Fix space before/after tab in indent

This fixes all of the "space before tab in indent" errors raised by git:

    $ git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904..HEAD |
      grep '^[^+]' | cut -f 3 -d : | LC_ALL=C sort | uniq -c
         72  space before tab in indent.

Commands used to find the errors:

    $ git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904..HEAD
    $ git grep -In "$(printf '\t')     "

Note: Unlike "space before tab in indent", the reverse ("space after tab
in indent") is not reported by git.  That is because spaces could be
intentionally used for alignment or line continuation, but in some cases
they are being used for indentation together with tabs and in others the
formatting is misaligned.  The second command was used to help find and
fix these other issues.

26 files changed, 119 insertions, 118 deletions

diff --git a/README b/README
index 86bd8cb63..7750fc049 100644
--- a/README
+++ b/README
@@ -1079,7 +1079,7 @@ SYN-cook (https://github.com/SYN-cook)
 startx2017 (https://github.com/startx2017)
         - syscall list update
         - updated default seccomp filters - added bpf, clock_settime, personality, process_vm_writev, query_module,
-                      settimeofday, stime, umount, userfaultfd, ustat, vm86, and vm86old
+          settimeofday, stime, umount, userfaultfd, ustat, vm86, and vm86old
         - enable/disable join support in /etc/firejail/firejail.config
         - firecfg fix: create ~/.local/share/applications directory if it doesn't exist
         - firejail.config cleanup
diff --git a/src/etc-cleanup/main.c b/src/etc-cleanup/main.c
index 1f1a61f88..6c7bea6d6 100644
--- a/src/etc-cleanup/main.c
+++ b/src/etc-cleanup/main.c
@@ -231,8 +231,8 @@ int main(int argc, char **argv) {
         int i;
         for (i = 1; i < argc; i++) {
                 if (strcmp(argv[i], "-h") == 0 ||
-                     strcmp(argv[i], "-?") == 0 ||
-                     strcmp(argv[i], "--help") == 0) {
+                    strcmp(argv[i], "-?") == 0 ||
+                    strcmp(argv[i], "--help") == 0) {
                         usage();
                         return 0;
                 }
diff --git a/src/fbuilder/build_home.c b/src/fbuilder/build_home.c
index 6d96b69cc..15c54911b 100644
--- a/src/fbuilder/build_home.c
+++ b/src/fbuilder/build_home.c
@@ -110,7 +110,7 @@ void process_home(const char *fname, char *home, int home_len) {
                     strcmp(toadd, ".cache") == 0) {
                         if (dir)
                                 free(dir);
-                        continue;
+                        continue;
                 }
 
                 // clean .cache entries
diff --git a/src/fbuilder/filedb.c b/src/fbuilder/filedb.c
index 4089f3806..5a3b389ae 100644
--- a/src/fbuilder/filedb.c
+++ b/src/fbuilder/filedb.c
@@ -38,8 +38,8 @@ FileDB *filedb_find(FileDB *head, const char *fname) {
                 if (strlen(fname) > ptr->len &&
                     fname[ptr->len] == '/' &&
                     strncmp(ptr->fname, fname, ptr->len) == 0) {
-                        found = 1;
-                        break;
+                        found = 1;
+                        break;
                 }
 
                 ptr = ptr->next;
diff --git a/src/fcopy/main.c b/src/fcopy/main.c
index f1deabf2e..da24fb3f7 100644
--- a/src/fcopy/main.c
+++ b/src/fcopy/main.c
@@ -236,7 +236,7 @@ void copy_link(const char *target, const char *linkpath, mode_t mode, uid_t uid,
         // if the link is already there, don't create it
         struct stat s;
         if (lstat(linkpath, &s) == 0)
-               return;
+                return;
 
         char *rp = proc_pid_to_self(target);
         if (rp) {
diff --git a/src/firecfg/util.c b/src/firecfg/util.c
index dc24d4e68..4185b52dd 100644
--- a/src/firecfg/util.c
+++ b/src/firecfg/util.c
@@ -30,8 +30,8 @@ static int find(const char *program, const char *directory) {
 
         struct stat s;
         if (stat(fname, &s) == 0) {
-                if (arg_debug)
-                        printf("found %s in directory %s\n", program, directory);
+                if (arg_debug)
+                        printf("found %s in directory %s\n", program, directory);
                 retval = 1;
         }
 
