdir)/firejail/.
         install -c -m 0755 src/fcopy/fcopy $(DESTDIR)/$(libdir)/firejail/.
-        install -c -m 0755 src/fldd/fldd $(DESTDIR)/$(libdir)/firejail/.
-        install -c -m 0755 src/fbuilder/fbuilder $(DESTDIR)/$(libdir)/firejail/.
 ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP)
         install -c -m 0755 src/fsec-print/fsec-print $(DESTDIR)/$(libdir)/firejail/.
         install -c -m 0755 src/fsec-optimize/fsec-optimize $(DESTDIR)/$(libdir)/firejail/.
@@ -109,13 +106,6 @@ ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP)
         install -c -m 0644 seccomp.block_secondary $(DESTDIR)/$(libdir)/firejail/.
         install -c -m 0644 seccomp.mdwx $(DESTDIR)/$(libdir)/firejail/.
 endif
-ifeq ($(HAVE_CONTRIB_INSTALL),yes)
-        install -c -m 0755 contrib/fix_private-bin.py $(DESTDIR)/$(libdir)/firejail/.
-        install -c -m 0755 contrib/fjclip.py $(DESTDIR)/$(libdir)/firejail/.
-        install -c -m 0755 contrib/fjdisplay.py $(DESTDIR)/$(libdir)/firejail/.
-        install -c -m 0755 contrib/fjresize.py $(DESTDIR)/$(libdir)/firejail/.
-        install -c -m 0755 contrib/fj-mkdeb.py $(DESTDIR)/$(libdir)/firejail/.
-endif
         # documents
         install -m 0755 -d $(DESTDIR)/$(DOCDIR)
         install -c -m 0644 COPYING $(DESTDIR)/$(DOCDIR)/.
@@ -165,15 +155,12 @@ install-strip: all
         strip src/libtracelog/libtracelog.so
         strip src/libpostexecseccomp/libpostexecseccomp.so
         strip src/ftee/ftee
-        strip src/faudit/faudit
         strip src/fnet/fnet
         strip src/fnetfilter/fnetfilter
         strip src/fseccomp/fseccomp
         strip src/fsec-print/fsec-print
         strip src/fsec-optimize/fsec-optimize
         strip src/fcopy/fcopy
-        strip src/fldd/fldd
-        strip src/fbuilder/fbuilder
         $(MAKE) realinstall
 
 uninstall:
@@ -190,7 +177,7 @@ uninstall:
         rm -f $(DESTDIR)/$(datarootdir)/bash-completion/completions/firemon
         rm -f $(DESTDIR)/$(datarootdir)/bash-completion/completions/firecfg
 
-DISTFILES = "src etc platform contrib configure configure.ac dummy.c Makefile.in install.sh mkman.sh mketc.sh mkdeb.sh COPYING README RELNOTES"
+DISTFILES = "src etc platform configure configure.ac dummy.c Makefile.in install.sh mkman.sh mketc.sh mkdeb.sh COPYING README RELNOTES"
 DISTFILES_TEST = "test/apps test/apps-x11 test/apps-x11-xorg test/root test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/arguments test/fs test/sysutils test/chroot"
 
 dist:
@@ -214,9 +201,6 @@ deb: dist
 snap: all
         cd platform/snap; ./snap.sh
 
-install-snap: snap
-        sudo snap remove faudit; sudo snap install faudit*.snap
-
 test-compile: dist
         cd test/compile; ./compile.sh $(NAME)-$(VERSION)
 
@@ -242,18 +226,9 @@ scan-build: clean
 test-profiles:
         cd test/profiles; ./profiles.sh | grep TESTING
 
-test-private-lib:
-        cd test/private-lib; ./private-lib.sh | grep TESTING
-
 test-apps:
         cd test/apps; ./apps.sh | grep TESTING
 
-test-apps-x11:
-        cd test/apps-x11; ./apps-x11.sh | grep TESTING
-
-test-apps-x11-xorg:
-        cd test/apps-x11-xorg; ./apps-x11-xorg.sh | grep TESTING
-
 test-sysutils:
         cd test/sysutils; ./sysutils.sh | grep TESTING
 
@@ -280,7 +255,7 @@ test-fcopy:
 test-fnetfilter:
         cd test/fnetfilter; ./fnetfilter.sh | grep TESTING
 
-test: test-profiles test-private-lib test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters test-arguments
+test: test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-filters test-arguments
         echo "TEST COMPLETE"
 
 test-travis: test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-filters test-arguments
@@ -296,10 +271,6 @@ test-travis: test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sy
 test-ssh:
         cd test/ssh; ./ssh.sh | grep TESTING
 
-# requires root access
-test-chroot:
-        cd test/chroot; ./chroot.sh | grep testing
-
 # Huge appimage files, not included in "make dist" archive
 test-appimage:
         cd test/appimage; ./appimage.sh | grep TESTING
@@ -317,10 +288,6 @@ test-stress:
 test-root:
         cd test/root; su -c ./root.sh | grep TESTING
 
-# OverlayFS is not available on all platforms
-test-overlay:
-        cd test/overlay; ./overlay.sh | grep TESTING
-
 # For testing hidepid system, the command to set it up is "mount -o remount,rw,hidepid=2 /proc"
 
 test-all: test-root test-chroot test-network test-appimage test-overlay
diff --git a/configure b/configure
index bad17d97d..bc86756ff 100755
--- a/configure
+++ b/configure
@@ -625,7 +625,6 @@ ac_includes_default="\
 ac_subst_vars='LTLIBOBJS
 LIBOBJS
 HAVE_SECCOMP_H
-HAVE_CONTRIB_INSTALL
 HAVE_GCOV
 BUSYBOX_WORKAROUND
 HAVE_FATAL_WARNINGS
@@ -716,7 +715,6 @@ enable_suid
 enable_fatal_warnings
 enable_busybox_workaround
 enable_gcov
-enable_contrib_install
 '
       ac_precious_vars='build_alias
 host_alias
@@ -1365,8 +1363,6 @@ Optional Features:
   --enable-busybox-workaround
                           enable busybox workaround
   --enable-gcov           Gcov instrumentation
-  --enable-contrib-install
-                          install contrib scripts
 
 Some influential environment variables:
   CC          C compiler command
@@ -3776,20 +3772,6 @@ if test "x$enable_gcov" = "xyes"; then :
 
 fi
 
-HAVE_CONTRIB_INSTALL="yes"
-# Check whether --enable-contrib-install was given.
-if test "${enable_contrib_install+set}" = set; then :
-  enableval=$enable_contrib_install;
-fi
-
-if test "x$enable_contrib_install" = "xno"; then :
-  HAVE_CONTRIB_INSTALL="no"
-else
-  HAVE_CONTRIB_INSTALL="yes"
-
-fi
-
-
 # checking pthread library
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lpthread" >&5
 $as_echo_n "checking for main in -lpthread... " >&6; }
@@ -3855,7 +3837,7 @@ if test "$prefix" = /usr; then
         sysconfdir="/etc"
 fi
 
-ac_config_files="$ac_config_files Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile"
+ac_config_files="$ac_config_files Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fsec-print/Makefile src/ftee/Makefile src/fseccomp/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile"
 
 cat >confcache <<\_ACEOF
 # This file is a shell script that caches the results of configure
@@ -4575,12 +4557,9 @@ do
     "src/libtrace/Makefile") CONFIG_FILES="$CONFIG_FILES src/libtrace/Makefile" ;;
     "src/libtracelog/Makefile") CONFIG_FILES="$CONFIG_FILES src/libtracelog/Makefile" ;;
     "src/firecfg/Makefile") CONFIG_FILES="$CONFIG_FILES src/firecfg/Makefile" ;;
-    "src/fbuilder/Makefile") CONFIG_FILES="$CONFIG_FILES src/fbuilder/Makefile" ;;
     "src/fsec-print/Makefile") CONFIG_FILES="$CONFIG_FILES src/fsec-print/Makefile" ;;
     "src/ftee/Makefile") CONFIG_FILES="$CONFIG_FILES src/ftee/Makefile" ;;
-    "src/faudit/Makefile") CONFIG_FILES="$CONFIG_FILES src/faudit/Makefile" ;;
     "src/fseccomp/Makefile") CONFIG_FILES="$CONFIG_FILES src/fseccomp/Makefile" ;;
-    "src/fldd/Makefile") CONFIG_FILES="$CONFIG_FILES src/fldd/Makefile" ;;
     "src/libpostexecseccomp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libpostexecseccomp/Makefile" ;;
     "src/fsec-optimize/Makefile") CONFIG_FILES="$CONFIG_FILES src/fsec-optimize/Makefile" ;;
 
@@ -5061,6 +5040,5 @@ echo "   EXTRA_LDFLAGS: $EXTRA_LDFLAGS"
 echo "   EXTRA_CFLAGS: $EXTRA_CFLAGS"
 echo "   fatal warnings: $HAVE_FATAL_WARNINGS"
 echo "   Gcov instrumentation: $HAVE_GCOV"
-echo "   Install contrib scripts: $HAVE_CONTRIB_INSTALL"
 echo "   Install as a SUID executable: $HAVE_SUID"
 echo
diff --git a/configure.ac b/configure.ac
index ea569eb2f..9dc01bc8f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -178,15 +178,6 @@ AS_IF([test "x$enable_gcov" = "xyes"], [
         AC_SUBST(HAVE_GCOV)
 ])
 
-HAVE_CONTRIB_INSTALL="yes"
-AC_ARG_ENABLE([contrib-install],
-    AS_HELP_STRING([--enable-contrib-install], [install contrib scripts]))
-AS_IF([test "x$enable_contrib_install" = "xno"],
-        [HAVE_CONTRIB_INSTALL="no"],
-        [HAVE_CONTRIB_INSTALL="yes"]
-)
-AC_SUBST(HAVE_CONTRIB_INSTALL)
-
 # checking pthread library
 AC_CHECK_LIB([pthread], [main], [], AC_MSG_ERROR([*** POSIX thread support not installed ***]))
 AC_CHECK_HEADER(pthread.h,,AC_MSG_ERROR([*** POSIX thread support not installed ***]))
@@ -199,8 +190,8 @@ if test "$prefix" = /usr; then
 fi
 
 AC_OUTPUT(Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile \
-src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile \
-src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile)
+src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fsec-print/Makefile \
+src/ftee/Makefile src/fseccomp/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile)
 
