63 files changed, 44 insertions, 135 deletions

diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile
index 213aa85e5..c3ce7b618 100644
--- a/etc/Mathematica.profile
+++ b/etc/Mathematica.profile
@@ -5,8 +5,6 @@ mkdir ~/.Wolfram Research
 whitelist ~/.Wolfram Research
 whitelist ~/Documents/Wolfram Mathematica
 include /etc/firejail/whitelist-common.inc
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/audacious.profile b/etc/audacious.profile
index 08537b0b4..49417fbfe 100644
--- a/etc/audacious.profile
+++ b/etc/audacious.profile
@@ -1,6 +1,4 @@
 # Audacious media player profile
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile
index 16d013bdd..c3bd58298 100644
--- a/etc/bitlbee.profile
+++ b/etc/bitlbee.profile
@@ -1,7 +1,6 @@
 # BitlBee instant messaging profile
 noblacklist /sbin
 noblacklist /usr/sbin
-include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-terminals.inc
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile
index 25e983b5c..09e87f043 100644
--- a/etc/cherrytree.profile
+++ b/etc/cherrytree.profile
@@ -1,6 +1,4 @@
 # cherrytree note taking application
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/chromium.profile b/etc/chromium.profile
index c9b857e71..751426db8 100644
--- a/etc/chromium.profile
+++ b/etc/chromium.profile
@@ -2,8 +2,6 @@
 noblacklist ~/.config/chromium
 noblacklist ~/.cache/chromium
 noblacklist ~/keepassx.kdbx
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-terminals.inc
diff --git a/etc/clementine.profile b/etc/clementine.profile
index 8f4670f3b..4737541db 100644
--- a/etc/clementine.profile
+++ b/etc/clementine.profile
@@ -1,6 +1,4 @@
 # Clementine media player profile
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-terminals.inc
diff --git a/etc/conkeror.profile b/etc/conkeror.profile
index 280403811..57fedac61 100644
--- a/etc/conkeror.profile
+++ b/etc/conkeror.profile
@@ -1,7 +1,5 @@
 # Firejail profile for Conkeror web browser profile
 noblacklist ${HOME}/.conkeror.mozdev.org
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-terminals.inc
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile
index 01378cbc4..4f222947f 100644
--- a/etc/deadbeef.profile
+++ b/etc/deadbeef.profile
@@ -1,6 +1,4 @@
 # DeaDBeeF media player profile
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/deluge.profile b/etc/deluge.profile
index 21d178c08..aeafb7a4a 100644
--- a/etc/deluge.profile
+++ b/etc/deluge.profile
@@ -1,6 +1,4 @@
 # deluge bittorernt client profile
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index c7f36bbfd..a909afeb5 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -81,3 +81,44 @@ read-only ${HOME}/.xscreensaver
 # The user ~/bin directory can override commands such as ls
 read-only ${HOME}/bin
 
+# top secret
+blacklist ${HOME}/.ssh
+blacklist ${HOME}/.gnome2/keyrings
+blacklist ${HOME}/kde4/share/apps/kwallet
+blacklist ${HOME}/kde/share/apps/kwallet
+blacklist ${HOME}/.local/share/kwalletd
+blacklist ${HOME}/.netrc
+blacklist ${HOME}/.gnupg
+blacklist ${HOME}/*.kdbx
+blacklist ${HOME}/*.kdb
+blacklist ${HOME}/*.key
+blacklist /etc/shadow
+blacklist /etc/gshadow
+blacklist /etc/passwd-
+blacklist /etc/group-
+blacklist /etc/shadow-
+blacklist /etc/gshadow-
+blacklist /etc/passwd+
+blacklist /etc/group+
+blacklist /etc/shadow+
+blacklist /etc/gshadow+
+blacklist /etc/ssh
+blacklist /var/backup
+
+# system management
+blacklist ${PATH}/umount
+blacklist ${PATH}/mount
+blacklist ${PATH}/fusermount
+blacklist ${PATH}/su
+blacklist ${PATH}/sudo
+blacklist ${PATH}/xinput
+blacklist ${PATH}/evtest
+blacklist ${PATH}/xev
+blacklist ${PATH}/strace
