squash attempt 2

52 files changed, 171 insertions, 160 deletions

diff --git a/etc/atom-beta.profile b/etc/atom-beta.profile
index 9a8d93875..fa0b316bb 100644
--- a/etc/atom-beta.profile
+++ b/etc/atom-beta.profile
@@ -8,8 +8,8 @@ include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
 netfilter
-nonewprivs
 nogroups
+nonewprivs
 noroot
 nosound
 protocol unix,inet,inet6,netlink
diff --git a/etc/atom.profile b/etc/atom.profile
index 3cb86847e..61930d5c1 100644
--- a/etc/atom.profile
+++ b/etc/atom.profile
@@ -8,8 +8,8 @@ include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
 netfilter
-nonewprivs
 nogroups
+nonewprivs
 noroot
 nosound
 protocol unix,inet,inet6,netlink
diff --git a/etc/atril.profile b/etc/atril.profile
index d9e10b072..fbcca0c1b 100644
--- a/etc/atril.profile
+++ b/etc/atril.profile
@@ -7,8 +7,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-nonewprivs
 nogroups
+nonewprivs
 noroot
 nosound
 protocol unix
diff --git a/etc/audacity.profile b/etc/audacity.profile
index be3fac9be..827fa4301 100644
--- a/etc/audacity.profile
+++ b/etc/audacity.profile
@@ -8,8 +8,8 @@ include /etc/firejail/disable-programs.inc
 
 caps.drop all
 netfilter
-nonewprivs
 nogroups
+nonewprivs
 noroot
 protocol unix
 seccomp
diff --git a/etc/aweather.profile b/etc/aweather.profile
index 4e5c36f50..fa8654f1e 100644
--- a/etc/aweather.profile
+++ b/etc/aweather.profile
@@ -11,8 +11,8 @@ whitelist ~/.config/aweather
 
 caps.drop all
 netfilter
-nonewprivs
 nogroups
+nonewprivs
 noroot
 nosound
 protocol unix,inet,inet6
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile
index ec6d0d69d..139dec8ec 100644
--- a/etc/cherrytree.profile
+++ b/etc/cherrytree.profile
@@ -9,11 +9,10 @@ include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
 netfilter
+nogroups
 nonewprivs
 noroot
 nosound
 seccomp
 protocol unix,inet,inet6,netlink
 tracelog
-
-
diff --git a/etc/eog.profile b/etc/eog.profile
index 32b54a042..7eb7fd127 100644
--- a/etc/eog.profile
+++ b/etc/eog.profile
@@ -9,9 +9,9 @@ include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
 netfilter
+nogroups
 nonewprivs
 noroot
-nogroups
 protocol unix
 seccomp
 shell none
@@ -20,4 +20,3 @@ private-bin eog
 private-dev
 private-etc fonts
 private-tmp
-
diff --git a/etc/evolution.profile b/etc/evolution.profile
index cf581643d..d097c0f34 100644
--- a/etc/evolution.profile
+++ b/etc/evolution.profile
@@ -14,9 +14,9 @@ include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
 netfilter
+nogroups
 nonewprivs
 noroot
-nogroups
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/feh.profile b/etc/feh.profile
index 5fcb6bf25..e3b1ec528 100644
--- a/etc/feh.profile
+++ b/etc/feh.profile
@@ -5,14 +5,14 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix
 netfilter
 net none
+nogroups
 nonewprivs
 noroot
-nogroups
 nosound
+protocol unix
+seccomp
 shell none
 
 private-bin feh
diff --git a/etc/file.profile b/etc/file.profile
index 2e54030b1..199a97fad 100644
--- a/etc/file.profile
+++ b/etc/file.profile
@@ -1,16 +1,17 @@
 # file profile
-quiet
 ignore noroot
 include /etc/firejail/default.profile
 