 echo
 echo "Configuration options:"
@@ -225,6 +216,5 @@ echo "   EXTRA_LDFLAGS: $EXTRA_LDFLAGS"
 echo "   EXTRA_CFLAGS: $EXTRA_CFLAGS"
 echo "   fatal warnings: $HAVE_FATAL_WARNINGS"
 echo "   Gcov instrumentation: $HAVE_GCOV"
-echo "   Install contrib scripts: $HAVE_CONTRIB_INSTALL"
 echo "   Install as a SUID executable: $HAVE_SUID"
 echo
diff --git a/contrib/fix_private-bin.py b/contrib/fix_private-bin.py
deleted file mode 100755
index 86fd3d16b..000000000
--- a/contrib/fix_private-bin.py
+++ /dev/null
@@ -1,157 +0,0 @@
-#!/usr/bin/python3
-
-__author__ = "KOLANICH"
-__copyright__ = """This is free and unencumbered software released into the public domain.
-
-Anyone is free to copy, modify, publish, use, compile, sell, or
-distribute this software, either in source code form or as a compiled
-binary, for any purpose, commercial or non-commercial, and by any
-means.
-
-In jurisdictions that recognize copyright laws, the author or authors
-of this software dedicate any and all copyright interest in the
-software to the public domain. We make this dedication for the benefit
-of the public at large and to the detriment of our heirs and
-successors. We intend this dedication to be an overt act of
-relinquishment in perpetuity of all present and future rights to this
-software under copyright law.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
-OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-OTHER DEALINGS IN THE SOFTWARE.
-
-For more information, please refer to <http://unlicense.org/>"""
-__license__ = "Unlicense"
-
-import sys, os, glob, re
-
-privRx=re.compile("^(?:#\s*)?private-bin")
-
-def fixSymlinkedBins(files, replMap):
-        """
-        Used to add filenames to private-bin directives of files if the ones present are mentioned in replMap
-        replMap is a dict where key is the marker filename and value is the filename to add
-        """
-
-        rxs=dict()
-        for (old,new) in replMap.items():
-                rxs[old]=re.compile("\\b"+old+"\\b")
-                rxs[new]=re.compile("\\b"+new+"\\b")
-        #print(rxs)
-
-        for filename in files:
-                lines=None
-                with open(filename,"r") as file:
-                        lines=file.readlines()
-
-                shouldUpdate=False
-                for (i,line) in enumerate(lines):
-                        if privRx.search(line):
-                                for (old,new) in replMap.items():
-                                        if rxs[old].search(line) and not rxs[new].search(line):
-                                                lines[i]=rxs[old].sub(old+","+new, line)
-                                                shouldUpdate=True
-                                                print(lines[i])
-
-                if shouldUpdate:
-                        with open(filename,"w") as file:
-                                file.writelines(lines)
-                        pass
-
-def createSetOfBinaries(files):
-        """
-        Creates a set of binaries mentioned in private-bin directives of files.
-        """
-        s=set()
-        for filename in files:
-                lines=None
-                with open(filename,"r") as file:
-                        for line in file:
-                                if privRx.search(line):
-                                        bins=line.split(",")
-                                        bins[0]=bins[0].split(" ")[-1]
-                                        bins = [n.strip() for n in bins]
-                                        s=s|set(bins)
-        return s
-
-def createSymlinkTable(binDirs, binariesSet):
-        """
-        creates a dict of symlinked binaries in the system where a key is a symlink name and value is a symlinked binary.
-        binDirs are folders to look into for binaries symlinks
-        binariesSet is a set of binaries to be checked if they are actually a symlinks
-        """
-        m=dict()
-        toProcess=binariesSet
-        while len(toProcess)!=0:
-                additional=set()
-                for sh in toProcess:
-                        for bD in binDirs:
-                                p=bD+os.path.sep+sh
-                                if os.path.exists(p):
-                                        if os.path.islink(p):
-                                                m[sh]=os.readlink(p)
-                                                additional.add(m[sh].split(" ")[0])
-                                        else:
-                                                pass
-                                        break
-                toProcess=additional
-        return m
-
-def doTheFixes(profilesPath, binDirs):
-        """
-        Fixes private-bin in .profiles for firejail. The pipeline is as follows:
-        discover files -> discover mentioned binaries ->
-        discover the ones which are symlinks ->
-        make a look-up table for fix ->
-        filter the ones can be fixed (we cannot fix the ones which are not in directories for binaries) ->
-        apply fix
-        """
-        files=glob.glob(profilesPath+os.path.sep+"*.profile")
-        bins=createSetOfBinaries(files)
-        #print("The binaries used are:")
-        #print(bins)
-        stbl=createSymlinkTable(binDirs,bins)
-        print("The replacement table is:")
-        print(stbl)
-        stbl={a[0]:a[1] for a in stbl.items() if a[0].find(os.path.sep) < 0 and a[1].find(os.path.sep)<0}
-        print("Filtered replacement table is:")
-        print(stbl)
-        fixSymlinkedBins(files,stbl)
-
-def printHelp():
-        print("python3 "+os.path.basename(__file__)+" <dir with .profile files>\nThe default dir is "+defaultProfilesPath+"\n"+doTheFixes.__doc__)
-
-def main():
-        """The main function. Parses the commandline args, shows messages and calles the function actually doing the work."""
-        print(repr(sys.argv))
-        defaultProfilesPath="../etc"
-        if len(sys.argv)>2 or (len(sys.argv)==2 and (sys.argv[1] == '-h' or sys.argv[1] == '--help') ):
-                printHelp()
-                exit(1)
-
-        profilesPath=None
-        if len(sys.argv)==2:
-                if os.path.isdir(sys.argv[1]):
-                        profilesPath=os.path.abspath(sys.argv[1])
-                else:
-                        if os.path.exists(sys.argv[1]):
-                                print(sys.argv[1]+" is not a dir")
-                        else:
-                                print(sys.argv[1]+" does not exist")
-                        printHelp()
-                        exit(1)
-        else:
-                print("Using default profiles dir: " + defaultProfilesPath)
-                profilesPath=defaultProfilesPath
-
-        binDirs=["/bin","/usr/bin","/usr/sbin","/usr/local/bin","/usr/local/sbin"]
-        print("Binaries dirs are:")
-        print(binDirs)
-        doTheFixes(profilesPath, binDirs)
-
-if __name__ == "__main__":
-        main()
diff --git a/contrib/fj-mkdeb.py b/contrib/fj-mkdeb.py
deleted file mode 100755
index 3cc13b758..000000000
--- a/contrib/fj-mkdeb.py
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/usr/bin/env python3
-
-# This script is automate the workaround for https://github.com/netblue30/firejail/issues/772
-
-import os, re, shlex, subprocess, sys
-
-def run(srcdir, args):
-  if srcdir: os.chdir(srcdir)
-
-  dry_run=False
-  escaped_args=[]
-  # We need to modify the list as we go.  So be sure to copy the list to be iterated!
-  for a in args[:]:
-    if a.startswith('--prefix'):
-      # prefix should ALWAYS be /usr here.  Discard user-set values
-      args.remove(a)
-    elif a == '--only-fix-mkdeb':
-      # for us, not configure
-      dry_run=True
-      args.remove(a)
-    else:
-      escaped_args.append(shlex.quote(a))
-
-  # Fix up mkdeb.sh to include custom configure options.
-  with open('mkdeb.sh', 'rb') as f:
-    sh=str(f.read(), 'utf_8')
-  rx=re.compile(r'^\./configure\s.*$', re.M)
-  with open('mkdeb.sh', 'wb') as f:
-    f.write(bytes(rx.sub('./configure --prefix=/usr '+(' '.join(escaped_args)), sh), 'utf_8'))
-
-  if dry_run: return 0
-
-  # now run configure && make
-  if subprocess.call(['./configure', '--prefix=/usr']+args) == 0:
-    subprocess.call(['make', 'deb'])
-
-  return 0
-
-
-if __name__ == '__main__':
-  if len(sys.argv) == 2 and sys.argv[1] == '--help':
-    print('''Build a .deb of firejail with custom configure options
-
-usage:
-{script} [--fj-src=SRCDIR] [--only-fix-mkdeb] [CONFIGURE_OPTIONS [...]]
-
- --fj-src=SRCDIR: manually specify the location of firejail source tree
-                  as SRCDIR.  If not specified, looks in the parent directory
-                  of the directory where this script is located, and then the
-                  current working directory, in that order.
- --only-fix-mkdeb: don't run configure or make after modifying mkdeb.sh
- CONFIGURE_OPTIONS: arguments for configure
-'''.format(script=sys.argv[0]))
-    sys.exit(0)
-  else:
-    # Find the source directory
-    srcdir=None
-    args=sys.argv[1:]
-    for a in args:
-      if a.startswith('--fj-src='):
-        args.remove(a)
-        srcdir=a[9:]
-        break
-    if not(srcdir):
-      # srcdir not manually specified, try to auto-detect
-      srcdir=os.path.dirname(os.path.abspath(sys.argv[0]+'/..'))
-      if not(os.path.isfile(srcdir+'/mkdeb.sh')):
-        # Script is probably installed.  Check the cwd.
-        if os.path.isfile('./mkdeb.sh'):
-          srcdir=None
-        else:
-          print('Error: Could not find the firejail source tree.  Exiting.')
-          sys.exit(1)
-    sys.exit(run(srcdir, args))
diff --git a/contrib/fjclip.py b/contrib/fjclip.py
deleted file mode 100755
index b45959841..000000000
--- a/contrib/fjclip.py
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/usr/bin/env python
-
-import re
-import sys
-import subprocess
-import fjdisplay
-
-usage = """fjclip.py src dest. src or dest can be named firejails or - for stdin or stdout.
-firemon --x11 to see available running x11 firejails. firejail names can be shortened
-to least ambiguous. for example 'work-libreoffice' can be shortened to 'work' if no
-other firejails name starts with 'work'.
-warning: browsers are dangerous. clipboards from browsers are dangerous.  see
-https://github.com/dxa4481/Pastejacking
-fjclip.py strips whitespace from both
-ends, but does nothing else to protect you.  use a simple gui text editor like
-gedit if you want to see what your pasting."""
-
-if len(sys.argv) != 3 or sys.argv == '-h' or sys.argv == '--help':
-    print(usage)
-    exit(1)
-
-if sys.argv[1] == '-':
-    clipin_raw = sys.stdin.read()
-else:
-    display = fjdisplay.getdisplay(sys.argv[1])
-    clipin_raw = subprocess.check_output(['xsel','-b','--display',display])
-
-clipin = clipin_raw.strip()
-
-if sys.argv[2] == '-':
-    print(clipin)
-else:
-    display = fjdisplay.getdisplay(sys.argv[2])
-    clipout = subprocess.Popen(['xsel','-b','-i','--display',display],stdin=subprocess.PIPE)
-    clipout.communicate(clipin)
diff --git a/contrib/fjdisplay.py b/contrib/fjdisplay.py
deleted file mode 100755
index 3f409545f..000000000
--- a/contrib/fjdisplay.py
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/usr/bin/env python
-
-import re
-import sys
-import subprocess
-
-usage = """fjdisplay.py name-of-firejail
-returns the display in the form of ':NNN'
-"""
-
-def getfirejails():
-    output = subprocess.check_output(['firemon','--x11'])
-    firejails = {}
-    name = ''
-    for line in output.split('\n'):
-        namematch = re.search('--name=(\w+\S*)',line)
-        if namematch:
-          name = namematch.group(1)
-        displaymatch = re.search('DISPLAY (:\d+)',line)
-        if displaymatch:
-          firejails[name] = displaymatch.group(1)
-    return firejails
-
-def getdisplay(name):
-    firejails = getfirejails()
-    fjlist = '\n'.join(firejails.keys())
-    namere = re.compile('^'+name+'.*', re.MULTILINE)
-    matchingjails = namere.findall(fjlist)
-    if len(matchingjails) == 1:
-        return firejails[matchingjails[0]]
-    if len(matchingjails) == 0:
-        raise NameError("firejail {} does not exist".format(name))
-    else:
-        raise NameError("ambiguous firejail name")
-
-if __name__ == '__main__':
-    if '-h' in sys.argv or '--help' in sys.argv or len(sys.argv) > 2:
-        print(usage)
-        exit()
-    if len(sys.argv) == 1:
-        print(getfirejails())
-    if len(sys.argv) == 2:
-        print (getdisplay(sys.argv[1]))
diff --git a/contrib/fjresize.py b/contrib/fjresize.py
deleted file mode 100755
index 3997cf280..000000000
--- a/contrib/fjresize.py
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/usr/bin/env python
-
-import sys
-import fjdisplay
-import subprocess
-
-usage = """usage: fjresize.py firejail-name displaysize
-resize firejail xephyr windows.
-fjdisplay.py with no other arguments will list running named firejails with displays.
-fjresize.py with only a firejail name will list valid resolutions.
-names can be shortend as long its unambiguous.
-note: you may need to move the xephyr window for the resize to take effect
-example:
-    fjresize.py browser 1280x800
-"""
-
-
-if len(sys.argv) == 2:
-    out = subprocess.check_output(['xrandr','--display',fjdisplay.getdisplay(sys.argv[1])])
-    print(out)
-elif len(sys.argv) == 3:
-    out = subprocess.check_output(['xrandr','--display',fjdisplay.getdisplay(sys.argv[1]),'--output','default','--mode',sys.argv[2]])
-    print(out)
-else:
-    print(usage)
diff --git a/contrib/update_deb.sh b/contrib/update_deb.sh
deleted file mode 100755
index fa1b2d692..000000000
--- a/contrib/update_deb.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/sh
-# Purpose: Fetch, compile, and install firejail from GitHub source. For
-# Debian-based distros only (Ubuntu, Mint, etc).
-set -e
-git clone --depth=1 https://github.com/netblue30/firejail.git
-cd firejail
-./configure --prefix=/usr
-make deb
-sudo dpkg -i firejail*.deb
-echo "Firejail was updated!"
-cd ..
-rm -rf firejail
diff --git a/src/faudit/Makefile.in b/src/faudit/Makefile.in
deleted file mode 100644
index 26df0fe51..000000000
--- a/src/faudit/Makefile.in
+++ /dev/null
@@ -1,14 +0,0 @@
-all: faudit
-
-include ../common.mk
-
-%.o : %.c $(H_FILE_LIST)
-        $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@
-
-faudit: $(OBJS)
-        $(CC)  $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS)
-
-clean:; rm -f *.o faudit *.gcov *.gcda *.gcno
-
-distclean: clean
-        rm -fr Makefile
diff --git a/src/faudit/caps.c b/src/faudit/caps.c
deleted file mode 100644
index 46c262c89..000000000
--- a/src/faudit/caps.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-
-#include "faudit.h"
-#include <linux/capability.h>
-
-#define MAXBUF 4098
-static int extract_caps(uint64_t *val) {
-        FILE *fp = fopen("/proc/self/status", "r");
-        if (!fp)
-                return 1;
-
-        char buf[MAXBUF];
-        while (fgets(buf, MAXBUF, fp)) {
-                if (strncmp(buf, "CapBnd:\t", 8) == 0) {
-                        char *ptr = buf + 8;
-                        unsigned long long tmp;
-                        sscanf(ptr, "%llx", &tmp);
-                        *val = tmp;
-                        fclose(fp);
-                        return 0;
-                }
-        }
-
-        fclose(fp);
-        return 1;
-}
-
-// return 1 if the capability is in tbe map
-static int check_capability(uint64_t map, int cap) {
-        int i;
-        uint64_t mask = 1ULL;
-
-        for (i = 0; i < 64; i++, mask <<= 1) {
-                if ((i == cap) && (mask & map))
-                        return 1;
-        }
-
-        return 0;
-}
-
-void caps_test(void) {
-        uint64_t caps_val;
-
-        if (extract_caps(&caps_val)) {
-                printf("SKIP: cannot extract capabilities on this platform.\n");
-                return;
-        }
-
-        if (caps_val) {
-                printf("BAD: the capability map is %llx, it should be all zero. ", (unsigned long long) caps_val);
-                printf("Use \"firejail --caps.drop=all\" to fix it.\n");
-
-                if (check_capability(caps_val, CAP_SYS_ADMIN))
-                        printf("UGLY: CAP_SYS_ADMIN is enabled.\n");
-                if (check_capability(caps_val, CAP_SYS_BOOT))
-                        printf("UGLY: CAP_SYS_BOOT is enabled.\n");
-        }
-        else
-                printf("GOOD: all capabilities are disabled.\n");
-}
diff --git a/src/faudit/dbus.c b/src/faudit/dbus.c
deleted file mode 100644
index cb08b9b0b..000000000
--- a/src/faudit/dbus.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "faudit.h"
-#include <sys/socket.h>
-#include <sys/un.h>
-
-// return 0 if the connection is possible
-int check_unix(const char *sockfile) {
-        assert(sockfile);
-        int rv = -1;
-
-        // open socket
-        int sock = socket(AF_UNIX, SOCK_STREAM, 0);
-        if (sock == -1)
-                return rv;
-
-        // connect
-        struct sockaddr_un remote;
-        memset(&remote, 0, sizeof(struct sockaddr_un));
-        remote.sun_family = AF_UNIX;
-        strncpy(remote.sun_path, sockfile, sizeof(remote.sun_path));
-        int len = strlen(remote.sun_path) + sizeof(remote.sun_family);
-        if (*sockfile == '@')
-                remote.sun_path[0] = '\0';
-        if (connect(sock, (struct sockaddr *)&remote, len) == 0)
-                rv = 0;
-
-        close(sock);
-        return rv;
-}
-
-void dbus_test(void) {
-        // check the session bus
-        char *str = getenv("DBUS_SESSION_BUS_ADDRESS");
-        if (str) {
-                int rv = 0;
-                char *bus = strdup(str);
-                if (!bus)
-                        errExit("strdup");
-                char *sockfile;
-                if ((sockfile = strstr(bus, "unix:abstract=")) != NULL) {
-                        sockfile += 13;
-                        *sockfile = '@';
-                        char *ptr = strchr(sockfile, ',');
-                        if (ptr)
-                                *ptr = '\0';
-                        rv = check_unix(sockfile);
-                        *sockfile = '@';
-                        if (rv == 0)
-                                printf("MAYBE: D-Bus socket %s is available\n", sockfile);
-                        else if (rv == -1)
-                                printf("GOOD: cannot connect to D-Bus socket %s\n", sockfile);
-                }
-                else if ((sockfile = strstr(bus, "unix:path=")) != NULL) {
-                        sockfile += 10;
-                        char *ptr = strchr(sockfile, ',');
-                        if (ptr)
-                                *ptr = '\0';
-                        rv = check_unix(sockfile);
-                        if (rv == 0)
-                                printf("MAYBE: D-Bus socket %s is available\n", sockfile);
-                        else if (rv == -1)
-                                printf("GOOD: cannot connect to D-Bus socket %s\n", sockfile);
-                }
-                else if ((sockfile = strstr(bus, "tcp:host=")) != NULL)
-                        printf("UGLY: session bus configured for TCP communication.\n");
-                else
-                        printf("GOOD: cannot find a D-Bus socket\n");
-
-
-                free(bus);
-        }
-        else
-                printf("GOOD: DBUS_SESSION_BUS_ADDRESS environment variable not configured.");
-}
diff --git a/src/faudit/dev.c b/src/faudit/dev.c
deleted file mode 100644
index 7bf4b279c..000000000
--- a/src/faudit/dev.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "faudit.h"
-#include <dirent.h>
-
-void dev_test(void) {
-        DIR *dir;
-        if (!(dir = opendir("/dev"))) {
-                fprintf(stderr, "Error: cannot open /dev directory\n");
-                return;
-        }
-
-        struct dirent *entry;
-        printf("INFO: files visible in /dev directory: ");
-        int cnt = 0;
-        while ((entry = readdir(dir)) != NULL) {
-                if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
-                        continue;
-
-                printf("%s, ", entry->d_name);
-                cnt++;
-        }
-        printf("\n");
-
-        if (cnt > 20)
-                printf("MAYBE: /dev directory seems to be fully populated. Use --private-dev or --whitelist to restrict the access.\n");
-        else
-                printf("GOOD: Access to /dev directory is restricted.\n");
-        closedir(dir);
-}
diff --git a/src/faudit/faudit.h b/src/faudit/faudit.h
deleted file mode 100644
index 180121ec1..000000000
--- a/src/faudit/faudit.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-
-#ifndef FAUDIT_H
-#define FAUDIT_H
-#define _GNU_SOURCE
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/mount.h>
-#include <assert.h>
-
-#define errExit(msg)    do { char msgout[500]; sprintf(msgout, "Error %s:%s(%d)", msg, __FUNCTION__, __LINE__); perror(msgout); exit(1);} while (0)
-
-// main.c
-extern char *prog;
-
-// pid.c
-void pid_test(void);
-
-// caps.c
-void caps_test(void);
-
-// seccomp.c
-void seccomp_test(void);
-
-// syscall.c
-void syscall_helper(int argc, char **argv);
-void syscall_run(const char *name);
-
-// files.c
-void files_test(void);
-
-// network.c
-void network_test(void);
-
-// dbus.c
-int check_unix(const char *sockfile);
-void dbus_test(void);
-
-// dev.c
-void dev_test(void);
-
-// x11.c
-void x11_test(void);
-
-#endif
diff --git a/src/faudit/files.c b/src/faudit/files.c
deleted file mode 100644
index 1ba18f2ab..000000000
--- a/src/faudit/files.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "faudit.h"
-#include <fcntl.h>
-#include <pwd.h>
-
-static char *username = NULL;
-static char *homedir = NULL;
-
-static void check_home_file(const char *name) {
-        assert(homedir);
-
-        char *fname;
-        if (asprintf(&fname, "%s/%s", homedir, name) ==  -1)
-                errExit("asprintf");
-
-        if (access(fname, R_OK) == 0) {
-                printf("UGLY: I can access files in %s directory. ", fname);
-                printf("Use \"firejail --blacklist=%s\" to block it.\n", fname);
-        }
-        else
-                printf("GOOD: I cannot access files in %s directory.\n", fname);
-
-        free(fname);
-}
-
-void files_test(void) {
-        struct passwd *pw = getpwuid(getuid());
-        if (!pw) {
-                fprintf(stderr, "Error: cannot retrieve user account information\n");
-                return;
-        }
-
-        username = strdup(pw->pw_name);
-        if (!username)
-                errExit("strdup");
-        homedir = strdup(pw->pw_dir);
-        if (!homedir)
-                errExit("strdup");
-
-        // check access to .ssh directory
-        check_home_file(".ssh");
-
-        // check access to .gnupg directory
-        check_home_file(".gnupg");
-
-        // check access to Firefox browser directory
-        check_home_file(".mozilla");
-
-        // check access to Chromium browser directory
-        check_home_file(".config/chromium");
-
-        // check access to Debian Icedove directory
-        check_home_file(".icedove");
-
-        // check access to Thunderbird directory
-        check_home_file(".thunderbird");
-}
diff --git a/src/faudit/main.c b/src/faudit/main.c
deleted file mode 100644
index d73986843..000000000
--- a/src/faudit/main.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "faudit.h"
-char *prog;
-
-int main(int argc, char **argv) {
-        // make test-arguments helper
-        if (getenv("FIREJAIL_TEST_ARGUMENTS")) {
-                printf("Arguments:\n");
-
-                int i;
-                for (i = 0; i < argc; i++) {
-                        printf("#%s#\n", argv[i]);
-                }
-
-                return 0;
-        }
-
-
-        if (argc != 1) {
-                int i;
-
-                for (i = 1; i < argc; i++) {
-                        if (strcmp(argv[i], "syscall") == 0) {
-                                syscall_helper(argc, argv);
-                                return 0;
-                        }
-                }
-                return 1;
-        }
-
-        printf("\n---------------- Firejail Audit: the GOOD, the BAD and the UGLY ----------------\n");
-
-        // extract program name
-        prog = realpath(argv[0], NULL);
-        if (prog == NULL) {
-                prog = strdup("faudit");
-                if (!prog)
-                        errExit("strdup");
-        }
-        printf("INFO: starting %s.\n", prog);
-
-
-        // check pid namespace
-        pid_test();
-        printf("\n");
-
-        // check seccomp
-        seccomp_test();
-        printf("\n");
-
-        // check capabilities
-        caps_test();
-        printf("\n");
-
-        // check some well-known problematic files and directories
-        files_test();
-        printf("\n");
-
-        // network
-        network_test();
-        printf("\n");
-
-        // dbus
-        dbus_test();
-        printf("\n");
-
-        // x11 test
-        x11_test();
-        printf("\n");
-
-        // /dev test
-        dev_test();
-        printf("\n");
-
-
-        free(prog);
-        printf("--------------------------------------------------------------------------------\n");
-
-        return 0;
-}
diff --git a/src/faudit/network.c b/src/faudit/network.c
deleted file mode 100644
index 54eef2b2a..000000000
--- a/src/faudit/network.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "faudit.h"
-#include <sys/socket.h>
-#include <arpa/inet.h>
-#include <linux/netlink.h>
-#include <linux/rtnetlink.h>
-
-static void check_ssh(void) {
-        // open socket
-        int sock = socket(AF_INET, SOCK_STREAM, 0);
-        if (sock == -1) {
-                printf("GOOD: SSH server not available on localhost.\n");
-                return;
-        }
-
-        // connect to localhost
-        struct sockaddr_in server;
-        server.sin_addr.s_addr = inet_addr("127.0.0.1");
-        server.sin_family = AF_INET;
-        server.sin_port = htons(22);
-
-        if (connect(sock , (struct sockaddr *)&server , sizeof(server)) < 0)
-                printf("GOOD: SSH server not available on localhost.\n");
-        else {
-                printf("MAYBE: an SSH server is accessible on localhost. ");
-                printf("It could be a good idea to create a new network namespace using \"--net=none\" or \"--net=eth0\".\n");
-        }
-
-        close(sock);
-}
-
-static void check_http(void) {
-        // open socket
-        int sock = socket(AF_INET, SOCK_STREAM, 0);
-        if (sock == -1) {
-                printf("GOOD: HTTP server not available on localhost.\n");
-                return;
-        }
-
-        // connect to localhost
-        struct sockaddr_in server;
-        server.sin_addr.s_addr = inet_addr("127.0.0.1");
-        server.sin_family = AF_INET;
-        server.sin_port = htons(80);
-
-        if (connect(sock , (struct sockaddr *)&server , sizeof(server)) < 0)
-                printf("GOOD: HTTP server not available on localhost.\n");
-        else {
-                printf("MAYBE: an HTTP server is accessible on localhost. ");
-                printf("It could be a good idea to create a new network namespace using \"--net=none\" or \"--net=eth0\".\n");
-        }
-
-        close(sock);
-}
-
-void check_netlink(void) {
-        int sock = socket(AF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, 0);
-        if (sock == -1) {
-                printf("GOOD: I cannot connect to netlink socket. Network utilities such as iproute2 will not work in the sandbox.\n");
-                return;
-        }
-
-        struct sockaddr_nl local;
-        memset(&local, 0, sizeof(local));
-        local.nl_family = AF_NETLINK;
-        local.nl_groups = 0; //subscriptions;
-
-        if (bind(sock, (struct sockaddr*)&local, sizeof(local)) < 0) {
-                printf("GOOD: I cannot connect to netlink socket. Network utilities such as iproute2 will not work in the sandbox.\n");
-                close(sock);
-                return;
-        }
-
-        close(sock);
-        printf("MAYBE: I can connect to netlink socket. Network utilities such as iproute2 will work fine in the sandbox. ");
-        printf("You can use \"--protocol\" to disable the socket.\n");
-}
-
-void network_test(void) {
-        check_ssh();
-        check_http();
-        check_netlink();
-}
diff --git a/src/faudit/pid.c b/src/faudit/pid.c
deleted file mode 100644
index 22bb68c1a..000000000
--- a/src/faudit/pid.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "faudit.h"
-
-void pid_test(void) {
-        char *kern_proc[] = {
-                "kthreadd",
-                "ksoftirqd",
-                "kworker",
-                "rcu_sched",
-                "rcu_bh",
-                NULL    // NULL terminated list
-        };
-        int i;
-
-        // look at the first 10 processes
-        int not_visible = 1;
-        for (i = 1; i <= 10; i++) {
-                struct stat s;
-                char *fname;
-                if (asprintf(&fname, "/proc/%d/comm", i) == -1)
-                        errExit("asprintf");
-                if (stat(fname, &s) == -1) {
-                        free(fname);
-                        continue;
-                }
-
-                // open file
-                /* coverity[toctou] */
-                FILE *fp = fopen(fname, "r");
-                if (!fp) {
-                        free(fname);
-                        continue;
-                }
-
-                // read file
-                char buf[100];
-                if (fgets(buf, 10, fp) == NULL) {
-                        fclose(fp);
-                        free(fname);
-                        continue;
-                }
-                not_visible = 0;
-
-                // clean /n
-                char *ptr;
-                if ((ptr = strchr(buf, '\n')) != NULL)
-                        *ptr = '\0';
-
-                // check process name against the kernel list
-                int j = 0;
-                while (kern_proc[j] != NULL) {
-                        if (strncmp(buf, kern_proc[j], strlen(kern_proc[j])) == 0) {
-                                fclose(fp);
-                                free(fname);
-                                printf("BAD: Process %d is not running in a PID namespace. ", getpid());
-                                printf("Are you sure you're running in a sandbox?\n");
-                                return;
-                        }
-                        j++;
-                }
-
-                fclose(fp);
-                free(fname);
-        }
-
-        pid_t pid = getpid();
-        if (not_visible && pid > 100)
-                printf("BAD: Process %d is not running in a PID namespace.\n", pid);
-        else
-                printf("GOOD: process %d is running in a PID namespace.\n", pid);
-
-        // try to guess the type of container/sandbox
-        char *str = getenv("container");
-        if (str)
-                printf("INFO: container/sandbox %s.\n", str);
-        else {
-                str = getenv("SNAP");
-                if (str)
-                        printf("INFO: this is a snap package\n");
-        }
-}
diff --git a/src/faudit/seccomp.c b/src/faudit/seccomp.c
deleted file mode 100644
index 85a883618..000000000
--- a/src/faudit/seccomp.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "faudit.h"
-
-#define MAXBUF 4098
-static int extract_seccomp(int *val) {
-        FILE *fp = fopen("/proc/self/status", "r");
-        if (!fp)
-                return 1;
-
-        char buf[MAXBUF];
-        while (fgets(buf, MAXBUF, fp)) {
-                if (strncmp(buf, "Seccomp:\t", 8) == 0) {
-                        char *ptr = buf + 8;
-                        int tmp;
-                        sscanf(ptr, "%d", &tmp);
-                        *val = tmp;
-                        fclose(fp);
-                        return 0;
-                }
-        }
-
-        fclose(fp);
-        return 1;
-}
-
-void seccomp_test(void) {
-        int seccomp_status;
-        int rv = extract_seccomp(&seccomp_status);
-
-        if (rv) {
-                printf("INFO: cannot extract seccomp configuration on this platform.\n");
-                return;
-        }
-
-        if (seccomp_status == 0) {
-                printf("BAD: seccomp disabled. Use \"firejail --seccomp\" to enable it.\n");
-        }
-        else if (seccomp_status == 1)
-                printf("GOOD: seccomp strict mode - only  read, write, _exit, and sigreturn are allowed.\n");
-        else if (seccomp_status == 2) {
-                printf("GOOD: seccomp BPF enabled.\n");
-
-                printf("checking syscalls: "); fflush(0);
-                printf("mount... "); fflush(0);
-                syscall_run("mount");
-
-                printf("umount2... "); fflush(0);
-                syscall_run("umount2");
-
-                printf("ptrace... "); fflush(0);
-                syscall_run("ptrace");
-
-                printf("swapon... "); fflush(0);
-                syscall_run("swapon");
-
-                printf("swapoff... "); fflush(0);
-                syscall_run("swapoff");
-
-                printf("init_module... "); fflush(0);
-                syscall_run("init_module");
-
-                printf("delete_module... "); fflush(0);
-                syscall_run("delete_module");
-
-                printf("chroot... "); fflush(0);
-                syscall_run("chroot");
-
-                printf("pivot_root... "); fflush(0);
-                syscall_run("pivot_root");
-
-#if defined(__i386__) || defined(__x86_64__)
-                printf("iopl... "); fflush(0);
-                syscall_run("iopl");
-
-                printf("ioperm... "); fflush(0);
-                syscall_run("ioperm");
-#endif
-                printf("\n");
-        }
-        else
-                fprintf(stderr, "Error: unrecognized seccomp mode\n");
-
-}
diff --git a/src/faudit/syscall.c b/src/faudit/syscall.c
deleted file mode 100644
index 3650590f3..000000000
--- a/src/faudit/syscall.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "faudit.h"
-#include <sys/ptrace.h>
-#include <sys/swap.h>
-#if defined(__i386__) || defined(__x86_64__)
-#include <sys/io.h>
-#endif
-#include <sys/wait.h>
-extern int init_module(void *module_image, unsigned long len,
-                       const char *param_values);
-extern int finit_module(int fd, const char *param_values,
-                        int flags);
-extern int delete_module(const char *name, int flags);
-extern int pivot_root(const char *new_root, const char *put_old);
-
-void syscall_helper(int argc, char **argv) {
-        (void) argc;
-
-        if (argc < 3)
-                return;
-
-        if (strcmp(argv[2], "mount") == 0) {
-                int rv = mount(NULL, NULL, NULL, 0, NULL);
-                (void) rv;
-                printf("\nUGLY: mount syscall permitted.\n");
-        }
-        else if (strcmp(argv[2], "umount2") == 0) {
-                umount2(NULL, 0);
-                printf("\nUGLY: umount2 syscall permitted.\n");
-        }
-        else if (strcmp(argv[2], "ptrace") == 0) {
-                ptrace(0, 0, NULL, NULL);
-                printf("\nUGLY: ptrace syscall permitted.\n");
-        }
-        else if (strcmp(argv[2], "swapon") == 0) {
-                swapon(NULL, 0);
-                printf("\nUGLY: swapon syscall permitted.\n");
-        }
-        else if (strcmp(argv[2], "swapoff") == 0) {
-                swapoff(NULL);
-                printf("\nUGLY: swapoff syscall permitted.\n");
-        }
-        else if (strcmp(argv[2], "init_module") == 0) {
-                init_module(NULL, 0, NULL);
-                printf("\nUGLY: init_module syscall permitted.\n");
-        }
-        else if (strcmp(argv[2], "delete_module") == 0) {
-                delete_module(NULL, 0);
-                printf("\nUGLY: delete_module syscall permitted.\n");
-        }
-        else if (strcmp(argv[2], "chroot") == 0) {
-                int rv = chroot("/blablabla-57281292");
-                (void) rv;
-                printf("\nUGLY: chroot syscall permitted.\n");
-        }
-        else if (strcmp(argv[2], "pivot_root") == 0) {
-                pivot_root(NULL, NULL);
-                printf("\nUGLY: pivot_root syscall permitted.\n");
-        }
-#if defined(__i386__) || defined(__x86_64__)
-        else if (strcmp(argv[2], "iopl") == 0) {
-                iopl(0L);
-                printf("\nUGLY: iopl syscall permitted.\n");
-        }
-        else if (strcmp(argv[2], "ioperm") == 0) {
-                ioperm(0, 0, 0);
-                printf("\nUGLY: ioperm syscall permitted.\n");
-        }
-#endif
-        exit(0);
-}
-
-void syscall_run(const char *name) {
-        assert(prog);
-
-        pid_t child = fork();
-        if (child < 0)
-                errExit("fork");
-        if (child == 0) {
-                execl(prog, prog, "syscall", name, NULL);
-                perror("execl");
-                _exit(1);
-        }
-
-        // wait for the child to finish
-        waitpid(child, NULL, 0);
-}
diff --git a/src/faudit/x11.c b/src/faudit/x11.c
deleted file mode 100644
index bb763b110..000000000
--- a/src/faudit/x11.c
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "faudit.h"
-#include <sys/socket.h>
-#include <dirent.h>
-
-
-void x11_test(void) {
-        // check regular display 0 sockets
-        if (check_unix("/tmp/.X11-unix/X0") == 0)
-                printf("MAYBE: X11 socket /tmp/.X11-unix/X0 is available\n");
-
-        if (check_unix("@/tmp/.X11-unix/X0") == 0)
-                printf("MAYBE: X11 socket @/tmp/.X11-unix/X0 is available\n");
-
-        // check all unix sockets in /tmp/.X11-unix directory
-        DIR *dir;
-        if (!(dir = opendir("/tmp/.X11-unix"))) {
-                // sleep 2 seconds and try again
-                sleep(2);
-                if (!(dir = opendir("/tmp/.X11-unix"))) {
-                        ;
-                }
-        }
-
-        if (dir == NULL)
-                printf("GOOD: cannot open /tmp/.X11-unix directory\n");
-        else {
-                struct dirent *entry;
-                while ((entry = readdir(dir)) != NULL) {
-                        if (strcmp(entry->d_name, "X0") == 0)
-                                continue;
-                        if (strcmp(entry->d_name, ".") == 0)
-                                continue;
-                        if (strcmp(entry->d_name, "..") == 0)
-                                continue;