@@ -44,8 +44,8 @@ static int find(const char *program, const char *directory) {
 int which(const char *program) {
         // check some well-known paths
         if (find(program, "/bin") || find(program, "/usr/bin") ||
-             find(program, "/sbin") || find(program, "/usr/sbin") ||
-             find(program, "/usr/games"))
+            find(program, "/sbin") || find(program, "/usr/sbin") ||
+            find(program, "/usr/games"))
                 return 1;
 
         // check environment
diff --git a/src/firejail/appimage_size.c b/src/firejail/appimage_size.c
index 6bb530d12..c3f1620bc 100644
--- a/src/firejail/appimage_size.c
+++ b/src/firejail/appimage_size.c
@@ -144,7 +144,7 @@ long unsigned int appimage2_size(int fd) {
                 return 0;
 
         if ((ehdr.e_ident[EI_DATA] != ELFDATA2LSB) &&
-             (ehdr.e_ident[EI_DATA] != ELFDATA2MSB))
+            (ehdr.e_ident[EI_DATA] != ELFDATA2MSB))
                 return 0;
 
         if(ehdr.e_ident[EI_CLASS] == ELFCLASS32) {
diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c
index fef7eb724..132ac94ba 100644
--- a/src/firejail/chroot.c
+++ b/src/firejail/chroot.c
@@ -280,7 +280,7 @@ void fs_chroot(const char *rootdir) {
         //              fs_dev_shm();
         fs_var_lock();
         if (!arg_keep_var_tmp)
-                fs_var_tmp();
+                fs_var_tmp();
         if (!arg_writable_var_log)
                 fs_var_log();
 
diff --git a/src/firejail/cpu.c b/src/firejail/cpu.c
index ada76bc76..804d51caa 100644
--- a/src/firejail/cpu.c
+++ b/src/firejail/cpu.c
@@ -103,17 +103,17 @@ void set_cpu_affinity(void) {
         if (sched_setaffinity(0, sizeof(mask), &mask) == -1)
                 fwarning("cannot set cpu affinity\n");
 
-                // verify cpu affinity
+                // verify cpu affinity
         cpu_set_t mask2;
         CPU_ZERO(&mask2);
         if (sched_getaffinity(0, sizeof(mask2), &mask2) == -1)
                 fwarning("cannot verify cpu affinity\n");
-                else if (arg_debug) {
-                        if (CPU_EQUAL(&mask, &mask2))
-                                printf("CPU affinity set\n");
+                else if (arg_debug) {
+                        if (CPU_EQUAL(&mask, &mask2))
+                                printf("CPU affinity set\n");
                 else
-                                printf("CPU affinity not set\n");
-                }
+                                printf("CPU affinity not set\n");
+                }
 }
 
 static void print_cpu(ProcessHandle process) {
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index d7a2edc3b..182f26e53 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -123,8 +123,8 @@ static void disable_file(OPERATION op, const char *filename) {
         if (op == BLACKLIST_FILE || op == BLACKLIST_NOLOG) {
                 // some distros put all executables under /usr/bin and make /bin a symbolic link
                 if ((strcmp(fname, "/bin") == 0 || strcmp(fname, "/usr/bin") == 0) &&
-                      is_link(filename) &&
-                      S_ISDIR(s.st_mode)) {
+                    is_link(filename) &&
+                    S_ISDIR(s.st_mode)) {
                         fwarning("%s directory link was not blacklisted\n", filename);
                 }
                 else {
diff --git a/src/firejail/ls.c b/src/firejail/ls.c
index f2782de35..ea85fabfd 100644
--- a/src/firejail/ls.c
+++ b/src/firejail/ls.c
@@ -178,7 +178,7 @@ static void print_directory(const char *path) {
 
         n = scandir(path, &namelist, 0, alphasort);
         if (n < 0)
-                        errExit("scandir");
+                errExit("scandir");
         else {
                 for (i = 0; i < n; i++)
                         print_file_or_dir(path, namelist[i]->d_name);
diff --git a/src/firejail/macros.c b/src/firejail/macros.c
index 27bb4227a..af7d02c2a 100644
--- a/src/firejail/macros.c
+++ b/src/firejail/macros.c
@@ -38,19 +38,19 @@ Macro macro[] = {
         },
 