-tracelog
+blacklist /tmp/.X11-unix
+
+hostname file
 net none
+no3d
+nosound
+quiet
 shell none
+tracelog
+
+private-dev
 private-bin file
 private-etc magic.mgc,magic,localtime
-hostname file
-private-dev
-nosound
-no3d
-blacklist /tmp/.X11-unix
-
diff --git a/etc/filezilla.profile b/etc/filezilla.profile
index 551c17a78..fe1d9d20d 100644
--- a/etc/filezilla.profile
+++ b/etc/filezilla.profile
@@ -13,10 +13,9 @@ noroot
 nosound
 protocol unix,inet,inet6
 seccomp
-
 shell none
+
 private-bin filezilla,uname,sh,python,lsb_release,fzputtygen,fzsftp
-whitelist /tmp/.X11-unix
 private-dev
-nosound
 
+whitelist /tmp/.X11-unix
diff --git a/etc/flowblade.profile b/etc/flowblade.profile
index e1ec291bd..12afdb0aa 100644
--- a/etc/flowblade.profile
+++ b/etc/flowblade.profile
@@ -1,4 +1,4 @@
-# OpenShot profile
+# FlowBlade profile
 noblacklist ${HOME}/.flowblade
 noblacklist ${HOME}/.config/flowblade
 include /etc/firejail/disable-common.inc
diff --git a/etc/franz.profile b/etc/franz.profile
index 3cb7942ab..0b3be551b 100644
--- a/etc/franz.profile
+++ b/etc/franz.profile
@@ -6,12 +6,12 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 
 caps.drop all
-seccomp
-protocol unix,inet,inet6,netlink
 netfilter
-#tracelog
 nonewprivs
 noroot
+protocol unix,inet,inet6,netlink
+seccomp
+#tracelog
 
 whitelist ${DOWNLOADS}
 mkdir ~/.config/Franz
diff --git a/etc/gajim.profile b/etc/gajim.profile
index 04902a734..809378ef9 100644
--- a/etc/gajim.profile
+++ b/etc/gajim.profile
@@ -22,8 +22,8 @@ include /etc/firejail/disable-devel.inc
 
 caps.drop all
 netfilter
-nonewprivs
 nogroups
+nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
diff --git a/etc/gimp.profile b/etc/gimp.profile
index 23361b771..cb441fc9d 100644
--- a/etc/gimp.profile
+++ b/etc/gimp.profile
@@ -6,13 +6,15 @@ include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
 netfilter
+nogroups
 nonewprivs
 noroot
+nosound
 protocol unix
 seccomp
-private-dev
-private-tmp
+
 noexec ${HOME}
 noexec /tmp
-nogroups
-nosound
+
+private-dev
+private-tmp
diff --git a/etc/git.profile b/etc/git.profile
index 2fb55377d..73122d347 100644
--- a/etc/git.profile
+++ b/etc/git.profile
@@ -12,15 +12,15 @@ include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 
-quiet
 
 caps.drop all
 netfilter
+nogroups
 nonewprivs
 noroot
-nogroups
 nosound
 protocol unix,inet,inet6
+quiet
 seccomp
 shell none
 
diff --git a/etc/gpredict.profile b/etc/gpredict.profile
index 353ecceae..0cc6c416b 100644
--- a/etc/gpredict.profile
+++ b/etc/gpredict.profile
@@ -11,8 +11,8 @@ whitelist ~/.config/Gpredict
 
 caps.drop all
 netfilter
-nonewprivs
 nogroups
+nonewprivs
 noroot
 nosound
 protocol unix,inet,inet6
diff --git a/etc/gwenview.profile b/etc/gwenview.profile
index 67f10c4e1..c866c9e63 100644
--- a/etc/gwenview.profile
+++ b/etc/gwenview.profile
@@ -7,14 +7,15 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
+nogroups
 nonewprivs
 noroot
-nogroups
-private-dev
 protocol unix
 seccomp
 nosound
 