-                        char *name;
-                        if (asprintf(&name, "/tmp/.X11-unix/%s", entry->d_name) == -1)
-                                errExit("asprintf");
-                        if (check_unix(name) == 0)
-                                printf("MAYBE: X11 socket %s is available\n", name);
-                        free(name);
-                }
-                closedir(dir);
-        }
-}
diff --git a/src/fbuilder/Makefile.in b/src/fbuilder/Makefile.in
deleted file mode 100644
index 7a606c872..000000000
--- a/src/fbuilder/Makefile.in
+++ /dev/null
@@ -1,14 +0,0 @@
-all: fbuilder
-
-include ../common.mk
-
-%.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h
-        $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@
-
-fbuilder: $(OBJS)
-        $(CC)  $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS)
-
-clean:; rm -f *.o fbuilder *.gcov *.gcda *.gcno
-
-distclean: clean
-        rm -fr Makefile
diff --git a/src/fbuilder/build_bin.c b/src/fbuilder/build_bin.c
deleted file mode 100644
index 1230fb780..000000000
--- a/src/fbuilder/build_bin.c
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "fbuilder.h"
-
-static FileDB *bin_out = NULL;
-
-static void process_bin(const char *fname) {
-        assert(fname);
-
-        // process trace file
-        FILE *fp = fopen(fname, "r");
-        if (!fp) {
-                fprintf(stderr, "Error: cannot open %s\n", fname);
-                exit(1);
-        }
-
-        char buf[MAX_BUF];
-        while (fgets(buf, MAX_BUF, fp)) {
-                // remove \n
-                char *ptr = strchr(buf, '\n');
-                if (ptr)
-                        *ptr = '\0';
-
-                // parse line: 4:galculator:access /etc/fonts/conf.d:0
-                // number followed by :
-                ptr = buf;
-                if (!isdigit(*ptr))
-                        continue;
-                while (isdigit(*ptr))
-                        ptr++;
-                if (*ptr != ':')
-                        continue;
-                ptr++;
-
-                // next :
-                ptr = strchr(ptr, ':');
-                if (!ptr)
-                        continue;
-                ptr++;
-                if (strncmp(ptr, "exec ", 5) == 0)
-                        ptr +=  5;
-                else
-                        continue;
-                if (strncmp(ptr, "/bin/", 5) == 0)
-                        ptr += 5;
-                else if (strncmp(ptr, "/sbin/", 6) == 0)
-                        ptr += 6;
-                else if (strncmp(ptr, "/usr/bin/", 9) == 0)
-                        ptr += 9;
-                else if (strncmp(ptr, "/usr/sbin/", 10) == 0)
-                        ptr += 10;
-                else if (strncmp(ptr, "/usr/local/bin/", 15) == 0)
-                        ptr += 15;
-                else if (strncmp(ptr, "/usr/local/sbin/", 16) == 0)
-                        ptr += 16;
-                else if (strncmp(ptr, "/usr/games/", 11) == 0)
-                        ptr += 12;
-                else if (strncmp(ptr, "/usr/local/games/", 17) == 0)
-                        ptr += 17;
-                else
-                        continue;
-
-                // end of filename
-                char *ptr2 = strchr(ptr, ':');
-                if (!ptr2)
-                        continue;
-                *ptr2 = '\0';
-
-                // skip strace
-                if (strcmp(ptr, "strace") == 0)
-                        continue;
-
-                bin_out = filedb_add(bin_out, ptr);
-        }
-
-        fclose(fp);
-}
-
-
-// process fname, fname.1, fname.2, fname.3, fname.4, fname.5
-void build_bin(const char *fname, FILE *fp) {
-        assert(fname);
-
-        // run fname
-        process_bin(fname);
-
-        // run all the rest
-        struct stat s;
-        int i;
-        for (i = 1; i <= 5; i++) {
-                char *newname;
-                if (asprintf(&newname, "%s.%d", fname, i) == -1)
-                        errExit("asprintf");
-                if (stat(newname, &s) == 0)
-                        process_bin(newname);
-                free(newname);
-        }
-
-        if (bin_out) {
-                fprintf(fp, "private-bin ");
-                FileDB *ptr = bin_out;
-                while (ptr) {
-                        fprintf(fp, "%s,", ptr->fname);
-                        ptr = ptr->next;
-                }
-                fprintf(fp, "\n");
-                fprintf(fp, "# private-lib\n");
-        }
-}
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c
deleted file mode 100644
index 771dc94cb..000000000
--- a/src/fbuilder/build_fs.c
+++ /dev/null
@@ -1,317 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-
-#include "fbuilder.h"
-
-// common file processing function, using the callback for each line in the file
-static void process_file(const char *fname, const char *dir, void (*callback)(char *)) {
-        assert(fname);
-        assert(dir);
-        assert(callback);
-
-        int dir_len = strlen(dir);
-
-        // process trace file
-        FILE *fp = fopen(fname, "r");
-        if (!fp) {
-                fprintf(stderr, "Error: cannot open %s\n", fname);
-                exit(1);
-        }
-
-        char buf[MAX_BUF];
-        while (fgets(buf, MAX_BUF, fp)) {
-                // remove \n
-                char *ptr = strchr(buf, '\n');
-                if (ptr)
-                        *ptr = '\0';
-
-                // parse line: 4:galculator:access /etc/fonts/conf.d:0
-                // number followed by :
-                ptr = buf;
-                if (!isdigit(*ptr))
-                        continue;
-                while (isdigit(*ptr))
-                        ptr++;
-                if (*ptr != ':')
-                        continue;
-                ptr++;
-
-                // next :
-                ptr = strchr(ptr, ':');
-                if (!ptr)
-                        continue;
-                ptr++;
-                if (strncmp(ptr, "access ", 7) == 0)
-                        ptr +=  7;
-                else if (strncmp(ptr, "fopen ", 6) == 0)
-                        ptr += 6;
-                else if (strncmp(ptr, "fopen64 ", 8) == 0)
-                        ptr += 8;
-                else if (strncmp(ptr, "open64 ", 7) == 0)
-                        ptr += 7;
-                else if (strncmp(ptr, "open ", 5) == 0)
-                        ptr += 5;
-                else
-                        continue;
-                if (strncmp(ptr, dir, dir_len) != 0)
-                        continue;
-
-                // end of filename
-                char *ptr2 = strchr(ptr, ':');
-                if (!ptr2)
-                        continue;
-                *ptr2 = '\0';
-
-                callback(ptr);
-        }
-
-        fclose(fp);
-}
-
-// process fname, fname.1, fname.2, fname.3, fname.4, fname.5
-static void process_files(const char *fname, const char *dir, void (*callback)(char *)) {
-        assert(fname);
-        assert(dir);
-        assert(callback);
-
-        // run fname
-        process_file(fname, dir, callback);
-
-        // run all the rest
-        struct stat s;
-        int i;
-        for (i = 1; i <= 5; i++) {
-                char *newname;
-                if (asprintf(&newname, "%s.%d", fname, i) == -1)
-                        errExit("asprintf");
-                if (stat(newname, &s) == 0)
-                        process_file(newname, dir, callback);
-                free(newname);
-        }
-}
-
-//*******************************************
-// etc directory
-//*******************************************
-static FileDB *etc_out = NULL;
-
-static void etc_callback(char *ptr) {
-        // skip firejail directory
-        if (strncmp(ptr, "/etc/firejail", 13) == 0)
-                return;
-
-        // add only top files and directories
-        ptr += 5;       // skip "/etc/"
-        char *end = strchr(ptr, '/');
-        if (end)
-                *end = '\0';
-        etc_out = filedb_add(etc_out, ptr);
-}
-
-void build_etc(const char *fname, FILE *fp) {
-        assert(fname);
-
-        process_files(fname, "/etc", etc_callback);
-
-        fprintf(fp, "private-etc ");
-        if (etc_out == NULL)
-                fprintf(fp, "none\n");
-        else {
-                FileDB *ptr = etc_out;
-                while (ptr) {
-                        fprintf(fp, "%s,", ptr->fname);
-                        ptr = ptr->next;
-                }
-                fprintf(fp, "\n");
-        }
-}
-
-//*******************************************
-// var directory
-//*******************************************
-static FileDB *var_out = NULL;
-static void var_callback(char *ptr) {
-        if (strcmp(ptr, "/var/lib") == 0)
-                ;
-        else if (strcmp(ptr, "/var/cache") == 0)
-                ;
-        else if (strncmp(ptr, "/var/lib/menu-xdg", 17) == 0)
-                var_out = filedb_add(var_out, "/var/lib/menu-xdg");
-        else if (strncmp(ptr, "/var/cache/fontconfig", 21) == 0)
-                var_out = filedb_add(var_out, "/var/cache/fontconfig");
-        else
-                var_out = filedb_add(var_out, ptr);
-}
-
-void build_var(const char *fname, FILE *fp) {
-        assert(fname);
-
-        process_files(fname, "/var", var_callback);
-
-        if (var_out == NULL)
-                fprintf(fp, "blacklist /var\n");
-        else
-                filedb_print(var_out, "whitelist ", fp);
-}
-
-
-//*******************************************
-// usr/share directory
-//*******************************************
-static FileDB *share_out = NULL;
-static void share_callback(char *ptr) {
-        // extract the directory:
-        assert(strncmp(ptr, "/usr/share", 10) == 0);
-        char *p1 = ptr + 10;
-        if (*p1 != '/')
-                return;
-        p1++;
-        if (*p1 == '/') // double '/'
-                p1++;
-        if (*p1 == '\0')
-                return;
-
-        // "/usr/share/bash-completion/bash_completion"  becomes "/usr/share/bash-completion"
-        char *p2 = strchr(p1, '/');
-        if (p2)
-                *p2 = '\0';
-
-        // store the file
-        share_out = filedb_add(share_out, ptr);
-}
-
-void build_share(const char *fname, FILE *fp) {
-        assert(fname);
-
-        process_files(fname, "/usr/share", share_callback);
-
-        if (share_out == NULL)
-                fprintf(fp, "blacklist /usr/share\n");
-        else
-                filedb_print(share_out, "whitelist ", fp);
-}
-
-//*******************************************
-// tmp directory
-//*******************************************
-static FileDB *tmp_out = NULL;
-static void tmp_callback(char *ptr) {
-        filedb_add(tmp_out, ptr);
-}
-
-void build_tmp(const char *fname, FILE *fp) {
-        assert(fname);
-
-        process_files(fname, "/tmp", tmp_callback);
-
-        if (tmp_out == NULL)
-                fprintf(fp, "private-tmp\n");
-        else {
-                fprintf(fp, "\n");
-                fprintf(fp, "# private-tmp\n");
-                fprintf(fp, "# File accessed in /tmp directory:\n");
-                fprintf(fp, "# ");
-                FileDB *ptr = tmp_out;
-                while (ptr) {
-                        fprintf(fp, "%s,", ptr->fname);
-                        ptr = ptr->next;
-                }
-                printf("\n");
-        }
-}
-
-//*******************************************
-// dev directory
-//*******************************************
-static char *dev_skip[] = {
-        "/dev/zero",
-        "/dev/null",
-        "/dev/full",
-        "/dev/random",
-        "/dev/urandom",
-        "/dev/tty",
-        "/dev/snd",
-        "/dev/dri",
-        "/dev/pts",
-        "/dev/nvidia0",
-        "/dev/nvidia1",
-        "/dev/nvidia2",
-        "/dev/nvidia3",
-        "/dev/nvidia4",
-        "/dev/nvidia5",
-        "/dev/nvidia6",
-        "/dev/nvidia7",
-        "/dev/nvidia8",
-        "/dev/nvidia9",
-        "/dev/nvidiactl",
-        "/dev/nvidia-modeset",
-        "/dev/nvidia-uvm",
-        "/dev/video0",
-        "/dev/video1",
-        "/dev/video2",
-        "/dev/video3",
-        "/dev/video4",
-        "/dev/video5",
-        "/dev/video6",
-        "/dev/video7",
-        "/dev/video8",
-        "/dev/video9",
-        "/dev/dvb",
-        "/dev/sr0",
-        NULL
-};
-
-static FileDB *dev_out = NULL;
-static void dev_callback(char *ptr) {
-        // skip private-dev devices
-        int i = 0;
-        int found = 0;
-        while (dev_skip[i]) {
-                if (strcmp(ptr, dev_skip[i]) == 0) {
-                        found = 1;
-                        break;
-                }
-                i++;
-        }
-        if (!found)
-                filedb_add(dev_out, ptr);
-}
-
-void build_dev(const char *fname, FILE *fp) {
-        assert(fname);
-
-        process_files(fname, "/dev", dev_callback);
-
-        if (dev_out == NULL)
-                fprintf(fp, "private-dev\n");
-        else {
-                fprintf(fp, "\n");
-                fprintf(fp, "# private-dev\n");
-                fprintf(fp, "# This is the list of devices accessed (on top of regular private-dev devices:\n");
-                fprintf(fp, "# ");
-                FileDB *ptr = dev_out;
-                while (ptr) {
-                        fprintf(fp, "%s,", ptr->fname);
-                        ptr = ptr->next;
-                }
-                fprintf(fp, "\n");
-        }
-}
-
diff --git a/src/fbuilder/build_home.c b/src/fbuilder/build_home.c
deleted file mode 100644
index 7470a8d10..000000000
--- a/src/fbuilder/build_home.c
+++ /dev/null
@@ -1,199 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-
-#include "fbuilder.h"
-
-static FileDB *db_skip = NULL;
-static FileDB *db_out = NULL;
-
-static void load_whitelist_common(void) {
-        FILE *fp = fopen("/etc/firejail/whitelist-common.inc", "r");
-        if (!fp) {
-                fprintf(stderr, "Error: cannot open whitelist-common.inc\n");
-                exit(1);
-        }
-
-        char buf[MAX_BUF];
-        while (fgets(buf, MAX_BUF, fp)) {
-                if (strncmp(buf, "whitelist ~/", 12) != 0)
-                        continue;
-                char *fn = buf + 12;
-                char *ptr = strchr(buf, '\n');
-                if (!ptr)
-                        continue;
-                *ptr = '\0';
-
-                // add the file to skip list
-                db_skip = filedb_add(db_skip, fn);
-        }
-
-        fclose(fp);
-}
-
-void process_home(const char *fname, char *home, int home_len) {
-        assert(fname);
-        assert(home);
-        assert(home_len);
-
-        // process trace file
-        FILE *fp = fopen(fname, "r");
-        if (!fp) {
-                fprintf(stderr, "Error: cannot open %s\n", fname);
-                exit(1);
-        }
-
-        char buf[MAX_BUF];
-        while (fgets(buf, MAX_BUF, fp)) {
-                // remove \n
-                char *ptr = strchr(buf, '\n');
-                if (ptr)
-                        *ptr = '\0';
-
-                // parse line: 4:galculator:access /etc/fonts/conf.d:0
-                // number followed by :
-                ptr = buf;
-                if (!isdigit(*ptr))
-                        continue;
-                while (isdigit(*ptr))
-                        ptr++;
-                if (*ptr != ':')
-                        continue;
-                ptr++;
-
-                // next :
-                ptr = strchr(ptr, ':');
-                if (!ptr)
-                        continue;
-                ptr++;
-                if (strncmp(ptr, "access /home", 12) == 0)
-                        ptr +=  7;
-                else if (strncmp(ptr, "fopen /home", 11) == 0)
-                        ptr += 6;
-                else if (strncmp(ptr, "fopen64 /home", 13) == 0)
-                        ptr += 8;
-                else if (strncmp(ptr, "open64 /home", 12) == 0)
-                        ptr += 7;
-                else if (strncmp(ptr, "open /home", 10) == 0)
-                        ptr += 5;
-                else
-                        continue;
-
-                // end of filename
-                char *ptr2 = strchr(ptr, ':');
-                if (!ptr2)
-                        continue;
-                *ptr2 = '\0';
-
-                // check home directory
-                if (strncmp(ptr, home, home_len) != 0)
-                        continue;
-                if (strcmp(ptr, home) == 0)
-                        continue;
-                ptr += home_len + 1;
-
-                // skip files handled automatically by firejail
-                if (strcmp(ptr, ".Xauthority") == 0 ||
-                    strcmp(ptr, ".Xdefaults-debian") == 0 ||
-                    strncmp(ptr, ".config/pulse/", 13) == 0 ||
-                    strncmp(ptr, ".pulse/", 7) == 0 ||
-                    strncmp(ptr, ".bash_hist", 10) == 0 ||
-                    strcmp(ptr, ".bashrc") == 0)
-                        continue;
-
-
-                // try to find the relevant directory for this file
-                char *dir = extract_dir(ptr);
-                char *toadd = (dir)? dir: ptr;
-
-                // skip some dot directories
-                if (strcmp(toadd, ".config") == 0 ||
-                    strcmp(toadd, ".local") == 0 ||
-                    strcmp(toadd, ".local/share") == 0 ||
-                    strcmp(toadd, ".cache") == 0) {
-                        if (dir)
-                                free(dir);
-                        continue;
-                }
-
-                // clean .cache entries
-                if (strncmp(toadd, ".cache/", 7) == 0) {
-                        char *ptr2 = toadd + 7;
-                        ptr2 = strchr(ptr2, '/');
-                        if (ptr2)
-                                *ptr2 = '\0';
-                }
-
-                // skip files and directories in whitelist-common.inc
-                if (filedb_find(db_skip, toadd)) {
-                        if (dir)
-                                free(dir);
-                        continue;
-                }
-
-                // add the file to out list
-                db_out = filedb_add(db_out, toadd);
-                if (dir)
-                        free(dir);
-
-        }
-        fclose(fp);
-}
-
-
-// process fname, fname.1, fname.2, fname.3, fname.4, fname.5
-void build_home(const char *fname, FILE *fp) {
-        assert(fname);
-
-        // load whitelist common
-        load_whitelist_common();
-
-        // find user home directory
-        struct passwd *pw = getpwuid(getuid());
-        if (!pw)
-                errExit("getpwuid");
-        char *home = pw->pw_dir;
-        if (!home)
-                errExit("getpwuid");
-        int home_len = strlen(home);
-
-        // run fname
-        process_home(fname, home, home_len);
-
-        // run all the rest
-        struct stat s;
-        int i;
-        for (i = 1; i <= 5; i++) {
-                char *newname;
-                if (asprintf(&newname, "%s.%d", fname, i) == -1)
-                        errExit("asprintf");
-                if (stat(newname, &s) == 0)
-                        process_home(newname, home, home_len);
-                free(newname);
-        }
-
-        // print the out list if any
-        if (db_out) {
-                filedb_print(db_out, "whitelist ~/", fp);
-                fprintf(fp, "include /etc/firejail/whitelist-common.inc\n");
-        }
-        else
-                fprintf(fp, "private\n");
-
-}
\ No newline at end of file
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c
deleted file mode 100644
index 125487c41..000000000
--- a/src/fbuilder/build_profile.c
+++ /dev/null
@@ -1,170 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-
-#include "fbuilder.h"
-#include <sys/wait.h>
-#include <fcntl.h>
-
-#define TRACE_OUTPUT "/tmp/firejail-trace"
-#define STRACE_OUTPUT "/tmp/firejail-strace"
-
-static char *cmdlist[] = {
-        "/usr/bin/firejail",
-        "--quiet",
-        "--output=" TRACE_OUTPUT,
-        "--noprofile",
-        "--caps.drop=all",
-        "--nonewprivs",
-        "--trace",
-        "--shell=none",
-        "/usr/bin/strace", // also used as a marker in build_profile()
-        "-c",
-        "-f",
-        "-o" STRACE_OUTPUT,
-};
-
-static void clear_tmp_files(void) {
-        unlink(STRACE_OUTPUT);
-        unlink(TRACE_OUTPUT);
-
-        // run all the rest
-        int i;
-        for (i = 1; i <= 5; i++) {
-                char *newname;
-                if (asprintf(&newname, "%s.%d", TRACE_OUTPUT, i) == -1)
-                        errExit("asprintf");
-                unlink(newname);
-                free(newname);
-        }
-
-}
-
-void build_profile(int argc, char **argv, int index, FILE *fp) {
-        // next index is the application name
-        if (index >= argc) {
-                fprintf(stderr, "Error: application name missing\n");
-                exit(1);
-        }
-
-        // clean /tmp files
-        clear_tmp_files();
-
-        // detect strace
-        int have_strace = 0;
-        if (access("/usr/bin/strace", X_OK) == 0)
-                have_strace = 1;
-
-        // calculate command length
-        unsigned len = (int) sizeof(cmdlist) / sizeof(char*) + argc - index + 1;
-        if (arg_debug)
-                printf("command len %d + %d + 1\n", (int) (sizeof(cmdlist) / sizeof(char*)), argc - index);
-        char *cmd[len];
-        cmd[0] = cmdlist[0];    // explicit assignemnt to clean scan-build error
-
-        // build command
-        unsigned i = 0;
-        for (i = 0; i < (int) sizeof(cmdlist) / sizeof(char*); i++) {
-                // skip strace if not installed
-                if (have_strace == 0 && strcmp(cmdlist[i], "/usr/bin/strace") == 0)
-                        break;
-                cmd[i] = cmdlist[i];
-        }
-
-        int i2 = index;
-        for (; i < (len - 1); i++, i2++)
-                cmd[i] = argv[i2];
-        assert(i < len);
-        cmd[i] = NULL;
-
-        if (arg_debug) {
-                for (i = 0; i < len; i++)
-                        printf("\t%s\n", cmd[i]);
-        }
-
-        // fork and execute
-        pid_t child = fork();
-        if (child == -1)
-                errExit("fork");
-        if (child == 0) {
-                assert(cmd[0]);
-                int rv = execvp(cmd[0], cmd);
-                (void) rv;
-                errExit("execv");
-        }
-
-        // wait for all processes to finish
-        int status;
-        if (waitpid(child, &status, 0) != child)
-                errExit("waitpid");
-
-        if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
-                printf("\n\n\n");
-                fprintf(fp, "############################################\n");
-                fprintf(fp, "# %s profile\n", argv[index]);
-                fprintf(fp, "############################################\n");
-                fprintf(fp, "# Persistent global definitions\n");
-                fprintf(fp, "# include /etc/firejail/globals.local\n");
-                fprintf(fp, "\n");
-
-                fprintf(fp, "### basic blacklisting\n");
-                fprintf(fp, "include /etc/firejail/disable-common.inc\n");
-                fprintf(fp, "# include /etc/firejail/disable-devel.inc\n");
-                fprintf(fp, "include /etc/firejail/disable-passwdmgr.inc\n");
-                fprintf(fp, "# include /etc/firejail/disable-programs.inc\n");
-                fprintf(fp, "\n");
-
-                fprintf(fp, "### home directory whitelisting\n");
-                build_home(TRACE_OUTPUT, fp);
-                fprintf(fp, "\n");
-
-                fprintf(fp, "### filesystem\n");
-                build_tmp(TRACE_OUTPUT, fp);
-                build_dev(TRACE_OUTPUT, fp);
-                build_etc(TRACE_OUTPUT, fp);
-                build_var(TRACE_OUTPUT, fp);
-                build_bin(TRACE_OUTPUT, fp);
-                build_share(TRACE_OUTPUT, fp);
-                fprintf(fp, "\n");
-
-                fprintf(fp, "### security filters\n");
-                fprintf(fp, "caps.drop all\n");
-                fprintf(fp, "nonewprivs\n");
-                fprintf(fp, "seccomp\n");
-                if (have_strace)
-                        build_seccomp(STRACE_OUTPUT, fp);
-                else {
-                        fprintf(fp, "# If you install strace on your system, Firejail will also create a\n");
-                        fprintf(fp, "# whitelisted seccomp filter.\n");
-                }
-                fprintf(fp, "\n");
-
-                fprintf(fp, "### network\n");
-                build_protocol(TRACE_OUTPUT, fp);
-                fprintf(fp, "\n");
-
-                fprintf(fp, "### environment\n");
-                fprintf(fp, "shell none\n");
-
-        }
-        else {
-                fprintf(stderr, "Error: cannot run the sandbox\n");
-                exit(1);
-        }
-}
diff --git a/src/fbuilder/build_seccomp.c b/src/fbuilder/build_seccomp.c
deleted file mode 100644
index fbc0e06f4..000000000
--- a/src/fbuilder/build_seccomp.c
+++ /dev/null
@@ -1,192 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-
-#include "fbuilder.h"
-
-void build_seccomp(const char *fname, FILE *fp) {
-        assert(fname);
-        assert(fp);
-
-        FILE *fp2 = fopen(fname, "r");
-        if (!fp2) {
-                fprintf(stderr, "Error: cannot open %s\n", fname);
-                exit(1);
-        }
-
-        char buf[MAX_BUF];
-        int line = 1;
-        int position = 0;
-        int cnt = 0;
-        while (fgets(buf, MAX_BUF, fp2)) {
-                // remove \n
-                char *ptr = strchr(buf, '\n');
-                if (ptr)
-                        *ptr = '\0';
-
-                // first line:
-                //% time     seconds  usecs/call     calls    errors syscall
-                if (line == 1) {
-                        // extract syscall position
-                        ptr = strstr(buf, "syscall");
-                        if (*buf != '%' || ptr == NULL) {
-                                // skip this line, it could be garbage from strace
-                                continue;
-                        }
-                        position = (int) (ptr - buf);
-                }
-                else if (line == 2) {
-                        if (*buf != '-') {
-                                fprintf(stderr, "Error: invalid strace output\n%s\n", buf);
-                                exit(1);
-                        }
-                }
-                else {
-                        // get out on the next "----" line
-                        if (*buf == '-')
-                                break;
-
-                        if (line == 3)
-                                fprintf(fp, "# seccomp.keep %s", buf + position);
-                        else
-                                fprintf(fp, ",%s", buf + position);
-                        cnt++;
-                }
-                line++;
-        }
-        fprintf(fp, "\n");
-        fprintf(fp, "# %d syscalls total\n", cnt);
-        fprintf(fp, "# Probably you will need to add more syscalls to seccomp.keep. Look for\n");
-        fprintf(fp, "# seccomp errors in /var/log/syslog or /var/log/audit/audit.log while\n");
-        fprintf(fp, "# running your sandbox.\n");
-
-        fclose(fp2);
-}
-
-//***************************************
-// protocol
-//***************************************
-int unix_s = 0;
-int inet = 0;
-int inet6 = 0;
-int netlink = 0;
-int packet = 0;
-static void process_protocol(const char *fname) {
-        assert(fname);
-
-        // process trace file
-        FILE *fp = fopen(fname, "r");
-        if (!fp) {
-                fprintf(stderr, "Error: cannot open %s\n", fname);
-                exit(1);
-        }
-
-        char buf[MAX_BUF];
-        while (fgets(buf, MAX_BUF, fp)) {
-                // remove \n
-                char *ptr = strchr(buf, '\n');
-                if (ptr)
-                        *ptr = '\0';
-
-                // parse line: 4:galculator:access /etc/fonts/conf.d:0
-                // number followed by :
-                ptr = buf;
-                if (!isdigit(*ptr))
-                        continue;
-                while (isdigit(*ptr))
-                        ptr++;
-                if (*ptr != ':')
-                        continue;
-                ptr++;
-
-                // next :
-                ptr = strchr(ptr, ':');
-                if (!ptr)
-                        continue;
-                ptr++;
-                if (strncmp(ptr, "socket ", 7) == 0)
-                        ptr +=  7;
-                else
-                        continue;
-
-                if (strncmp(ptr, "AF_LOCAL ", 9) == 0)
-                        unix_s = 1;
-                else if (strncmp(ptr, "AF_INET ", 8) == 0)
-                        inet = 1;
-                else if (strncmp(ptr, "AF_INET6 ", 9) == 0)
-                        inet6 = 1;
-                else if (strncmp(ptr, "AF_NETLINK ", 9) == 0)
-                        netlink = 1;
-                else if (strncmp(ptr, "AF_PACKET ", 9) == 0)
-                        packet = 1;
-        }
-
-        fclose(fp);
-}
-
-
-// process fname, fname.1, fname.2, fname.3, fname.4, fname.5
-void build_protocol(const char *fname, FILE *fp) {
-        assert(fname);
-
-        // run fname
-        process_protocol(fname);
-
-        // run all the rest
-        struct stat s;
-        int i;
-        for (i = 1; i <= 5; i++) {
-                char *newname;
-                if (asprintf(&newname, "%s.%d", fname, i) == -1)
-                        errExit("asprintf");
-                if (stat(newname, &s) == 0)
-                        process_protocol(newname);
-                free(newname);
-        }
-
-        int net = 0;
-        if (unix_s || inet || inet6 || netlink || packet) {
-                fprintf(fp, "protocol ");
-                if (unix_s)
-                        fprintf(fp, "unix,");
-                if (inet) {
-                        fprintf(fp, "inet,");
-                        net = 1;
-                }
-                if (inet6) {
-                        fprintf(fp, "inet6,");
-                        net = 1;
-                }
-                if (netlink)
-                        fprintf(fp, "netlink,");
-                if (packet) {
-                        fprintf(fp, "packet");
-                        net = 1;
-                }
-                fprintf(fp, "\n");
-        }
-
-        if (net == 0)
-                fprintf(fp, "net none\n");
-        else {
-                fprintf(fp, "# net eth0\n");
-                fprintf(fp, "netfilter\n");
-        }
-}
-
diff --git a/src/fbuilder/fbuilder.h b/src/fbuilder/fbuilder.h
deleted file mode 100644
index 0a0fd42c9..000000000
--- a/src/fbuilder/fbuilder.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-
-#ifndef FBUILDER_H
-#define FBUILDER_H
-#include "../include/common.h"
-#include <sys/types.h>
-#include <pwd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-
-#define MAX_BUF 4096
-// main.c
-extern int arg_debug;
-
-// build_profile.c
-void build_profile(int argc, char **argv, int index, FILE *fp);
-
-// build_seccomp.c
-void build_seccomp(const char *fname, FILE *fp);
-void build_protocol(const char *fname, FILE *fp);
-
-// build_fs.c
-void build_etc(const char *fname, FILE *fp);
-void build_var(const char *fname, FILE *fp);
-void build_tmp(const char *fname, FILE *fp);
-void build_dev(const char *fname, FILE *fp);
-void build_share(const char *fname, FILE *fp);
-
-// build_bin.c
-void build_bin(const char *fname, FILE *fp);
-
-// build_home.c
-void build_home(const char *fname, FILE *fp);
-
-// utils.c
-int is_dir(const char *fname);
-char *extract_dir(char *fname);
-
-// filedb.c
-typedef struct filedb_t {
-        struct filedb_t *next;
-        char *fname;    // file name
-        int len;                // length of file name
-} FileDB;
-
-FileDB *filedb_add(FileDB *head, const char *fname);
-FileDB *filedb_find(FileDB *head, const char *fname);
-void filedb_print(FileDB *head, const char *prefix, FILE *fp);
-
-#endif
\ No newline at end of file
diff --git a/src/fbuilder/filedb.c b/src/fbuilder/filedb.c
deleted file mode 100644
index 7af3724e8..000000000
--- a/src/fbuilder/filedb.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-
-#include "fbuilder.h"
-
-FileDB *filedb_find(FileDB *head, const char *fname) {
-        FileDB *ptr = head;
-        int found = 0;
-        int len = strlen(fname);
-
-        while (ptr) {
-                // exact name
-                if (strcmp(fname, ptr->fname) == 0) {
-                        found = 1;
-                        break;
-                }
-
-                // parent directory in the list
-                if (len > ptr->len &&
-                    fname[ptr->len] == '/' &&
-                    strncmp(ptr->fname, fname, ptr->len) == 0) {
-                        found = 1;
-                        break;
-                }
-
-                ptr = ptr->next;
-        }
-
-        if (found)
-                return ptr;
-
-        return NULL;
-}
-
-FileDB *filedb_add(FileDB *head, const char *fname) {
-        assert(fname);
-
-        // don't add it if it is already there or if the parent directory is already in the list
-        if (filedb_find(head, fname))
-                return head;
-
-        // add a new entry
-        FileDB *entry = malloc(sizeof(FileDB));
-        if (!entry)
-                errExit("malloc");
-        memset(entry, 0, sizeof(FileDB));
-        entry->fname = strdup(fname);
-        if (!entry->fname)
-                errExit("strdup");
-        entry->len = strlen(entry->fname);
-        entry->next = head;
-        return entry;
-};
-
-void filedb_print(FileDB *head, const char *prefix, FILE *fp) {
-        FileDB *ptr = head;
-        while (ptr) {
-                fprintf(fp, "%s%s\n", prefix, ptr->fname);
-                ptr = ptr->next;
-        }
-}
-
diff --git a/src/fbuilder/main.c b/src/fbuilder/main.c
deleted file mode 100644
index ef5dee7d9..000000000
--- a/src/fbuilder/main.c
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "fbuilder.h"
-int arg_debug = 0;
-
-static void usage(void) {
-        printf("Firejail profile builder\n");
-        printf("Usage: firejail [--debug] --build[=profile-file] program-and-arguments\n");
-}
-
-int main(int argc, char **argv) {
-#if 0
-{
-system("cat /proc/self/status");
-int i;
-for (i = 0; i < argc; i++)
-        printf("*%s* ", argv[i]);
-printf("\n");
-}
-#endif
-
-        int i;
-        int prog_index = 0;
-        FILE *fp = stdout;
-        int prof_file = 0;
-
-        // parse arguments and extract program index
-        for (i = 1; i < argc; i++) {
-                if (strcmp(argv[i], "-h") == 0 || strcmp(argv[i], "--help") == 0 || strcmp(argv[i], "-?") ==0) {
-                        usage();
-                        return 0;
-                }
-                else if (strcmp(argv[i], "--debug") == 0)
-                        arg_debug = 1;
-                else if (strcmp(argv[i], "--build") == 0)
-                        ; // do nothing, this is passed down from firejail
-                else if (strncmp(argv[i], "--build=", 8) == 0) {
-                        // this option is only supported for non-root users
-                        if (getuid() == 0) {
-                                fprintf(stderr, "Error fbuild: --build=profile-name is not supported for root user.\n");
-                                exit(1);
-                        }
-
-                        // check file access
-                        fp = fopen(argv[i] + 8, "w");
-                        if (!fp) {
-                                fprintf(stderr, "Error fbuild: cannot open profile file.\n");
-                                exit(1);
-                        }
-                        prof_file = 1;
-                        // do nothing, this is passed down from firejail
-                }
-                else {
-                        if (*argv[i] == '-') {
-                                fprintf(stderr, "Error fbuilder: invalid program\n");
-                                usage();
-                                exit(1);
-                        }
-                        prog_index = i;
-                        break;
-                }
-        }
-
-        if (prog_index == 0) {
-                fprintf(stderr, "Error fbuilder: program and arguments required\n");
-                usage();
-                if (prof_file)
-                        fclose(fp);
-                exit(1);
-        }
-
-        build_profile(argc, argv, prog_index, fp);
-        if (prof_file)
-                fclose(fp);
-        return 0;
-}
diff --git a/src/fbuilder/utils.c b/src/fbuilder/utils.c
deleted file mode 100644
index 1d490b07e..000000000
--- a/src/fbuilder/utils.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-
-#include "fbuilder.h"
-
-// todo: duplicated from src/firejail/util.c - remove dplication
-// return 1 if the file is a directory
-int is_dir(const char *fname) {
-        assert(fname);
-        if (*fname == '\0')
-                return 0;
-
-        // if fname doesn't end in '/', add one
-        int rv;
-        struct stat s;
-        if (fname[strlen(fname) - 1] == '/')
-                rv = stat(fname, &s);
-        else {
-                char *tmp;
-                if (asprintf(&tmp, "%s/", fname) == -1) {
-                        fprintf(stderr, "Error: cannot allocate memory, %s:%d\n", __FILE__, __LINE__);
-                        errExit("asprintf");
-                }
-                rv = stat(tmp, &s);
-                free(tmp);
-        }
-
-        if (rv == -1)
-                return 0;
-
-        if (S_ISDIR(s.st_mode))
-                return 1;
-
-        return 0;
-}
-
-// return NULL if fname is already a directory, or if no directory found
-char *extract_dir(char *fname) {
-        assert(fname);
-        if (is_dir(fname))
-                return NULL;
-
-        char *name = strdup(fname);
-        if (!name)
-                errExit("strdup");
-
-        char *ptr = strrchr(name, '/');
-        if (!ptr) {
-                free(name);
-                return NULL;
-        }
-        *ptr = '\0';
-
-        return name;
-}
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 24ff553d7..ba2f8e284 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -740,7 +740,7 @@ void fs_basic_fs(void) {
 }
 
