Add disable-xdg.inc to ~100 profiles

author: Tad <tad@spotco.us> 2018-07-24 12:52:13 -0400
committer: Tad <tad@spotco.us> 2018-07-24 12:52:13 -0400
commit: e5aba00d010e9e3af3e626bedb8acf8ae37b3b75 (patch)
tree: 55fd2a36c7953e137dfc7ca0734cc56eb0fb6f4d /etc
parent: Merge pull request #2060 from SkewedZeppelin/disable-xdg (diff)
download: firejail-e5aba00d010e9e3af3e626bedb8acf8ae37b3b75.tar.gz
firejail-e5aba00d010e9e3af3e626bedb8acf8ae37b3b75.tar.zst
firejail-e5aba00d010e9e3af3e626bedb8acf8ae37b3b75.zip
104 files changed, 214 insertions, 9 deletions
diff --git a/etc/amarok.profile b/etc/amarok.profile
index 8fa919131..aff78e210 100644
--- a/etc/amarok.profile
+++ b/etc/amarok.profile
@@ -5,12 +5,14 @@ include /etc/firejail/amarok.local
 # Persistent global definitions
 include /etc/firejail/globals.local
+noblacklist ${MUSIC}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/android-studio.profile b/etc/android-studio.profile
index a69bf3966..d845bd4b9 100644
--- a/etc/android-studio.profile
+++ b/etc/android-studio.profile
@@ -15,12 +15,10 @@ noblacklist ${HOME}/.java
 noblacklist ${HOME}/.local/share/JetBrains
 noblacklist ${HOME}/.ssh
 noblacklist ${HOME}/.tooling
-noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
-include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/ardour5.profile b/etc/ardour5.profile
index c2090af98..aaac62bc8 100644
--- a/etc/ardour5.profile
+++ b/etc/ardour5.profile
@@ -9,12 +9,15 @@ noblacklist ${HOME}/.config/ardour4
 noblacklist ${HOME}/.config/ardour5
 noblacklist ${HOME}/.lv2
 noblacklist ${HOME}/.vst
+noblacklist ${DOCUMENTS}
+noblacklist ${MUSIC}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 ipc-namespace
diff --git a/etc/arduino.profile b/etc/arduino.profile
index c8850ccb0..0ff242450 100644
--- a/etc/arduino.profile
+++ b/etc/arduino.profile
@@ -8,6 +8,7 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.arduino15
 noblacklist ${HOME}/.java
 noblacklist ${HOME}/Arduino
+noblacklist ${DOCUMENTS}
 # Allow access to java
 noblacklist ${PATH}/java
@@ -20,6 +21,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/asunder.profile b/etc/asunder.profile
index 1787ad0cc..4cd340bf8 100644
--- a/etc/asunder.profile
+++ b/etc/asunder.profile
@@ -9,12 +9,14 @@ noblacklist ${HOME}/.config/asunder
 noblacklist ${HOME}/.asunder_album_genre
 noblacklist ${HOME}/.asunder_album_title
 noblacklist ${HOME}/.asunder_album_artist
+noblacklist ${MUSIC}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/atril.profile b/etc/atril.profile
index 95120681c..48902ec4a 100644
--- a/etc/atril.profile
+++ b/etc/atril.profile
@@ -7,6 +7,7 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.cache/atril
 noblacklist ${HOME}/.config/atril
+noblacklist ${DOCUMENTS}
 #noblacklist ${HOME}/.local/share
 # it seems to use only ${HOME}/.local/share/webkitgtk
@@ -16,6 +17,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/audacious.profile b/etc/audacious.profile
index 8d3689487..cbbe15c46 100644
--- a/etc/audacious.profile
+++ b/etc/audacious.profile
@@ -7,12 +7,14 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/Audaciousrc
 noblacklist ${HOME}/.config/audacious
+noblacklist ${MUSIC}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/audacity.profile b/etc/audacity.profile
index c5e54ee24..d3c9ee4ac 100644
--- a/etc/audacity.profile
+++ b/etc/audacity.profile
@@ -6,12 +6,15 @@ include /etc/firejail/audacity.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.audacity-data
+noblacklist ${DOCUMENTS}
+noblacklist ${MUSIC}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile
index 6507aeadb..10ef34d07 100644
--- a/etc/bitlbee.profile
+++ b/etc/bitlbee.profile