+private-dev
+
 #Experimental:
 #shell none
 #private-bin gwenview
diff --git a/etc/gzip.profile b/etc/gzip.profile
index 5e73969c4..d51b9a951 100644
--- a/etc/gzip.profile
+++ b/etc/gzip.profile
@@ -1,12 +1,14 @@
 # gzip profile
-quiet
 ignore noroot
 include /etc/firejail/default.profile
-tracelog
-net none
-shell none
+
 blacklist /tmp/.X11-unix
-private-dev
-nosound
+
+net none
 no3d
+nosound
+quiet
+shell none
+tracelog
 
+private-dev
diff --git a/etc/inkscape.profile b/etc/inkscape.profile
index cf885fba2..a0e86b6c9 100644
--- a/etc/inkscape.profile
+++ b/etc/inkscape.profile
@@ -6,13 +6,15 @@ include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
 netfilter
+nogroups
 nonewprivs
 noroot
+nosound
 protocol unix
 seccomp
-private-dev
-private-tmp
+
 noexec ${HOME}
 noexec /tmp
-nogroups
-nosound
+
+private-dev
+private-tmp
diff --git a/etc/jitsi.profile b/etc/jitsi.profile
index c61158f8b..046499abe 100644
--- a/etc/jitsi.profile
+++ b/etc/jitsi.profile
@@ -6,8 +6,8 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
 caps.drop all
-nonewprivs
 nogroups
+nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
diff --git a/etc/kmail.profile b/etc/kmail.profile
index 8c8fd18c4..bc21ba604 100644
--- a/etc/kmail.profile
+++ b/etc/kmail.profile
@@ -8,8 +8,8 @@ include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
 netfilter
-nonewprivs
 nogroups
+nonewprivs
 noroot
 protocol unix,inet,inet6,netlink
 seccomp
diff --git a/etc/less.profile b/etc/less.profile
index 6dfae027e..08758aead 100644
--- a/etc/less.profile
+++ b/etc/less.profile
@@ -2,8 +2,10 @@
 quiet
 ignore noroot
 include /etc/firejail/default.profile
-tracelog
+
 net none
+nosound
 shell none
+tracelog
+
 private-dev
-nosound
diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile
index 6e059ea52..76e864e0c 100644
--- a/etc/luminance-hdr.profile
+++ b/etc/luminance-hdr.profile
@@ -5,17 +5,19 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
+ipc-namespace
 netfilter
-protocol unix
+nogroups
 nonewprivs
 noroot
+nosound
+protocol unix
 seccomp
 shell none
 tracelog
-private-tmp
-private-dev
+
 noexec ${HOME}
 noexec /tmp
-nogroups
-nosound
-ipc-namespace
+
+private-tmp
+private-dev
diff --git a/etc/okular.profile b/etc/okular.profile
index df142ccfc..b43a5fbea 100644
--- a/etc/okular.profile
+++ b/etc/okular.profile
@@ -9,14 +9,15 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-nonewprivs
 nogroups
+nonewprivs
 noroot
-private-dev
 protocol unix
 seccomp
 nosound
 
+private-dev
+
 #Experimental:
 #net none
 #shell none
diff --git a/etc/pidgin.profile b/etc/pidgin.profile
index 47be2b6ea..850706145 100644
--- a/etc/pidgin.profile
+++ b/etc/pidgin.profile
@@ -8,8 +8,8 @@ include /etc/firejail/disable-programs.inc
 
 caps.drop all
 netfilter
-nonewprivs
 nogroups
+nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
diff --git a/etc/pix.profile b/etc/pix.profile
index 80c05fd09..e21ddadc6 100644
--- a/etc/pix.profile
+++ b/etc/pix.profile
@@ -8,8 +8,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-nonewprivs
 nogroups
+nonewprivs
 noroot
 nosound
 protocol unix
@@ -20,4 +20,3 @@ tracelog
 private-bin pix
 whitelist /tmp/.X11-unix
 private-dev
-
diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile
index 22c5bafc5..a9323448b 100644
--- a/etc/psi-plus.profile
+++ b/etc/psi-plus.profile
@@ -14,10 +14,10 @@ whitelist ~/.local/share/psi+
 mkdir ~/.cache/psi+
 whitelist ~/.cache/psi+
 