 
-
+#ifndef LTS
 #ifdef HAVE_OVERLAYFS
 char *fs_check_overlay_dir(const char *subdirname, int allow_reuse) {
         struct stat s;
@@ -1292,6 +1292,7 @@ void fs_chroot(const char *rootdir) {
                 disable_config();
 }
 #endif
+#endif // LTS
 
 // this function is called from sandbox.c before blacklist/whitelist functions
 void fs_private_tmp(void) {
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c
deleted file mode 100644
index 5625ed356..000000000
--- a/src/firejail/fs_bin.c
+++ /dev/null
@@ -1,309 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "firejail.h"
-#include <sys/mount.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <unistd.h>
-#include <glob.h>
-
-static int prog_cnt = 0;
-
-static char *paths[] = {
-        "/usr/local/bin",
-        "/usr/bin",
-        "/bin",
-        "/usr/games",
-        "/usr/local/games",
-        "/usr/local/sbin",
-        "/usr/sbin",
-        "/sbin",
-        NULL
-};
-
-// return 1 if found, 0 if not found
-static char *check_dir_or_file(const char *name) {
-        assert(name);
-        struct stat s;
-        char *fname = NULL;
-
-        int i = 0;
-        while (paths[i]) {
-                // private-bin-no-local can be disabled in /etc/firejail/firejail.config
-                if (checkcfg(CFG_PRIVATE_BIN_NO_LOCAL) && strstr(paths[i], "local/")) {
-                        i++;
-                        continue;
-                }
-
-                // check file
-                if (asprintf(&fname, "%s/%s", paths[i], name) == -1)
-                        errExit("asprintf");
-                if (arg_debug)
-                        printf("Checking %s/%s\n", paths[i], name);
-                if (stat(fname, &s) == 0 && !S_ISDIR(s.st_mode)) { // do not allow directories
-                        // check symlink to firejail executable in /usr/local/bin
-                        if (strcmp(paths[i], "/usr/local/bin") == 0 && is_link(fname)) {
-                                /* coverity[toctou] */
-                                char *actual_path = realpath(fname, NULL);
-                                if (actual_path) {
-                                        char *ptr = strstr(actual_path, "/firejail");
-                                        if (ptr && strlen(ptr) == strlen("/firejail")) {
-                                                if (arg_debug)
-                                                        printf("firejail exec symlink detected\n");
-                                                free(actual_path);
-                                                free(fname);
-                                                fname = NULL;
-                                                i++;
-                                                continue;
-                                        }
-                                        free(actual_path);
-                                }
-
-                        }
-                        break; // file found
-                }
-
-                free(fname);
-                fname = NULL;
-                i++;
-        }
-
-        if (!fname) {
-                if (arg_debug)
-                        fwarning("file %s not found\n", name);
-                return NULL;
-        }
-
-        free(fname);
-        return paths[i];
-}
-
-// return 1 if the file is in paths[]
-static int valid_full_path_file(const char *name) {
-        assert(name);
-
-        if (*name != '/')
-                return 0;
-        if (strstr(name, ".."))
-                return 0;
-
-        // do we have a file?
-        struct stat s;
-        if (stat(name, &s) == -1)
-                return 0;
-        // directories not allowed
-        if (S_ISDIR(s.st_mode))
-                return 0;
-        // checking access
-        if (access(name, X_OK) == -1)
-                return 0;
-
-        // check standard paths
-        int i = 0;
-        while (paths[i]) {
-                // private-bin-no-local can be disabled in /etc/firejail/firejail.config
-                if (checkcfg(CFG_PRIVATE_BIN_NO_LOCAL) && strstr(paths[i], "local/")) {
-                        i++;
-                        continue;
-                }
-
-                int len = strlen(paths[i]);
-                if (strncmp(name, paths[i], len) == 0 && name[len] == '/' && name[len + 1] != '\0')
-                        return 1;
-                i++;
-        }
-        if (arg_debug)
-                printf("file %s not found\n", name);
-        return 0;
-}
-
-static void report_duplication(const char *fname) {
-        // report the file on all bin paths
-        int i = 0;
-        while (paths[i]) {
-                char *p;
-                if (asprintf(&p, "%s/%s", paths[i], fname) == -1)
-                        errExit("asprintf");
-                fs_logger2("clone", p);
-                free(p);
-                i++;
-        }
-}
-
-static void duplicate(char *fname) {
-        assert(fname);
-
-        if (*fname == '~' || strstr(fname, "..")) {
-                fprintf(stderr, "Error: \"%s\" is an invalid filename\n", fname);
-                exit(1);
-        }
-        invalid_filename(fname, 0); // no globbing
-
-        char *full_path;
-        if (*fname == '/') {
-                // If the absolute filename is indicated, directly use it. This
-                // is required for the following cases:
-                //  - if user's $PATH order is not the same as the above
-                //    paths[] variable order
-                if (!valid_full_path_file(fname)) {
-                        fwarning("invalid private-bin path %s\n", fname);
-                        return;
-                }
-
-                full_path = strdup(fname);
-                if (!full_path)
-                        errExit("strdup");
-        }
-        else {
-                // Find the standard directory (by looping through paths[])
-                // where the filename fname is located
-                char *path = check_dir_or_file(fname);
-                if (!path)
-                        return;
-                if (asprintf(&full_path, "%s/%s", path, fname) == -1)
-                        errExit("asprintf");
-        }
-
-        // add to private-lib list
-        if (cfg.bin_private_lib == NULL) {
-                if (asprintf(&cfg.bin_private_lib, "%s,%s",fname, full_path) == -1)
-                        errExit("asprinf");
-        }
-        else {
-                char *tmp;
-                if (asprintf(&tmp, "%s,%s,%s", cfg.bin_private_lib, fname, full_path) == -1)
-                        errExit("asprinf");
-                free(cfg.bin_private_lib);
-                cfg.bin_private_lib = tmp;
-        }
-
-        // if full_path is symlink, and the link is in our path, copy both the file and the symlink
-        if (is_link(full_path)) {
-                char *actual_path = realpath(full_path, NULL);
-                if (actual_path) {
-                        if (valid_full_path_file(actual_path)) {
-                                // solving problems such as /bin/sh -> /bin/dash
-                                // copy the real file pointed by symlink
-                                sbox_run(SBOX_ROOT| SBOX_SECCOMP, 3, PATH_FCOPY, actual_path, RUN_BIN_DIR);
-                                prog_cnt++;
-                                char *f = strrchr(actual_path, '/');
-                                if (f && *(++f) !='\0')
-                                        report_duplication(f);
-                        }
-                        free(actual_path);
-                }
-        }
-
-        // copy a file or a symlink
-        sbox_run(SBOX_ROOT| SBOX_SECCOMP, 3, PATH_FCOPY, full_path, RUN_BIN_DIR);
-        prog_cnt++;
-        free(full_path);
-        report_duplication(fname);
-}
-
-static void globbing(char *fname) {
-        assert(fname);
-
-        // go directly to duplicate() if no globbing char is present - see man 7 glob
-        if (strrchr(fname, '*') == NULL &&
-            strrchr(fname, '[') == NULL &&
-            strrchr(fname, '?') == NULL)
-                return duplicate(fname);
-
-        // loop through paths[]
-        int i = 0;
-        while (paths[i]) {
-                // private-bin-no-local can be disabled in /etc/firejail/firejail.config
-                if (checkcfg(CFG_PRIVATE_BIN_NO_LOCAL) && strstr(paths[i], "local/")) {
-                        i++;
-                        continue;
-                }
-
-                // check file
-                char *pattern;
-                if (asprintf(&pattern, "%s/%s", paths[i], fname) == -1)
-                        errExit("asprintf");
-
-                // globbing
-                glob_t globbuf;
-                int globerr = glob(pattern, GLOB_NOCHECK | GLOB_NOSORT | GLOB_PERIOD, NULL, &globbuf);
-                if (globerr) {
-                        fprintf(stderr, "Error: failed to glob private-bin pattern %s\n", pattern);
-                        exit(1);
-                }
-
-                size_t j;
-                for (j = 0; j < globbuf.gl_pathc; j++) {
-                        assert(globbuf.gl_pathv[j]);
-                        // testing for GLOB_NOCHECK - no pattern matched returns the original pattern
-                        if (strcmp(globbuf.gl_pathv[j], pattern) == 0)
-                                continue;
-
-                        duplicate(globbuf.gl_pathv[j]);
-                }
-
-                globfree(&globbuf);
-                free(pattern);
-                i++;
-        }
-}
-
-void fs_private_bin_list(void) {
-        char *private_list = cfg.bin_private_keep;
-        assert(private_list);
-
-        // start timetrace
-        timetrace_start();
-
-        // create /run/firejail/mnt/bin directory
-        mkdir_attr(RUN_BIN_DIR, 0755, 0, 0);
-
-        if (arg_debug)
-                printf("Copying files in the new bin directory\n");
-
-        // copy the list of files in the new home directory
-        char *dlist = strdup(private_list);
-        if (!dlist)
-                errExit("strdup");
-
-        char *ptr = strtok(dlist, ",");
-        globbing(ptr);
-        while ((ptr = strtok(NULL, ",")) != NULL)
-                globbing(ptr);
-        free(dlist);
-        fs_logger_print();
-
-        // mount-bind
-        int i = 0;
-        while (paths[i]) {
-                struct stat s;
-                if (stat(paths[i], &s) == 0) {
-                        if (arg_debug)
-                                printf("Mount-bind %s on top of %s\n", RUN_BIN_DIR, paths[i]);
-                        if (mount(RUN_BIN_DIR, paths[i], NULL, MS_BIND|MS_REC, NULL) < 0)
-                                errExit("mount bind");
-                        fs_logger2("tmpfs", paths[i]);
-                        fs_logger2("mount", paths[i]);
-                }
-                i++;
-        }
-        fmessage("%d %s installed in %0.2f ms\n", prog_cnt, (prog_cnt == 1)? "program": "programs", timetrace_end());
-}
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index 3afa3bf0c..f8e7e6e74 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -364,6 +364,7 @@ void fs_check_private_dir(void) {
         }
 }
 
+#ifndef LTS
 //***********************************************************************************
 // --private-home
 //***********************************************************************************
@@ -531,3 +532,4 @@ void fs_private_home_list(void) {
                 fprintf(stderr, "Home directory installed in %0.2f ms\n", timetrace_end());
 
 }
+#endif //LTS
\ No newline at end of file
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c
deleted file mode 100644
index 77c9a0cf5..000000000
--- a/src/firejail/fs_lib.c
+++ /dev/null
@@ -1,378 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-#include "firejail.h"
-#include "../include/ldd_utils.h"
-#include <sys/mount.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <dirent.h>
-#include <glob.h>
-#define MAXBUF 4096
-
-extern void fslib_install_stdc(void);
-extern void fslib_install_system(void);
-
-static int lib_cnt = 0;
-static int dir_cnt = 0;
-
-static void report_duplication(const char *full_path) {
-        char *fname = strrchr(full_path, '/');
-        if (fname && *(++fname) != '\0') {
-                // report the file on all bin paths
-                int i = 0;
-                while (default_lib_paths[i]) {
-                        char *p;
-                        if (asprintf(&p, "%s/%s", default_lib_paths[i], fname) == -1)
-                                errExit("asprintf");
-                        fs_logger2("clone", p);
-                        free(p);
-                        i++;
-                }
-        }
-}
-
-static char *build_dest_dir(const char *full_path) {
-        assert(full_path);
-        if (strstr(full_path, "/x86_64-linux-gnu/"))
-                return RUN_LIB_DIR "/x86_64-linux-gnu";
-        return RUN_LIB_DIR;
-}
-
-// copy fname in private_run_dir
-void fslib_duplicate(const char *full_path) {
-        assert(full_path);
-
-        struct stat s;
-        if (stat(full_path, &s) != 0 || s.st_uid != 0 || access(full_path, R_OK))
-                return;
-
-        char *dest_dir = build_dest_dir(full_path);
-
-        // don't copy it if the file is already there
-        char *ptr = strrchr(full_path, '/');
-        if (!ptr)
-                return;
-        ptr++;
-        if (*ptr == '\0')
-                return;
-
-        char *name;
-        if (asprintf(&name, "%s/%s", dest_dir, ptr) == -1)
-                errExit("asprintf");
-        if (stat(name, &s) == 0) {
-                free(name);
-                return;
-        }
-        free(name);
-
-        if (arg_debug || arg_debug_private_lib)
-                printf("    copying %s to private %s\n", full_path, dest_dir);
-
-        sbox_run(SBOX_ROOT| SBOX_SECCOMP, 4, PATH_FCOPY, "--follow-link", full_path, dest_dir);
-        report_duplication(full_path);
-        lib_cnt++;
-}
-
-
-// requires full path for lib
-// it could be a library or an executable
-// lib is not copied, only libraries used by it
-void fslib_copy_libs(const char *full_path) {
-        assert(full_path);
-        if (arg_debug || arg_debug_private_lib)
-                printf("    fslib_copy_libs %s\n", full_path);
-
-        // if library/executable does not exist or the user does not have read access to it
-        // print a warning and exit the function.
-        if (access(full_path, R_OK)) {
-                if (arg_debug || arg_debug_private_lib)
-                        printf("cannot find %s for private-lib, skipping...\n", full_path);
-                return;
-        }
-
-        // create an empty RUN_LIB_FILE and allow the user to write to it
-        unlink(RUN_LIB_FILE);                     // in case is there
-        create_empty_file_as_root(RUN_LIB_FILE, 0644);
-        if (chown(RUN_LIB_FILE, getuid(), getgid()))
-                errExit("chown");
-
-        // run fldd to extact the list of files
-        if (arg_debug || arg_debug_private_lib)
-                printf("    running fldd %s\n", full_path);
-        sbox_run(SBOX_USER | SBOX_SECCOMP | SBOX_CAPS_NONE, 3, PATH_FLDD, full_path, RUN_LIB_FILE);
-
-        // open the list of libraries and install them on by one
-        FILE *fp = fopen(RUN_LIB_FILE, "r");
-        if (!fp)
-                errExit("fopen");
-
-        char buf[MAXBUF];
-        while (fgets(buf, MAXBUF, fp)) {
-                // remove \n
-                char *ptr = strchr(buf, '\n');
-                if (ptr)
-                        *ptr = '\0';
-                fslib_duplicate(buf);
-        }
-        fclose(fp);
-}
-
-
-void fslib_copy_dir(const char *full_path) {
-        assert(full_path);
-        if (arg_debug || arg_debug_private_lib)
-                printf("    fslib_copy_dir %s\n", full_path);
-
-        // do nothing if the directory does not exist or is not owned by root
-        struct stat s;
-        if (stat(full_path, &s) != 0 || s.st_uid != 0 || !S_ISDIR(s.st_mode) || access(full_path, R_OK))
-                return;
-
-        char *dir_name = strrchr(full_path, '/');
-        assert(dir_name);
-        dir_name++;
-        assert(*dir_name != '\0');
-
-        // do nothing if the directory is already there
-        char *dest;
-        if (asprintf(&dest, "%s/%s", build_dest_dir(full_path), dir_name) == -1)
-                errExit("asprintf");
-        if (stat(dest, &s) == 0) {
-                free(dest);
-                return;
-        }
-
-        // create new directory and mount the original on top of it
-        mkdir_attr(dest, 0755, 0, 0);
-
-        if (mount(full_path, dest, NULL, MS_BIND|MS_REC, NULL) < 0 ||
-                mount(NULL, dest, NULL, MS_BIND|MS_REMOUNT|MS_NOSUID|MS_NODEV|MS_REC, NULL) < 0)
-                errExit("mount bind");
-        fs_logger2("clone", full_path);
-        fs_logger2("mount", full_path);
-        dir_cnt++;
-        free(dest);
-}
-
-// fname should be a vallid full path at this point
-static void load_library(const char *fname) {
-        assert(fname);
-        assert(*fname == '/');
-
-        // existing file owned by root, read access
-        struct stat s;
-        if (stat(fname, &s) == 0 && s.st_uid == 0 && !access(fname, R_OK)) {
-                // load directories, regular 64 bit libraries, and 64 bit executables
-                if (is_dir(fname) || is_lib_64(fname)) {
-                        if (is_dir(fname))
-                                fslib_copy_dir(fname);
-                        else {
-                                if (strstr(fname, ".so") ||
-                                    access(fname, X_OK) != 0) // don't duplicate executables, just install the libraries
-                                        fslib_duplicate(fname);
-
-                                fslib_copy_libs(fname);
-                        }
-                }
-        }
-}
-
-static void install_list_entry(const char *lib) {
-        // filename check
-        int len = strlen(lib);
-        if (strcspn(lib, "\\&!?\"'<>%^(){}[];,") != (size_t)len ||
-        strstr(lib, "..")) {
-                fprintf(stderr, "Error: \"%s\" is an invalid library\n", lib);
-                exit(1);
-        }
-
-        // if this is a full path, use it as is
-        if (*lib == '/')
-                return load_library(lib);
-
-
-        // find the library
-        int i;
-        for (i = 0; default_lib_paths[i]; i++) {
-                char *fname = NULL;
-                if (asprintf(&fname, "%s/%s", default_lib_paths[i], lib) == -1)
-                        errExit("asprintf");
-
-#define DO_GLOBBING
-#ifdef DO_GLOBBING
-                // globbing
-                glob_t globbuf;
-                int globerr = glob(fname, GLOB_NOCHECK | GLOB_NOSORT | GLOB_PERIOD, NULL, &globbuf);
-                if (globerr) {
-                        fprintf(stderr, "Error: failed to glob private-lib pattern %s\n", fname);
-                        exit(1);
-                }
-                size_t j;
-                for (j = 0; j < globbuf.gl_pathc; j++) {
-                        assert(globbuf.gl_pathv[j]);
-//printf("glob %s\n", globbuf.gl_pathv[j]);
-                        // GLOB_NOCHECK - no pattern matched returns the original pattern; try to load it anyway
-                        load_library(globbuf.gl_pathv[j]);
-                }
-
-                globfree(&globbuf);
-#else
-                load_library(fname);
-#endif
-                free(fname);
-        }
-
-//      fwarning("%s library not found, skipping...\n", lib);
-        return;
-}
-
-
-void fslib_install_list(const char *lib_list) {
-        assert(lib_list);
-        if (arg_debug || arg_debug_private_lib)
-                printf("    fslib_install_list  %s\n", lib_list);
-
-        char *dlist = strdup(lib_list);
-        if (!dlist)
-                errExit("strdup");
-
-        char *ptr = strtok(dlist, ",");
-        install_list_entry(ptr);
-
-        while ((ptr = strtok(NULL, ",")) != NULL)
-                install_list_entry(ptr);
-        free(dlist);
-        fs_logger_print();
-}
-
-
-
-static void mount_directories(void) {
-        if (arg_debug || arg_debug_private_lib)
-                printf("Mount-bind %s on top of /lib /lib64 /usr/lib\n", RUN_LIB_DIR);
-
-        if (is_dir("/lib")) {
-                if (mount(RUN_LIB_DIR, "/lib", NULL, MS_BIND|MS_REC, NULL) < 0 ||
-                        mount(NULL, "/lib", NULL, MS_BIND|MS_REMOUNT|MS_NOSUID|MS_NODEV|MS_REC, NULL) < 0)
-                        errExit("mount bind");
-                fs_logger2("tmpfs", "/lib");
-                fs_logger("mount /lib");
-        }
-
-        if (is_dir("/lib64")) {
-                if (mount(RUN_LIB_DIR, "/lib64", NULL, MS_BIND|MS_REC, NULL) < 0 ||
-                        mount(NULL, "/lib64", NULL, MS_BIND|MS_REMOUNT|MS_NOSUID|MS_NODEV|MS_REC, NULL) < 0)
-                        errExit("mount bind");
-                fs_logger2("tmpfs", "/lib64");
-                fs_logger("mount /lib64");
-        }
-
-        if (is_dir("/usr/lib")) {
-                if (mount(RUN_LIB_DIR, "/usr/lib", NULL, MS_BIND|MS_REC, NULL) < 0 ||
-                        mount(NULL, "/usr/lib", NULL, MS_BIND|MS_REMOUNT|MS_NOSUID|MS_NODEV|MS_REC, NULL) < 0)
-                        errExit("mount bind");
-                fs_logger2("tmpfs", "/usr/lib");
-                fs_logger("mount /usr/lib");
-        }
-
-        // for amd64 only - we'll deal with i386 later
-        if (is_dir("/lib32")) {
-                if (mount(RUN_RO_DIR, "/lib32", "none", MS_BIND, "mode=400,gid=0") < 0)
-                        errExit("disable file");
-                fs_logger("blacklist-nolog /lib32");
-        }
-        if (is_dir("/libx32")) {
-                if (mount(RUN_RO_DIR, "/libx32", "none", MS_BIND, "mode=400,gid=0") < 0)
-                        errExit("disable file");
-                fs_logger("blacklist-nolog /libx32");
-        }
-}
-
-void fs_private_lib(void) {
-#ifndef __x86_64__
-        fwarning("private-lib feature is currently available only on amd64 platforms\n");
-        return;
-#endif
-        char *private_list = cfg.lib_private_keep;
-        if (arg_debug || arg_debug_private_lib)
-                printf("Starting private-lib processing: program %s, shell %s\n",
-                        (cfg.original_program_index > 0)? cfg.original_argv[cfg.original_program_index]: "none",
-                (arg_shell_none)? "none": cfg.shell);
-
-        // create /run/firejail/mnt/lib directory
-        mkdir_attr(RUN_LIB_DIR, 0755, 0, 0);
-
-        // install standard C libraries
-        if (arg_debug || arg_debug_private_lib)
-                printf("Installing standard C library\n");
-        fslib_install_stdc();
-
-        // start timetrace
-        timetrace_start();
-
-        // copy the libs in the new lib directory for the main exe
-        if (cfg.original_program_index > 0) {
-                if (arg_debug || arg_debug_private_lib)
-                        printf("Installing sandboxed program libraries\n");
-                fslib_install_list(cfg.original_argv[cfg.original_program_index]);
-        }
-
-        // for the shell
-        if (!arg_shell_none) {
-                if (arg_debug || arg_debug_private_lib)
-                        printf("Installing shell libraries\n");
-
-                fslib_install_list(cfg.shell);
-                // a shell is useless without some basic commands
-                fslib_install_list("/bin/ls,/bin/cat,/bin/mv,/bin/rm");
-
-        }
-
-        // for the listed libs and directories
-        if (private_list && *private_list != '\0') {
-                if (arg_debug || arg_debug_private_lib)
-                        printf("Processing private-lib files\n");
-                fslib_install_list(private_list);
-        }
-
-        // for private-bin files
-        if (arg_private_bin && cfg.bin_private_lib && *cfg.bin_private_lib != '\0') {
-                if (arg_debug || arg_debug_private_lib)
-                        printf("Processing private-bin files\n");
-                fslib_install_list(cfg.bin_private_lib);
-        }
-        fmessage("Program libraries installed in %0.2f ms\n", timetrace_end());
-
-        // install the reset of the system libraries
-        if (arg_debug || arg_debug_private_lib)
-                printf("Installing system libraries\n");
-        fslib_install_system();
-
-        // bring in firejail directory for --trace and seccomp post exec
-        // bring in firejail executable libraries in case we are redirected here by a firejail symlink from /usr/local/bin/firejail
-        fslib_install_list("/usr/bin/firejail,firejail"); // todo: use the installed path for the executable
-
-        fmessage("Installed %d %s and %d %s\n", lib_cnt, (lib_cnt == 1)? "library": "libraries",
-                dir_cnt, (dir_cnt == 1)? "directory": "directories");
-
-        // mount lib filesystem
-        mount_directories();
-}
diff --git a/src/firejail/fs_lib2.c b/src/firejail/fs_lib2.c
deleted file mode 100644
index ea5edfabe..000000000
--- a/src/firejail/fs_lib2.c
+++ /dev/null
@@ -1,314 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "firejail.h"
-#include <dirent.h>
-#include <sys/stat.h>
-
-extern void fslib_duplicate(const char *full_path);
-extern void fslib_copy_libs(const char *full_path);
-extern void fslib_copy_dir(const char *full_path);
-
-//***************************************************************
-// Standard C library
-//***************************************************************
-// standard libc libraries based on Debian's libc6 package
-// selinux seems to be linked in most command line utilities
-// locale (/usr/lib/locale) - without it, the program will default to "C" locale
-typedef struct liblist_t {
-        const char *name;
-        int len;
-} LibList;
-
-static LibList libc_list[] = {
-        { "libselinux.so.", 0 },
-        { "ld-linux-x86-64.so.", 0 },
-        { "libanl.so.", 0 },
-        { "libc.so.", 0 },
-        { "libcidn.so.", 0 },
-        { "libcrypt.so.", 0 },
-        { "libdl.so.", 0 },
-        { "libm.so.", 0 },
-        { "libmemusage.so", 0 },
-        { "libmvec.so.", 0 },
-        { "libnsl.so.", 0 },
-        { "libnss_compat.so.", 0 },
-        { "libnss_dns.so.", 0 },
-        { "libnss_files.so.", 0 },
-        { "libnss_hesiod.so.", 0 },
-        { "libnss_nisplus.so.", 0 },
-        { "libnss_nis.so.", 0 },
-        { "libpthread.so.", 0 },
-        { "libresolv.so.", 0 },
-        { "librt.so.", 0 },
-        { "libthread_db.so.", 0 },
-        { "libutil.so.", 0 },
-        { NULL, 0}
-};
-
-static int find_libc_list(const char *name) {
-        assert(name);
-
-        int i = 0;
-        while (libc_list[i].name) {
-                if (libc_list[i].len == 0)
-                        libc_list[i].len = strlen(libc_list[i].name);
-                if (strncmp(name, libc_list[i].name, libc_list[i].len) == 0)
-                        return 1;
-                i++;
-        }
-        return 0;
-}
-
-// compare the files in dirname against liblist above
-static void stdc(const char *dirname) {
-        assert(dirname);
-
-        DIR *dir = opendir(dirname);
-        if (dir) {
-                struct dirent *entry;
-                while ((entry = readdir(dir)) != NULL) {
-                        if (strcmp(entry->d_name, ".") == 0)
-                                continue;
-                        if (strcmp(entry->d_name, "..") == 0)
-                                continue;
-
-                        if (find_libc_list(entry->d_name)) {
-                                char *fname;
-                                if (asprintf(&fname, "%s/%s", dirname, entry->d_name) == -1)
-                                        errExit("asprintf");
-
-                                fslib_duplicate(fname);
-                        }
-                }
-                closedir(dir);
-        }
-}
-
-void fslib_install_stdc(void) {
-        // install standard C libraries
-        struct stat s;
-        char *stdclib = "/lib64";                 // CentOS, Fedora, Arch
-
-        if (stat("/lib/x86_64-linux-gnu", &s) == 0) {   // Debian & friends
-                mkdir_attr(RUN_LIB_DIR "/x86_64-linux-gnu", 0755, 0, 0);
-                stdclib = "/lib/x86_64-linux-gnu";
-        }
-
-        timetrace_start();
-        stdc(stdclib);
-
-        // install locale
-        if (stat("/usr/lib/locale", &s) == 0)
-                fslib_copy_dir("/usr/lib/locale");
-
-        fmessage("Standard C library installed in %0.2f ms\n", timetrace_end());
-}
-
-
-//***************************************************************
-// various system libraries
-//***************************************************************
-
-// look for library in the new filesystem, and install one or two more directories, dir1 and dir2
-typedef struct syslib_t {
-        const char *library;    // look in the system for this library
-        int len;                        // length of library string, 0 by default
-        int found;              // library found, 0 by default
-        const char *dir1;               // directory to install
-        const char *dir2;               // directory to install
-        const char *message;    // message to print on the screen
-} SysLib;
-
-SysLib syslibs[] = {
-#if 0
-        {
-                "",     // library
-                0, 0,   // len and found flag
-                "",     // dir1
-                "",     // dir2
-                ""      // message
-        },
-#endif
-        { // pixmaps - libraries used by GTK to display application menu icons
-                "libgdk_pixbuf-2.0",    // library
-                0, 0,   // len and found flag
-                "gdk-pixbuf-2.0",       // dir1
-                "",     // dir2
-                "GdkPixbuf"     // message
-        },
-        { // GTK2
-                "libgtk-x11-2.0",       // library
-                0, 0,   // len and found flag
-                "gtk-2.0",      // dir1
-                "libgtk2.0-0",  // dir2
-                "GTK2"  // message
-        },
-        { // GTK3
-                "libgtk-3",     // library
-                0, 0,   // len and found flag
-                "gtk-3.0",      // dir1
-                "libgtk-3-0",   // dir2
-                "GTK3"  // message
-        },
-        { // Pango - text internationalization, found on older GTK2-based systems
-                "libpango",     // library
-                0, 0,   // len and found flag
-                "pango",        // dir1
-                "",     // dir2
-                "Pango" // message
-        },
-        { // Library for handling GObject introspection data on GTK systems
-                "libgirepository-1.0",  // library
-                0, 0,   // len and found flag
-                "girepository-1.0",     // dir1
-                "",     // dir2
-                "GIRepository"  // message
-        },
-        { // GIO
-                "libgio",       // library
-                0, 0,   // len and found flag
-                "gio",  // dir1
-                "",     // dir2
-                "GIO"   // message
-        },
-        { // Enchant speller
-                "libenchant.so.",       // library
-                0, 0,   // len and found flag
-                "enchant",      // dir1
-                "",     // dir2
-                "Enchant (speller)"     // message
-        },
-        { // Qt5 - lots of problems on Arch Linux, Qt5 version 5.9.1 - disabled in all apps profiles
-                "libQt5",       // library
-                0, 0,   // len and found flag
-                "qt5",  // dir1
-                "gdk-pixbuf-2.0",       // dir2
-                "Qt5, GdkPixbuf"        // message
-        },
-        { // Qt4
-                "libQtCore",    // library
-                0, 0,   // len and found flag
-                "qt4",  // dir1
-                "gdk-pixbuf-2.0",       // dir2
-                "Qt4"   // message
-        },
-
-        { // NULL terminated list
-                NULL,   // library
-                0, 0,   // len and found flag
-                "",     // dir1
-                "",     // dir2
-                ""      // message
-        }
-};
-
-void fslib_install_system(void) {
-        // look for installed libraries
-        DIR *dir = opendir(RUN_LIB_DIR "/x86_64-linux-gnu");
-        if (!dir)
-                dir = opendir(RUN_LIB_DIR);
-
-        if (dir) {
-                struct dirent *entry;
-                while ((entry = readdir(dir)) != NULL) {
-                        if (strcmp(entry->d_name, ".") == 0)
-                                continue;
-                        if (strcmp(entry->d_name, "..") == 0)
-                                continue;
-
-                        SysLib *ptr = &syslibs[0];
-                        while (ptr->library) {
-                                if (ptr->len == 0)
-                                        ptr->len = strlen(ptr->library);
-
-                                if (strncmp(entry->d_name, ptr->library, ptr->len) == 0) {
-                                        ptr->found = 1;
-                                        break;
-                                }
-
-                                ptr++;
-                        }
-
-                }
-                closedir(dir);
-        }
-        else
-                assert(0);
-
-        // install required directories
-        SysLib *ptr = &syslibs[0];
-        while (ptr->library) {
-                if (ptr->found) {
-                        assert(*ptr->message != '\0');
-                        timetrace_start();
-
-                        // bring in all libraries
-                        assert(ptr->dir1);
-                        char *name;
-                        // Debian & friends
-                        if (asprintf(&name, "/usr/lib/x86_64-linux-gnu/%s", ptr->dir1) == -1)
-                                errExit("asprintf");
-                        if (access(name, R_OK) == 0) {
-                                fslib_copy_libs(name);
-                                fslib_copy_dir(name);
-                        }
-                        else {
-                                free(name);
-                                // CentOS, Fedora, Arch
-                                if (asprintf(&name, "/usr/lib64/%s", ptr->dir1) == -1)
-                                        errExit("asprintf");
-                                if (access(name, R_OK) == 0) {
-                                        fslib_copy_libs(name);
-                                        fslib_copy_dir(name);
-                                }
-                        }
-                        free(name);
-
-                        if (*ptr->dir2 != '\0') {
-                                // Debian & friends
-                                if (asprintf(&name, "/usr/lib/x86_64-linux-gnu/%s", ptr->dir2) == -1)
-                                        errExit("asprintf");
-                                if (access(name, R_OK) == 0) {
-                                        fslib_copy_libs(name);
-                                        fslib_copy_dir(name);
-                                }
-                                else {
-                                        free(name);
-                                        // CentOS, Fedora, Arch
-                                        if (asprintf(&name, "/usr/lib64/%s", ptr->dir2) == -1)
-                                                errExit("asprintf");
-                                        if (access(name, R_OK) == 0) {
-                                                fslib_copy_libs(name);
-                                                fslib_copy_dir(name);
-                                        }
-                                }
-                                free(name);
-                        }
-
-                        fmessage("%s installed in %0.2f ms\n", ptr->message, timetrace_end());
-                }
-                ptr++;
-        }
-}
-
-
-
-
-
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 3e092a3cc..ba5e8cdfd 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -339,6 +339,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                 exit(0);
         }
 #endif
+#ifndef LTS
 #ifdef HAVE_X11
         else if (strcmp(argv[i], "--x11") == 0) {
                 if (checkcfg(CFG_X11)) {
@@ -373,6 +374,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                         exit_err_feature("x11");
         }
 #endif
+#endif // LTS
 #ifdef HAVE_NETWORK
         else if (strncmp(argv[i], "--bandwidth=", 12) == 0) {
                 if (checkcfg(CFG_NETWORK)) {
@@ -825,6 +827,7 @@ static int check_arg(int argc, char **argv, const char *argument, int strict) {
         return found;
 }
 