         {
-                "${MUSIC}",
+                "${MUSIC}",
                 "XDG_MUSIC_DIR=\"$HOME/",
                 {"Music", "Музыка", "Musique", "Musica", "Música", "Musik"}
         },
 
         {
-                "${VIDEOS}",
+                "${VIDEOS}",
                 "XDG_VIDEOS_DIR=\"$HOME/",
                 {"Videos", "Видео", "Vidéos", "Video", "Vídeos"}
         },
 
         {
-                "${PICTURES}",
+                "${PICTURES}",
                 "XDG_PICTURES_DIR=\"$HOME/",
                 {"Pictures", "Изображения", "Photos", "Immagini", "Imágenes", "Imagens", "Bilder"}
         },
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 7a9d3d00d..fac357303 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -52,7 +52,7 @@
 int __clone2(int (*fn)(void *),
              void *child_stack_base, size_t stack_size,
              int flags, void *arg, ...
-              /* pid_t *ptid, struct user_desc *tls, pid_t *ctid */ );
+             /* pid_t *ptid, struct user_desc *tls, pid_t *ctid */ );
 #endif
 
 uid_t firejail_uid = 0;
@@ -106,7 +106,7 @@ char *arg_netfilter6_file = NULL;		// netfilter6 file
 char *arg_netns = NULL;                 // "ip netns"-created network namespace to use
 int arg_doubledash = 0;                 // double dash
 int arg_private_dev = 0;                        // private dev directory
-int arg_keep_dev_shm = 0;                       // preserve /dev/shm
+int arg_keep_dev_shm = 0;                       // preserve /dev/shm
 int arg_private_etc = 0;                        // private etc directory
 int arg_private_opt = 0;                        // private opt directory
 int arg_private_srv = 0;                        // private srv directory
@@ -129,7 +129,7 @@ int arg_writable_etc = 0;			// writable etc
 int arg_keep_config_pulse = 0;                  // disable automatic ~/.config/pulse init
 int arg_keep_shell_rc = 0;                      // do not copy shell configuration from /etc/skel
 int arg_writable_var = 0;                       // writable var
-int arg_keep_var_tmp = 0;                       // don't overwrite /var/tmp
+int arg_keep_var_tmp = 0;                       // don't overwrite /var/tmp
 int arg_writable_run_user = 0;                  // writable /run/user
 int arg_writable_var_log = 0;           // writable /var/log
 int arg_appimage = 0;                           // appimage
@@ -141,7 +141,7 @@ int arg_x11_block = 0;				// block X11
 int arg_x11_xorg = 0;                           // use X11 security extension
 int arg_allusers = 0;                           // all user home directories visible
 int arg_machineid = 0;                          // spoof /etc/machine-id
-int arg_allow_private_blacklist = 0;            // blacklist things in private directories
+int arg_allow_private_blacklist = 0;            // blacklist things in private directories
 int arg_disable_mnt = 0;                        // disable /mnt and /media
 int arg_noprofile = 0; // use default.profile if none other found/specified
 int arg_memory_deny_write_execute = 0;          // block writable and executable memory
@@ -150,7 +150,7 @@ int arg_nodvd = 0; // --nodvd
 int arg_nou2f = 0; // --nou2f
 int arg_noinput = 0; // --noinput
 int arg_deterministic_exit_code = 0;    // always exit with first child's exit status
-int arg_deterministic_shutdown = 0;     // shut down the sandbox if first child dies
+int arg_deterministic_shutdown = 0;     // shut down the sandbox if first child dies
 int arg_keep_fd_all = 0;                // inherit all file descriptors to sandbox
 DbusPolicy arg_dbus_user = DBUS_POLICY_ALLOW;   // --dbus-user
 DbusPolicy arg_dbus_system = DBUS_POLICY_ALLOW; // --dbus-system
@@ -768,11 +768,11 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                                 exit(1);
                         }
                         char *path = argv[i + 1];
-                         invalid_filename(path, 0); // no globbing
-                         if (strstr(path, "..")) {
-                                fprintf(stderr, "Error: invalid file name %s\n", path);
-                                exit(1);
-                         }
+                        invalid_filename(path, 0); // no globbing
+                        if (strstr(path, "..")) {
+                                fprintf(stderr, "Error: invalid file name %s\n", path);
+                                exit(1);
+                        }
 