-include /etc/firejail/whitelist-common.inc
-
 caps.drop all
 netfilter
 noroot
 protocol unix,inet,inet6
 seccomp
+
+include /etc/firejail/whitelist-common.inc
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile
index 138b6db55..67829c9ca 100644
--- a/etc/qbittorrent.profile
+++ b/etc/qbittorrent.profile
@@ -15,6 +15,6 @@ seccomp
 # there are some problems with "Open destination folder", see bug #536
 #shell none
 #private-bin qbittorrent
-whitelist /tmp/.X11-unix
 private-dev
-nosound
+
+whitelist /tmp/.X11-unix
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile
index 07ea173e6..06c0db206 100644
--- a/etc/qpdfview.profile
+++ b/etc/qpdfview.profile
@@ -18,5 +18,5 @@ shell none
 tracelog
 
 private-bin qpdfview
-private-tmp
 private-dev
+private-tmp
diff --git a/etc/qtox.profile b/etc/qtox.profile
index 927487037..81d8aa10e 100644
--- a/etc/qtox.profile
+++ b/etc/qtox.profile
@@ -11,8 +11,8 @@ whitelist ${DOWNLOADS}
 
 caps.drop all
 netfilter
-nonewprivs
 nogroups
+nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
diff --git a/etc/quiterss.profile b/etc/quiterss.profile
index 2ab5d8a8e..2b28fce73 100644
--- a/etc/quiterss.profile
+++ b/etc/quiterss.profile
@@ -14,16 +14,17 @@ whitelist ${HOME}/.cache/QuiteRss
 
 caps.drop all
 netfilter
-nonewprivs
 nogroups
+nonewprivs
 noroot
-private-bin quiterss
-private-dev
 nosound
-#private-etc X11,ssl
 protocol unix,inet,inet6
 seccomp
 shell none
 tracelog
 
+private-bin quiterss
+private-dev
+#private-etc X11,ssl
+
 include /etc/firejail/whitelist-common.inc
diff --git a/etc/ranger.profile b/etc/ranger.profile
index a040cd6bc..323e64dee 100644
--- a/etc/ranger.profile
+++ b/etc/ranger.profile
@@ -12,13 +12,12 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 netfilter
 net none
+nogroups
 nonewprivs
 noroot
-nogroups
 protocol unix
 seccomp
 nosound
 
 private-tmp
 private-dev
-
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile
index 0e8527ae7..e5e192486 100644
--- a/etc/rhythmbox.profile
+++ b/etc/rhythmbox.profile
@@ -5,8 +5,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-nogroups
 netfilter
+nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile
index 15df2c374..1226a51cd 100644
--- a/etc/rtorrent.profile
+++ b/etc/rtorrent.profile
@@ -16,4 +16,3 @@ shell none
 private-bin rtorrent
 whitelist /tmp/.X11-unix
 private-dev
-nosound
diff --git a/etc/server.profile b/etc/server.profile
index 22cef0a3c..b8a34feb2 100644
--- a/etc/server.profile
+++ b/etc/server.profile
@@ -6,11 +6,12 @@ include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 
-private
-private-dev
-nosound
-no3d
-private-tmp
 blacklist /tmp/.X11-unix
+
+no3d
+nosound
 seccomp
 
+private
+private-dev
+private-tmp
diff --git a/etc/slack.profile b/etc/slack.profile
index 1009f7ee0..a85a28f03 100644
--- a/etc/slack.profile
+++ b/etc/slack.profile
@@ -1,3 +1,4 @@
+# Firejail profile for Slack
 noblacklist ${HOME}/.config/Slack
 noblacklist ${HOME}/Downloads
 
@@ -6,25 +7,25 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
-mkdir ${HOME}/.config
-mkdir ${HOME}/.config/Slack
-whitelist ${HOME}/.config/Slack
-whitelist ${HOME}/Downloads
-
-protocol unix,inet,inet6,netlink
-private-dev
-private-tmp
-private-etc fonts,resolv.conf,ld.so.conf,ld.so.cache,localtime
-name slack
 blacklist /var
 