+#ifndef LTS
 static void run_builder(int argc, char **argv) {
         EUID_ASSERT();
         (void) argc;
@@ -844,7 +847,7 @@ static void run_builder(int argc, char **argv) {
         perror("execvp");
         exit(1);
 }
-
+#endif // LTS
 
 //*******************************************
 // Main program
@@ -920,10 +923,11 @@ int main(int argc, char **argv) {
                 profile_add(cmd);
         }
 
+#ifndef LTS
         // profile builder
         if (check_arg(argc, argv, "--build", 0)) // supports both --build and --build=filename
                 run_builder(argc, argv); // this function will not return
-
+#endif // LTS
         // check argv[0] symlink wrapper if this is not a login shell
         if (*argv[0] != '-')
                 run_symlink(argc, argv, 0); // if symlink detected, this function will not return
@@ -1354,6 +1358,7 @@ int main(int argc, char **argv) {
                 }
                 else if (strcmp(argv[i], "--disable-mnt") == 0)
                         arg_disable_mnt = 1;
+#ifndef LTS
 #ifdef HAVE_OVERLAYFS
                 else if (strcmp(argv[i], "--overlay") == 0) {
                         if (checkcfg(CFG_OVERLAYFS)) {
@@ -1441,6 +1446,7 @@ int main(int argc, char **argv) {
                                 exit_err_feature("overlayfs");
                 }
 #endif
+#endif //LTS
                 else if (strncmp(argv[i], "--profile=", 10) == 0) {
                         // multiple profile files are allowed!
 
@@ -1489,6 +1495,7 @@ int main(int argc, char **argv) {
                         else
                                 cfg.profile_ignore[j] = argv[i] + 9;
                 }
+#ifndef LTS
 #ifdef HAVE_CHROOT
                 else if (strncmp(argv[i], "--chroot=", 9) == 0) {
                         if (checkcfg(CFG_CHROOT)) {
@@ -1537,6 +1544,7 @@ int main(int argc, char **argv) {
                                 exit_err_feature("chroot");
                 }
 #endif
+#endif // LTS
                 else if (strcmp(argv[i], "--writable-etc") == 0) {
                         if (cfg.etc_private_keep) {
                                 fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n");
@@ -1583,6 +1591,7 @@ int main(int argc, char **argv) {
                         }
                         arg_private = 1;
                 }
+#ifndef LTS
 #ifdef HAVE_PRIVATE_HOME
                 else if (strncmp(argv[i], "--private-home=", 15) == 0) {
                         if (checkcfg(CFG_PRIVATE_HOME)) {
@@ -1607,6 +1616,7 @@ int main(int argc, char **argv) {
                                 exit_err_feature("private-home");
                 }
 #endif
+#endif //LTS
                 else if (strcmp(argv[i], "--private-dev") == 0) {
                         arg_private_dev = 1;
                 }
@@ -1657,6 +1667,7 @@ int main(int argc, char **argv) {
                                 cfg.srv_private_keep = argv[i] + 14;
                         arg_private_srv = 1;
                 }
+#ifndef LTS
                 else if (strncmp(argv[i], "--private-bin=", 14) == 0) {
                         // extract private bin list
                         if (*(argv[i] + 14) == '\0') {
@@ -1685,6 +1696,7 @@ int main(int argc, char **argv) {
                         else
                                 exit_err_feature("private-lib");
                 }
+#endif // LTS
                 else if (strcmp(argv[i], "--private-tmp") == 0) {
                         arg_private_tmp = 1;
                 }
@@ -2100,6 +2112,7 @@ int main(int argc, char **argv) {
                 //*************************************
                 else if (strncmp(argv[i], "--timeout=", 10) == 0)
                         cfg.timeout = extract_timeout(argv[i] + 10);
+#ifndef LTS
                 else if (strcmp(argv[i], "--audit") == 0) {
                         arg_audit_prog = LIBDIR "/firejail/faudit";
                         arg_audit = 1;
@@ -2120,6 +2133,7 @@ int main(int argc, char **argv) {
                         }
                         arg_audit = 1;
                 }
+#endif // LTS
                 else if (strcmp(argv[i], "--appimage") == 0)
                         arg_appimage = 1;
                 else if (strcmp(argv[i], "--shell=none") == 0) {
@@ -2364,10 +2378,11 @@ int main(int argc, char **argv) {
         }
         EUID_ASSERT();
 
+#ifndef LTS
         // block X11 sockets
         if (arg_x11_block)
                 x11_block();
-
+#endif //LTS
         // check network configuration options - it will exit if anything went wrong
         net_check_cfg();
 
@@ -2422,9 +2437,11 @@ int main(int argc, char **argv) {
         }
         if (cfg.name)
                 set_name_run_file(sandbox_pid);
+#ifndef LTS
         int display = x11_display();
         if (display > 0)
                 set_x11_run_file(sandbox_pid, display);
+#endif
         flock(lockfd_directory, LOCK_UN);
         close(lockfd_directory);
         EUID_USER();
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 4b2fb3abd..c3ef2f2f5 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -198,6 +198,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                 arg_private = 1;
                 return 0;
         }
+#ifndef LTS
         if (strncmp(ptr, "private-home ", 13) == 0) {
 #ifdef HAVE_PRIVATE_HOME
                 if (checkcfg(CFG_PRIVATE_HOME)) {
@@ -213,6 +214,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 #endif
                 return 0;
         }
+#endif //LTS
         else if (strcmp(ptr, "allusers") == 0) {
                 arg_allusers = 1;
                 return 0;
@@ -790,6 +792,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                 return 0;
         }
 
+#ifndef LTS
         if (strcmp(ptr, "x11 xephyr") == 0) {
 #ifdef HAVE_X11
                 if (checkcfg(CFG_X11)) {
@@ -875,7 +878,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 #endif
                 return 0;
         }
-
+#endif //LTS
         // private /etc list of files and directories
         if (strncmp(ptr, "private-etc ", 12) == 0) {
                 if (arg_writable_etc) {
@@ -949,7 +952,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                 return 0;
         }
 
-
+#ifndef LTS
 #ifdef HAVE_OVERLAYFS
         if (strncmp(ptr, "overlay-named ", 14) == 0) {
                 if (checkcfg(CFG_OVERLAYFS)) {
@@ -1034,6 +1037,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                 }
         }
 #endif
+#endif // LTS
 
         // filesystem bind
         if (strncmp(ptr, "bind ", 5) == 0) {
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 66881c040..06c2dbf5b 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -391,6 +391,7 @@ void start_application(int no_sandbox) {
         //****************************************
         // audit
         //****************************************
+#ifndef LTS
         if (arg_audit) {
                 assert(arg_audit_prog);
 #ifdef HAVE_GCOV
@@ -404,7 +405,9 @@ void start_application(int no_sandbox) {
         //****************************************
         // start the program without using a shell
         //****************************************
-        else if (arg_shell_none) {
+        else
+#endif // LTS
+        if (arg_shell_none) {
                 if (arg_debug) {
                         int i;
                         for (i = cfg.original_program_index; i < cfg.original_argc; i++) {
@@ -732,6 +735,7 @@ int sandbox(void* sandbox_arg) {
         if (arg_appimage)
                 enforce_filters();
 
+#ifndef LTS
 #ifdef HAVE_CHROOT
         if (cfg.chrootdir) {
                 fs_chroot(cfg.chrootdir);
@@ -761,6 +765,7 @@ int sandbox(void* sandbox_arg) {
         }
         else
 #endif
+#endif // LTS
                 fs_basic_fs();
 
         //****************************
@@ -775,6 +780,7 @@ int sandbox(void* sandbox_arg) {
                         else
                                 fs_private_homedir();
                 }
+#ifndef LTS
                 else if (cfg.home_private_keep) { // --private-home=
                         if (cfg.chrootdir)
                                 fwarning("private-home= feature is disabled in chroot\n");
@@ -784,6 +790,7 @@ int sandbox(void* sandbox_arg) {
                                 fs_private_home_list();
                 }
                 else // --private
+#endif //LTS
                         fs_private();
         }
 
@@ -823,6 +830,7 @@ int sandbox(void* sandbox_arg) {
                 }
         }
 
+#ifndef LTS
         // private-bin is disabled for appimages
         if (arg_private_bin && !arg_appimage) {
                 if (cfg.chrootdir)
@@ -853,6 +861,7 @@ int sandbox(void* sandbox_arg) {
                         fs_private_lib();
                 }
         }
+#endif // LTS
 
         if (arg_private_cache) {
                 if (cfg.chrootdir)
@@ -1001,10 +1010,12 @@ int sandbox(void* sandbox_arg) {
                 }
         }
 
+#ifndef LTS
         // clean /tmp/.X11-unix sockets
         fs_x11();
         if (arg_x11_xorg)
                 x11_xorg();
+#endif //LTS
 