@@ -14,6 +14,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 netfilter
 no3d
diff --git a/etc/calibre.profile b/etc/calibre.profile
index 436ac3234..09839161e 100644
--- a/etc/calibre.profile
+++ b/etc/calibre.profile
@@ -7,11 +7,13 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.cache/calibre
 noblacklist ${HOME}/.config/calibre
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile
index c63cfad8d..8397da00c 100644
--- a/etc/cherrytree.profile
+++ b/etc/cherrytree.profile
@@ -6,6 +6,7 @@ include /etc/firejail/cherrytree.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/cherrytree
+noblacklist ${DOCUMENTS}
 # Allow python (blacklisted by disable-interpreters.inc)
 noblacklist ${PATH}/python2*
@@ -18,6 +19,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/clementine.profile b/etc/clementine.profile
index ce4b8deb8..e13fd3f66 100644
--- a/etc/clementine.profile
+++ b/etc/clementine.profile
@@ -7,12 +7,14 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.cache/Clementine
 noblacklist ${HOME}/.config/Clementine
+noblacklist ${MUSIC}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/clipit.profile b/etc/clipit.profile
index 3134fdc3e..866108aee 100644
--- a/etc/clipit.profile
+++ b/etc/clipit.profile
@@ -13,6 +13,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/cmus.profile b/etc/cmus.profile
index 03f234913..3331bde22 100644
--- a/etc/cmus.profile
+++ b/etc/cmus.profile
@@ -6,12 +6,14 @@ include /etc/firejail/cmus.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/cmus
+noblacklist ${MUSIC}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/conky.profile b/etc/conky.profile
index af275b915..4d2bcfa38 100644
--- a/etc/conky.profile
+++ b/etc/conky.profile
@@ -5,12 +5,14 @@ include /etc/firejail/conky.local
 # Persistent global definitions
 include /etc/firejail/globals.local
+noblacklist ${PICTURES}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 ipc-namespace
diff --git a/etc/corebird.profile b/etc/corebird.profile
index a99a6b732..da1869f65 100644
--- a/etc/corebird.profile
+++ b/etc/corebird.profile
@@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/darktable.profile b/etc/darktable.profile
index 511e4e475..607a587a1 100644
--- a/etc/darktable.profile
+++ b/etc/darktable.profile
@@ -7,12 +7,14 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.cache/darktable
 noblacklist ${HOME}/.config/darktable
+noblacklist ${PICTURES}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile
index 53383d88d..8eb5776e7 100644
--- a/etc/deadbeef.profile
+++ b/etc/deadbeef.profile
@@ -6,12 +6,14 @@ include /etc/firejail/deadbeef.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/deadbeef
+noblacklist ${MUSIC}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile
index aeef46413..b61d68e06 100644
--- a/etc/dex2jar.profile
+++ b/etc/dex2jar.profile
@@ -17,6 +17,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 net none
diff --git a/etc/dia.profile b/etc/dia.profile
index fca14236f..fed5107aa 100644
--- a/etc/dia.profile
+++ b/etc/dia.profile
@@ -6,12 +6,14 @@ include /etc/firejail/dia.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.dia
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 net none
diff --git a/etc/digikam.profile b/etc/digikam.profile
index 819b8fe41..2e1947419 100644
--- a/etc/digikam.profile
+++ b/etc/digikam.profile
@@ -9,12 +9,14 @@ noblacklist ${HOME}/.config/digikam
 noblacklist ${HOME}/.config/digikamrc
 noblacklist ${HOME}/.kde/share/apps/digikam
 noblacklist ${HOME}/.kde4/share/apps/digikam
+noblacklist ${PICTURES}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/disable-xdg.inc b/etc/disable-xdg.inc
