Merge branch 'master' into private-etc-fixes

47 files changed, 95 insertions, 63 deletions

diff --git a/etc/profile-a-l/anki.profile b/etc/profile-a-l/anki.profile
index 442b5a481..2d0bfcb6c 100644
--- a/etc/profile-a-l/anki.profile
+++ b/etc/profile-a-l/anki.profile
@@ -49,7 +49,7 @@ disable-mnt
 private-bin anki,python*
 private-cache
 private-dev
-private-etc @tls-ca,@x11,Trolltech.conf
+private-etc @tls-ca,@x11
 private-tmp
 
 dbus-user none
diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile
index f06ac3b01..7b0f7bdf0 100644
--- a/etc/profile-a-l/celluloid.profile
+++ b/etc/profile-a-l/celluloid.profile
@@ -52,7 +52,7 @@ tracelog
 
 private-bin celluloid,env,gnome-mpv,python*,youtube-dl
 private-cache
-private-etc @tls-ca,@x11,libva.conf,pkcs11,selinux
+private-etc @tls-ca,@x11,libva.conf,pkcs11
 private-dev
 private-tmp
 
diff --git a/etc/profile-a-l/chatterino.profile b/etc/profile-a-l/chatterino.profile
index ed3153ec7..2df03b10b 100644
--- a/etc/profile-a-l/chatterino.profile
+++ b/etc/profile-a-l/chatterino.profile
@@ -70,7 +70,7 @@ private-bin chatterino,cvlc,env,ffmpeg,mpv,nvlc,pgrep,python*,qvlc,rvlc,streamli
 # private-cache may cause issues with mpv (see #2838)
 private-cache
 private-dev
-private-etc @tls-ca,@x11,dbus-1,rpc,services,Trolltech.conf
+private-etc @tls-ca,@x11,dbus-1,rpc,services
 private-srv none
 private-tmp
 
diff --git a/etc/profile-a-l/dolphin-emu.profile b/etc/profile-a-l/dolphin-emu.profile
index d4734bf22..9743ebfbd 100644
--- a/etc/profile-a-l/dolphin-emu.profile
+++ b/etc/profile-a-l/dolphin-emu.profile
@@ -54,7 +54,7 @@ private-bin bash,dolphin-emu,dolphin-emu-x11,sh
 private-cache
 # Add the next line to your dolphin-emu.local if you do not need controller support.
 #private-dev
-private-etc @tls-ca,@x11,bumblebee,gconf,glvnd,host.conf,mime.types,rpc,services,Trolltech.conf
+private-etc @tls-ca,@x11,bumblebee,gconf,glvnd,host.conf,mime.types,rpc,services
 private-opt none
 private-tmp
 
diff --git a/etc/profile-a-l/equalx.profile b/etc/profile-a-l/equalx.profile
index fa6674f6e..8cbdccbb5 100644
--- a/etc/profile-a-l/equalx.profile
+++ b/etc/profile-a-l/equalx.profile
@@ -53,7 +53,7 @@ disable-mnt
 private-bin equalx,gs,pdflatex,pdftocairo
 private-cache
 private-dev
-private-etc @x11,equalx,equalx.conf,latexmk.conf,papersize,texlive,Trolltech.conf
+private-etc @x11,equalx,equalx.conf,latexmk.conf,papersize,texlive
 private-tmp
 
 dbus-user none
diff --git a/etc/profile-a-l/falkon.profile b/etc/profile-a-l/falkon.profile
index 0d260f429..d805766eb 100644
--- a/etc/profile-a-l/falkon.profile
+++ b/etc/profile-a-l/falkon.profile
@@ -47,7 +47,7 @@ disable-mnt
 # private-bin falkon
 private-cache
 private-dev
-private-etc @tls-ca,@x11,adobe,mailcap,mime.types,selinux
+private-etc @tls-ca,@x11,adobe,mailcap,mime.types
 private-tmp
 