         //****************************
         // set security filters
diff --git a/src/firejail/x11.c b/src/firejail/x11.c
deleted file mode 100644
index 9cbe6598e..000000000
--- a/src/firejail/x11.c
+++ /dev/null
@@ -1,1311 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-#include "firejail.h"
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <unistd.h>
-#include <signal.h>
-#include <stdlib.h>
-#include <dirent.h>
-#include <sys/mount.h>
-#include <sys/wait.h>
-#include <errno.h>
-#include <limits.h>
-
-// on Debian 7 we are missing O_PATH definition
-#include <fcntl.h>
-#ifndef O_PATH
-#define O_PATH          010000000
-#endif
-
-
-// Parse the DISPLAY environment variable and return a display number.
-// Returns -1 if DISPLAY is not set, or is set to anything other than :ddd.
-int x11_display(void) {
-        const char *display_str = getenv("DISPLAY");
-        char *endp;
-        unsigned long display;
-
-        if (!display_str) {
-                if (arg_debug)
-                        fputs("DISPLAY is not set\n", stderr);
-                return -1;
-        }
-
-        if (display_str[0] != ':' || display_str[1] < '0' || display_str[1] > '9') {
-                if (arg_debug)
-                        fprintf(stderr, "unsupported DISPLAY form '%s'\n", display_str);
-                return -1;
-        }
-
-        errno = 0;
-        display = strtoul(display_str+1, &endp, 10);
-        // handling DISPLAY=:0 and also :0.0
-        if (endp == display_str+1 || (*endp != '\0' && *endp != '.')) {
-                if (arg_debug)
-                        fprintf(stderr, "unsupported DISPLAY form '%s'\n", display_str);
-                return -1;
-        }
-        if (errno || display > (unsigned long)INT_MAX) {
-                if (arg_debug)
-                        fprintf(stderr, "display number %s is outside the valid range\n",
-                                display_str+1);
-                return -1;
-        }
-
-        if (arg_debug)
-                fprintf(stderr, "DISPLAY=%s parsed as %lu\n", display_str, display);
-
-        return (int)display;
-}
-
-
-#ifdef HAVE_X11
-// check for X11 abstract sockets
-static int x11_abstract_sockets_present(void) {
-
-        EUID_ROOT();                              // grsecurity fix
-        FILE *fp = fopen("/proc/net/unix", "r");
-        if (!fp)
-                errExit("fopen");
-        EUID_USER();
-
-        char *linebuf = 0;
-        size_t bufsz = 0;
-        int found = 0;
-        errno = 0;
-
-        for (;;) {
-                if (getline(&linebuf, &bufsz, fp) == -1) {
-                        if (errno)
-                                errExit("getline");
-                        break;
-                }
-                // The last space-separated field in 'linebuf' is the
-                // pathname of the socket.  Abstract sockets' pathnames
-                // all begin with '@/', normal ones begin with '/'.
-                char *p = strrchr(linebuf, ' ');
-                if (!p) {
-                        fputs("error parsing /proc/net/unix\n", stderr);
-                        exit(1);
-                }
-                if (strncmp(p+1, "@/tmp/.X11-unix/", 16) == 0) {
-                        found = 1;
-                        break;
-                }
-        }
-
-        free(linebuf);
-        fclose(fp);
-        return found;
-}
-
-
-// Choose a random, unallocated display number.  This has an inherent
-// and unavoidable TOCTOU race, since we cannot create either the
-// socket or a lockfile ourselves.
-static int random_display_number(void) {
-        int display;
-        int found = 0;
-        int i;
-
-        struct sockaddr_un sa;
-        // The -1 here is because we need space to inject a
-        // leading nul byte.
-        int sun_pathmax = (int)(sizeof sa.sun_path - 1);
-        assert((size_t)sun_pathmax == sizeof sa.sun_path - 1);
-        int sun_pathlen;
-
-        int sockfd = socket(AF_UNIX, SOCK_STREAM, 0);
-        if (sockfd == -1)
-                errExit("socket");
-
-        for (i = 0; i < 100; i++) {
-                display = rand() % (X11_DISPLAY_END - X11_DISPLAY_START) + X11_DISPLAY_START;
-
-                // The display number might be claimed by a server listening
-                // in _either_ the normal or the abstract namespace; they
-                // don't necessarily do both.  The easiest way to check is
-                // to try to connect, both ways.
-                memset(&sa, 0, sizeof sa);
-                sa.sun_family = AF_UNIX;
-                sun_pathlen = snprintf(sa.sun_path, sun_pathmax,
-                        "/tmp/.X11-unix/X%d", display);
-                if (sun_pathlen >= sun_pathmax) {
-                        fprintf(stderr, "sun_path too small for display :%d"
-                                " (only %d bytes usable)\n", display, sun_pathmax);
-                        exit(1);
-                }
-
-                if (connect(sockfd, (struct sockaddr *)&sa,
-                offsetof(struct sockaddr_un, sun_path) + sun_pathlen + 1) == 0) {
-                        close(sockfd);
-                        sockfd = socket(AF_UNIX, SOCK_STREAM, 0);
-                        if (sockfd == -1)
-                                errExit("socket");
-                        continue;
-                }
-                if (errno != ECONNREFUSED && errno != ENOENT)
-                        errExit("connect");
-
-                // Name not claimed in the normal namespace; now try it
-                // in the abstract namespace.  Note that abstract-namespace
-                // names are NOT nul-terminated; they extend to the length
-                // specified as the third argument to 'connect'.
-                memmove(sa.sun_path + 1, sa.sun_path, sun_pathlen + 1);
-                sa.sun_path[0] = '\0';
-                if (connect(sockfd, (struct sockaddr *)&sa,
-                offsetof(struct sockaddr_un, sun_path) + 1 + sun_pathlen) == 0) {
-                        close(sockfd);
-                        sockfd = socket(AF_UNIX, SOCK_STREAM, 0);
-                        if (sockfd == -1)
-                                errExit("socket");
-                        continue;
-                }
-                if (errno != ECONNREFUSED && errno != ENOENT)
-                        errExit("connect");
-
-                // This display number is unclaimed.  Of course, it could
-                // be claimed before we get around to doing it...
-                found = 1;
-                break;
-        }
-        close(sockfd);
-
-        if (!found) {
-                fputs("Error: cannot find an unallocated X11 display number, "
-                        "exiting...\n", stderr);
-                exit(1);
-        }
-        return display;
-}
-#endif
-
-#ifdef HAVE_X11
-void x11_start_xvfb(int argc, char **argv) {
-        EUID_ASSERT();
-        int i;
-        struct stat s;
-        pid_t jail = 0;
-        pid_t server = 0;
-
-        setenv("FIREJAIL_X11", "yes", 1);
-
-        // mever try to run X servers as root!!!
-        if (getuid() == 0) {
-                fprintf(stderr, "Error: X11 sandboxing is not available when running as root\n");
-                exit(1);
-        }
-        drop_privs(0);
-
-        // check xvfb
-        if (!program_in_path("Xvfb")) {
-                fprintf(stderr, "\nError: Xvfb program was not found in /usr/bin directory, please install it:\n");
-                fprintf(stderr, "   Debian/Ubuntu/Mint: sudo apt-get install xvfb\n");
-                fprintf(stderr, "   Arch: sudo pacman -S xorg-server-xvfb\n");
-                exit(0);
-        }
-
-        int display = random_display_number();
-        char *display_str;
-        if (asprintf(&display_str, ":%d", display) == -1)
-                errExit("asprintf");
-
-        assert(xvfb_screen);
-
-        char *server_argv[256] = {                // rest initialyzed to NULL
-                "Xvfb", display_str, "-screen", "0", xvfb_screen
-        };
-        unsigned pos = 0;
-        while (server_argv[pos] != NULL) pos++;
-        assert(xvfb_extra_params);                // should be "" if empty
-
-        // parse xvfb_extra_params
-        // very basic quoting support
-        char *temp = strdup(xvfb_extra_params);
-        if (*xvfb_extra_params != '\0') {
-                if (!temp)
-                        errExit("strdup");
-                bool dquote = false;
-                bool squote = false;
-                for (i = 0; i < (int) strlen(xvfb_extra_params); i++) {
-                        if (temp[i] == '\"') {
-                                dquote = !dquote;
-                                                  // replace closing quote by \0
-                                if (dquote) temp[i] = '\0';
-                        }
-                        if (temp[i] == '\'') {
-                                squote = !squote;
-                                                  // replace closing quote by \0
-                                if (squote) temp[i] = '\0';
-                        }
-                        if (!dquote && !squote && temp[i] == ' ') temp[i] = '\0';
-                        if (dquote && squote) {
-                                fprintf(stderr, "Error: mixed quoting found while parsing xvfb_extra_params\n");
-                                exit(1);
-                        }
-                }
-                if (dquote) {
-                        fprintf(stderr, "Error: unclosed quote found while parsing xvfb_extra_params\n");
-                        exit(1);
-                }
-
-                server_argv[pos++] = temp;
-                for (i = 0; i < (int) strlen(xvfb_extra_params)-1; i++) {
-                        if (pos >= (sizeof(server_argv)/sizeof(*server_argv)) - 2) {
-                                fprintf(stderr, "Error: arg count limit exceeded while parsing xvfb_extra_params\n");
-                                exit(1);
-                        }
-                        if (temp[i] == '\0' && (temp[i+1] == '\"' || temp[i+1] == '\'')) server_argv[pos++] = temp + i + 2;
-                        else if (temp[i] == '\0' && temp[i+1] != '\0') server_argv[pos++] = temp + i + 1;
-                }
-        }
-
-        server_argv[pos++] = NULL;
-
-        assert(pos < (sizeof(server_argv)/sizeof(*server_argv))); // no overrun
-        assert(server_argv[pos-1] == NULL);       // last element is null
-
-        if (arg_debug) {
-                size_t i = 0;
-                printf("\n*** Starting xvfb server:");
-                while (server_argv[i]!=NULL) {
-                        printf(" \"%s\"", server_argv[i]);
-                        i++;
-                }
-                printf(" ***\n\n");
-        }
-
-        // remove --x11 arg
-        char *jail_argv[argc+2];
-        int j = 0;
-        for (i = 0; i < argc; i++) {
-                if (strncmp(argv[i], "--x11", 5) == 0)
-                        continue;
-                jail_argv[j] = argv[i];
-                j++;
-        }
-        jail_argv[j] = NULL;
-
-        assert(j < argc+2);                       // no overrun
-
-        if (arg_debug) {
-                size_t i = 0;
-                printf("\n*** Stating xvfb client:");
-                while (jail_argv[i]!=NULL) {
-                        printf(" \"%s\"", jail_argv[i]);
-                        i++;
-                }
-                printf(" ***\n\n");
-        }
-
-        server = fork();
-        if (server < 0)
-                errExit("fork");
-        if (server == 0) {
-                if (arg_debug)
-                        printf("Starting xvfb...\n");
-
-                // running without privileges - see drop_privs call above
-                assert(getenv("LD_PRELOAD") == NULL);
-                execvp(server_argv[0], server_argv);
-                perror("execvp");
-                _exit(1);
-        }
-
-        if (arg_debug)
-                printf("xvfb server pid %d\n", server);
-
-        // check X11 socket
-        char *fname;
-        if (asprintf(&fname, "/tmp/.X11-unix/X%d", display) == -1)
-                errExit("asprintf");
-        int n = 0;
-        // wait for x11 server to start
-        while (++n < 10) {
-                sleep(1);
-                if (stat(fname, &s) == 0)
-                        break;
-        };
-
-        if (n == 10) {
-                fprintf(stderr, "Error: failed to start xvfb\n");
-                exit(1);
-        }
-        free(fname);
-
-        assert(display_str);
-        setenv("DISPLAY", display_str, 1);
-        // run attach command
-        jail = fork();
-        if (jail < 0)
-                errExit("fork");
-        if (jail == 0) {
-                fmessage("\n*** Attaching to Xvfb display %d ***\n\n", display);
-
-                // running without privileges - see drop_privs call above
-                assert(getenv("LD_PRELOAD") == NULL);
-                execvp(jail_argv[0], jail_argv);
-                perror("execvp");
-                _exit(1);
-        }
-
-        // cleanup
-        free(display_str);
-        free(temp);
-
-        // wait for either server or jail termination
-        pid_t pid = wait(NULL);
-
-        // see which process terminated and kill other
-        if (pid == server) {
-                kill(jail, SIGTERM);
-        }
-        else if (pid == jail) {
-                kill(server, SIGTERM);
-        }
-
-        // without this closing Xephyr window may mess your terminal:
-        // "monitoring" process will release terminal before
-        // jail process ends and releases terminal
-        wait(NULL);                               // fulneral
-
-        exit(0);
-}
-
-
-static char *extract_setting(int argc, char **argv, const char *argument) {
-        int i;
-        int len = strlen(argument);
-
-        for (i = 1; i < argc; i++) {
-                if (strncmp(argv[i], argument, len) == 0) {
-                        return argv[i] + len;
-                }
-
-                // detect end of firejail params
-                if (strcmp(argv[i], "--") == 0)
-                        break;
-                if (strncmp(argv[i], "--", 2) != 0)
-                        break;
-        }
-
-        return NULL;
-}
-
-
-//$ Xephyr -ac -br -noreset -screen 800x600 :22 &
-//$ DISPLAY=:22 firejail --net=eth0 --blacklist=/tmp/.X11-unix/x0 firefox
-void x11_start_xephyr(int argc, char **argv) {
-        EUID_ASSERT();
-        int i;
-        struct stat s;
-        pid_t jail = 0;
-        pid_t server = 0;
-
-        // default xephyr screen can be overwriten by a --xephyr-screen= command line option
-        char *newscreen = extract_setting(argc, argv, "--xephyr-screen=");
-        if (newscreen)
-                xephyr_screen = newscreen;
-
-        setenv("FIREJAIL_X11", "yes", 1);
-
-        // unfortunately, xephyr does a number of weird things when started by root user!!!
-        if (getuid() == 0) {
-                fprintf(stderr, "Error: X11 sandboxing is not available when running as root\n");
-                exit(1);
-        }
-        drop_privs(0);
-
-        // check xephyr
-        if (!program_in_path("Xephyr")) {
-                fprintf(stderr, "\nError: Xephyr program was not found in /usr/bin directory, please install it:\n");
-                fprintf(stderr, "   Debian/Ubuntu/Mint: sudo apt-get install xserver-xephyr\n");
-                fprintf(stderr, "   Arch: sudo pacman -S xorg-server-xephyr\n");
-                exit(0);
-        }
-
-        int display = random_display_number();
-        char *display_str;
-        if (asprintf(&display_str, ":%d", display) == -1)
-                errExit("asprintf");
-
-        assert(xephyr_screen);
-        char *server_argv[256] = {                // rest initialyzed to NULL
-                "Xephyr", "-ac", "-br", "-noreset", "-screen", xephyr_screen
-        };
-        unsigned pos = 0;
-        while (server_argv[pos] != NULL) pos++;
-        if (checkcfg(CFG_XEPHYR_WINDOW_TITLE)) {
-                server_argv[pos++] = "-title";
-                server_argv[pos++] = "firejail x11 sandbox";
-        }
-
-        assert(xephyr_extra_params);              // should be "" if empty
-
-        // parse xephyr_extra_params
-        // very basic quoting support
-        char *temp = strdup(xephyr_extra_params);
-        if (*xephyr_extra_params != '\0') {
-                if (!temp)
-                        errExit("strdup");
-                bool dquote = false;
-                bool squote = false;
-                for (i = 0; i < (int) strlen(xephyr_extra_params); i++) {
-                        if (temp[i] == '\"') {
-                                dquote = !dquote;
-                                                  // replace closing quote by \0
-                                if (dquote) temp[i] = '\0';
-                        }
-                        if (temp[i] == '\'') {
-                                squote = !squote;
-                                                  // replace closing quote by \0
-                                if (squote) temp[i] = '\0';
-                        }
-                        if (!dquote && !squote && temp[i] == ' ') temp[i] = '\0';
-                        if (dquote && squote) {
-                                fprintf(stderr, "Error: mixed quoting found while parsing xephyr_extra_params\n");
-                                exit(1);
-                        }
-                }
-                if (dquote) {
-                        fprintf(stderr, "Error: unclosed quote found while parsing xephyr_extra_params\n");
-                        exit(1);
-                }
-
-                server_argv[pos++] = temp;
-                for (i = 0; i < (int) strlen(xephyr_extra_params)-1; i++) {
-                        if (pos >= (sizeof(server_argv)/sizeof(*server_argv)) - 2) {
-                                fprintf(stderr, "Error: arg count limit exceeded while parsing xephyr_extra_params\n");
-                                exit(1);
-                        }
-                        if (temp[i] == '\0' && (temp[i+1] == '\"' || temp[i+1] == '\'')) {
-                                server_argv[pos++] = temp + i + 2;
-                        }
-                        else if (temp[i] == '\0' && temp[i+1] != '\0') {
-                                server_argv[pos++] = temp + i + 1;
-                        }
-                }
-        }
-
-        server_argv[pos++] = display_str;
-        server_argv[pos++] = NULL;
-
-                                                  // no overrun
-        assert(pos < (sizeof(server_argv)/sizeof(*server_argv)));
-        assert(server_argv[pos-1] == NULL);       // last element is null
-
-        {
-                size_t i = 0;
-                printf("\n*** Starting xephyr server:");
-                while (server_argv[i]!=NULL) {
-                        printf(" \"%s\"", server_argv[i]);
-                        i++;
-                }
-                printf(" ***\n\n");
-        }
-
-        // remove --x11 arg
-        char *jail_argv[argc+2];
-        int j = 0;
-        for (i = 0; i < argc; i++) {
-                if (strncmp(argv[i], "--x11", 5) == 0)
-                        continue;
-                jail_argv[j] = argv[i];
-                j++;
-        }
-        jail_argv[j] = NULL;
-
-        assert(j < argc+2);                       // no overrun
-
-        if (arg_debug) {
-                size_t i = 0;
-                printf("*** Starting xephyr client:");
-                while (jail_argv[i]!=NULL) {
-                        printf(" \"%s\"", jail_argv[i]);
-                        i++;
-                }
-                printf(" ***\n\n");
-        }
-
-        server = fork();
-        if (server < 0)
-                errExit("fork");
-        if (server == 0) {
-                if (arg_debug)
-                        printf("Starting xephyr...\n");
-
-                // running without privileges - see drop_privs call above
-                assert(getenv("LD_PRELOAD") == NULL);
-                execvp(server_argv[0], server_argv);
-                perror("execvp");
-                _exit(1);
-        }
-
-        if (arg_debug)
-                printf("xephyr server pid %d\n", server);
-
-        // check X11 socket
-        char *fname;
-        if (asprintf(&fname, "/tmp/.X11-unix/X%d", display) == -1)
-                errExit("asprintf");
-        int n = 0;
-        // wait for x11 server to start
-        while (++n < 10) {
-                sleep(1);
-                if (stat(fname, &s) == 0)
-                        break;
-        };
-
-        if (n == 10) {
-                fprintf(stderr, "Error: failed to start xephyr\n");
-                exit(1);
-        }
-        free(fname);
-
-        assert(display_str);
-        setenv("DISPLAY", display_str, 1);
-        // run attach command
-        jail = fork();
-        if (jail < 0)
-                errExit("fork");
-        if (jail == 0) {
-                if (!arg_quiet)
-                        printf("\n*** Attaching to Xephyr display %d ***\n\n", display);
-
-                // running without privileges - see drop_privs call above
-                assert(getenv("LD_PRELOAD") == NULL);
-                execvp(jail_argv[0], jail_argv);
-                perror("execvp");
-                _exit(1);
-        }
-
-        // cleanup
-        free(display_str);
-        free(temp);
-
-        // wait for either server or jail termination
-        pid_t pid = wait(NULL);
-
-        // see which process terminated and kill other
-        if (pid == server) {
-                kill(jail, SIGTERM);
-        }
-        else if (pid == jail) {
-                kill(server, SIGTERM);
-        }
-
-        // without this closing Xephyr window may mess your terminal:
-        // "monitoring" process will release terminal before
-        // jail process ends and releases terminal
-        wait(NULL);                               // fulneral
-
-        exit(0);
-}
-
-
-void x11_start_xpra_old(int argc, char **argv, int display, char *display_str) {
-        EUID_ASSERT();
-        int i;
-        struct stat s;
-        pid_t client = 0;
-        pid_t server = 0;
-
-        // build the start command
-        char *server_argv[256] = {                // rest initialyzed to NULL
-                "xpra", "start", display_str, "--no-daemon",
-        };
-        unsigned pos = 0;
-        while (server_argv[pos] != NULL) pos++;
-
-        assert(xpra_extra_params);                // should be "" if empty
-
-        // parse xephyr_extra_params
-        // very basic quoting support
-        char *temp = strdup(xpra_extra_params);
-        if (*xpra_extra_params != '\0') {
-                if (!temp)
-                        errExit("strdup");
-                bool dquote = false;
-                bool squote = false;
-                for (i = 0; i < (int) strlen(xpra_extra_params); i++) {
-                        if (temp[i] == '\"') {
-                                dquote = !dquote;
-                                                  // replace closing quote by \0
-                                if (dquote) temp[i] = '\0';
-                        }
-                        if (temp[i] == '\'') {
-                                squote = !squote;
-                                                  // replace closing quote by \0
-                                if (squote) temp[i] = '\0';
-                        }
-                        if (!dquote && !squote && temp[i] == ' ') temp[i] = '\0';
-                        if (dquote && squote) {
-                                fprintf(stderr, "Error: mixed quoting found while parsing xpra_extra_params\n");
-                                exit(1);
-                        }
-                }
-                if (dquote) {
-                        fprintf(stderr, "Error: unclosed quote found while parsing xpra_extra_params\n");
-                        exit(1);
-                }
-
-                server_argv[pos++] = temp;
-                for (i = 0; i < (int) strlen(xpra_extra_params)-1; i++) {
-                        if (pos >= (sizeof(server_argv)/sizeof(*server_argv)) - 2) {
-                                fprintf(stderr, "Error: arg count limit exceeded while parsing xpra_extra_params\n");
-                                exit(1);
-                        }
-                        if (temp[i] == '\0' && (temp[i+1] == '\"' || temp[i+1] == '\'')) {
-                                server_argv[pos++] = temp + i + 2;
-                        }
-                        else if (temp[i] == '\0' && temp[i+1] != '\0') {
-                                server_argv[pos++] = temp + i + 1;
-                        }
-                }
-        }
-
-        server_argv[pos++] = NULL;
-
-                                                  // no overrun
-        assert(pos < (sizeof(server_argv)/sizeof(*server_argv)));
-        assert(server_argv[pos-1] == NULL);       // last element is null
-
-        if (arg_debug) {
-                size_t i = 0;
-                printf("\n*** Starting xpra server: ");
-                while (server_argv[i]!=NULL) {
-                        printf(" \"%s\"", server_argv[i]);
-                        i++;
-                }
-                printf(" ***\n\n");
-        }
-
-        int fd_null = -1;
-        if (arg_quiet) {
-                fd_null = open("/dev/null", O_RDWR);
-                if (fd_null == -1)
-                        errExit("open");
-        }
-
-        // start
-        server = fork();
-        if (server < 0)
-                errExit("fork");
-        if (server == 0) {
-                if (arg_debug)
-                        printf("Starting xpra...\n");
-
-                if (arg_quiet && fd_null != -1) {
-                        dup2(fd_null,0);
-                        dup2(fd_null,1);
-                        dup2(fd_null,2);
-                }
-
-                // running without privileges - see drop_privs call above
-                assert(getenv("LD_PRELOAD") == NULL);
-                execvp(server_argv[0], server_argv);
-                perror("execvp");
-                _exit(1);
-        }
-
-        // add a small delay, on some systems it takes some time for the server to start
-        sleep(5);
-
-        // check X11 socket
-        char *fname;
-        if (asprintf(&fname, "/tmp/.X11-unix/X%d", display) == -1)
-                errExit("asprintf");
-        int n = 0;
-        // wait for x11 server to start
-        while (++n < 10) {
-                sleep(1);
-                if (stat(fname, &s) == 0)
-                        break;
-        }
-
-        if (n == 10) {
-                fprintf(stderr, "Error: failed to start xpra\n");
-                exit(1);
-        }
-        free(fname);
-
-        // build attach command
-        char *attach_argv[] = { "xpra", "--title=\"firejail x11 sandbox\"", "attach", display_str, NULL };
-
-        // run attach command
-        client = fork();
-        if (client < 0)
-                errExit("fork");
-        if (client == 0) {
-                if (arg_quiet && fd_null != -1) {
-                        dup2(fd_null,0);
-                        dup2(fd_null,1);
-                        dup2(fd_null,2);
-                }
-
-                fmessage("\n*** Attaching to xpra display %d ***\n\n", display);
-
-                // running without privileges - see drop_privs call above
-                assert(getenv("LD_PRELOAD") == NULL);
-                execvp(attach_argv[0], attach_argv);
-                perror("execvp");
-                _exit(1);
-        }
-
-        assert(display_str);
-        setenv("DISPLAY", display_str, 1);
-
-        // build jail command
-        char *firejail_argv[argc+2];
-        pos = 0;
-        for (i = 0; i < argc; i++) {
-                if (strncmp(argv[i], "--x11", 5) == 0)
-                        continue;
-                firejail_argv[pos] = argv[i];
-                pos++;
-        }
-        firejail_argv[pos] = NULL;
-
-        assert((int) pos < (argc+2));
-        assert(!firejail_argv[pos]);
-
-        // start jail
-        pid_t jail = fork();
-        if (jail < 0)
-                errExit("fork");
-        if (jail == 0) {
-                // running without privileges - see drop_privs call above
-                assert(getenv("LD_PRELOAD") == NULL);
-                if (firejail_argv[0])             // shut up llvm scan-build
-                        execvp(firejail_argv[0], firejail_argv);
-                perror("execvp");
-                exit(1);
-        }
-
-        fmessage("Xpra server pid %d, xpra client pid %d, jail %d\n", server, client, jail);
-
-        sleep(1);                                 // adding a delay in order to let the server start
-
-        // wait for jail or server to end
-        while (1) {
-                pid_t pid = wait(NULL);
-
-                if (pid == jail) {
-                        char *stop_argv[] = { "xpra", "stop", display_str, NULL };
-                        pid_t stop = fork();
-                        if (stop < 0)
-                                errExit("fork");
-                        if (stop == 0) {
-                                if (arg_quiet && fd_null != -1) {
-                                        dup2(fd_null,0);
-                                        dup2(fd_null,1);
-                                        dup2(fd_null,2);
-                                }
-                                // running without privileges - see drop_privs call above
-                                assert(getenv("LD_PRELOAD") == NULL);
-                                execvp(stop_argv[0], stop_argv);
-                                perror("execvp");
-                                _exit(1);
-                        }
-
-                        // wait for xpra server to stop, 10 seconds limit
-                        while (++n < 10) {
-                                sleep(1);
-                                pid = waitpid(server, NULL, WNOHANG);
-                                if (pid == server)
-                                        break;
-                        }
-
-                        if (arg_debug) {
-                                if (n == 10)
-                                        printf("failed to stop xpra server gratefully\n");
-                                else
-                                        printf("xpra server successfully stopped in %d secs\n", n);
-                        }
-
-                        // kill xpra server and xpra client
-                        kill(client, SIGTERM);
-                        kill(server, SIGTERM);
-                        exit(0);
-                }
-                else if (pid == server) {
-                        // kill firejail process
-                        kill(jail, SIGTERM);
-                        // kill xpra client (should die with server, but...)
-                        kill(client, SIGTERM);
-                        exit(0);
-                }
-        }
-}
-
-
-void x11_start_xpra_new(int argc, char **argv, char *display_str) {
-        EUID_ASSERT();
-        int i;
-        pid_t server = 0;
-
-        // build the start command
-        char *server_argv[256] = {                // rest initialyzed to NULL
-                "xpra", "start", display_str, "--daemon=no", "--attach=yes", "--exit-with-children=yes"
-        };
-        unsigned spos = 0;
-        unsigned fpos = 0;
-        while (server_argv[spos] != NULL) spos++;
-
-        // build jail command
-        char *firejail_argv[argc+2];
-        size_t total_length = 0;
-        for (i = 0; i < argc; i++) {
-                if (strncmp(argv[i], "--x11", 5) == 0)
-                        continue;
-                firejail_argv[fpos] = argv[i];
-                fpos++;
-                total_length += strlen(argv[i]);
-        }
-
-        char *start_child_prefix = "--start-child=";
-        char *start_child;
-        start_child = malloc(total_length + strlen(start_child_prefix) + fpos + 2);
-        if (start_child == NULL) {
-                fprintf(stderr, "Error: unable to allocate start_child to assemble command\n");
-                exit(1);
-        }
-
-        strcpy(start_child,start_child_prefix);
-        for(i = 0; (unsigned) i < fpos; i++) {
-                strncat(start_child,firejail_argv[i],strlen(firejail_argv[i]));
-                if((unsigned) i != fpos - 1)
-                        strncat(start_child," ",strlen(" "));
-        }
-
-        server_argv[spos++] = start_child;
-
-        server_argv[spos++] = NULL;
-        firejail_argv[fpos] = NULL;
-
-        assert(xpra_extra_params);                // should be "" if empty
-
-        // parse xephyr_extra_params
-        // very basic quoting support
-        char *temp = strdup(xpra_extra_params);
-        if (*xpra_extra_params != '\0') {
-                if (!temp)
-                        errExit("strdup");
-                bool dquote = false;
-                bool squote = false;
-                for (i = 0; i < (int) strlen(xpra_extra_params); i++) {
-                        if (temp[i] == '\"') {
-                                dquote = !dquote;
-                                                  // replace closing quote by \0
-                                if (dquote) temp[i] = '\0';
-                        }
-                        if (temp[i] == '\'') {
-                                squote = !squote;
-                                                  // replace closing quote by \0
-                                if (squote) temp[i] = '\0';
-                        }
-                        if (!dquote && !squote && temp[i] == ' ') temp[i] = '\0';
-                        if (dquote && squote) {
-                                fprintf(stderr, "Error: mixed quoting found while parsing xpra_extra_params\n");
-                                exit(1);
-                        }
-                }
-                if (dquote) {
-                        fprintf(stderr, "Error: unclosed quote found while parsing xpra_extra_params\n");
-                        exit(1);
-                }
-
-                server_argv[spos++] = temp;
-                for (i = 0; i < (int) strlen(xpra_extra_params)-1; i++) {
-                        if (spos >= (sizeof(server_argv)/sizeof(*server_argv)) - 2) {
-                                fprintf(stderr, "Error: arg count limit exceeded while parsing xpra_extra_params\n");
-                                exit(1);
-                        }
-                        if (temp[i] == '\0' && (temp[i+1] == '\"' || temp[i+1] == '\'')) {
-                                server_argv[spos++] = temp + i + 2;
-                        }
-                        else if (temp[i] == '\0' && temp[i+1] != '\0') {
-                                server_argv[spos++] = temp + i + 1;
-                        }
-                }
-        }
-
-        server_argv[spos++] = NULL;
-
-        assert((int) fpos < (argc+2));
-        assert(!firejail_argv[fpos]);
-                                                  // no overrun
-        assert(spos < (sizeof(server_argv)/sizeof(*server_argv)));
-        assert(server_argv[spos-1] == NULL);      // last element is null
-
-        if (arg_debug) {
-                size_t i = 0;
-                printf("\n*** Starting xpra server: ");
-                while (server_argv[i]!=NULL) {
-                        printf(" \"%s\"", server_argv[i]);
-                        i++;
-                }
-                printf(" ***\n\n");
-        }
-
-        int fd_null = -1;
-        if (arg_quiet) {
-                fd_null = open("/dev/null", O_RDWR);
-                if (fd_null == -1)
-                        errExit("open");
-        }
-
-        // start
-        server = fork();
-        if (server < 0)
-                errExit("fork");
-        if (server == 0) {
-                if (arg_debug)
-                        printf("Starting xpra...\n");
-
-                if (arg_quiet && fd_null != -1) {
-                        dup2(fd_null,0);
-                        dup2(fd_null,1);
-                        dup2(fd_null,2);
-                }
-
-                // running without privileges - see drop_privs call above