+blacklist ${PATH}/nc
+blacklist ${PATH}/ncat
+
+# system directories    
+blacklist /sbin
+blacklist /usr/sbin
+blacklist /usr/local/sbin
diff --git a/etc/disable-mgmt.inc b/etc/disable-mgmt.inc
index 0a11d6728..e69de29bb 100644
--- a/etc/disable-mgmt.inc
+++ b/etc/disable-mgmt.inc
@@ -1,17 +0,0 @@
-# system directories    
-blacklist /sbin
-blacklist /usr/sbin
-blacklist /usr/local/sbin
-
-# system management
-blacklist ${PATH}/umount
-blacklist ${PATH}/mount
-blacklist ${PATH}/fusermount
-blacklist ${PATH}/su
-blacklist ${PATH}/sudo
-blacklist ${PATH}/xinput
-blacklist ${PATH}/evtest
-blacklist ${PATH}/xev
-blacklist ${PATH}/strace
-blacklist ${PATH}/nc
-blacklist ${PATH}/ncat
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile
index 5702473d3..368830f15 100644
--- a/etc/dnscrypt-proxy.profile
+++ b/etc/dnscrypt-proxy.profile
@@ -1,11 +1,9 @@
 # security profile for dnscrypt-proxy
 noblacklist /sbin
 noblacklist /usr/sbin
-include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-terminals.inc
 private
 private-dev
diff --git a/etc/dropbox.profile b/etc/dropbox.profile
index 94b69281b..d31d1be8f 100644
--- a/etc/dropbox.profile
+++ b/etc/dropbox.profile
@@ -1,6 +1,4 @@
 # dropbox profile
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-terminals.inc
diff --git a/etc/empathy.profile b/etc/empathy.profile
index 015318290..46a69120b 100644
--- a/etc/empathy.profile
+++ b/etc/empathy.profile
@@ -1,6 +1,4 @@
 # Empathy instant messaging profile
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/epiphany.profile b/etc/epiphany.profile
index 2e4c7bfc1..b06e6ea78 100644
--- a/etc/epiphany.profile
+++ b/etc/epiphany.profile
@@ -1,6 +1,4 @@
 # Epiphany browser profile
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/evince.profile b/etc/evince.profile
index 8adf82443..7b81c0453 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -1,6 +1,4 @@
 # evince pdf reader profile
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/fbreader.profile b/etc/fbreader.profile
index 04d53a841..e7d61160e 100644
--- a/etc/fbreader.profile
+++ b/etc/fbreader.profile
@@ -1,7 +1,5 @@
 # fbreader ebook reader profile
 noblacklist ${HOME}/.FBReader
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/filezilla.profile b/etc/filezilla.profile
index 3643f3f98..39689e717 100644
--- a/etc/filezilla.profile
+++ b/etc/filezilla.profile
@@ -1,8 +1,6 @@
 # FileZilla ftp profile
 noblacklist ${HOME}/.filezilla
 noblacklist ${HOME}/.config/filezilla
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/firefox.profile b/etc/firefox.profile
index 9942bd255..f23f84097 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -3,8 +3,6 @@
 noblacklist ~/.mozilla
 noblacklist ~/.cache/mozilla
 noblacklist ~/keepassx.kdbx
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile
index ff3e266c5..613ef6652 100644
--- a/etc/flashpeak-slimjet.profile
+++ b/etc/flashpeak-slimjet.profile
@@ -8,8 +8,6 @@
 noblacklist ~/.config/slimjet
 noblacklist ~/.cache/slimjet
 noblacklist ~/keepassx.kdbx
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-terminals.inc
diff --git a/etc/generic.profile b/etc/generic.profile
index 42e39e86c..ae42c8a3b 100644
--- a/etc/generic.profile
+++ b/etc/generic.profile
@@ -1,8 +1,6 @@
 ################################
 # Generic GUI application profile
 ################################
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-terminals.inc
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile
index 414873870..2313f36fc 100644
--- a/etc/gnome-mplayer.profile
+++ b/etc/gnome-mplayer.profile
@@ -1,6 +1,4 @@