-include /etc/firejail/whitelist-common.inc
-
 caps.drop all
-seccomp
+name slack
 netfilter
-nonewprivs
 nogroups
+nonewprivs
 noroot
+protocol unix,inet,inet6,netlink
+seccomp
 shell none
+
 private-bin slack
+private-dev
+private-etc fonts,resolv.conf,ld.so.conf,ld.so.cache,localtime
+private-tmp
+
+mkdir ${HOME}/.config
+mkdir ${HOME}/.config/Slack
+whitelist ${HOME}/.config/Slack
+whitelist ${HOME}/Downloads
+include /etc/firejail/whitelist-common.inc
diff --git a/etc/strings.profile b/etc/strings.profile
index f99a65009..7c464bf88 100644
--- a/etc/strings.profile
+++ b/etc/strings.profile
@@ -1,10 +1,11 @@
 # strings profile
-quiet
 ignore noroot
 include /etc/firejail/default.profile
-tracelog
+
 net none
-shell none
-private-dev
 nosound
+quiet
+shell none
+tracelog
 
+private-dev
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile
index d46467b99..69b2a0db2 100644
--- a/etc/synfigstudio.profile
+++ b/etc/synfigstudio.profile
@@ -11,7 +11,9 @@ nonewprivs
 noroot
 protocol unix
 seccomp
-private-dev
-private-tmp
+
 noexec ${HOME}
 noexec /tmp
+
+private-dev
+private-tmp
diff --git a/etc/tar.profile b/etc/tar.profile
index 663ac3805..91fdaf48d 100644
--- a/etc/tar.profile
+++ b/etc/tar.profile
@@ -1,18 +1,18 @@
 # tar profile
-quiet
 ignore noroot
 include /etc/firejail/default.profile
 
-tracelog
+blacklist /tmp/.X11-unix
+
+hostname tar
 net none
+no3d
+nosound
+quiet
 shell none
+tracelog
 
 # support compressed archives
 private-bin sh,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop
 private-dev
-nosound
-no3d
 private-etc passwd,group,localtime
-hostname tar
-blacklist /tmp/.X11-unix
-
diff --git a/etc/telegram.profile b/etc/telegram.profile
index 8e91e426b..7615c8eef 100644
--- a/etc/telegram.profile
+++ b/etc/telegram.profile
@@ -10,4 +10,3 @@ nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
-
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index 0cfa4fcfc..316cdfec6 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -18,6 +18,6 @@ shell none
 tracelog
 
 private-bin transmission-gtk
-whitelist /tmp/.X11-unix
 private-dev
 
+whitelist /tmp/.X11-unix
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile
index 754211a63..51c58e224 100644
--- a/etc/transmission-qt.profile
+++ b/etc/transmission-qt.profile
@@ -14,9 +14,10 @@ noroot
 nosound
 protocol unix,inet,inet6
 seccomp
+shell none
 tracelog
 
-shell none
 private-bin transmission-qt
-whitelist /tmp/.X11-unix
 private-dev
+
+whitelist /tmp/.X11-unix
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile
index 522b4bd1e..f42e6c69a 100644
--- a/etc/uget-gtk.profile
+++ b/etc/uget-gtk.profile
@@ -9,17 +9,16 @@ caps.drop all
 netfilter
 nonewprivs
 noroot
+nosound
 protocol unix,inet,inet6
 seccomp
+shell none
 
+private-bin uget-gtk
+private-dev
+
+whitelist /tmp/.X11-unix
 whitelist ${DOWNLOADS}
 mkdir ~/.config/uGet
 whitelist ~/.config/uGet
 include /etc/firejail/whitelist-common.inc
-
-shell none
-private-bin uget-gtk
-whitelist /tmp/.X11-unix
-private-dev
-nosound
-
diff --git a/etc/unrar.profile b/etc/unrar.profile
index f29d1b51b..0700cafe9 100644
--- a/etc/unrar.profile
+++ b/etc/unrar.profile
@@ -1,17 +1,18 @@
 # unrar profile
-quiet
 ignore noroot
 include /etc/firejail/default.profile
 