index 554e3a7d5..519f00afb 100644
--- a/etc/disable-xdg.inc
+++ b/etc/disable-xdg.inc
@@ -2,9 +2,11 @@
 # Persistent customizations should go in a .local file.
 include /etc/firejail/disable-xdg.local
-#blacklist ${DESKTOP}
 blacklist ${DOCUMENTS}
-#blacklist ${DOWNLOADS}
 blacklist ${MUSIC}
 blacklist ${PICTURES}
 blacklist ${VIDEOS}
+# The following should be considered catch-all directories
+#blacklist ${DESKTOP}
+#blacklist ${DOWNLOADS}
diff --git a/etc/display.profile b/etc/display.profile
index 01196f5ac..41a426375 100644
--- a/etc/display.profile
+++ b/etc/display.profile
@@ -5,6 +5,8 @@ include /etc/firejail/display.local
 # Persistent global definitions
 include /etc/firejail/globals.local
+noblacklist ${PICTURES}
 # Allow python (blacklisted by disable-interpreters.inc)
 noblacklist ${PATH}/python2*
 noblacklist ${PATH}/python3*
@@ -16,6 +18,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile
index 0971451c4..f8f593c83 100644
--- a/etc/dnscrypt-proxy.profile
+++ b/etc/dnscrypt-proxy.profile
@@ -15,6 +15,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
 no3d
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile
index fc1209c1e..6d3bb920d 100644
--- a/etc/dnsmasq.profile
+++ b/etc/dnsmasq.profile
@@ -15,6 +15,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.keep net_admin,net_bind_service,net_raw,setgid,setuid
 no3d
diff --git a/etc/dosbox.profile b/etc/dosbox.profile
index 79514c373..a2606e7e1 100644
--- a/etc/dosbox.profile
+++ b/etc/dosbox.profile
@@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/dragon.profile b/etc/dragon.profile
index bdaa12e75..9d7bb5748 100644
--- a/etc/dragon.profile
+++ b/etc/dragon.profile
@@ -6,12 +6,15 @@ include /etc/firejail/dragon.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/dragonplayerrc
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/elinks.profile b/etc/elinks.profile
index 6878c4fe0..61fbab3cc 100644
--- a/etc/elinks.profile
+++ b/etc/elinks.profile
@@ -14,6 +14,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/enchant.profile b/etc/enchant.profile
index a495122dc..5a4050102 100644
--- a/etc/enchant.profile
+++ b/etc/enchant.profile
@@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/enpass.profile b/etc/enpass.profile
index 2ee7a97f6..3a30f8b04 100644
--- a/etc/enpass.profile
+++ b/etc/enpass.profile
@@ -4,13 +4,15 @@ include /etc/firejail/enpass.local
 # Persistent global definitions
 include /etc/firejail/globals.local
+noblacklist ${HOME}/.config/Sinew Software Systems
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
-noblacklist ${HOME}/.config/Sinew Software Systems
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/evince.profile b/etc/evince.profile
index 40de5b731..d4074d0aa 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -6,12 +6,14 @@ include /etc/firejail/evince.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/evince
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/fbreader.profile b/etc/fbreader.profile
index 573099429..a5ddd3bf1 100644
--- a/etc/fbreader.profile
+++ b/etc/fbreader.profile
@@ -6,12 +6,14 @@ include /etc/firejail/fbreader.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.FBReader
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/fontforge.profile b/etc/fontforge.profile
index c80588a8b..e4e763099 100644
--- a/etc/fontforge.profile
+++ b/etc/fontforge.profile
@@ -6,6 +6,7 @@ include /etc/firejail/fontforge.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.FontForge
+noblacklist ${DOCUMENTS}
 # Allow python (blacklisted by disable-interpreters.inc)
 noblacklist ${PATH}/python2*
@@ -18,6 +19,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/freecad.profile b/etc/freecad.profile
index 9ea4e0f2b..8c714f37d 100644
--- a/etc/freecad.profile
+++ b/etc/freecad.profile
@@ -6,12 +6,14 @@ include /etc/firejail/freecad.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/FreeCAD
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 ipc-namespace
diff --git a/etc/gimp.profile b/etc/gimp.profile
index 36e354e3a..b8a297e84 100644
--- a/etc/gimp.profile
+++ b/etc/gimp.profile
@@ -7,10 +7,13 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/GIMP
 noblacklist ${HOME}/.gimp*
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/globaltime.profile b/etc/globaltime.profile
index 0df6b5e63..e414abf8c 100644
--- a/etc/globaltime.profile
+++ b/etc/globaltime.profile
@@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/gnome-mpv.profile b/etc/gnome-mpv.profile