                         // get file
                         pid_t pid = require_pid(argv[i] + 6);
@@ -796,17 +796,17 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                                 exit(1);
                         }
                         char *path1 = argv[i + 1];
-                         invalid_filename(path1, 0); // no globbing
-                         if (strstr(path1, "..")) {
-                                fprintf(stderr, "Error: invalid file name %s\n", path1);
-                                exit(1);
-                         }
+                        invalid_filename(path1, 0); // no globbing
+                        if (strstr(path1, "..")) {
+                                fprintf(stderr, "Error: invalid file name %s\n", path1);
+                                exit(1);
+                        }
                         char *path2 = argv[i + 2];
-                         invalid_filename(path2, 0); // no globbing
-                         if (strstr(path2, "..")) {
-                                fprintf(stderr, "Error: invalid file name %s\n", path2);
-                                exit(1);
-                         }
+                        invalid_filename(path2, 0); // no globbing
+                        if (strstr(path2, "..")) {
+                                fprintf(stderr, "Error: invalid file name %s\n", path2);
+                                exit(1);
+                        }
 
                         // get file
                         pid_t pid = require_pid(argv[i] + 6);
@@ -830,15 +830,15 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                                 exit(1);
                         }
                         char *path = argv[i + 1];
-                         invalid_filename(path, 0); // no globbing
-                         if (strstr(path, "..")) {
-                                fprintf(stderr, "Error: invalid file name %s\n", path);
-                                exit(1);
-                         }
+                        invalid_filename(path, 0); // no globbing
+                        if (strstr(path, "..")) {
+                                fprintf(stderr, "Error: invalid file name %s\n", path);
+                                exit(1);
+                        }
 
                         // list directory contents
                         if (!arg_debug)
-                                 arg_quiet = 1;
+                                arg_quiet = 1;
                         pid_t pid = require_pid(argv[i] + 5);
                         sandboxfs(SANDBOX_FS_LS, pid, path, NULL);
                         exit(0);
@@ -867,7 +867,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
 
                         // write file contents to stdout
                         if (!arg_debug)
-                                 arg_quiet = 1;
+                                arg_quiet = 1;
                         pid_t pid = require_pid(argv[i] + 6);
                         sandboxfs(SANDBOX_FS_CAT, pid, path, NULL);
                         exit(0);
@@ -894,8 +894,8 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
 
         }
         else if (strncmp(argv[i], "--join-or-start=", 16) == 0) {
-                // NOTE: this is first part of option handler,
-                //               sandbox name is set in other part
+                // NOTE: this is first part of option handler, sandbox name is
+                // set in other part
                 if (checkcfg(CFG_JOIN) || getuid() == 0) {
                         logargs(argc, argv);
 
@@ -1050,11 +1050,11 @@ static int check_postexec(const char *list) {
 //*******************************************
 int main(int argc, char **argv, char **envp) {
         int i;
-        int prog_index = -1;                      // index in argv where the program command starts
+        int prog_index = -1;            // index in argv where the program command starts
         int lockfd_network = -1;
         int lockfd_directory = -1;
-        int custom_profile = 0; // custom profile loaded
-        int arg_caps_cmdline = 0;       // caps requested on command line (used to break out of --chroot)
+        int custom_profile = 0;         // custom profile loaded
+        int arg_caps_cmdline = 0;       // caps requested on command line (used to break out of --chroot)
         char **ptr;
 
 
@@ -1983,7 +1983,7 @@ int main(int argc, char **argv, char **envp) {
                         arg_writable_var = 1;
                 }
                 else if (strcmp(argv[i], "--keep-var-tmp") == 0) {
-                        arg_keep_var_tmp = 1;
+                        arg_keep_var_tmp = 1;
                 }
                 else if (strcmp(argv[i], "--writable-run-user") == 0) {
                         arg_writable_run_user = 1;
@@ -2818,8 +2818,8 @@ int main(int argc, char **argv, char **envp) {
                 }
 #endif
                 else if (strncmp(argv[i], "--join-or-start=", 16) == 0) {
-                        // NOTE: this is second part of option handler,
-                        //               atempt to find and join sandbox is done in other one
+                        // NOTE: this is second part of option handler, atempt
+                        // to find and join sandbox is done in other one
 