 # dbus-user filter
diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile
index 24d8e4c2f..fe0bc8756 100644
--- a/etc/profile-a-l/fractal.profile
+++ b/etc/profile-a-l/fractal.profile
@@ -46,7 +46,7 @@ disable-mnt
 private-bin fractal
 private-cache
 private-dev
-private-etc @tls-ca,@x11,host.conf,mime.types,selinux
+private-etc @tls-ca,@x11,host.conf,mime.types
 private-tmp
 
 dbus-user filter
diff --git a/etc/profile-a-l/freemind.profile b/etc/profile-a-l/freemind.profile
index ae5843f7f..9bf5a14be 100644
--- a/etc/profile-a-l/freemind.profile
+++ b/etc/profile-a-l/freemind.profile
@@ -43,7 +43,7 @@ disable-mnt
 private-bin bash,cp,dirname,dpkg,echo,freemind,grep,java,lsb_release,mkdir,readlink,rpm,sed,sh,uname,which
 private-cache
 private-dev
-#private-etc alternatives,fonts,java
+#private-etc alternatives,fonts,java*
 private-tmp
 private-opt none
 private-srv none
diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile
index 34203ad4a..49568ba23 100644
--- a/etc/profile-a-l/git-cola.profile
+++ b/etc/profile-a-l/git-cola.profile
@@ -69,7 +69,7 @@ tracelog
 private-bin basename,bash,cola,envsubst,gettext,git,git-cola,git-dag,git-gui,gitk,gpg,gpg-agent,nano,ps,python*,sh,ssh,ssh-agent,tclsh,tr,wc,which,xed
 private-cache
 private-dev
-private-etc @tls-ca,@x11,gitconfig,host.conf,mime.types,selinux,ssh
+private-etc @tls-ca,@x11,gitconfig,host.conf,mime.types,ssh
 private-tmp
 writable-run-user
 
diff --git a/etc/profile-a-l/gnome-music.profile b/etc/profile-a-l/gnome-music.profile
index 087353d45..22d5f87ea 100644
--- a/etc/profile-a-l/gnome-music.profile
+++ b/etc/profile-a-l/gnome-music.profile
@@ -41,7 +41,7 @@ tracelog
 # private-bin calls a file manager - whatever is installed!
 #private-bin env,gio-launch-desktop,gnome-music,python*,yelp
 private-dev
-private-etc @x11,selinux
+private-etc @x11
 private-tmp
 
 restrict-namespaces
diff --git a/etc/profile-a-l/homebank.profile b/etc/profile-a-l/homebank.profile
index ffe65c762..ccbb66333 100644
--- a/etc/profile-a-l/homebank.profile
+++ b/etc/profile-a-l/homebank.profile
@@ -49,7 +49,7 @@ disable-mnt
 private-bin homebank
 private-cache
 private-dev
-private-etc @tls-ca,@x11,mime.types,selinux
+private-etc @tls-ca,@x11,mime.types
 private-tmp
 
 dbus-user none
diff --git a/etc/profile-a-l/i2prouter.profile b/etc/profile-a-l/i2prouter.profile
index e295729d7..6ee92e986 100644
--- a/etc/profile-a-l/i2prouter.profile
+++ b/etc/profile-a-l/i2prouter.profile
@@ -67,7 +67,7 @@ seccomp
 disable-mnt
 private-cache
 private-dev
-private-etc @tls-ca,@x11,i2p,java-10-openjdk,java-11-openjdk,java-12-openjdk,java-13-openjdk,java-8-openjdk,java-9-openjdk,java-openjdk
+private-etc @tls-ca,@x11,i2p,java*
 private-tmp
 
 restrict-namespaces
diff --git a/etc/profile-a-l/kazam.profile b/etc/profile-a-l/kazam.profile
index 0ed2cf48a..70414eeea 100644
--- a/etc/profile-a-l/kazam.profile
+++ b/etc/profile-a-l/kazam.profile
@@ -48,7 +48,7 @@ disable-mnt
 # private-bin kazam,python*
 private-cache
 private-dev
-private-etc @x11,selinux
+private-etc @x11
 private-tmp
 
 dbus-system none
diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile
index 7204549e2..5183a9327 100644
--- a/etc/profile-a-l/kube.profile
+++ b/etc/profile-a-l/kube.profile
@@ -67,7 +67,7 @@ tracelog
 private-bin kube,sink_synchronizer
 private-cache
 private-dev
-private-etc @tls-ca,@x11,selinux
+private-etc @tls-ca,@x11
 private-tmp
 writable-run-user
 