 # GNOME MPlayer profile
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile
index fd167d9e0..57c224191 100644
--- a/etc/google-chrome-beta.profile
+++ b/etc/google-chrome-beta.profile
@@ -2,8 +2,6 @@
 noblacklist ~/.config/google-chrome-beta
 noblacklist ~/.cache/google-chrome-beta
 noblacklist ~/keepassx.kdbx
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-terminals.inc
diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile
index bcd56ed62..e222ccf54 100644
--- a/etc/google-chrome-unstable.profile
+++ b/etc/google-chrome-unstable.profile
@@ -2,8 +2,6 @@
 noblacklist ~/.config/google-chrome-unstable
 noblacklist ~/.cache/google-chrome-unstable
 noblacklist ~/keepassx.kdbx
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-terminals.inc
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile
index c2665f709..767f73f88 100644
--- a/etc/google-chrome.profile
+++ b/etc/google-chrome.profile
@@ -2,8 +2,6 @@
 noblacklist ~/.config/google-chrome
 noblacklist ~/.cache/google-chrome
 noblacklist ~/keepassx.kdbx
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-terminals.inc
diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile
index 0c3743ba3..a9f1da373 100644
--- a/etc/hedgewars.profile
+++ b/etc/hedgewars.profile
@@ -3,8 +3,6 @@
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-terminals.inc
 
 caps.drop all
diff --git a/etc/hexchat.profile b/etc/hexchat.profile
index 48b0dac40..6ceeaefce 100644
--- a/etc/hexchat.profile
+++ b/etc/hexchat.profile
@@ -1,7 +1,5 @@
 # HexChat instant messaging profile
 noblacklist ${HOME}/.config/hexchat
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/kmail.profile b/etc/kmail.profile
index 931df67c3..35a1a15a0 100644
--- a/etc/kmail.profile
+++ b/etc/kmail.profile
@@ -1,7 +1,5 @@
 # kmail profile
 noblacklist ${HOME}/.gnupg
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/lxterminal.profile b/etc/lxterminal.profile
index 7f45c95a9..1d18b0d18 100644
--- a/etc/lxterminal.profile
+++ b/etc/lxterminal.profile
@@ -1,7 +1,5 @@
 # lxterminal (LXDE) profile
 
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 blacklist ${HOME}/.pki/nssdb
diff --git a/etc/midori.profile b/etc/midori.profile
index 64a19d452..1cd686bfe 100644
--- a/etc/midori.profile
+++ b/etc/midori.profile
@@ -1,7 +1,5 @@
 # Midori browser profile
 noblacklist ${HOME}/.config/midori
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile
index ae61ae068..5a4ad4f24 100644
--- a/etc/mupen64plus.profile
+++ b/etc/mupen64plus.profile
@@ -1,7 +1,5 @@
 # mupen64plus profile
 # manually whitelist ROM files
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/openbox.profile b/etc/openbox.profile
index 5fadcee90..42eb5e9fa 100644
--- a/etc/openbox.profile
+++ b/etc/openbox.profile
@@ -1,8 +1,7 @@
 ################################
 # Generic GUI application profile
 ################################
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
+include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-terminals.inc
 blacklist ${HOME}/.pki/nssdb
 blacklist ${HOME}/.lastpass
diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile
index 91c858738..9659b30de 100644
--- a/etc/opera-beta.profile
+++ b/etc/opera-beta.profile
@@ -2,8 +2,6 @@
 noblacklist ~/.config/opera-beta
 noblacklist ~/.cache/opera-beta
 noblacklist ~/keepassx.kdbx
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/opera.profile b/etc/opera.profile
index 74e331bab..3c8868896 100644
--- a/etc/opera.profile
+++ b/etc/opera.profile
@@ -2,8 +2,6 @@
 noblacklist ~/.config/opera
 noblacklist ~/.cache/opera
 noblacklist ~/keepassx.kdbx
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/parole.profile b/etc/parole.profile