                         // set sandbox name and start normally
                         cfg.name = argv[i] + 16;
diff --git a/src/firejail/network.c b/src/firejail/network.c
index 5163035fa..c1adf87cc 100644
--- a/src/firejail/network.c
+++ b/src/firejail/network.c
@@ -265,7 +265,7 @@ int net_get_mac(const char *ifname, unsigned char mac[6]) {
         int sock;
 
         if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0)
-                errExit("socket");
+                errExit("socket");
 
         memset(&ifr, 0, sizeof(ifr));
         strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c
index 3997d8f86..22ee9dc3c 100644
--- a/src/firejail/no_sandbox.c
+++ b/src/firejail/no_sandbox.c
@@ -29,10 +29,10 @@
 int is_container(const char *str) {
         assert(str);
         if (strcmp(str, "lxc") == 0 ||
-             strcmp(str, "docker") == 0 ||
-             strcmp(str, "lxc-libvirt") == 0 ||
-             strcmp(str, "systemd-nspawn") == 0 ||
-             strcmp(str, "rkt") == 0)
+            strcmp(str, "docker") == 0 ||
+            strcmp(str, "lxc-libvirt") == 0 ||
+            strcmp(str, "systemd-nspawn") == 0 ||
+            strcmp(str, "rkt") == 0)
                 return 1;
         return 0;
 }
diff --git a/src/firejail/restricted_shell.c b/src/firejail/restricted_shell.c
index a22e63ab3..79e0bd9df 100644
--- a/src/firejail/restricted_shell.c
+++ b/src/firejail/restricted_shell.c
@@ -84,16 +84,16 @@ int restricted_shell(const char *user) {
 
                 // user name globbing
                 if (fnmatch(usr, user, 0) == 0) {
-                        // process program arguments
+                        // process program arguments
 
-                        fullargv[0] = "firejail";
-                        int i;
-                        ptr = args;
-                        for (i = 1; i < MAX_ARGS; i++) {
-                                // skip blanks
-                                while (*ptr == ' ' || *ptr == '\t')
-                                        ptr++;
-                                fullargv[i] = ptr;
+                        fullargv[0] = "firejail";
+                        int i;
+                        ptr = args;
+                        for (i = 1; i < MAX_ARGS; i++) {
+                                // skip blanks
+                                while (*ptr == ' ' || *ptr == '\t')
+                                        ptr++;
+                                fullargv[i] = ptr;
 #ifdef DEBUG_RESTRICTED_SHELL
                                 {EUID_ROOT();
                                 FILE *fp = fopen("/firelog", "ae");
@@ -104,23 +104,23 @@ int restricted_shell(const char *user) {
                                 EUID_USER();}
 #endif
 
-                                if (*ptr != '\0') {
-                                        // go to the end of the word
-                                        while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0')
-                                                ptr++;
-                                        *ptr ='\0';
-                                        fullargv[i] = strdup(fullargv[i]);
-                                        if (fullargv[i] == NULL)
-                                                errExit("strdup");
-                                        ptr++;
-                                        while (*ptr == ' ' || *ptr == '\t')
-                                                ptr++;
-                                        if (*ptr != '\0')
-                                                continue;
-                                }
-                                fullargv[i] = strdup(fullargv[i]);
+                                if (*ptr != '\0') {
+                                        // go to the end of the word
+                                        while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0')
+                                                ptr++;
+                                        *ptr ='\0';
+                                        fullargv[i] = strdup(fullargv[i]);
+                                        if (fullargv[i] == NULL)
+                                                errExit("strdup");
+                                        ptr++;
+                                        while (*ptr == ' ' || *ptr == '\t')
+                                                ptr++;
+                                        if (*ptr != '\0')
+                                                continue;
+                                }
+                                fullargv[i] = strdup(fullargv[i]);
                                 fclose(fp);
-                                return i + 1;
+                                return i + 1;
                         }
                         fprintf(stderr, "Error: too many program arguments in users.conf line %d\n", lineno);
                         exit(1);
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index c4dc0ca78..a4109cc17 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -274,7 +274,7 @@ static void sandbox_if_up(Bridge *br) {
         }
 
         if (br->ip6sandbox)
-                 net_if_ip6(dev, br->ip6sandbox);
+                net_if_ip6(dev, br->ip6sandbox);
 }
 
 static void chk_chroot(void) {
@@ -650,12 +650,12 @@ int sandbox(void* sandbox_arg) {
         if (arg_debug)
                 printf("Initializing child process\n");
 