index e834e8ec7..f11ceacca 100644
--- a/etc/gnome-mpv.profile
+++ b/etc/gnome-mpv.profile
@@ -6,12 +6,15 @@ include /etc/firejail/gnome-mpv.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/gnome-mpv
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile
index eec61b8db..90fb9814f 100644
--- a/etc/gnome-music.profile
+++ b/etc/gnome-music.profile
@@ -6,6 +6,7 @@ include /etc/firejail/gnome-music.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.local/share/gnome-music
+noblacklist ${MUSIC}
 # Allow python (blacklisted by disable-interpreters.inc)
 noblacklist ${PATH}/python2*
@@ -18,6 +19,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/goobox.profile b/etc/goobox.profile
index ed7b4e761..5e5aad95b 100644
--- a/etc/goobox.profile
+++ b/etc/goobox.profile
@@ -5,12 +5,14 @@ include /etc/firejail/goobox.local
 # Persistent global definitions
 include /etc/firejail/globals.local
+noblacklist ${MUSIC}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/guayadeque.profile b/etc/guayadeque.profile
index e7e3f828c..775c79521 100644
--- a/etc/guayadeque.profile
+++ b/etc/guayadeque.profile
@@ -6,12 +6,14 @@ include /etc/firejail/guayadeque.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.guayadeque
+noblacklist ${MUSIC}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile
index 60a13af3a..db2e69f8a 100644
--- a/etc/gucharmap.profile
+++ b/etc/gucharmap.profile
@@ -11,6 +11,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/handbrake.profile b/etc/handbrake.profile
index 6f2f3bf7f..e467eaeb5 100644
--- a/etc/handbrake.profile
+++ b/etc/handbrake.profile
@@ -6,12 +6,15 @@ include /etc/firejail/handbrake.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/ghb
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/hashcat.profile b/etc/hashcat.profile
index 0fb8b8704..712a09697 100644
--- a/etc/hashcat.profile
+++ b/etc/hashcat.profile
@@ -8,12 +8,14 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.hashcat
 noblacklist /usr/include
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 net none
diff --git a/etc/inkscape.profile b/etc/inkscape.profile
index 0f5ca9d39..e709d488d 100644
--- a/etc/inkscape.profile
+++ b/etc/inkscape.profile
@@ -8,12 +8,15 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.cache/inkscape
 noblacklist ${HOME}/.config/inkscape
 noblacklist ${HOME}/.inkscape
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile
index ca23cedfa..81e538153 100644
--- a/etc/jd-gui.profile
+++ b/etc/jd-gui.profile
@@ -19,6 +19,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 net none
diff --git a/etc/k3b.profile b/etc/k3b.profile
index 38ad97354..8474c490d 100644
--- a/etc/k3b.profile
+++ b/etc/k3b.profile
@@ -8,12 +8,14 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/k3brc
 noblacklist ${HOME}/.kde/share/config/k3brc
 noblacklist ${HOME}/.kde4/share/config/k3brc
+noblacklist ${MUSIC}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/keepass.profile b/etc/keepass.profile
index 03f27d3fa..7b0935030 100644
--- a/etc/keepass.profile
+++ b/etc/keepass.profile
@@ -12,12 +12,14 @@ noblacklist ${HOME}/.config/keepass
 noblacklist ${HOME}/.keepass
 noblacklist ${HOME}/.local/share/KeePass
 noblacklist ${HOME}/.local/share/keepass
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/keepassx.profile b/etc/keepassx.profile
index 7a5e57d72..e749a1dfc 100644
--- a/etc/keepassx.profile
+++ b/etc/keepassx.profile
@@ -9,12 +9,14 @@ noblacklist ${HOME}/*.kdb
 noblacklist ${HOME}/*.kdbx
 noblacklist ${HOME}/.config/keepassx
 noblacklist ${HOME}/.keepassx
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile
index 0edb375b3..b7bcc7b87 100644
--- a/etc/keepassxc.profile
+++ b/etc/keepassxc.profile
@@ -11,12 +11,14 @@ noblacklist ${HOME}/.config/keepassxc
 noblacklist ${HOME}/.keepassxc
 # 2.2.4 needs this path when compiled with "Native messaging browser extension"
 noblacklist ${HOME}/.mozilla
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/kodi.profile b/etc/kodi.profile
index 85058da3e..9726304cc 100644
--- a/etc/kodi.profile
+++ b/etc/kodi.profile
@@ -6,6 +6,9 @@ include /etc/firejail/kodi.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.kodi
+noblacklist ${MUSIC}
+noblacklist ${PICTURES}
+noblacklist ${VIDEOS}
 # Allow python (blacklisted by disable-interpreters.inc)
 noblacklist ${PATH}/python2*
@@ -18,6 +21,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/krita.profile b/etc/krita.profile