diff --git a/etc/profile-m-z/man.profile b/etc/profile-m-z/man.profile
index 6cb523727..cdf1d807f 100644
--- a/etc/profile-m-z/man.profile
+++ b/etc/profile-m-z/man.profile
@@ -56,7 +56,7 @@ disable-mnt
 #private-bin apropos,bash,cat,catman,col,gpreconv,groff,grotty,gunzip,gzip,less,man,most,nroff,preconv,sed,sh,tbl,tr,troff,whatis,which,xtotroff,zcat,zsoelim
 private-cache
 private-dev
-private-etc @x11,groff,man_db.conf,manpath.config,selinux,sysless
+private-etc @x11,groff,man_db.conf,manpath.config,sysless
 #private-tmp
 
 dbus-user none
diff --git a/etc/profile-m-z/menulibre.profile b/etc/profile-m-z/menulibre.profile
index a67ef9101..fcac70fb3 100644
--- a/etc/profile-m-z/menulibre.profile
+++ b/etc/profile-m-z/menulibre.profile
@@ -51,7 +51,7 @@ tracelog
 disable-mnt
 private-cache
 private-dev
-private-etc @tls-ca,@x11,mime.types,selinux
+private-etc @tls-ca,@x11,mime.types
 private-tmp
 
 dbus-user none
diff --git a/etc/profile-m-z/minecraft-launcher.profile b/etc/profile-m-z/minecraft-launcher.profile
index 86378527b..4f2c89b27 100644
--- a/etc/profile-m-z/minecraft-launcher.profile
+++ b/etc/profile-m-z/minecraft-launcher.profile
@@ -50,7 +50,7 @@ private-cache
 private-dev
 # If multiplayer or realms break, add 'private-etc <your-own-java-folder-from-/etc>'
 # or 'ignore private-etc' to your minecraft-launcher.local.
-private-etc @tls-ca,@x11,host.conf,java-10-openjdk,java-11-openjdk,java-12-openjdk,java-13-openjdk,java-14-openjdk,java-7-openjdk,java-8-openjdk,java-9-openjdk,java-openjdk,mime.types,selinux,services,timezone
+private-etc @tls-ca,@x11,host.conf,java*,mime.types,services,timezone
 private-opt minecraft-launcher
 private-tmp
 
diff --git a/etc/profile-m-z/minitube.profile b/etc/profile-m-z/minitube.profile
index 20e956cff..9e72f9996 100644
--- a/etc/profile-m-z/minitube.profile
+++ b/etc/profile-m-z/minitube.profile
@@ -53,7 +53,7 @@ disable-mnt
 private-bin minitube
 private-cache
 private-dev
-private-etc @tls-ca,@x11,host.conf,mime.types,selinux
+private-etc @tls-ca,@x11,host.conf,mime.types
 private-tmp
 
 dbus-user none
diff --git a/etc/profile-m-z/mirage.profile b/etc/profile-m-z/mirage.profile
index 7c5b3aee4..665b32ecf 100644
--- a/etc/profile-m-z/mirage.profile
+++ b/etc/profile-m-z/mirage.profile
@@ -53,7 +53,7 @@ disable-mnt
 private-bin ldconfig,mirage
 private-cache
 private-dev
-private-etc @tls-ca,@x11,host.conf,mime.types,selinux
+private-etc @tls-ca,@x11,host.conf,mime.types
 private-tmp
 
 dbus-user none
diff --git a/etc/profile-m-z/musictube.profile b/etc/profile-m-z/musictube.profile
index 0da6a8c3d..3387ed5de 100644
--- a/etc/profile-m-z/musictube.profile
+++ b/etc/profile-m-z/musictube.profile
@@ -49,7 +49,7 @@ disable-mnt
 private-bin musictube
 private-cache
 private-dev
-private-etc @tls-ca,@x11,host.conf,mime.types,selinux
+private-etc @tls-ca,@x11,host.conf,mime.types
 private-tmp
 