index 9c7764ff9..3369b191c 100644
--- a/etc/parole.profile
+++ b/etc/parole.profile
@@ -1,6 +1,4 @@
 # Profile for Parole, the default XFCE4 media player
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/pidgin.profile b/etc/pidgin.profile
index b8b04df18..8080a8905 100644
--- a/etc/pidgin.profile
+++ b/etc/pidgin.profile
@@ -1,7 +1,5 @@
 # Pidgin profile
 noblacklist ${HOME}/.purple
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/polari.profile b/etc/polari.profile
index 8cedddc4e..5e40aedf5 100644
--- a/etc/polari.profile
+++ b/etc/polari.profile
@@ -1,6 +1,4 @@
 # Polari IRC profile
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile
index 9d0f1ae54..87afb78a6 100644
--- a/etc/qbittorrent.profile
+++ b/etc/qbittorrent.profile
@@ -1,6 +1,4 @@
 # qbittorrent bittorrent profile
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/qtox.profile b/etc/qtox.profile
index aa6efa5cb..976e80c31 100644
--- a/etc/qtox.profile
+++ b/etc/qtox.profile
@@ -1,7 +1,5 @@
 # qTox instant messaging profile
 noblacklist ${HOME}/.config/tox
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/quassel.profile b/etc/quassel.profile
index d64b0eaa0..073b50623 100644
--- a/etc/quassel.profile
+++ b/etc/quassel.profile
@@ -1,6 +1,4 @@
 # Quassel IRC profile
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile
index 685a4c86f..31b075c7a 100644
--- a/etc/qutebrowser.profile
+++ b/etc/qutebrowser.profile
@@ -2,8 +2,6 @@
 
 noblacklist ~/.config/qutebrowser
 noblacklist ~/.cache/qutebrowser
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile
index 3ef6da11c..3215063fa 100644
--- a/etc/rhythmbox.profile
+++ b/etc/rhythmbox.profile
@@ -1,6 +1,4 @@
 # Rhythmbox media player profile
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile
index 2bb6bf38b..2c6689811 100644
--- a/etc/rtorrent.profile
+++ b/etc/rtorrent.profile
@@ -1,6 +1,4 @@
 # rtorrent bittorrent profile
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-terminals.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile
index cbe48e425..08a6ad521 100644
--- a/etc/seamonkey.profile
+++ b/etc/seamonkey.profile
@@ -2,8 +2,6 @@
 noblacklist ~/.mozilla
 noblacklist ~/.cache/mozilla
 noblacklist ~/keepassx.kdbx
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/server.profile b/etc/server.profile
index 5471aed91..dde80bd18 100644
--- a/etc/server.profile
+++ b/etc/server.profile
@@ -2,7 +2,6 @@
 # it allows /sbin and /usr/sbin directories - this is where servers are installed
 noblacklist /sbin
 noblacklist /usr/sbin
-include /etc/firejail/disable-mgmt.inc
 private
 private-dev
 private-tmp
diff --git a/etc/skype.profile b/etc/skype.profile
index c301050b4..77f10e644 100644
--- a/etc/skype.profile
+++ b/etc/skype.profile
@@ -1,7 +1,5 @@
 # Skype profile
 noblacklist ${HOME}/.Skype
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/spotify.profile b/etc/spotify.profile
index 5b7cb49a5..326d5d93e 100644
--- a/etc/spotify.profile
+++ b/etc/spotify.profile
@@ -1,6 +1,4 @@
 # Spotify media player profile
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/ssh.profile b/etc/ssh.profile
index d78fa749d..f0e33540a 100644
--- a/etc/ssh.profile
+++ b/etc/ssh.profile
@@ -1,7 +1,5 @@
 # ssh client
 noblacklist ~/.ssh
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-terminals.inc
diff --git a/etc/steam.profile b/etc/steam.profile
index 73ef1e70b..7cfa21028 100644
--- a/etc/steam.profile
+++ b/etc/steam.profile
@@ -1,8 +1,6 @@
 # Steam profile (applies to games/apps launched from Steam as well)
 noblacklist ${HOME}/.steam
 noblacklist ${HOME}/.local/share/steam