-        // close each end of the unused pipes
-        close(parent_to_child_fds[1]);
-        close(child_to_parent_fds[0]);
+        // close each end of the unused pipes
+        close(parent_to_child_fds[1]);
+        close(child_to_parent_fds[0]);
 
-        // wait for parent to do base setup
-        wait_for_other(parent_to_child_fds[0]);
+        // wait for parent to do base setup
+        wait_for_other(parent_to_child_fds[0]);
 
         if (arg_debug && child_pid == 1)
                 printf("PID namespace installed\n");
@@ -1259,13 +1259,13 @@ int sandbox(void* sandbox_arg) {
         }
 
         // notify parent that new user namespace has been created so a proper
-        // UID/GID map can be setup
-        notify_other(child_to_parent_fds[1]);
-        close(child_to_parent_fds[1]);
+        // UID/GID map can be setup
+        notify_other(child_to_parent_fds[1]);
+        close(child_to_parent_fds[1]);
 
-        // wait for parent to finish setting up a proper UID/GID map
-        wait_for_other(parent_to_child_fds[0]);
-        close(parent_to_child_fds[0]);
+        // wait for parent to finish setting up a proper UID/GID map
+        wait_for_other(parent_to_child_fds[0]);
+        close(parent_to_child_fds[0]);
 
         // somehow, the new user namespace resets capabilities;
         // we need to do them again
diff --git a/src/firejail/util.c b/src/firejail/util.c
index 846c27321..bafcd69ec 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -1101,7 +1101,7 @@ void mkdir_attr(const char *fname, mode_t mode, uid_t uid, gid_t gid) {
         if (mkdir(fname, mode) == -1 ||
             chmod(fname, mode) == -1 ||
             chown(fname, uid, gid)) {
-                fprintf(stderr, "Error: failed to create %s directory\n", fname);
+                fprintf(stderr, "Error: failed to create %s directory\n", fname);
                 errExit("mkdir/chmod");
         }
 
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c
index ff4fdda56..77739c1f3 100644
--- a/src/firemon/procevent.c
+++ b/src/firemon/procevent.c
@@ -309,7 +309,7 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my
 #endif
                                         if (proc_ev->event_data.fork.child_pid !=
                                             proc_ev->event_data.fork.child_tgid)
-                                                continue; // this is a thread, not a process
+                                                continue; // this is a thread, not a process
                                         pid = proc_ev->event_data.fork.parent_tgid;
 #ifdef DEBUG_PRCTL
         printf("%s: %d, event fork, pid %d\n", __FUNCTION__, __LINE__, pid);
diff --git a/src/firemon/top.c b/src/firemon/top.c
index c127e2f56..c70bc9424 100644
--- a/src/firemon/top.c
+++ b/src/firemon/top.c
@@ -166,7 +166,8 @@ static char *print_top(unsigned index, unsigned parent, unsigned *utime, unsigne
                 snprintf(prcs_str, 10, "%d", *cnt);
 
                 if (asprintf(&rv, "%-7.7s %-9.9s %-8.8s %-8.8s %-5.5s %-4.4s %-9.9s %s",
-                                 pidstr, ptruser, rss, shared, cpu_str, prcs_str, uptime_str, ptrcmd) == -1)
+                             pidstr, ptruser, rss, shared, cpu_str, prcs_str,
+                             uptime_str, ptrcmd) == -1)
                         errExit("asprintf");
 
                 if (cmd)
diff --git a/src/fnet/interface.c b/src/fnet/interface.c
index aa0981269..873252d40 100644
--- a/src/fnet/interface.c
+++ b/src/fnet/interface.c
@@ -57,7 +57,7 @@ void net_bridge_add_interface(const char *bridge, const char *dev) {
 
         int sock;
         if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0)
-                errExit("socket");
+                errExit("socket");
 