 dbus-user none
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile
index c96dca73a..288ffedf1 100644
--- a/etc/profile-m-z/mutt.profile
+++ b/etc/profile-m-z/mutt.profile
@@ -124,7 +124,7 @@ tracelog
 # disable-mnt
 private-cache
 private-dev
-private-etc @tls-ca,@x11,gai.conf,gnupg,gnutls,hosts.conf,mail,mailname,Mutt,Muttrc,Muttrc.d,nntpserver,terminfo
+private-etc @tls-ca,@x11,Mutt,Muttrc,Muttrc.d,gai.conf,gnupg,gnutls,hosts.conf,mail,mailname,nntpserver,terminfo
 private-tmp
 writable-run-user
 writable-var
diff --git a/etc/profile-m-z/neochat.profile b/etc/profile-m-z/neochat.profile
index 244e01cc5..80e28a5e5 100644
--- a/etc/profile-m-z/neochat.profile
+++ b/etc/profile-m-z/neochat.profile
@@ -53,7 +53,7 @@ tracelog
 disable-mnt
 private-bin neochat
 private-dev
-private-etc @tls-ca,@x11,dbus-1,host.conf,mime.types,rpc,services,Trolltech.conf
+private-etc @tls-ca,@x11,dbus-1,host.conf,mime.types,rpc,services
 private-tmp
 
 dbus-user filter
diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile
index 4f311b155..5bd1e7cba 100644
--- a/etc/profile-m-z/neomutt.profile
+++ b/etc/profile-m-z/neomutt.profile
@@ -116,7 +116,7 @@ tracelog
 # disable-mnt
 private-cache
 private-dev
-private-etc @tls-ca,@x11,gnupg,hosts.conf,mail,mailname,Mutt,Muttrc,Muttrc.d,neomuttrc,neomuttrc.d,nntpserver
+private-etc @tls-ca,@x11,Mutt,Muttrc,Muttrc.d,gnupg,hosts.conf,mail,mailname,neomuttrc,neomuttrc.d,nntpserver
 private-tmp
 writable-run-user
 writable-var
diff --git a/etc/profile-m-z/nextcloud.profile b/etc/profile-m-z/nextcloud.profile
index 32a65f0c5..d4bad2f67 100644
--- a/etc/profile-m-z/nextcloud.profile
+++ b/etc/profile-m-z/nextcloud.profile
@@ -61,7 +61,7 @@ tracelog
 disable-mnt
 private-bin nextcloud,nextcloud-desktop
 private-cache
-private-etc @tls-ca,@x11,host.conf,Nextcloud,os-release,selinux
+private-etc @tls-ca,@x11,Nextcloud,host.conf,os-release
 private-dev
 private-tmp
 
diff --git a/etc/profile-m-z/nheko.profile b/etc/profile-m-z/nheko.profile
index a0565c77d..cdd2ffc3f 100644
--- a/etc/profile-m-z/nheko.profile
+++ b/etc/profile-m-z/nheko.profile
@@ -47,7 +47,7 @@ disable-mnt
 private-bin nheko
 private-cache
 private-dev
-private-etc @tls-ca,@x11,host.conf,mime.types,selinux
+private-etc @tls-ca,@x11,host.conf,mime.types
 private-tmp
 
 dbus-user filter
diff --git a/etc/profile-m-z/nuclear.profile b/etc/profile-m-z/nuclear.profile
index 452cda5e5..6ab21af5b 100644
--- a/etc/profile-m-z/nuclear.profile
+++ b/etc/profile-m-z/nuclear.profile
@@ -18,7 +18,7 @@ whitelist ${HOME}/.config/nuclear
 no3d
 
 # private-bin nuclear
-private-etc @tls-ca,@x11,host.conf,mime.types,selinux
+private-etc @tls-ca,@x11,host.conf,mime.types
 private-opt nuclear
 
 # Redirect
diff --git a/etc/profile-m-z/onboard.profile b/etc/profile-m-z/onboard.profile
index a142598b7..f8be5819b 100644
--- a/etc/profile-m-z/onboard.profile
+++ b/etc/profile-m-z/onboard.profile
@@ -49,7 +49,7 @@ disable-mnt
 private-cache
 private-bin onboard,python*,tput
 private-dev
-private-etc @x11,dbus-1,mime.types,selinux
+private-etc @x11,dbus-1,mime.types
 private-tmp
 
 dbus-system none
diff --git a/etc/profile-m-z/openarena.profile b/etc/profile-m-z/openarena.profile
index 1600db144..46d0bb86b 100644
--- a/etc/profile-m-z/openarena.profile
+++ b/etc/profile-m-z/openarena.profile
@@ -42,7 +42,7 @@ disable-mnt
 private-bin bash,cut,glxinfo,grep,head,openarena,openarena_ded,quake3,zenity
 private-cache
 private-dev
-private-etc @games,@x11,selinux,udev
+private-etc @games,@x11,udev
 private-tmp
 