index 01f7b6ff8..723a8623a 100644
--- a/etc/krita.profile
+++ b/etc/krita.profile
@@ -7,6 +7,8 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/kritarc
 noblacklist ${HOME}/.local/share/krita
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 # Allow python (blacklisted by disable-interpreters.inc)
 noblacklist ${PATH}/python2*
@@ -19,6 +21,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 apparmor
 caps.drop all
diff --git a/etc/kwrite.profile b/etc/kwrite.profile
index e416a5591..3297be3b6 100644
--- a/etc/kwrite.profile
+++ b/etc/kwrite.profile
@@ -12,12 +12,14 @@ noblacklist ${HOME}/.config/katesyntaxhighlightingrc
 noblacklist ${HOME}/.config/katevirc
 noblacklist ${HOME}/.config/kwriterc
 noblacklist ${HOME}/.local/share/kwrite
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile
index 4aafd7c7a..3caebf208 100644
--- a/etc/libreoffice.profile
+++ b/etc/libreoffice.profile
@@ -8,6 +8,7 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.java
 noblacklist /usr/local/sbin
 noblacklist ${HOME}/.config/libreoffice
+noblacklist ${DOCUMENTS}
 # libreoffice uses java; if you don't care about java functionality,
 # comment the next four lines
@@ -20,6 +21,7 @@ include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/lollypop.profile b/etc/lollypop.profile
index 1eef6db3b..ed893f53e 100644
--- a/etc/lollypop.profile
+++ b/etc/lollypop.profile
@@ -5,19 +5,21 @@ include /etc/firejail/lollypop.local
 # Persistent global definitions
 include /etc/firejail/globals.local
+noblacklist ${HOME}/.local/share/lollypop
+noblacklist ${MUSIC}
 # Allow python (blacklisted by disable-interpreters.inc)
 noblacklist ${PATH}/python2*
 noblacklist ${PATH}/python3*
 noblacklist /usr/lib/python2*
 noblacklist /usr/lib/python3*
-noblacklist ${HOME}/.local/share/lollypop
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile
index 8104a2886..05a1c2bb5 100644
--- a/etc/luminance-hdr.profile
+++ b/etc/luminance-hdr.profile
@@ -6,12 +6,14 @@ include /etc/firejail/luminance-hdr.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/Luminance
+noblacklist ${PICTURES}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile
index 5962c7dc7..44aa0537b 100644
--- a/etc/lxmusic.profile
+++ b/etc/lxmusic.profile
@@ -7,12 +7,14 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.cache/xmms2
 noblacklist ${HOME}/.config/xmms2
+noblacklist ${MUSIC}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/lynx.profile b/etc/lynx.profile
index ba5322787..0f4de2fee 100644
--- a/etc/lynx.profile
+++ b/etc/lynx.profile
@@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/mpd.profile b/etc/mpd.profile
index 2ad520633..50ef915ce 100644
--- a/etc/mpd.profile
+++ b/etc/mpd.profile
@@ -8,12 +8,14 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/mpd
 noblacklist ${HOME}/.mpd
 noblacklist ${HOME}/.mpdconf
+noblacklist ${MUSIC}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/mpv.profile b/etc/mpv.profile
index 18233c31b..93a574881 100644
--- a/etc/mpv.profile
+++ b/etc/mpv.profile
@@ -7,6 +7,8 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/mpv
 noblacklist ${HOME}/.netrc
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 # Allow python (blacklisted by disable-interpreters.inc)
 noblacklist ${PATH}/python2*
@@ -19,6 +21,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/mupdf.profile b/etc/mupdf.profile
index 9ccdf60a8..632e3c66a 100644
--- a/etc/mupdf.profile
+++ b/etc/mupdf.profile
@@ -5,11 +5,14 @@ include /etc/firejail/mupdf.local
 # Persistent global definitions
 include /etc/firejail/globals.local
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/musescore.profile b/etc/musescore.profile
index 5b07a59da..4e28051a4 100644
--- a/etc/musescore.profile
+++ b/etc/musescore.profile
@@ -9,12 +9,15 @@ noblacklist ${HOME}/.config/MusE
 noblacklist ${HOME}/.config/MuseScore
 noblacklist ${HOME}/.local/share/data/MusE
 noblacklist ${HOME}/.local/share/data/MuseScore
+noblacklist ${DOCUMENTS}
+noblacklist ${MUSIC}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/obs.profile b/etc/obs.profile
index 7529dd1bb..6d638e6e6 100644
--- a/etc/obs.profile
+++ b/etc/obs.profile
@@ -6,12 +6,16 @@ include /etc/firejail/obs.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/obs-studio
+noblacklist ${MUSIC}
+noblacklist ${PICTURES}
+noblacklist ${VIDEOS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 nodvd
diff --git a/etc/okular.profile b/etc/okular.profile
index 50b69ceaf..8fe3b9354 100644