-                assert(getenv("LD_PRELOAD") == NULL);
-                execvp(server_argv[0], server_argv);
-                perror("execvp");
-                _exit(1);
-        }
-
-        // wait for server to end
-        while (1) {
-                pid_t pid = wait(NULL);
-                if (pid == server) {
-                        free(start_child);
-                        exit(0);
-                }
-        }
-}
-
-
-void x11_start_xpra(int argc, char **argv) {
-        EUID_ASSERT();
-
-        setenv("FIREJAIL_X11", "yes", 1);
-
-        // unfortunately, xpra does a number of weird things when started by root user!!!
-        if (getuid() == 0) {
-                fprintf(stderr, "Error: X11 sandboxing is not available when running as root\n");
-                exit(1);
-        }
-        drop_privs(0);
-
-        // check xpra
-        if (!program_in_path("xpra")) {
-                fprintf(stderr, "\nError: Xpra program was not found in /usr/bin directory, please install it:\n");
-                fprintf(stderr, "   Debian/Ubuntu/Mint: sudo apt-get install xpra\n");
-                exit(0);
-        }
-
-        int display = random_display_number();
-        char *display_str;
-        if (asprintf(&display_str, ":%d", display) == -1)
-                errExit("asprintf");
-
-        if (checkcfg(CFG_XPRA_ATTACH))
-                x11_start_xpra_new(argc, argv, display_str);
-        else
-                x11_start_xpra_old(argc, argv, display, display_str);
-}
-
-
-void x11_start(int argc, char **argv) {
-        EUID_ASSERT();
-
-        // unfortunately, xpra does a number of weird things when started by root user!!!
-        if (getuid() == 0) {
-                fprintf(stderr, "Error: X11 sandboxing is not available when running as root\n");
-                exit(1);
-        }
-
-        // check xpra
-        if (program_in_path("xpra"))
-                x11_start_xpra(argc, argv);
-        else if (program_in_path("Xephyr"))
-                x11_start_xephyr(argc, argv);
-        else {
-                fprintf(stderr, "\nError: Xpra or Xephyr not found in /usr/bin directory, please install one of them:\n");
-                fprintf(stderr, "   Debian/Ubuntu/Mint: sudo apt-get install xpra\n");
-                fprintf(stderr, "   Debian/Ubuntu/Mint: sudo apt-get install xserver-xephyr\n");
-                exit(0);
-        }
-}
-#endif
-
-// Porting notes:
-//
-// 1. merge #1100 from zackw:
-//     Attempting to run xauth -f directly on a file in /run/firejail/mnt/ directory fails on Debian 8
-//     with this message:
-//            xauth:  timeout in locking authority file /run/firejail/mnt/sec.Xauthority-Qt5Mu4
-//            Failed to create untrusted X cookie: xauth: exit 1
-//     For this reason we run xauth on a file in a tmpfs filesystem mounted on /tmp. This was
-//     a partial merge.
-//
-// 2. Since we cannot deal with the TOCTOU condition when mounting .Xauthority in user home
-// directory, we need to make sure /usr/bin/xauth executable is the real thing, and not
-// something picked up on $PATH.
-//
-// 3. If for any reason xauth command fails, we exit the sandbox. On Debian 8 this happens
-// when using a network namespace. Somehow, xauth tries to connect to the abstract socket,
-// and it fails because of the network namespace - it should try to connect to the regular
-// Unix socket! If we ignore the fail condition, the program will be started on X server without
-// the security extension loaded.
-void x11_xorg(void) {
-#ifdef HAVE_X11
-
-        // check xauth utility is present in the system
-        struct stat s;
-        if (stat("/usr/bin/xauth", &s) == -1) {
-                fprintf(stderr, "Error: xauth utility not found in /usr/bin. Please install it:\n"
-                        "   Debian/Ubuntu/Mint: sudo apt-get install xauth\n");
-                exit(1);
-        }
-        if (s.st_uid != 0 && s.st_gid != 0) {
-                fprintf(stderr, "Error: invalid /usr/bin/xauth executable\n");
-                exit(1);
-        }
-
-        // get DISPLAY env
-        char *display = getenv("DISPLAY");
-        if (!display) {
-                fputs("Error: --x11=xorg requires an 'outer' X11 server to use.\n", stderr);
-                exit(1);
-        }
-
-        // temporarily mount a tempfs on top of /tmp directory
-        if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=1777,gid=0") < 0)
-                errExit("mounting /tmp");
-
-        // create the temporary .Xauthority file
-        if (arg_debug)
-                printf("Generating a new .Xauthority file\n");
-        char tmpfname[] = "/tmp/.tmpXauth-XXXXXX";
-        int fd = mkstemp(tmpfname);
-        if (fd == -1) {
-                fprintf(stderr, "Error: cannot create .Xauthority file\n");
-                exit(1);
-        }
-        if (fchown(fd, getuid(), getgid()) == -1)
-                errExit("chown");
-        close(fd);
-
-        pid_t child = fork();
-        if (child < 0)
-                errExit("fork");
-        if (child == 0) {
-                drop_privs(1);
-                clearenv();
-#ifdef HAVE_GCOV
-                __gcov_flush();
-#endif
-                execlp("/usr/bin/xauth", "/usr/bin/xauth", "-v", "-f", tmpfname,
-                        "generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL);
-
-                _exit(127);
-        }
-
-        // wait for the xauth process to finish
-        int status;
-        if (waitpid(child, &status, 0) != child)
-                errExit("waitpid");
-        if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
-                /* success */
-        }
-        else if (WIFEXITED(status)) {
-                fprintf(stderr, "Failed to create untrusted X cookie: xauth: exit %d\n",
-                        WEXITSTATUS(status));
-                exit(1);
-        }
-        else if (WIFSIGNALED(status)) {
-                fprintf(stderr, "Failed to create untrusted X cookie: xauth: %s\n",
-                        strsignal(WTERMSIG(status)));
-                exit(1);
-        }
-        else {
-                fprintf(stderr, "Failed to create untrusted X cookie: "
-                        "xauth: un-decodable exit status %04x\n", status);
-                exit(1);
-        }
-
-        // move the temporary file in RUN_XAUTHORITY_SEC_FILE in order to have it deleted
-        // automatically when the sandbox is closed (rename doesn't work)
-                                                  // root needed
-        if (copy_file(tmpfname, RUN_XAUTHORITY_SEC_FILE, getuid(), getgid(), 0600)) {
-                fprintf(stderr, "Error: cannot create the new .Xauthority file\n");
-                exit(1);
-        }
-        /* coverity[toctou] */
-        unlink(tmpfname);
-        umount("/tmp");
-
-        // Ensure there is already a file in the usual location, so that bind-mount below will work.
-        char *dest;
-        if (asprintf(&dest, "%s/.Xauthority", cfg.homedir) == -1)
-                errExit("asprintf");
-        if (lstat(dest, &s) == -1)
-                touch_file_as_user(dest, getuid(), getgid(), 0600);
-
-        // get a file descriptor for .Xauthority
-        fd = safe_fd(dest, O_PATH|O_NOFOLLOW|O_CLOEXEC);
-        if (fd == -1)
-                errExit("safe_fd");
-        // check if the actual mount destination is a user owned regular file
-        if (fstat(fd, &s) == -1)
-                errExit("fstat");
-        if (!S_ISREG(s.st_mode) || s.st_uid != getuid()) {
-                if (S_ISLNK(s.st_mode))
-                        fprintf(stderr, "Error: .Xauthority is a symbolic link\n");
-                else
-                        fprintf(stderr, "Error: .Xauthority is not a user owned regular file\n");
-                exit(1);
-        }
-
-        // mount via the link in /proc/self/fd
-        char *proc;
-        if (asprintf(&proc, "/proc/self/fd/%d", fd) == -1)
-                errExit("asprintf");
-        if (mount(RUN_XAUTHORITY_SEC_FILE, proc, "none", MS_BIND, "mode=0600") == -1) {
-                fprintf(stderr, "Error: cannot mount the new .Xauthority file\n");
-                exit(1);
-        }
-        free(proc);
-        close(fd);
-        // check /proc/self/mountinfo to confirm the mount is ok
-        MountData *mptr = get_last_mount();
-        if (strcmp(mptr->dir, dest) != 0 || strcmp(mptr->fstype, "tmpfs") != 0)
-                errLogExit("invalid .Xauthority mount");
-
-        ASSERT_PERMS(dest, getuid(), getgid(), 0600);
-        free(dest);
-#endif
-}
-
-
-void fs_x11(void) {
-#ifdef HAVE_X11
-        int display = x11_display();
-        if (display <= 0)
-                return;
-
-        char *x11file;
-        if (asprintf(&x11file, "/tmp/.X11-unix/X%d", display) == -1)
-                errExit("asprintf");
-        struct stat x11stat;
-        if (stat(x11file, &x11stat) == -1 || !S_ISSOCK(x11stat.st_mode)) {
-                free(x11file);
-                return;
-        }
-
-        if (arg_debug || arg_debug_whitelists)
-                fprintf(stderr, "Masking all X11 sockets except %s\n", x11file);
-
-        // Move the real /tmp/.X11-unix to a scratch location
-        // so we can still access x11file after we mount a
-        // tmpfs over /tmp/.X11-unix.
-        int rv = mkdir(RUN_WHITELIST_X11_DIR, 0700);
-        if (rv == -1)
-                errExit("mkdir");
-        if (set_perms(RUN_WHITELIST_X11_DIR, 0, 0, 0700))
-                errExit("set_perms");
-
-        if (mount("/tmp/.X11-unix", RUN_WHITELIST_X11_DIR, 0, MS_BIND|MS_REC, 0) < 0)
-                errExit("mount bind");
-
-        // This directory must be mode 1777, or Xlib will barf.
-        if (mount("tmpfs", "/tmp/.X11-unix", "tmpfs",
-                MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_STRICTATIME | MS_REC,
-                "mode=1777,uid=0,gid=0") < 0)
-                errExit("mounting tmpfs on /tmp/.X11-unix");
-        fs_logger("tmpfs /tmp/.X11-unix");
-
-        // create an empty file which will have the desired socket bind-mounted over it
-        int fd = open(x11file, O_RDWR|O_CREAT|O_EXCL, x11stat.st_mode & ~S_IFMT);
-        if (fd < 0)
-                errExit(x11file);
-        if (fchown(fd, x11stat.st_uid, x11stat.st_gid))
-                errExit("fchown");
-        close(fd);
-
-        // do the mount
-        char *wx11file;
-        if (asprintf(&wx11file, "%s/X%d", RUN_WHITELIST_X11_DIR, display) == -1)
-                errExit("asprintf");
-        if (mount(wx11file, x11file, NULL, MS_BIND|MS_REC, NULL) < 0)
-                errExit("mount bind");
-        fs_logger2("whitelist", x11file);
-
-        free(x11file);
-        free(wx11file);
-
-        // block access to RUN_WHITELIST_X11_DIR
-        if (mount(RUN_RO_DIR, RUN_WHITELIST_X11_DIR, 0, MS_BIND, 0) < 0)
-                errExit("mount");
-        fs_logger2("blacklist", RUN_WHITELIST_X11_DIR);
-#endif
-}
-
-
-void x11_block(void) {
-#ifdef HAVE_X11
-        // check abstract socket presence and network namespace options
-        if ((!arg_nonetwork && !cfg.bridge0.configured && !cfg.interface0.configured)
-        && x11_abstract_sockets_present()) {
-                fprintf(stderr, "ERROR: --x11=none specified, but abstract X11 socket still accessible.\n"
-                        "Additional setup required. To block abstract X11 socket you can either:\n"
-                        " * use network namespace in firejail (--net=none, --net=...)\n"
-                        " * add \"-nolisten local\" to xserver options\n"
-                        "   (eg. to your display manager config, or /etc/X11/xinit/xserverrc)\n");
-                exit(1);
-        }
-
-        // blacklist sockets
-        profile_check_line("blacklist /tmp/.X11-unix", 0, NULL);
-        profile_add(strdup("blacklist /tmp/.X11-unix"));
-
-        // blacklist .Xauthority
-        profile_check_line("blacklist ${HOME}/.Xauthority", 0, NULL);
-        profile_add(strdup("blacklist ${HOME}/.Xauthority"));
-        char *xauthority = getenv("XAUTHORITY");
-        if (xauthority) {
-                char *line;
-                if (asprintf(&line, "blacklist %s", xauthority) == -1)
-                        errExit("asprintf");
-                profile_check_line(line, 0, NULL);
-                profile_add(line);
-        }
-
-        // clear environment
-        env_store("DISPLAY", RMENV);
-        env_store("XAUTHORITY", RMENV);
-#endif
-}
diff --git a/src/fldd/Makefile.in b/src/fldd/Makefile.in
deleted file mode 100644
index 5af37cfbd..000000000
--- a/src/fldd/Makefile.in
+++ /dev/null
@@ -1,14 +0,0 @@
-all: fldd
-
-include ../common.mk
-
-%.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h ../include/ldd_utils.h
-        $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@
-
-fldd: $(OBJS) ../lib/ldd_utils.o
-        $(CC)  $(LDFLAGS) -o $@ $(OBJS) ../lib/ldd_utils.o $(LIBS) $(EXTRA_LDFLAGS)
-
-clean:; rm -f *.o fldd *.gcov *.gcda *.gcno
-
-distclean: clean
-        rm -fr Makefile
diff --git a/src/fldd/main.c b/src/fldd/main.c
deleted file mode 100644
index 4658e82fb..000000000
--- a/src/fldd/main.c
+++ /dev/null
@@ -1,353 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-
-#include "../include/common.h"
-#include "../include/ldd_utils.h"
-
-#include <fcntl.h>
-#include <sys/mman.h>
-#include <sys/mount.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <dirent.h>
-
-
-static int arg_quiet = 0;
-static void copy_libs_for_lib(const char *lib);
-
-typedef struct storage_t {
-        struct storage_t *next;
-        const char *name;
-} Storage;
-static Storage *libs = NULL;
-static Storage *lib_paths = NULL;
-
-// return 1 if found
-static int storage_find(Storage *ptr, const char *name) {
-        while (ptr) {
-                if (strcmp(ptr->name, name) == 0)
-                        return 1;
-                ptr = ptr->next;
-        }
-
-        return 0;
-}
-
-static void storage_add(Storage **head, const char *name) {
-        if (storage_find(*head, name))
-                return;
-
-        Storage *s = malloc(sizeof(Storage));
-        if (!s)
-                errExit("malloc");
-        s->next = *head;
-        *head = s;
-        s->name = strdup(name);
-        if (!s->name)
-                errExit("strdup");
-}
-
-
-static void storage_print(Storage *ptr, int fd) {
-        while (ptr) {
-                dprintf(fd, "%s\n", ptr->name);
-                ptr = ptr->next;
-        }
-}
-
-static bool ptr_ok(const void *ptr, const void *base, const void *end, const char *name) {
-        bool r;
-        (void) name;
-
-        r = (ptr >= base && ptr < end);
-        return r;
-}
-
-
-static void parse_elf(const char *exe) {
-        int f;
-        f = open(exe, O_RDONLY);
-        if (f < 0) {
-                if (!arg_quiet)
-                        fprintf(stderr, "Warning fldd: cannot open %s, skipping...\n", exe);
-                return;
-        }
-
-        struct stat s;
-        char *base = NULL, *end;
-        if (fstat(f, &s) == -1)
-                goto error_close;
-        base = mmap(0, s.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, f, 0);
-        if (base == MAP_FAILED)
-                goto error_close;
-
-        end = base + s.st_size;
-
-        Elf_Ehdr *ebuf = (Elf_Ehdr *)base;
-        if (strncmp((const char *)ebuf->e_ident, ELFMAG, SELFMAG) != 0) {
-                if (!arg_quiet)
-                        fprintf(stderr, "Warning fldd: %s is not an ELF executable or library\n", exe);
-                goto close;
-        }
-//unsigned char elfclass = ebuf->e_ident[EI_CLASS];
-//if (elfclass == ELFCLASS32)
-//printf("%s 32bit\n", exe);
-//else if (elfclass == ELFCLASS64)
-//printf("%s 64bit\n", exe);
-
-
-        Elf_Phdr *pbuf = (Elf_Phdr *)(base + sizeof(*ebuf));
-        while (ebuf->e_phnum-- > 0 && ptr_ok(pbuf, base, end, "pbuf")) {
-                switch (pbuf->p_type) {
-                case PT_INTERP:
-                        // dynamic loader ld-linux.so
-                        if (!ptr_ok(base + pbuf->p_offset, base, end, "base + pbuf->p_offset"))
-                                goto close;
-
-                        storage_add(&libs, base + pbuf->p_offset);
-                        break;
-                }
-                pbuf++;
-        }
-
-        Elf_Shdr *sbuf = (Elf_Shdr *)(base + ebuf->e_shoff);
-        if (!ptr_ok(sbuf, base, end, "sbuf"))
-                goto close;
-
-        // Find strings section
-        char *strbase = NULL;
-        int sections = ebuf->e_shnum;
-        while (sections-- > 0 && ptr_ok(sbuf, base, end, "sbuf")) {
-                if (sbuf->sh_type == SHT_STRTAB) {
-                        strbase = base + sbuf->sh_offset;
-                        if (!ptr_ok(strbase, base, end, "strbase"))
-                                goto close;
-                        break;
-                }
-                sbuf++;
-        }
-        if (strbase == NULL)
-                goto error_close;
-
-        // Find dynamic section
-        sections = ebuf->e_shnum;
-        while (sections-- > 0 && ptr_ok(sbuf, base, end, "sbuf")) {
-// TODO: running fldd on large gui programs (fldd /usr/bin/transmission-qt)
-// crash on accessing memory location sbuf->sh_type if sbuf->sh_type in the previous section was 0 (SHT_NULL)
-// for now we just exit the while loop - this is probably incorrect
-// printf("sbuf %p #%s#, sections %d, type %u\n", sbuf, exe, sections, sbuf->sh_type);
-                if (!ptr_ok(sbuf, base, end, "sbuf"))
-                        goto close;
-
-                if (sbuf->sh_type == SHT_NULL)
-                        break;
-                if (sbuf->sh_type == SHT_DYNAMIC) {
-                        Elf_Dyn *dbuf = (Elf_Dyn *)(base + sbuf->sh_offset);
-                        if (!ptr_ok(dbuf, base, end, "dbuf"))
-                                goto close;
-                        // Find DT_RPATH/DT_RUNPATH tags first
-                        unsigned long size = sbuf->sh_size;
-                        while (size >= sizeof(*dbuf) && ptr_ok(dbuf, base, end, "dbuf")) {
-                                if (dbuf->d_tag == DT_RPATH || dbuf->d_tag ==  DT_RUNPATH) {
-                                        const char *searchpath = strbase + dbuf->d_un.d_ptr;
-                                        if (!ptr_ok(searchpath, base, end, "searchpath"))
-                                                goto close;
-                                        storage_add(&lib_paths, searchpath);
-                                }
-                                size -= sizeof(*dbuf);
-                                dbuf++;
-                        }
-                        // Find DT_NEEDED tags
-                        dbuf = (Elf_Dyn *)(base + sbuf->sh_offset);
-                        size = sbuf->sh_size;
-                        while (size >= sizeof(*dbuf) && ptr_ok(dbuf, base, end, "dbuf")) {
-                                if (dbuf->d_tag == DT_NEEDED) {
-                                        const char *lib = strbase + dbuf->d_un.d_ptr;
-                                        if (!ptr_ok(lib, base, end, "lib"))
-                                                goto close;
-                                        copy_libs_for_lib(lib);
-                                }
-                                size -= sizeof(*dbuf);
-                                dbuf++;
-                        }
-                }
-                sbuf++;
-        }
-        goto close;
-
- error_close:
-        perror("copy libs");
- close:
-        if (base)
-                munmap(base, s.st_size);
-
-        close(f);
-}
-
-static void copy_libs_for_lib(const char *lib) {
-        Storage *lib_path;
-        for (lib_path = lib_paths; lib_path; lib_path = lib_path->next) {
-                char *fname;
-                if (asprintf(&fname, "%s/%s", lib_path->name, lib) == -1)
-                        errExit("asprintf");
-                if (access(fname, R_OK) == 0 && is_lib_64(fname)) {
-                        if (!storage_find(libs, fname)) {
-                                storage_add(&libs, fname);
-                                // libs may need other libs
-                                parse_elf(fname);
-                        }
-                        free(fname);
-                        return;
-                }
-                free(fname);
-        }
-
-        // log a  warning and continue
-        if (!arg_quiet)
-                fprintf(stderr, "Warning fldd: cannot find %s, skipping...\n", lib);
-}
-
-static void lib_paths_init(void) {
-        int i;
-        for (i = 0; default_lib_paths[i]; i++)
-                storage_add(&lib_paths, default_lib_paths[i]);
-}
-
-
-static void walk_directory(const char *dirname) {
-        assert(dirname);
-
-        DIR *dir = opendir(dirname);
-        if (dir) {
-                struct dirent *entry;
-                while ((entry = readdir(dir)) != NULL) {
-                        if (strcmp(entry->d_name, ".") == 0)
-                                continue;
-                        if (strcmp(entry->d_name, "..") == 0)
-                                continue;
-
-                        // build full path
-                        char *path;
-                        if (asprintf(&path, "%s/%s", dirname, entry->d_name) == -1)
-                                errExit("asprintf");
-
-                        // check regular so library
-                        char *ptr = strstr(entry->d_name, ".so");
-                        if (ptr && is_lib_64(path)) {
-                                if (*(ptr + 3) == '\0' || *(ptr + 3) == '.') {
-                                        parse_elf(path);
-                                        free(path);
-                                        continue;
-                                }
-                        }
-
-                        // check directory
-                        // entry->d_type field is supported  in glibc since version 2.19 (Feb 2014)
-                        // we'll use stat to check for directories
-                        struct stat s;
-                        if (stat(path, &s) == -1)
-                                errExit("stat");
-                        if (S_ISDIR(s.st_mode))
-                                walk_directory(path);
-                }
-                closedir(dir);
-        }
-}
-
-
-
-static void usage(void) {
-        printf("Usage: fldd program_or_directory [file]\n");
-        printf("Print a list of libraries used by program or store it in the file.\n");
-        printf("Print a list of libraries used by all .so files in a directory or store it in the file.\n");
-}
-
-int main(int argc, char **argv) {
-#if 0
-{
-//system("cat /proc/self/status");
-int i;
-for (i = 0; i < argc; i++)
-        printf("*%s* ", argv[i]);
-printf("\n");
-}
-#endif
-        if (argc < 2) {
-                fprintf(stderr, "Error fldd: invalid arguments\n");
-                usage();
-                exit(1);
-        }
-
-
-        if (strcmp(argv[1], "--help") == 0) {
-                usage();
-                return 0;
-        }
-
-        // check program access
-        if (access(argv[1], R_OK)) {
-                fprintf(stderr, "Error fldd: cannot access %s\n", argv[1]);
-                exit(1);
-        }
-
-        char *quiet = getenv("FIREJAIL_QUIET");
-        if (quiet && strcmp(quiet, "yes") == 0)
-                arg_quiet = 1;
-
-        if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") ==0) {
-                usage();
-                return 0;
-        }
-
-        int fd = STDOUT_FILENO;
-        // attempt to open the file
-        if (argc == 3) {
-                fd = open(argv[2], O_CREAT | O_TRUNC | O_WRONLY, 0644);
-                if (!fd) {
-                        fprintf(stderr, "Error fldd: invalid arguments\n");
-                        usage();
-                        exit(1);
-                }
-        }
-
-        // initialize local storage
-        lib_paths_init();
-
-        // process files
-        struct stat s;
-        if (stat(argv[1], &s) == -1)
-                errExit("stat");
-        if (S_ISDIR(s.st_mode))
-                walk_directory(argv[1]);
-        else {
-                if (is_lib_64(argv[1]))
-                        parse_elf(argv[1]);
-                else
-                        fprintf(stderr, "Warning fldd: %s is not a 64bit program/library\n", argv[1]);
-        }
-
-
-        // print libraries and exit
-        storage_print(libs, fd);
-        if (argc == 3)
-                close(fd);
-        return 0;
-}
diff --git a/status b/status
index 533ccc69e..f59f8e5a2 100644
--- a/status
+++ b/status
@@ -1,2 +1,5 @@
-starting from main as of Jul 27
-removing chroot, overlayfs, x11, private-bin, private-lib
+Phase 1
+- starting from main as of Jul 27
+- removing chroot, overlayfs, x11, private-bin, private-lib
+- removing private-home, audit, build
+
diff --git a/test/apps-x11-xorg/apps-x11-xorg.sh b/test/apps-x11-xorg/apps-x11-xorg.sh
deleted file mode 100755
index ea07d3713..000000000
--- a/test/apps-x11-xorg/apps-x11-xorg.sh
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/bash
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-export MALLOC_CHECK_=3
-export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
-
-which firefox 2>/dev/null
-if [ "$?" -eq 0 ];
-then
-        echo "TESTING: firefox x11 xorg"
-        ./firefox.exp
-else
-        echo "TESTING SKIP: firefox not found"
-fi
-
-which transmission-gtk 2>/dev/null
-if [ "$?" -eq 0 ];
-then
-        echo "TESTING: transmission-gtk x11 xorg"
-        ./transmission-gtk.exp
-else
-        echo "TESTING SKIP: transmission-gtk not found"
-fi
-
-which thunderbird 2>/dev/null
-if [ "$?" -eq 0 ];
-then
-        echo "TESTING: thunderbird x11 xorg"
-        ./thunderbird.exp
-else
-        echo "TESTING SKIP: thunderbird not found"
-fi
diff --git a/test/apps-x11-xorg/firefox.exp b/test/apps-x11-xorg/firefox.exp
deleted file mode 100755
index 10575b277..000000000
--- a/test/apps-x11-xorg/firefox.exp
+++ /dev/null
@@ -1,90 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail --name=test --x11=xorg --ignore=net --ignore=netfilter --ignore=iprange firefox -no-remote www.gentoo.org\r"
-sleep 10
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "firefox" {puts "firefox detected\n";}
-        "iceweasel" {puts "iceweasel detected\n";}
-}
-expect {
-        timeout {puts "TESTING ERROR 3.2\n";exit}
-        "no-remote"
-}
-sleep 1
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp --nowrap\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        " firefox" {puts "firefox detected\n";}
-        " iceweasel" {puts "iceweasel detected\n";}
-}
-expect {
-        timeout {puts "TESTING ERROR 5.0\n";exit}
-        "no-remote"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-sleep 1
-send -- "firemon --caps --nowrap\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        " firefox" {puts "firefox detected\n";}
-        " iceweasel" {puts "iceweasel detected\n";}
-}
-expect {
-        timeout {puts "TESTING ERROR 6.0\n";exit}
-        "no-remote"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd:"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-sleep 1
-send -- "firejail --shutdown=test\r"
-sleep 3
-
-puts "\nall done\n"
diff --git a/test/apps-x11-xorg/thunderbird.exp b/test/apps-x11-xorg/thunderbird.exp
deleted file mode 100755
index 6706cc321..000000000
--- a/test/apps-x11-xorg/thunderbird.exp
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail --name=test --x11=xorg --ignore=net --ignore=netfilter --ignore=iprange thunderbird\r"
-sleep 10
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "thunderbird"
-}
-sleep 1
-
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp --nowrap\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.0\n";exit}
-        "thunderbird"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-sleep 2
-send -- "firemon --caps --nowrap\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.0\n";exit}
-        "thunderbird"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-sleep 1
-send -- "firejail --shutdown=test\r"
-sleep 3
-
-puts "\nall done\n"
diff --git a/test/apps-x11-xorg/transmission-gtk.exp b/test/apps-x11-xorg/transmission-gtk.exp
deleted file mode 100755
index 75c302764..000000000
--- a/test/apps-x11-xorg/transmission-gtk.exp
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail --name=test --x11=xorg --ignore=net --ignore=netfilter --ignore=iprange transmission-gtk\r"
-sleep 10
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "transmission-gtk"
-}
-sleep 1
-
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp --nowrap\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.0\n";exit}
-        "transmission-gtk"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-sleep 1
-send -- "firemon --caps --nowrap\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.0\n";exit}
-        "transmission-gtk"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-sleep 1
-send -- "firejail --shutdown=test\r"
-sleep 3
-
-puts "\nall done\n"
diff --git a/test/apps-x11/apps-x11.sh b/test/apps-x11/apps-x11.sh
deleted file mode 100755
index c12b11f3e..000000000
--- a/test/apps-x11/apps-x11.sh
+++ /dev/null
@@ -1,87 +0,0 @@
-#!/bin/bash
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-export MALLOC_CHECK_=3
-export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
-
-echo "TESTING: no x11 (test/apps-x11/x11-none.exp)"
-./x11-none.exp
-
-
-which xterm 2>/dev/null
-if [ "$?" -eq 0 ];
-then
-        echo "TESTING: xterm x11 xorg"
-        ./xterm-xorg.exp
-
-        which xpra 2>/dev/null
-        if [ "$?" -eq 0 ];
-        then
-        echo "TESTING: xterm x11 xpra"
-        ./xterm-xpra.exp
-        fi
-
-        which Xephyr 2>/dev/null
-        if [ "$?" -eq 0 ];
-        then
-        echo "TESTING: xterm x11 xephyr"
-        ./xterm-xephyr.exp
-        fi
-else
-        echo "TESTING SKIP: xterm not found"
-fi
-
-# check xpra/xephyr
-which xpra 2>/dev/null
-if [ "$?" -eq 0 ];
-then
-        echo "xpra found"
-else
-        echo "xpra not found"
-        which Xephyr 2>/dev/null
-        if [ "$?" -eq 0 ];
-        then
-                echo "Xephyr found"
-        else
-                echo "TESTING SKIP: xpra and/or Xephyr not found"
-                exit
-        fi
-fi
-
-which firefox 2>/dev/null
-if [ "$?" -eq 0 ];
-then
-        echo "TESTING: firefox x11"
-        ./firefox.exp
-else
-        echo "TESTING SKIP: firefox not found"
-fi
-
-which chromium 2>/dev/null
-if [ "$?" -eq 0 ];
-then
-        echo "TESTING: chromium x11"
-        ./chromium.exp
-else
-        echo "TESTING SKIP: chromium not found"
-fi
-
-which transmission-gtk 2>/dev/null
-if [ "$?" -eq 0 ];
-then
-        echo "TESTING: transmission-gtk x11"
-        ./transmission-gtk.exp
-else
-        echo "TESTING SKIP: transmission-gtk not found"
-fi
-
-which thunderbird 2>/dev/null
-if [ "$?" -eq 0 ];
-then
-        echo "TESTING: thunderbird x11"
-        ./thunderbird.exp
-else
-        echo "TESTING SKIP: thunderbird not found"
-fi
diff --git a/test/apps-x11/chromium.exp b/test/apps-x11/chromium.exp
deleted file mode 100755
index f72b86dde..000000000
--- a/test/apps-x11/chromium.exp
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail --name=test --x11 chromium www.gentoo.org\r"
-sleep 10
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "chromium"
-}
-sleep 1
-
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.0\n";exit}
-        "chromium"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "Seccomp:       0"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-sleep 1
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.0\n";exit}
-        "chromium"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd:"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "00240000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-sleep 1
-send -- "firejail --shutdown=test\r"
-sleep 3
-
-
-puts "\nall done\n"
diff --git a/test/apps-x11/firefox.exp b/test/apps-x11/firefox.exp
deleted file mode 100755
index 8021042e5..000000000
--- a/test/apps-x11/firefox.exp
+++ /dev/null
@@ -1,90 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail --name=test --x11 firefox -no-remote www.gentoo.org\r"
-sleep 10
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "firefox" {puts "firefox detected\n";}
-        "iceweasel" {puts "iceweasel detected\n";}
-}
-expect {
-        timeout {puts "TESTING ERROR 3.2\n";exit}
-        "no-remote"
-}
-sleep 1
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        " firefox" {puts "firefox detected\n";}
-        " iceweasel" {puts "iceweasel detected\n";}
-}
-expect {
-        timeout {puts "TESTING ERROR 5.0\n";exit}
-        "no-remote"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-sleep 1
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        " firefox" {puts "firefox detected\n";}
-        " iceweasel" {puts "iceweasel detected\n";}
-}
-expect {
-        timeout {puts "TESTING ERROR 6.0\n";exit}
-        "no-remote"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd:"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-sleep 1
-send -- "firejail --shutdown=test\r"
-sleep 3
-
-puts "\nall done\n"
diff --git a/test/apps-x11/thunderbird.exp b/test/apps-x11/thunderbird.exp
deleted file mode 100755
index 5994ab15e..000000000
--- a/test/apps-x11/thunderbird.exp
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail --name=test --x11 thunderbird\r"
-sleep 10
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "thunderbird"
-}
-sleep 1
-
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.0\n";exit}
-        "thunderbird"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-sleep 2
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.0\n";exit}
-        "thunderbird"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-sleep 1
-send -- "firejail --shutdown=test\r"
-sleep 3
-
-puts "\nall done\n"
diff --git a/test/apps-x11/transmission-gtk.exp b/test/apps-x11/transmission-gtk.exp
deleted file mode 100755
index 48c685cf0..000000000
--- a/test/apps-x11/transmission-gtk.exp
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail --name=test --x11 transmission-gtk\r"
-sleep 10
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "transmission-gtk"
-}
-sleep 1
-
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.0\n";exit}
-        "transmission-gtk"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-sleep 1
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.0\n";exit}
-        "transmission-gtk"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-sleep 1
-send -- "firejail --shutdown=test\r"
-sleep 3
-
-puts "\nall done\n"
diff --git a/test/apps-x11/x11-none.exp b/test/apps-x11/x11-none.exp
deleted file mode 100755
index e6e515966..000000000
--- a/test/apps-x11/x11-none.exp
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail --name=test --x11=none\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "use network namespace in firejail"
-}
-sleep 1
-
-send -- "firejail --name=test --net=none --x11=none\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "Child process initialized"
-}
-sleep 1
-
-send -- "ls -al /tmp/.X11-unix\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "cannot open directory"
-}
-after 100
-
-send -- "xterm\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "DISPLAY is not set"
-}
-after 100
-
-send -- "export DISPLAY=:0.0\r"
-after 100
-send -- "xterm\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Xt error"
-}
-after 100
-
-puts "\nall done\n"
diff --git a/test/apps-x11/x11-xephyr.exp b/test/apps-x11/x11-xephyr.exp
deleted file mode 100755
index 68f981096..000000000
--- a/test/apps-x11/x11-xephyr.exp
+++ /dev/null
@@ -1,58 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail --name=test --x11=xephyr xterm\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "Child process initialized"
-}
-
-exit
-
-
-sleep 5
-
-
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "use network namespace in firejail"
-}
-sleep 1
-
-send -- "firejail --name=test --net=none --x11=none\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "Child process initialized"
-}
-sleep 1
-
-send -- "ls -al /tmp/.X11-unix\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "cannot open directory"
-}
-after 100
-
-send -- "xterm\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "DISPLAY is not set"
-}
-after 100
-