 dbus-user none
diff --git a/etc/profile-m-z/openmw.profile b/etc/profile-m-z/openmw.profile
index 507d6d634..721b06117 100644
--- a/etc/profile-m-z/openmw.profile
+++ b/etc/profile-m-z/openmw.profile
@@ -52,7 +52,7 @@ tracelog
 private-bin bsatool,esmtool,niftest,openmw,openmw-cs,openmw-essimporter,openmw-iniimporter,openmw-launcher,openmw-wizard
 private-cache
 private-dev
-private-etc @x11,bumblebee,glvnd,mime.types,openmw,Trolltech.conf
+private-etc @x11,bumblebee,glvnd,mime.types,openmw
 private-opt none
 private-tmp
 
diff --git a/etc/profile-m-z/otter-browser.profile b/etc/profile-m-z/otter-browser.profile
index 420ceece3..a1c0462ba 100644
--- a/etc/profile-m-z/otter-browser.profile
+++ b/etc/profile-m-z/otter-browser.profile
@@ -52,7 +52,7 @@ disable-mnt
 private-bin bash,otter-browser,sh,which
 private-cache
 ?BROWSER_DISABLE_U2F: private-dev
-private-etc @tls-ca,@x11,mailcap,mime.types,selinux
+private-etc @tls-ca,@x11,mailcap,mime.types
 private-tmp
 
 dbus-system none
diff --git a/etc/profile-m-z/psi.profile b/etc/profile-m-z/psi.profile
index 9d9d6e6c5..a1a0606b9 100644
--- a/etc/profile-m-z/psi.profile
+++ b/etc/profile-m-z/psi.profile
@@ -70,7 +70,7 @@ disable-mnt
 private-bin getopt,psi
 private-cache
 private-dev
-private-etc @tls-ca,@x11,selinux
+private-etc @tls-ca,@x11
 private-tmp
 
 dbus-user none
diff --git a/etc/profile-m-z/pybitmessage.profile b/etc/profile-m-z/pybitmessage.profile
index e057ee565..0789450cb 100644
--- a/etc/profile-m-z/pybitmessage.profile
+++ b/etc/profile-m-z/pybitmessage.profile
@@ -40,7 +40,7 @@ seccomp
 disable-mnt
 private-bin bash,env,ldconfig,pybitmessage,python*,sh,stat
 private-dev
-private-etc @tls-ca,@x11,PyBitmessage,PyBitmessage.conf,selinux,sni-qt.conf,system-fips,Trolltech.conf
+private-etc @tls-ca,@x11,PyBitmessage,PyBitmessage.conf,sni-qt.conf,system-fips
 private-tmp
 
 restrict-namespaces
diff --git a/etc/profile-m-z/qcomicbook.profile b/etc/profile-m-z/qcomicbook.profile
index cb807c69e..19ef7a464 100644
--- a/etc/profile-m-z/qcomicbook.profile
+++ b/etc/profile-m-z/qcomicbook.profile
@@ -52,7 +52,7 @@ tracelog
 private-bin 7z,7zr,qcomicbook,rar,sh,tar,unace,unrar,unzip
 private-cache
 private-dev
-private-etc @x11,mime.types,Trolltech.conf
+private-etc @x11,mime.types
 private-tmp
 
 dbus-user none
diff --git a/etc/profile-m-z/qgis.profile b/etc/profile-m-z/qgis.profile
index 9635c2e06..1f378e004 100644
--- a/etc/profile-m-z/qgis.profile
+++ b/etc/profile-m-z/qgis.profile
@@ -51,7 +51,7 @@ tracelog
 disable-mnt
 private-cache
 private-dev
-private-etc @tls-ca,QGIS,QGIS.conf,Trolltech.conf
+private-etc @tls-ca,@x11,QGIS,QGIS.conf
 private-tmp
 
 dbus-user none
diff --git a/etc/profile-m-z/quaternion.profile b/etc/profile-m-z/quaternion.profile
index ddd4800d8..fbc003d65 100644
--- a/etc/profile-m-z/quaternion.profile
+++ b/etc/profile-m-z/quaternion.profile
@@ -46,7 +46,7 @@ disable-mnt
 private-bin quaternion
 private-cache
 private-dev
-private-etc @tls-ca,@x11,host.conf,mime.types,selinux
+private-etc @tls-ca,@x11,host.conf,mime.types
 private-tmp
 