--- a/etc/okular.profile
+++ b/etc/okular.profile
@@ -15,12 +15,14 @@ noblacklist ${HOME}/.kde4/share/apps/okular
 noblacklist ${HOME}/.kde4/share/config/okularpartrc
 noblacklist ${HOME}/.kde4/share/config/okularrc
 noblacklist ${HOME}/.local/share/okular
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/orage.profile b/etc/orage.profile
index 2ac420f05..89720ce34 100644
--- a/etc/orage.profile
+++ b/etc/orage.profile
@@ -13,6 +13,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/parole.profile b/etc/parole.profile
index 36ae97726..f98703bd6 100644
--- a/etc/parole.profile
+++ b/etc/parole.profile
@@ -5,12 +5,15 @@ include /etc/firejail/parole.local
 # Persistent global definitions
 include /etc/firejail/globals.local
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/pdfchain.profile b/etc/pdfchain.profile
index 8da5869e3..f6a615632 100644
--- a/etc/pdfchain.profile
+++ b/etc/pdfchain.profile
@@ -5,11 +5,14 @@ include /etc/firejail/pdfchain.local
 # Persistent global definitions
 include /etc/firejail/globals.local
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/pdfmod.profile b/etc/pdfmod.profile
index aa674419d..2e3573121 100644
--- a/etc/pdfmod.profile
+++ b/etc/pdfmod.profile
@@ -7,12 +7,14 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.cache/pdfmod
 noblacklist ${HOME}/.config/pdfmod
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile
index fbd7ec179..daae31338 100644
--- a/etc/pdfsam.profile
+++ b/etc/pdfsam.profile
@@ -5,8 +5,8 @@ include /etc/firejail/pdfsam.local
 # Persistent global definitions
 include /etc/firejail/globals.local
-# Allow access to java
 noblacklist ${HOME}/.java
+noblacklist ${DOCUMENTS}
 # Allow access to java
 noblacklist ${PATH}/java
@@ -19,6 +19,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 machine-id
diff --git a/etc/peek.profile b/etc/peek.profile
index 5d5a32b8a..edc43d006 100644
--- a/etc/peek.profile
+++ b/etc/peek.profile
@@ -6,12 +6,15 @@ include /etc/firejail/peek.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.cache/peek
+noblacklist ${PICTURES}
+noblacklist ${VIDEOS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 net none
diff --git a/etc/picard.profile b/etc/picard.profile
index 484b0e6b2..4031d51f5 100644
--- a/etc/picard.profile
+++ b/etc/picard.profile
@@ -7,6 +7,7 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.cache/MusicBrainz
 noblacklist ${HOME}/.config/MusicBrainz
+noblacklist ${MUSIC}
 # Allow python (blacklisted by disable-interpreters.inc)
 noblacklist ${PATH}/python2*
@@ -19,6 +20,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 no3d
diff --git a/etc/ping.profile b/etc/ping.profile
index d014fb82c..8fd315e44 100644
--- a/etc/ping.profile
+++ b/etc/ping.profile
@@ -12,6 +12,7 @@ include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/whitelist-common.inc
+include /etc/firejail/disable-xdg.inc
 caps.keep net_raw
 ipc-namespace
diff --git a/etc/pinta.profile b/etc/pinta.profile
index 010de0d3e..335659430 100644
--- a/etc/pinta.profile
+++ b/etc/pinta.profile
@@ -6,12 +6,15 @@ include /etc/firejail/pinta.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/Pinta
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 ipc-namespace
diff --git a/etc/pithos.profile b/etc/pithos.profile
index c7eac0d53..7f0ba56b8 100644
--- a/etc/pithos.profile
+++ b/etc/pithos.profile
@@ -16,6 +16,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-common.inc
diff --git a/etc/ppsspp.profile b/etc/ppsspp.profile
index e19a7b42a..073108464 100644
--- a/etc/ppsspp.profile
+++ b/etc/ppsspp.profile
@@ -6,6 +6,7 @@ include /etc/firejail/ppsspp.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/ppsspp
+noblacklist ${DOCUMENTS}
 # with >=llvm-4 mesa drivers need llvm stuff
 noblacklist /usr/lib/llvm*
@@ -14,6 +15,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/qlipper.profile b/etc/qlipper.profile
index 079270909..a99825a0c 100644
--- a/etc/qlipper.profile
+++ b/etc/qlipper.profile
@@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/qmmp.profile b/etc/qmmp.profile
index 2382e9453..5c3873b7f 100644
--- a/etc/qmmp.profile
+++ b/etc/qmmp.profile
@@ -6,11 +6,13 @@ include /etc/firejail/qmmp.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.qmmp
+noblacklist ${MUSIC}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile
index e422d2196..6057bf4f1 100644
--- a/etc/qpdfview.profile
+++ b/etc/qpdfview.profile
@@ -7,12 +7,14 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/qpdfview