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/telegram.profile b/etc/telegram.profile
index 8027846dc..acafdda00 100644
--- a/etc/telegram.profile
+++ b/etc/telegram.profile
@@ -1,7 +1,5 @@
 # Telegram IRC profile
 noblacklist ${HOME}/.TelegramDesktop
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile
index f56d50523..7f83e2809 100644
--- a/etc/thunderbird.profile
+++ b/etc/thunderbird.profile
@@ -1,7 +1,5 @@
 # Firejail profile for Mozilla Thunderbird (Icedove in Debian)
 noblacklist ${HOME}/.gnupg
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-terminals.inc
 
diff --git a/etc/totem.profile b/etc/totem.profile
index bee8d8678..2cff319a7 100644
--- a/etc/totem.profile
+++ b/etc/totem.profile
@@ -1,6 +1,4 @@
 # Totem media player profile
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index ac229e43b..269686fa1 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -1,6 +1,4 @@
 # transmission-gtk profile
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile
index 6e4f096a0..d032752b4 100644
--- a/etc/transmission-qt.profile
+++ b/etc/transmission-qt.profile
@@ -1,6 +1,4 @@
 # transmission-qt profile
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile
index b3360ffb1..4a6544a12 100644
--- a/etc/uget-gtk.profile
+++ b/etc/uget-gtk.profile
@@ -1,6 +1,4 @@
 # uGet profile
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/unbound.profile b/etc/unbound.profile
index 7f36e9588..594d67cf9 100644
--- a/etc/unbound.profile
+++ b/etc/unbound.profile
@@ -1,11 +1,9 @@
 # security profile for unbound (https://unbound.net)
 noblacklist /sbin
 noblacklist /usr/sbin
-include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-terminals.inc
 private
 private-dev
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile
index a353a4ca8..e039c4676 100644
--- a/etc/vivaldi.profile
+++ b/etc/vivaldi.profile
@@ -2,8 +2,6 @@
 noblacklist ~/.config/vivaldi
 noblacklist ~/.cache/vivaldi
 noblacklist ~/keepassx.kdbx
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/vlc.profile b/etc/vlc.profile
index 3652e1f7d..980d2816f 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -1,7 +1,5 @@
 # VLC media player profile
 noblacklist ${HOME}/.config/vlc
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/weechat.profile b/etc/weechat.profile
index 4041332be..ec305b45b 100644
--- a/etc/weechat.profile
+++ b/etc/weechat.profile
@@ -1,9 +1,7 @@
 # Weechat IRC profile
 noblacklist ${HOME}/.weechat
-include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-terminals.inc
 caps.drop all
 seccomp
diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile
index 57bb13e9d..7a2ade1fe 100644
--- a/etc/wesnoth.profile
+++ b/etc/wesnoth.profile
@@ -3,8 +3,6 @@
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-terminals.inc
 
 caps.drop all
diff --git a/etc/wine.profile b/etc/wine.profile
index 5a86977ee..993037794 100644
--- a/etc/wine.profile
+++ b/etc/wine.profile
@@ -2,8 +2,6 @@
 noblacklist ${HOME}/.steam
 noblacklist ${HOME}/.local/share/steam
 noblacklist ${HOME}/.wine
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/xchat.profile b/etc/xchat.profile
index 360ca96a5..552918750 100644
--- a/etc/xchat.profile
+++ b/etc/xchat.profile
@@ -1,7 +1,5 @@
 # XChat IRC profile
 noblacklist ${HOME}/.config/xchat
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/todo b/todo
index 4e7d20e7f..4d00229c1 100644
--- a/todo
+++ b/todo
@@ -75,3 +75,5 @@ CapBnd:	0000003fffffffff
 CapAmb: 0000000000000000
 
 11. cleanup thunderbird profile - disable-common was commented out
+
+12. removed disable_mgmgt.inc form server.profile, replace the information