 dbus-user none
diff --git a/etc/profile-m-z/signal-cli.profile b/etc/profile-m-z/signal-cli.profile
index d2b604df5..d881db714 100644
--- a/etc/profile-m-z/signal-cli.profile
+++ b/etc/profile-m-z/signal-cli.profile
@@ -46,7 +46,7 @@ private-bin java,sh,signal-cli
 private-cache
 private-dev
 # Does not work with all Java configurations. You will notice immediately, so you might want to give it a try
-#private-etc alternatives,ca-certificates,crypto-policies,dbus-1,host.conf,hostname,hosts,java-10-openjdk,java-7-openjdk,java-8-openjdk,java-9-openjdk,java.conf,machine-id,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl
+#private-etc alternatives,ca-certificates,crypto-policies,dbus-1,host.conf,hostname,hosts,java*,machine-id,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl
 private-tmp
 
 restrict-namespaces
diff --git a/etc/profile-m-z/smuxi-frontend-gnome.profile b/etc/profile-m-z/smuxi-frontend-gnome.profile
index 566d72733..89342aad8 100644
--- a/etc/profile-m-z/smuxi-frontend-gnome.profile
+++ b/etc/profile-m-z/smuxi-frontend-gnome.profile
@@ -47,7 +47,7 @@ disable-mnt
 private-bin bash,mono,mono-sgen,sh,smuxi-frontend-gnome
 private-cache
 private-dev
-private-etc @tls-ca,@x11,mono,selinux
+private-etc @tls-ca,@x11,mono
 private-tmp
 
 dbus-user none
diff --git a/etc/profile-m-z/spectral.profile b/etc/profile-m-z/spectral.profile
index 492a5bbeb..41b1f6507 100644
--- a/etc/profile-m-z/spectral.profile
+++ b/etc/profile-m-z/spectral.profile
@@ -45,7 +45,7 @@ disable-mnt
 private-cache
 private-bin spectral
 private-dev
-private-etc @tls-ca,@x11,host.conf,mime.types,selinux
+private-etc @tls-ca,@x11,host.conf,mime.types
 private-tmp
 
 dbus-user filter
diff --git a/etc/profile-m-z/terasology.profile b/etc/profile-m-z/terasology.profile
index 27e0cc7d1..ced3aaa8a 100644
--- a/etc/profile-m-z/terasology.profile
+++ b/etc/profile-m-z/terasology.profile
@@ -40,7 +40,7 @@ seccomp
 
 disable-mnt
 private-dev
-private-etc @tls-ca,@x11,dbus-1,host.conf,java-7-openjdk,java-8-openjdk,lsb-release,mime.types
+private-etc @tls-ca,@x11,dbus-1,host.conf,java*,lsb-release,mime.types
 private-tmp
 
 dbus-user none
diff --git a/etc/profile-m-z/trojita.profile b/etc/profile-m-z/trojita.profile
index 8acc6f763..378c8a1b7 100644
--- a/etc/profile-m-z/trojita.profile
+++ b/etc/profile-m-z/trojita.profile
@@ -53,7 +53,7 @@ tracelog
 private-bin trojita
 private-cache
 private-dev
-private-etc @tls-ca,@x11,selinux
+private-etc @tls-ca,@x11
 private-tmp
 
 dbus-user filter
diff --git a/etc/profile-m-z/twitch.profile b/etc/profile-m-z/twitch.profile
index 1e759a760..1f548a92d 100644
--- a/etc/profile-m-z/twitch.profile
+++ b/etc/profile-m-z/twitch.profile
@@ -18,7 +18,7 @@ mkdir ${HOME}/.config/Twitch
 whitelist ${HOME}/.config/Twitch
 
 private-bin electron,electron[0-9],electron[0-9][0-9],twitch
-private-etc @tls-ca,@x11,bumblebee,host.conf,mime.types,selinux
+private-etc @tls-ca,@x11,bumblebee,host.conf,mime.types
 private-opt Twitch
 