 noblacklist ${HOME}/.local/share/qpdfview
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/remmina.profile b/etc/remmina.profile
index 50746c60e..71f4bb94f 100644
--- a/etc/remmina.profile
+++ b/etc/remmina.profile
@@ -15,6 +15,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 nodvd
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile
index 57e1ce5f0..ca06845a5 100644
--- a/etc/rhythmbox.profile
+++ b/etc/rhythmbox.profile
@@ -5,6 +5,7 @@ include /etc/firejail/rhythmbox.local
 # Persistent global definitions
 include /etc/firejail/globals.local
+noblacklist ${MUSIC}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
@@ -12,6 +13,7 @@ include /etc/firejail/disable-devel.inc
 #include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/sayonara.profile b/etc/sayonara.profile
index 756bd99eb..8a369be7e 100644
--- a/etc/sayonara.profile
+++ b/etc/sayonara.profile
@@ -6,11 +6,13 @@ include /etc/firejail/sayonara.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.Sayonara
+noblacklist ${MUSIC}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/scallion.profile b/etc/scallion.profile
index 645f0423c..35cd04f8f 100644
--- a/etc/scallion.profile
+++ b/etc/scallion.profile
@@ -10,11 +10,13 @@ noblacklist ${PATH}/llvm*
 noblacklist /usr/lib/llvm*
 noblacklist ${PATH}/openssl
 noblacklist ${PATH}/openssl-1.0
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/scribus.profile b/etc/scribus.profile
index c7c8ca72c..f08c57c1b 100644
--- a/etc/scribus.profile
+++ b/etc/scribus.profile
@@ -22,6 +22,8 @@ noblacklist ${HOME}/.kde4/share/config/okularrc
 noblacklist ${HOME}/.local/share/okular
 noblacklist ${HOME}/.local/share/scribus
 noblacklist ${HOME}/.scribus
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 # Allow python (blacklisted by disable-interpreters.inc)
 noblacklist ${PATH}/python2*
@@ -34,6 +36,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile
index fbe1b2de5..e318dd568 100644
--- a/etc/sdat2img.profile
+++ b/etc/sdat2img.profile
@@ -17,6 +17,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 net none
diff --git a/etc/silentarmy.profile b/etc/silentarmy.profile
index c83c56798..0fa19e610 100644
--- a/etc/silentarmy.profile
+++ b/etc/silentarmy.profile
@@ -11,6 +11,7 @@ include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile
index 02c7cc6ed..3e8a4e41b 100644
--- a/etc/simple-scan.profile
+++ b/etc/simple-scan.profile
@@ -6,12 +6,14 @@ include /etc/firejail/simple-scan.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.cache/simple-scan
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/skanlite.profile b/etc/skanlite.profile
index ee027bf51..5bac0a90d 100644
--- a/etc/skanlite.profile
+++ b/etc/skanlite.profile
@@ -5,11 +5,14 @@ include /etc/firejail/skanlite.local
 # Persistent global definitions
 include /etc/firejail/globals.local
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 # net none
diff --git a/etc/smplayer.profile b/etc/smplayer.profile
index 63c13ff37..2e792d891 100644
--- a/etc/smplayer.profile
+++ b/etc/smplayer.profile
@@ -7,12 +7,15 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/smplayer
 noblacklist ${HOME}/.mplayer
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/smtube.profile b/etc/smtube.profile
index 040a7c754..67de1490c 100644
--- a/etc/smtube.profile
+++ b/etc/smtube.profile
@@ -11,12 +11,14 @@ noblacklist ${HOME}/.config/mpv
 noblacklist ${HOME}/.mplayer
 noblacklist ${HOME}/.config/vlc
 noblacklist ${HOME}/.local/share/vlc
+noblacklist ${VIDEOS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile
index b15ba266b..a7c8dfce6 100644
--- a/etc/soundconverter.profile
+++ b/etc/soundconverter.profile
@@ -5,6 +5,8 @@ include /etc/firejail/soundconverter.local
 # Persistent global definitions
 include /etc/firejail/globals.local
+noblacklist ${MUSIC}
 # Allow python (blacklisted by disable-interpreters.inc)
 noblacklist ${PATH}/python2*
 noblacklist ${PATH}/python3*
@@ -16,6 +18,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 net none
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile
index 7bb7080e3..5fee722bf 100644
--- a/etc/sqlitebrowser.profile
+++ b/etc/sqlitebrowser.profile
@@ -6,12 +6,14 @@ include /etc/firejail/sqlitebrowser.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/sqlitebrowser
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 net none
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile
index e7eb01eb5..fe9760ad4 100644