-tracelog
+blacklist /tmp/.X11-unix
+
+hostname unrar
 net none
+no3d
+nosound
+quiet
 shell none
+tracelog
+
 private-bin unrar
 private-dev
-nosound
-no3d
 private-etc passwd,group,localtime
-hostname unrar
 private-tmp
-blacklist /tmp/.X11-unix
-
diff --git a/etc/unzip.profile b/etc/unzip.profile
index 07224855f..a43785795 100644
--- a/etc/unzip.profile
+++ b/etc/unzip.profile
@@ -1,16 +1,16 @@
 # unzip profile
-quiet
 ignore noroot
 include /etc/firejail/default.profile
+blacklist /tmp/.X11-unix
 
-tracelog
+hostname unzip
 net none
+no3d
+nosound
+quiet
 shell none
+tracelog
+
 private-bin unzip
-private-etc passwd,group,localtime
-hostname unzip
 private-dev
-nosound
-no3d
-blacklist /tmp/.X11-unix
-
+private-etc passwd,group,localtime
diff --git a/etc/uudeview.profile b/etc/uudeview.profile
index 8ea9d5163..5ba0896ab 100644
--- a/etc/uudeview.profile
+++ b/etc/uudeview.profile
@@ -1,15 +1,15 @@
 # uudeview profile
-quiet
 ignore noroot
 include /etc/firejail/default.profile
 
-tracelog
+blacklist /etc
+
+hostname uudeview
 net none
+nosound
+quiet
 shell none
+tracelog
+
 private-bin uudeview
 private-dev
-private-etc nonexisting_fakefile_for_empty_etc
-hostname uudeview
-nosound
-uudeview
-
diff --git a/etc/vim.profile b/etc/vim.profile
index 3c1fefe41..b161fcbb0 100644
--- a/etc/vim.profile
+++ b/etc/vim.profile
@@ -1,5 +1,4 @@
 # vim profile
-
 noblacklist ~/.vim
 noblacklist ~/.vimrc
 noblacklist ~/.viminfo
@@ -10,8 +9,8 @@ include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
 netfilter
+nogroups
 nonewprivs
 noroot
-nogroups
 protocol unix,inet,inet6
 seccomp
diff --git a/etc/xpdf.profile b/etc/xpdf.profile
index e036fba21..7ea368bbe 100644
--- a/etc/xpdf.profile
+++ b/etc/xpdf.profile
@@ -7,15 +7,12 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-shell none
+net none
 nonewprivs
 noroot
 protocol unix
+shell none
 seccomp
+
 private-dev
 private-tmp
-net none
-
-
-
-
diff --git a/etc/xplayer.profile b/etc/xplayer.profile
index 54d5ed89b..191d2f67f 100644
--- a/etc/xplayer.profile
+++ b/etc/xplayer.profile
@@ -9,8 +9,8 @@ include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
 netfilter
-nonewprivs
 nogroups
+nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
diff --git a/etc/xzdec.profile b/etc/xzdec.profile
index a9d027c38..04f98cef6 100644
--- a/etc/xzdec.profile
+++ b/etc/xzdec.profile
@@ -1,12 +1,14 @@
 # xzdec profile
-quiet
 ignore noroot
 include /etc/firejail/default.profile
-tracelog
-net none
-shell none
+
 blacklist /tmp/.X11-unix
-private-dev
-nosound
+
+net none
 no3d
+nosound
+quiet
+shell none
+tracelog
 
+private-dev
diff --git a/etc/zathura.profile b/etc/zathura.profile
index 7093c52b2..ab2e99dbc 100644
--- a/etc/zathura.profile
+++ b/etc/zathura.profile
@@ -7,14 +7,14 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-seccomp
-protocol unix
 netfilter
+nogroups
 nonewprivs
 noroot
-nogroups
 nosound
 shell none
+seccomp
+protocol unix
 
 private-bin zathura
 private-dev