 # Redirect
diff --git a/etc/profile-m-z/youtube.profile b/etc/profile-m-z/youtube.profile
index 5049b740e..9bb1991c2 100644
--- a/etc/profile-m-z/youtube.profile
+++ b/etc/profile-m-z/youtube.profile
@@ -17,7 +17,7 @@ mkdir ${HOME}/.config/Youtube
 whitelist ${HOME}/.config/Youtube
 
 private-bin electron,electron[0-9],electron[0-9][0-9],youtube
-private-etc @tls-ca,@x11,bumblebee,host.conf,mime.types,selinux
+private-etc @tls-ca,@x11,bumblebee,host.conf,mime.types
 private-opt Youtube
 
 # Redirect
diff --git a/etc/profile-m-z/youtubemusic-nativefier.profile b/etc/profile-m-z/youtubemusic-nativefier.profile
index 570399557..09a8a446f 100644
--- a/etc/profile-m-z/youtubemusic-nativefier.profile
+++ b/etc/profile-m-z/youtubemusic-nativefier.profile
@@ -14,7 +14,7 @@ mkdir ${HOME}/.config/youtubemusic-nativefier-040164
 whitelist ${HOME}/.config/youtubemusic-nativefier-040164
 
 private-bin electron,electron[0-9],electron[0-9][0-9],youtubemusic-nativefier
-private-etc @tls-ca,@x11,bumblebee,host.conf,mime.types,selinux
+private-etc @tls-ca,@x11,bumblebee,host.conf,mime.types
 private-opt youtubemusic-nativefier
 
 # Redirect
diff --git a/etc/profile-m-z/ytmdesktop.profile b/etc/profile-m-z/ytmdesktop.profile
index f74887185..43b624705 100644
--- a/etc/profile-m-z/ytmdesktop.profile
+++ b/etc/profile-m-z/ytmdesktop.profile
@@ -14,7 +14,7 @@ mkdir ${HOME}/.config/youtube-music-desktop-app
 whitelist ${HOME}/.config/youtube-music-desktop-app
 
 # private-bin env,ytmdesktop
-private-etc @tls-ca,@x11,bumblebee,host.conf,mime.types,selinux
+private-etc @tls-ca,@x11,bumblebee,host.conf,mime.types
 # private-opt
 
 # Redirect
diff --git a/etc/profile-m-z/zeal.profile b/etc/profile-m-z/zeal.profile
index 7505fb575..caf9eab63 100644
--- a/etc/profile-m-z/zeal.profile
+++ b/etc/profile-m-z/zeal.profile
@@ -60,7 +60,7 @@ disable-mnt
 private-bin zeal
 private-cache
 private-dev
-private-etc @tls-ca,@x11,host.conf,mime.types,rpc,services,Trolltech.conf
+private-etc @tls-ca,@x11,host.conf,mime.types,rpc,services
 private-tmp
 
 dbus-user filter
diff --git a/src/include/etc_groups.h b/src/include/etc_groups.h
index e3f8bcc7e..fffc5f9b9 100644
--- a/src/include/etc_groups.h
+++ b/src/include/etc_groups.h
@@ -39,6 +39,7 @@ static char *etc_list[ETC_MAX + 1] = { // plus 1 for ending NULL pointer
         "login.defs", // firejail reading UID/GID MIN and MAX at startup
         "nsswitch.conf",
         "passwd",
+        "selinux",
         NULL
 };
 
@@ -89,6 +90,7 @@ static char *etc_group_x11[] = {
         "kde5rc",
         "nvidia", // 3D
         "pango", // text rendering/internationalization
+        "Trolltech.conf", // old QT config file
         "X11",
         "xdg",
         NULL
diff --git a/src/tools/cleanup_etc.c b/src/tools/cleanup_etc.c
index 3b368b116..f57a1ddb1 100644
--- a/src/tools/cleanup_etc.c
+++ b/src/tools/cleanup_etc.c
@@ -38,6 +38,8 @@ static int arr_x11 = 0;
 static int arr_games = 0;
 static char outbuf[256 * 1024];
 static char *outptr;
+static int arg_replace = 0;
+static int arg_debug = 0;
 
 void outprintf(char* fmt, ...) {
         va_list args;
@@ -78,6 +80,17 @@ static void arr_add(const char *fname) {
         arr_cnt++;
 }
 