         memset(&ifr, 0, sizeof(ifr));
         strncpy(ifr.ifr_name, bridge, IFNAMSIZ - 1);
@@ -237,7 +237,7 @@ int net_get_mac(const char *ifname, unsigned char mac[6]) {
         int sock;
 
         if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0)
-                errExit("socket");
+                errExit("socket");
 
         memset(&ifr, 0, sizeof(ifr));
         strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
@@ -291,7 +291,7 @@ int net_if_mac(const char *ifname, const unsigned char mac[6]) {
         int sock;
 
         if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0)
-                errExit("socket");
+                errExit("socket");
 
         memset(&ifr, 0, sizeof(ifr));
         strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
diff --git a/src/fnettrace-dns/main.c b/src/fnettrace-dns/main.c
index 60738147d..64feec5fe 100644
--- a/src/fnettrace-dns/main.c
+++ b/src/fnettrace-dns/main.c
@@ -124,7 +124,7 @@ static void print_date(void) {
 
 static void run_trace(void) {
         // grab all Ethernet packets and use a custom BPF filter to get only UDP from source port 53
-        int s = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
+        int s = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
         if (s < 0)
                 errExit("socket");
         custom_bpf(s);
diff --git a/src/fseccomp/namespaces.c b/src/fseccomp/namespaces.c
index ffc1dfe4c..e6c63219f 100644
--- a/src/fseccomp/namespaces.c
+++ b/src/fseccomp/namespaces.c
@@ -202,8 +202,8 @@ void deny_ns_32(const char *fname, const char *list) {
         //       0003: 20 00 00 00000000 ld data.syscall-number
         //       0004: 06 00 00 7fff0000 ret ALLOW
         //
-        if (sizeof(filter))
-                write_to_file(fd, filter, sizeof(filter));
+        if (sizeof(filter))
+                write_to_file(fd, filter, sizeof(filter));
 
         filter_end_blacklist(fd);
 
diff --git a/src/jailcheck/noexec.c b/src/jailcheck/noexec.c
index a78272591..bfeff9c7f 100644
--- a/src/jailcheck/noexec.c
+++ b/src/jailcheck/noexec.c
@@ -76,7 +76,7 @@ void noexec_test(const char *path) {
 
         if (child == 0) { // child
                 // drop privileges
-                if (setgid(user_gid) != 0)
+                if (setgid(user_gid) != 0)
                         errExit("setgid");
                 if (setuid(user_uid) != 0)
                         errExit("setuid");
diff --git a/src/libtrace/libtrace.c b/src/libtrace/libtrace.c
index 97e36e5c9..231e09882 100644
--- a/src/libtrace/libtrace.c
+++ b/src/libtrace/libtrace.c
@@ -515,7 +515,7 @@ int connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) {
         if (!orig_connect)
                 orig_connect = (orig_connect_t)dlsym(RTLD_NEXT, "connect");
 
-        int rv = orig_connect(sockfd, addr, addrlen);
+        int rv = orig_connect(sockfd, addr, addrlen);
         print_sockaddr(sockfd, "connect", addr, rv);
 
         return rv;
diff --git a/src/profstats/main.c b/src/profstats/main.c
index 90a5f405d..491cec736 100644
--- a/src/profstats/main.c
+++ b/src/profstats/main.c
@@ -166,7 +166,7 @@ static void process_file(char *fname) {
                 else if (strncmp(ptr, "include whitelist-var-common.inc", 32) == 0)
                         cnt_whitelistvar++;
                 else if (strncmp(ptr, "include whitelist-runuser-common.inc", 36) == 0 ||
-                        strncmp(ptr, "blacklist ${RUNUSER}", 20) == 0)
+                        strncmp(ptr, "blacklist ${RUNUSER}", 20) == 0)
                         cnt_whitelistrunuser++;
                 else if (strncmp(ptr, "include whitelist-common.inc", 28) == 0)
                         cnt_whitelisthome++;
@@ -283,10 +283,10 @@ int main(int argc, char **argv) {
                         arg_dbus_user_none = 1;
                 else if (*argv[i] == '-') {
                         fprintf(stderr, "Error: invalid option %s\n", argv[i]);
-                        return 1;
-                 }
-                 else
-                        break;
+                        return 1;
+                }
+                else
+                        break;
         }
 
         start = i;