-send -- "export DISPLAY=:0.0\r"
-after 100
-send -- "xterm\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Xt error"
-}
-after 100
-
-puts "\nall done\n"
diff --git a/test/apps-x11/xterm-xephyr.exp b/test/apps-x11/xterm-xephyr.exp
deleted file mode 100755
index 63fa03fbb..000000000
--- a/test/apps-x11/xterm-xephyr.exp
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail --name=test --x11=xephyr xterm\r"
-sleep 10
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "xterm"
-}
-sleep 1
-
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.0\n";exit}
-        "xterm"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-sleep 1
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.0\n";exit}
-        "xterm"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-sleep 1
-send -- "firejail --shutdown=test\r"
-sleep 3
-
-puts "\nall done\n"
diff --git a/test/apps-x11/xterm-xorg.exp b/test/apps-x11/xterm-xorg.exp
deleted file mode 100755
index a31925383..000000000
--- a/test/apps-x11/xterm-xorg.exp
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail --name=test --x11=xorg xterm\r"
-sleep 10
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "xterm"
-}
-sleep 1
-
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.0\n";exit}
-        "xterm"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-sleep 1
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.0\n";exit}
-        "xterm"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-sleep 1
-send -- "firejail --shutdown=test\r"
-sleep 3
-
-puts "\nall done\n"
diff --git a/test/apps-x11/xterm-xpra.exp b/test/apps-x11/xterm-xpra.exp
deleted file mode 100755
index 8830bb003..000000000
--- a/test/apps-x11/xterm-xpra.exp
+++ /dev/null
@@ -1,97 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail --name=test --x11=xpra xterm\r"
-sleep 10
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "xterm"
-}
-sleep 1
-
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.0\n";exit}
-        "xterm"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-sleep 1
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.0\n";exit}
-        "xterm"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-sleep 1
-
-send -- "firemon --x11\r"
-expect {
-        timeout {puts "TESTING ERROR 7\n";exit}
-        "name=test xterm"
-}
-expect {
-        timeout {puts "TESTING ERROR 7.1\n";exit}
-        "DISPLAY"
-}
-sleep 1
-
-send -- "firejail --shutdown=test\r"
-sleep 3
-
-puts "\nall done\n"
diff --git a/test/chroot/chroot.sh b/test/chroot/chroot.sh
deleted file mode 100755
index 0f0fdab22..000000000
--- a/test/chroot/chroot.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-export MALLOC_CHECK_=3
-export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
-
-rm -f unchroot
-gcc -o unchroot unchroot.c
-sudo ./configure
-
-echo "TESTING: chroot (test/chroot/fs_chroot.exp)"
-./fs_chroot.exp
-
-echo "TESTING: unchroot as root (test/chroot/unchroot-as-root.exp)"
-sudo ./unchroot-as-root.exp
-
-
-
-rm -f unchroot
diff --git a/test/chroot/configure b/test/chroot/configure
deleted file mode 100755
index 26a516931..000000000
--- a/test/chroot/configure
+++ /dev/null
@@ -1,46 +0,0 @@
-#!/bin/bash
-
-# build a very small chroot
-ROOTDIR="/tmp/chroot"                   # default chroot directory
-DEFAULT_FILES="/bin/bash /bin/sh "      # basic chroot files
-DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group "
-DEFAULT_FILES+=`find /lib -name libnss*`        # files required by glibc
-DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/ifconfig /usr/bin/touch /bin/ip /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount"
-
-rm -fr $ROOTDIR
-mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc,sys}
-chmod 777 $ROOTDIR/tmp
-mkdir -p $ROOTDIR/etc/firejail
-mkdir -p $ROOTDIR/home/netblue/.config/firejail
-chown netblue:netblue $ROOTDIR/home/netblue
-chown netblue:netblue $ROOTDIR/home/netblue/.config
-cp /home/netblue/.Xauthority $ROOTDIR/home/netblue/.
-cp -a /etc/skel $ROOTDIR/etc/.
-mkdir $ROOTDIR/home/someotheruser
-mkdir $ROOTDIR/boot
-mkdir $ROOTDIR/selinux
-cp /etc/passwd $ROOTDIR/etc/.
-cp /etc/group $ROOTDIR/etc/.
-cp /etc/hosts $ROOTDIR/etc/.
-cp /etc/hostname $ROOTDIR/etc/.
-mkdir -p $ROOTDIR/usr/lib/x86_64-linux-gnu
-cp -a /usr/lib/x86_64-linux-gnu/openssl-1.0.0 $ROOTDIR/usr/lib/x86_64-linux-gnu/.
-cp -a /usr/lib/ssl $ROOTDIR/usr/lib/.
-touch $ROOTDIR/var/log/syslog
-touch $ROOTDIR/var/tmp/somefile
-SORTED=`for FILE in $* $DEFAULT_FILES; do echo " $FILE "; ldd $FILE | grep -v dynamic | cut -d " " -f 3; done | sort -u`
-for FILE in $SORTED
-do
-        cp --parents $FILE $ROOTDIR
-done
-cp --parents /lib64/ld-linux-x86-64.so.2 $ROOTDIR
-cp --parents /lib/ld-linux.so.2 $ROOTDIR
-cp unchroot $ROOTDIR/.
-touch $ROOTDIR/this-is-my-chroot
-
-cd $ROOTDIR; find .
-mkdir -p usr/lib/firejail/
-cp /usr/lib/firejail/libtrace.so usr/lib/firejail/.
-
-
-echo "To enter the chroot directory run: firejail --chroot=$ROOTDIR"
diff --git a/test/chroot/fs_chroot.exp b/test/chroot/fs_chroot.exp
deleted file mode 100755
index a071027e5..000000000
--- a/test/chroot/fs_chroot.exp
+++ /dev/null
@@ -1,61 +0,0 @@
-#!/usr/bin/expect -f
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail  --chroot=/tmp/chroot\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Error: --chroot option is not available on Grsecurity systems" {puts "\nall done\n"; exit}
-        "Child process initialized" {puts "chroot available\n"};
-}
-sleep 1
-
-send -- "cd /home;pwd\r"
-expect {
-        timeout {puts "TESTING ERROR 0.1\n";exit}
-        "home"
-}
-sleep 1
-send -- "bash\r"
-sleep 1
-send -- "ls /\r"
-expect {
-        timeout {puts "TESTING ERROR 0.2\n";exit}
-        "this-is-my-chroot"
-}
-after 100
-
-send -- "ps aux\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "/bin/bash"
-}
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "bash"
-}
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "ps aux"
-}
-after 100
-
-send -- "ps aux | wc -l; pwd\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "6"
-}
-after 100
-
-# check /sys directory
-send -- "ls /sys\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        "block"
-}
-after 100
-
-
-puts "all done\n"
diff --git a/test/chroot/unchroot-as-root.exp b/test/chroot/unchroot-as-root.exp
deleted file mode 100755
index e4bedd539..000000000
--- a/test/chroot/unchroot-as-root.exp
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/usr/bin/expect -f
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail  --chroot=/tmp/chroot\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Error: --chroot option is not available on Grsecurity systems" {puts "\nall done\n"; exit}
-        "Child process initialized" {puts "chroot available\n"};
-}
-sleep 1
-
-send -- "cd /\r"
-after 100
-
-
-send -- "./unchroot\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "Bad system call"
-}
-after 100
-
-puts "all done\n"
diff --git a/test/chroot/unchroot.c b/test/chroot/unchroot.c
deleted file mode 100644
index 4919637d6..000000000
--- a/test/chroot/unchroot.c
+++ /dev/null
@@ -1,40 +0,0 @@
-// simple unchroot example from http://linux-vserver.org/Secure_chroot_Barrier
-#include <unistd.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-void die(char *msg) {
-        perror(msg);
-        exit(1);
-}
-
-int main(int argc, char *argv[])
-{
-        int i;
-
-        if (chdir("/") != 0)
-                die("chdir(/)");
-
-        if (mkdir("baz", 0777) != 0)
-                ; //die("mkdir(baz)");
-
-        if (chroot("baz") != 0)
-                die("chroot(baz)");
-
-        for (i=0; i<50; i++) {
-                if (chdir("..") != 0)
-                        die("chdir(..)");
-        }
-
-        if (chroot(".") != 0)
-                die("chroot(.)");
-
-        printf("Exploit seems to work. =)\n");
-
-        execl("/bin/bash", "bash", "-i", (char *)0);
-        die("exec bash");
-
-        exit(0);
-}
diff --git a/test/overlay/firefox-x11-xorg.exp b/test/overlay/firefox-x11-xorg.exp
deleted file mode 100755
index ec24b23af..000000000
--- a/test/overlay/firefox-x11-xorg.exp
+++ /dev/null
@@ -1,89 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail --overlay --name=test --x11=xorg firefox -no-remote www.gentoo.org\r"
-sleep 10
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "firefox" {puts "firefox detected\n";}
-        "iceweasel" {puts "iceweasel detected\n";}
-}
-expect {
-        timeout {puts "TESTING ERROR 3.2\n";exit}
-        "no-remote"
-}
-sleep 1
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-send -- "firejail --overlay --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        " firefox" {puts "firefox detected\n";}
-        " iceweasel" {puts "iceweasel detected\n";}
-}
-expect {
-        timeout {puts "TESTING ERROR 5.0\n";exit}
-        "no-remote"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-sleep 1
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        " firefox" {puts "firefox detected\n";}
-        " iceweasel" {puts "iceweasel detected\n";}
-}
-expect {
-        timeout {puts "TESTING ERROR 6.0\n";exit}
-        "no-remote"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd:"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-sleep 1
-send -- "firejail --shutdown=test\r"
-sleep 3
-
-puts "\nall done\n"
diff --git a/test/overlay/firefox-x11.exp b/test/overlay/firefox-x11.exp
deleted file mode 100755
index 1b7034af0..000000000
--- a/test/overlay/firefox-x11.exp
+++ /dev/null
@@ -1,89 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail --overlay --name=test --x11 firefox -no-remote www.gentoo.org\r"
-sleep 10
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "firefox" {puts "firefox detected\n";}
-        "iceweasel" {puts "iceweasel detected\n";}
-}
-expect {
-        timeout {puts "TESTING ERROR 3.2\n";exit}
-        "no-remote"
-}
-sleep 1
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-send -- "firejail --name=blablabla --overlay\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        " firefox" {puts "firefox detected\n";}
-        " iceweasel" {puts "iceweasel detected\n";}
-}
-expect {
-        timeout {puts "TESTING ERROR 5.0\n";exit}
-        "no-remote"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-sleep 1
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        " firefox" {puts "firefox detected\n";}
-        " iceweasel" {puts "iceweasel detected\n";}
-}
-expect {
-        timeout {puts "TESTING ERROR 6.0\n";exit}
-        "no-remote"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd:"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-sleep 1
-send -- "firejail --shutdown=test\r"
-sleep 3
-
-puts "\nall done\n"
diff --git a/test/overlay/firefox.exp b/test/overlay/firefox.exp
deleted file mode 100755
index 5bdd6751f..000000000
--- a/test/overlay/firefox.exp
+++ /dev/null
@@ -1,98 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail --overlay firefox -no-remote www.gentoo.org\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Reading profile /etc/firejail/firefox.profile"
-}
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "Child process initialized"
-}
-sleep 10
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "firefox" {puts "firefox detected\n";}
-        "iceweasel" {puts "iceweasel detected\n";}
-}
-expect {
-        timeout {puts "TESTING ERROR 3.2\n";exit}
-        "no-remote"
-}
-after 100
-
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-
-
-send -- "firejail --name=blablabla --overlay\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        " firefox" {puts "firefox detected\n";}
-        " iceweasel" {puts "iceweasel detected\n";}
-}
-expect {
-        timeout {puts "TESTING ERROR 5.0\n";exit}
-        "no-remote"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-after 100
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        " firefox" {puts "firefox detected\n";}
-        " iceweasel" {puts "iceweasel detected\n";}
-}
-expect {
-        timeout {puts "TESTING ERROR 6.0\n";exit}
-        "no-remote"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd:"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-after 100
-
-puts "\nall done\n"
diff --git a/test/overlay/fs-named.exp b/test/overlay/fs-named.exp
deleted file mode 100755
index 0356720bc..000000000
--- a/test/overlay/fs-named.exp
+++ /dev/null
@@ -1,69 +0,0 @@
-#!/usr/bin/expect -f
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail --overlay-named=firejail-test\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit}
-        "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit}
-        "Child process initialized" {puts "found\n"}
-}
-sleep 1
-send -- "stty -echo\r"
-after 100
-
-send -- "echo xyzxyzxyz > ~/_firejail_test_file; echo done\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "done"
-}
-after 100
-
-send -- "cat  ~/_firejail_test_file; echo done\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "xyzxyzxyz"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.1\n";exit}
-        "done"
-}
-after 100
-
-send -- "exit\r"
-sleep 2
-
-send -- "cat  ~/_firejail_test_file; echo done\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "xyzxyzxyz" {puts "TESTING ERROR 5.1\n";exit}
-        "done"
-}
-after 100
-
-send -- "firejail --overlay-named=firejail-test\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit}
-        "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit}
-        "Child process initialized" {puts "found\n"}
-}
-sleep 1
-
-send -- "stty -echo\r"
-after 100
-send -- "cat  ~/_firejail_test_file; echo done\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "xyzxyzxyz"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.1\n";exit}
-        "done"
-}
-after 100
-
-puts "\nall done\n"
diff --git a/test/overlay/fs-tmpfs.exp b/test/overlay/fs-tmpfs.exp
deleted file mode 100755
index 20fa315b6..000000000
--- a/test/overlay/fs-tmpfs.exp
+++ /dev/null
@@ -1,67 +0,0 @@
-#!/usr/bin/expect -f
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail --overlay-clean\r"
-after 100
-send -- "file ~/.firejail\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "cannot open"
-}
-after 100
-
-send -- "firejail --overlay-tmpfs\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit}
-        "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit}
-        "Child process initialized" {puts "found\n"}
-}
-sleep 1
-send -- "stty -echo\r"
-after 100
-
-send -- "echo xyzxyzxyz > ~/_firejail_test_file; echo done\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "done"
-}
-after 100
-
-send -- "stty -echo\r"
-after 100
-send -- "cat  ~/_firejail_test_file; echo done\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "xyzxyzxyz"
-}
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "done"
-}
-after 100
-
-send -- "exit\r"
-sleep 1
-
-send -- "stty -echo\r"
-after 100
-send -- "cat  ~/_firejail_test_file; echo done\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "xyzxyzxyz" {puts "TESTING ERROR 6\n";exit}
-        "done"
-}
-after 100
-
-send -- "file ~/.firejail\r"
-expect {
-        timeout {puts "TESTING ERROR 7\n";exit}
-        "cannot open"
-}
-after 100
-
-puts "\nall done\n"
diff --git a/test/overlay/fs.exp b/test/overlay/fs.exp
deleted file mode 100755
index 9debe6536..000000000
--- a/test/overlay/fs.exp
+++ /dev/null
@@ -1,59 +0,0 @@
-#!/usr/bin/expect -f
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail --overlay\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit}
-        "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit}
-        "Child process initialized" {puts "found\n"}
-}
-sleep 1
-
-send -- "stty -echo\r"
-after 100
-send -- "echo xyzxyzxyz > ~/_firejail_test_file; echo done\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "done"
-}
-after 100
-
-send -- "stty -echo\r"
-after 100
-send -- "cat  ~/_firejail_test_file; echo done\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "xyzxyzxyz"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.1\n";exit}
-        "done"
-}
-after 100
-
-send -- "exit\r"
-sleep 2
-
-send -- "stty -echo\r"
-after 100
-send -- "cat  ~/_firejail_test_file; echo done\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "xyzxyzxyz" {puts "TESTING ERROR 5.1\n";exit}
-        "done"
-}
-after 100
-
-# check /sys directory
-send -- "ls /sys\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        "block"
-}
-after 100
-
-puts "\nall done\n"
diff --git a/test/overlay/overlay.sh b/test/overlay/overlay.sh
deleted file mode 100755
index 9daf1f5f6..000000000
--- a/test/overlay/overlay.sh
+++ /dev/null
@@ -1,67 +0,0 @@
-#!/bin/bash
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-export MALLOC_CHECK_=3
-export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
-
-echo "TESTING: overlay fs (test/overlay/fs.exp)"
-rm -fr ~/_firejail_test_*
-./fs.exp
-rm -fr ~/_firejail_test_*
-
-echo "TESTING: overlay named fs (test/overlay/fs-named.exp)"
-rm -fr ~/_firejail_test_*
-./fs-named.exp
-rm -fr ~/_firejail_test_*
-
-echo "TESTING: overlay tmpfs fs (test/overlay/fs-tmpfs.exp)"
-rm -fr ~/_firejail_test_*
-./fs-tmpfs.exp
-rm -fr ~/_firejail_test_*
-
-which firefox 2>/dev/null
-if [ "$?" -eq 0 ];
-then
-        echo "TESTING: overlay firefox"
-        ./firefox.exp
-else
-        echo "TESTING SKIP: firefox not found"
-fi
-
-which firefox 2>/dev/null
-if [ "$?" -eq 0 ];
-then
-        echo "TESTING: overlay firefox x11 xorg"
-        ./firefox.exp
-else
-        echo "TESTING SKIP: firefox not found"
-fi
-
-
-# check xpra/xephyr
-which xpra 2>/dev/null
-if [ "$?" -eq 0 ];
-then
-        echo "xpra found"
-else
-        echo "xpra not found"
-        which Xephyr 2>/dev/null
-        if [ "$?" -eq 0 ];
-        then
-                echo "Xephyr found"
-        else
-                echo "TESTING SKIP: xpra and/or Xephyr not found"
-                exit
-        fi
-fi
-
-which firefox 2>/dev/null
-if [ "$?" -eq 0 ];
-then
-        echo "TESTING: overlay firefox x11"
-        ./firefox-x11.exp
-else
-        echo "TESTING SKIP: firefox not found"
-fi
diff --git a/test/private-lib/atril.exp b/test/private-lib/atril.exp
deleted file mode 100755
index 04b11a646..000000000
--- a/test/private-lib/atril.exp
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail atril\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Reading profile /etc/firejail/atril.profile"
-}
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "Child process initialized"
-}
-sleep 3
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "atril"
-}
-after 100
-
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        ":firejail atril"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-after 100
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        ":firejail atril"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd:"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-after 100
-
-puts "\nall done\n"
diff --git a/test/private-lib/eog.exp b/test/private-lib/eog.exp
deleted file mode 100755
index 1b5406add..000000000
--- a/test/private-lib/eog.exp
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail eog\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Reading profile /etc/firejail/eog.profile"
-}
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "Child process initialized"
-}
-sleep 3
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "eog"
-}
-after 100
-
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        ":firejail eog"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-after 100
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        ":firejail eog"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd:"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-after 100
-
-puts "\nall done\n"
diff --git a/test/private-lib/eom.exp b/test/private-lib/eom.exp
deleted file mode 100755
index a8b74de98..000000000
--- a/test/private-lib/eom.exp
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail eom\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Reading profile /etc/firejail/eom.profile"
-}
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "Child process initialized"
-}
-sleep 3
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "eom"
-}
-after 100
-
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        ":firejail eom"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-after 100
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        ":firejail eom"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd:"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-after 100
-
-puts "\nall done\n"
diff --git a/test/private-lib/evince.exp b/test/private-lib/evince.exp
deleted file mode 100755
index 94ed826db..000000000
--- a/test/private-lib/evince.exp
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail evince\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Reading profile /etc/firejail/evince.profile"
-}
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "Child process initialized"
-}
-sleep 3
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "evince"
-}
-after 100
-
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        ":firejail evince"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-after 100
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        ":firejail evince"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd:"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-after 100
-
-puts "\nall done\n"
diff --git a/test/private-lib/galculator.exp b/test/private-lib/galculator.exp
deleted file mode 100755
index c18c07571..000000000
--- a/test/private-lib/galculator.exp
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail galculator\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Reading profile /etc/firejail/galculator.profile"
-}
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "Child process initialized"
-}
-sleep 3
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "galculator"
-}
-after 100
-
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        ":firejail galculator"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-after 100
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        ":firejail galculator"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd:"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-after 100
-
-puts "\nall done\n"
diff --git a/test/private-lib/gedit.exp b/test/private-lib/gedit.exp
deleted file mode 100755
index 00fa934e7..000000000
--- a/test/private-lib/gedit.exp
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail /usr/bin/gedit\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Reading profile /etc/firejail/gedit.profile"
-}
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "Child process initialized"
-}
-sleep 3
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "gedit"
-}
-after 100
-
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        ":firejail /usr/bin/gedit"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-after 100
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        ":firejail /usr/bin/gedit"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd:"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-after 100
-
-puts "\nall done\n"
diff --git a/test/private-lib/gnome-calculator.exp b/test/private-lib/gnome-calculator.exp
deleted file mode 100755
index e9d2c8208..000000000
--- a/test/private-lib/gnome-calculator.exp
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-# gnome-calculator uses quiet at the top of the profile
-# we need to use --ignore
-send -- "firejail --ignore=quiet gnome-calculator\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Reading profile /etc/firejail/gnome-calculator.profile"
-}
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "Child process initialized"
-}
-sleep 3
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "gnome-calculator"
-}
-after 100
-
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        ":firejail --ignore=quiet gnome-calculator"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-after 100
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        ":firejail --ignore=quiet gnome-calculator"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd:"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-after 100
-
-puts "\nall done\n"
diff --git a/test/private-lib/gpicview.exp b/test/private-lib/gpicview.exp
deleted file mode 100755
index 8d36a9d11..000000000
--- a/test/private-lib/gpicview.exp
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail gpicview\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Reading profile /etc/firejail/gpicview.profile"
-}
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "Child process initialized"
-}
-sleep 3
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "gpicview"
-}
-after 100
-
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        ":firejail gpicview"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-after 100
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        ":firejail gpicview"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd:"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-after 100
-
-puts "\nall done\n"
diff --git a/test/private-lib/leafpad.exp b/test/private-lib/leafpad.exp
deleted file mode 100755
index 2a1b07f94..000000000
--- a/test/private-lib/leafpad.exp
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail leafpad\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Reading profile /etc/firejail/leafpad.profile"
-}
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "Child process initialized"
-}
-sleep 3
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "leafpad"
-}
-after 100
-
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        ":firejail leafpad"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-after 100
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        ":firejail leafpad"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd:"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-after 100
-
-puts "\nall done\n"
diff --git a/test/private-lib/mousepad.exp b/test/private-lib/mousepad.exp
deleted file mode 100755
index 2e8f5e92b..000000000
--- a/test/private-lib/mousepad.exp
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail mousepad\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Reading profile /etc/firejail/mousepad.profile"
-}
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "Child process initialized"
-}
-sleep 3
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "mousepad"
-}
-after 100
-
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        ":firejail mousepad"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-after 100
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        ":firejail mousepad"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd:"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-after 100
-
-puts "\nall done\n"
diff --git a/test/private-lib/pluma.exp b/test/private-lib/pluma.exp
deleted file mode 100755
index 92ae0a345..000000000
--- a/test/private-lib/pluma.exp
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail pluma\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Reading profile /etc/firejail/pluma.profile"
-}
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "Child process initialized"
-}
-sleep 3
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "pluma"
-}
-after 100
-
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        ":firejail pluma"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-after 100
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        ":firejail pluma"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd:"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-after 100
-
-puts "\nall done\n"
diff --git a/test/private-lib/private-lib.sh b/test/private-lib/private-lib.sh
deleted file mode 100755
index edf81917a..000000000
--- a/test/private-lib/private-lib.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/bash
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-export MALLOC_CHECK_=3
-export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
-LIST="evince galculator gnome-calculator gedit leafpad mousepad pluma transmission-gtk xcalc atril gpicview eom eog"
-
-
-for app in $LIST; do
-        which $app 2>/dev/null
-        if [ "$?" -eq 0 ];
-        then
-                echo "TESTING: private-lib $app"
-                ./$app.exp
-        else
-                echo "TESTING SKIP: $app not found"
-        fi
-done
diff --git a/test/private-lib/transmission-gtk.exp b/test/private-lib/transmission-gtk.exp
deleted file mode 100755
index 06559293b..000000000
--- a/test/private-lib/transmission-gtk.exp
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail transmission-gtk\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Reading profile /etc/firejail/transmission-gtk.profile"
-}
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "Child process initialized"
-}
-sleep 3
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "transmission-gtk"
-}
-after 100
-
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        ":firejail transmission-gtk"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-after 100
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        ":firejail transmission-gtk"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd:"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-after 100
-
-puts "\nall done\n"
diff --git a/test/private-lib/xcalc.exp b/test/private-lib/xcalc.exp
deleted file mode 100755
index 12bd73b51..000000000
--- a/test/private-lib/xcalc.exp
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail xcalc\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Reading profile /etc/firejail/xcalc.profile"
-}
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "Child process initialized"
-}
-sleep 3
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "xcalc"
-}
-after 100
-
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        ":firejail xcalc"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-after 100
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        ":firejail xcalc"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd:"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-after 100
-
-puts "\nall done\n"
diff --git a/test/utils/audit.exp b/test/utils/audit.exp
deleted file mode 100755
index 6352dc62d..000000000
--- a/test/utils/audit.exp
+++ /dev/null
@@ -1,159 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail --audit\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Firejail Audit"
-}
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "is running in a PID namespace"
-}
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "container/sandbox firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "seccomp BPF enabled"
-}
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "all capabilities are disabled"
-}
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "dev directory seems to be fully populated"
-}
-after 100
-
-
-send -- "firejail --audit\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        "Firejail Audit"
-}
-expect {
-        timeout {puts "TESTING ERROR 7\n";exit}
-        "is running in a PID namespace"
-}
-expect {
-        timeout {puts "TESTING ERROR 8\n";exit}
-        "container/sandbox firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 9\n";exit}
-        "seccomp BPF enabled"
-}
-expect {
-        timeout {puts "TESTING ERROR 10\n";exit}
-        "all capabilities are disabled"
-}
-expect {
-        timeout {puts "TESTING ERROR 11\n";exit}
-        "dev directory seems to be fully populated"
-}
-after 100
-
-send -- "firejail --audit=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 12\n";exit}
-        "cannot find the audit program"
-}
-after 100
-
-send -- "firejail --audit=\r"
-expect {
-        timeout {puts "TESTING ERROR 12\n";exit}
-        "invalid audit program"
-}
-after 100
-
-# run audit executable without a sandbox
-send -- "faudit\r"
-expect {
-        timeout {puts "TESTING ERROR 13\n";exit}
-        "is not running in a PID namespace"
-}
-expect {
-        timeout {puts "TESTING ERROR 14\n";exit}
-        "BAD: seccomp disabled"
-}
-expect {
-        timeout {puts "TESTING ERROR 15\n";exit}
-        "BAD: the capability map is"
-}
-expect {
-        timeout {puts "TESTING ERROR 16\n";exit}
-        "MAYBE: /dev directory seems to be fully populated"
-}
-after 100
-
-# test seccomp
-send -- "firejail --seccomp.drop=mkdir --audit\r"
-expect {
-        timeout {puts "TESTING ERROR 17\n";exit}
-        "Firejail Audit"
-}
-expect {
-        timeout {puts "TESTING ERROR 18\n";exit}
-        "GOOD: seccomp BPF enabled"
-}
-expect {
-        timeout {puts "TESTING ERROR 19\n";exit}
-        "UGLY: mount syscall permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 20\n";exit}
-        "UGLY: umount2 syscall permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 21\n";exit}
-        "UGLY: ptrace syscall permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 22\n";exit}
-        "UGLY: swapon syscall permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 23\n";exit}
-        "UGLY: swapoff syscall permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 24\n";exit}
-        "UGLY: init_module syscall permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 25\n";exit}
-        "UGLY: delete_module syscall permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 26\n";exit}
-        "UGLY: chroot syscall permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 27\n";exit}
-        "UGLY: pivot_root syscall permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 28\n";exit}
-        "UGLY: iopl syscall permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 29\n";exit}
-        "UGLY: ioperm syscall permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 30\n";exit}
-        "GOOD: all capabilities are disabled"
-}
-after 100
-
-puts "\nall done\n"
diff --git a/test/utils/build.exp b/test/utils/build.exp
deleted file mode 100755
index 5e883e4ba..000000000
--- a/test/utils/build.exp
+++ /dev/null
@@ -1,91 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail --build cat ~/firejail-test-file-7699\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "whitelist ~/firejail-test-file-7699"
-}
-expect {
-        timeout {puts "TESTING ERROR 0.1\n";exit}
-        "include /etc/firejail/whitelist-common.inc"
-}
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "private-tmp"
-}
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "private-dev"
-}
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "blacklist /var"
-}
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "private-bin cat,"
-}
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "caps.drop all"
-}
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        "nonewprivs"
-}
-expect {
-        timeout {puts "TESTING ERROR 7\n";exit}
-        "seccomp"
-}
-expect {
-        timeout {puts "TESTING ERROR 8\n";exit}
-        "net none"
-}
-expect {
-        timeout {puts "TESTING ERROR 9\n";exit}
-        "shell none"
-}
-after 100
-
-send -- "firejail --build cat /etc/passwd\r"
-expect {
-        timeout {puts "TESTING ERROR 10\n";exit}
-        "private-etc passwd,"
-}
-after 100
-
-send -- "firejail --build cat /var/tmp/firejail-test-file-7699\r"
-expect {
-        timeout {puts "TESTING ERROR 11\n";exit}
-        "whitelist /var/tmp/firejail-test-file-7699"
-}
-after 100
-
-send -- "firejail --build man firejail\r"
-expect {
-        timeout {puts "TESTING ERROR 12\n";exit}
-        "whitelist /usr/share/man"
-}
-after 100
-
-send -- "firejail --build wget blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 13\n";exit}
-        "protocol inet"
-}
-after 100
-
-
-send -- "firejail --build cat /tmp/firejail-test-file-7699\r"
-#todo - bug: it comes back with private-tmp
-sleep 1
-
-
-puts "all done\n"
diff --git a/test/utils/utils.sh b/test/utils/utils.sh
index d98e4c2e4..82d00007b 100755
--- a/test/utils/utils.sh
+++ b/test/utils/utils.sh
@@ -12,18 +12,6 @@ if [ -f /etc/debian_version ]; then
 fi
 export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail"
 
-echo "testing" > ~/firejail-test-file-7699
-echo "testing" > /tmp/firejail-test-file-7699
-echo "testing" > /var/tmp/firejail-test-file-7699
-echo "TESTING: build (test/utils/build.exp)"
-./build.exp
-rm -f ~/firejail-test-file-7699
-rm -f /tmp/firejail-test-file-7699
-rm -f /var/tmp/firejail-test-file-7699
-
-echo "TESTING: audit (test/utils/audit.exp)"
-./audit.exp
-
 echo "TESTING: name (test/utils/name.exp)"
 ./name.exp