+int arr_cmp(const void *p1, const void *p2) {
+        char **ptr1 = (char **) p1;
+        char **ptr2 = (char **) p2;
+
+        return strcmp(*ptr1, *ptr2);
+}
+
+static void arr_sort(void) {
+        qsort(&arr[0], arr_cnt, sizeof(char *), arr_cmp);
+}
+
 static void arr_clean(void) {
         int i;
         for (i = 0; i < arr_cnt; i++) {
@@ -119,7 +132,7 @@ static void process_file(const char *fname) {
 
         FILE *fp = fopen(fname, "r");
         if (!fp) {
-                fprintf(stderr, "Error: cannot open profile file\n");
+                fprintf(stderr, "Error: cannot open %s file\n", fname);
                 exit(1);
         }
 
@@ -133,10 +146,11 @@ static void process_file(const char *fname) {
         int print = 0;
         while (fgets(line, MAX_BUF, fp)) {
                 cnt++;
-                if (strncmp(line, "private-etc ", 12) != 0)  {
+                if (strncmp(line, "private-etc", 11) != 0)  {
                         outprintf("%s", line);
                         continue;
                 }
+
                 strcpy(orig_line,line);
                 char *ptr = strchr(line, '\n');
                 if (ptr)
@@ -158,6 +172,8 @@ static void process_file(const char *fname) {
 
                 ptr = strtok(ptr, ",");
                 while (ptr) {
+                        if (arg_debug)
+                                printf("%s\n", ptr);
                         if (arr_check(ptr, &etc_list[0]));
                         else if (arr_check(ptr, &etc_group_sound[0]));
                         else if (arr_check(ptr, &etc_group_network[0]));
@@ -179,34 +195,36 @@ static void process_file(const char *fname) {
                         ptr = strtok(NULL, ",");
                 }
 
+                arr_sort();
                 char *last_line = arr_print();
                 if (strcmp(last_line, orig_line) == 0) {
                         fclose(fp);
                         return;
                 }
-                printf("\n********************\n%s\n\n%s\n%s\n", fname, orig_line, last_line);
+                printf("\n********************\nfile: %s\n\nold: %s\nnew: %s\n", fname, orig_line, last_line);
                 print = 1;
         }
 
         fclose(fp);
 
-        if (print) {
-//              printf("Replace? (Y/N): ", fname);
-//              fgets(line, MAX_BUF, stdin);
-//              if (*line == 'y' || *line == 'Y') {
-                        fp = fopen(fname, "w");
-                        if (!fp) {
-                                fprintf(stderr, "Error: cannot open profile file\n");
-                                exit(1);
-                        }
-                        fprintf(fp, "%s", outbuf);
-                        fclose(fp);
-//              }
+        if (print && arg_replace) {
+                fp = fopen(fname, "w");
+                if (!fp) {
+                        fprintf(stderr, "Error: cannot open profile file\n");
+                        exit(1);
+                }
+                fprintf(fp, "%s", outbuf);
+                fclose(fp);
         }
 }
 
 static void usage(void) {
-        printf("usage: cleanup-etc file.profile\n");
+        printf("usage: cleanup-etc [options] file.profile [file.profile]\n");
+        printf("Group and clean private-etc entries in one or more profile files.\n");
+        printf("Options:\n");
+        printf("   --debug - print debug messages\n");
+        printf("   --help - this help screen\n");
+        printf("   --replace - replace profile file\n");
 }
 
 int main(int argc, char **argv) {
@@ -218,13 +236,25 @@ int main(int argc, char **argv) {
 
         int i;
         for (i = 1; i < argc; i++) {
-                if (strcmp(argv[i], "-h") == 0) {
+                if (strcmp(argv[i], "-h") == 0 ||
+                     strcmp(argv[i], "-?") == 0 ||
+                     strcmp(argv[i], "--help") == 0) {
                         usage();
                         return 0;
                 }
+                else if (strcmp(argv[i], "--debug") == 0)
+                        arg_debug = 1;
+                else if (strcmp(argv[i], "--replace") == 0)
+                        arg_replace = 1;
+                else if (*argv[i] == '-') {
+                        fprintf(stderr, "Error: invalid program option %s\n", argv[i]);
+                        return 1;
+                }
+                else
+                        break;
         }
 
-        for (i = 1; i < argc; i++)
+        for (; i < argc; i++)
                 process_file(argv[i]);
 
         return 0;