--- a/etc/start-tor-browser.profile
+++ b/etc/start-tor-browser.profile
@@ -11,6 +11,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/tor.profile b/etc/tor.profile
index e37fd232c..cbe932104 100644
--- a/etc/tor.profile
+++ b/etc/tor.profile
@@ -21,6 +21,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.keep setuid,setgid,net_bind_service,dac_read_search
 ipc-namespace
diff --git a/etc/totem.profile b/etc/totem.profile
index 0b9252d6c..3ac25440b 100644
--- a/etc/totem.profile
+++ b/etc/totem.profile
@@ -7,12 +7,15 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/totem
 noblacklist ${HOME}/.local/share/totem
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/uefitool.profile b/etc/uefitool.profile
index 70d694ac9..d4016d061 100644
--- a/etc/uefitool.profile
+++ b/etc/uefitool.profile
@@ -5,11 +5,14 @@ include /etc/firejail/uefitool.local
 # Persistent global definitions
 include /etc/firejail/globals.local
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 ipc-namespace
diff --git a/etc/unbound.profile b/etc/unbound.profile
index 35bda2edc..3d7ca7285 100644
--- a/etc/unbound.profile
+++ b/etc/unbound.profile
@@ -15,6 +15,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 whitelist /var/lib/unbound
 whitelist /var/run
diff --git a/etc/viking.profile b/etc/viking.profile
index fa87b915c..a5a01f544 100644
--- a/etc/viking.profile
+++ b/etc/viking.profile
@@ -7,12 +7,14 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.viking
 noblacklist ${HOME}/.viking-maps
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/vlc.profile b/etc/vlc.profile
index bda027aaa..41f482d49 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -8,12 +8,15 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.cache/vlc
 noblacklist ${HOME}/.config/vlc
 noblacklist ${HOME}/.local/share/vlc
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/w3m.profile b/etc/w3m.profile
index bfc7874cf..22843ca54 100644
--- a/etc/w3m.profile
+++ b/etc/w3m.profile
@@ -14,6 +14,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 netfilter
diff --git a/etc/wireshark.profile b/etc/wireshark.profile
index 8ab672279..2b597ba35 100644
--- a/etc/wireshark.profile
+++ b/etc/wireshark.profile
@@ -7,6 +7,7 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/wireshark
 noblacklist ${HOME}/.wireshark
+noblacklist ${DOCUMENTS}
 # Wireshark can use Lua for scripting
 noblacklist ${PATH}/lua*
@@ -19,6 +20,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/xcalc.profile b/etc/xcalc.profile
index 9e68ab17d..dd7c66523 100644
--- a/etc/xcalc.profile
+++ b/etc/xcalc.profile
@@ -10,6 +10,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/xmr-stak.profile b/etc/xmr-stak.profile
index ec98d8557..7a445f6a5 100644
--- a/etc/xmr-stak.profile
+++ b/etc/xmr-stak.profile
@@ -13,6 +13,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 mkdir ${HOME}/.xmr-stak
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/xpdf.profile b/etc/xpdf.profile
index e61e9f5a8..b689ccb25 100644
--- a/etc/xpdf.profile
+++ b/etc/xpdf.profile
@@ -6,12 +6,14 @@ include /etc/firejail/xpdf.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.xpdfrc
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile
index 965517293..fcb0a8a52 100644
--- a/etc/youtube-dl.profile
+++ b/etc/youtube-dl.profile
@@ -7,6 +7,8 @@ include /etc/firejail/youtube-dl.local
 include /etc/firejail/globals.local
 noblacklist ${HOME}/.netrc
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 # Allow python (blacklisted by disable-interpreters.inc)
 noblacklist ${PATH}/python2*
@@ -19,6 +21,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/zathura.profile b/etc/zathura.profile
index 6cdbbe99b..baeca8d19 100644
--- a/etc/zathura.profile
+++ b/etc/zathura.profile
@@ -7,12 +7,14 @@ include /etc/firejail/globals.local
 noblacklist ${HOME}/.config/zathura
 noblacklist ${HOME}/.local/share/zathura
+noblacklist ${DOCUMENTS}
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 caps.drop all
 machine-id
author	Tad <tad@spotco.us>	2018-07-24 12:52:13 -0400
committer	Tad <tad@spotco.us>	2018-07-24 12:52:13 -0400
commit	e5aba00d010e9e3af3e626bedb8acf8ae37b3b75 (patch)
tree	55fd2a36c7953e137dfc7ca0734cc56eb0fb6f4d /etc
parent	Merge pull request #2060 from SkewedZeppelin/disable-xdg (diff)
download	firejail-e5aba00d010e9e3af3e626bedb8acf8ae37b3b75.tar.gz firejail-e5aba00d010e9e3af3e626bedb8acf8ae37b3b75.tar.zst firejail-e5aba00d010e9e3af3e626bedb8acf8ae37b3b75.zip