72 files changed, 508 insertions, 107 deletions

diff --git a/README b/README
index c532907af..d6258e8e4 100644
--- a/README
+++ b/README
@@ -183,7 +183,7 @@ Fred-Barclay (https://github.com/Fred-Barclay)
         - tighten keepassx
         - added Thunar profile
         - added mousepad, qpicview, and cvlc profiles
-        - addedd BibleTime profile
+        - added BibleTime and profiles
 G4JC (http://sourceforge.net/u/gaming4jc/profile/)
         - ARM support
         - profile fixes
@@ -356,6 +356,10 @@ SpotComms (https://github.com/SpotComms)
         - added PDFSam, Pithos, and Xonotic profiles
         - disabled Go, Rust, and OpenSSL in disable-devel.conf
         - added dino profile
+        - added Kodi profile
+        - lots of profile tightening
+        - added viking, youtube-dl, meld profiles
+        - more profile tightening
 SYN-cook (https://github.com/SYN-cook)
         - keepass/keepassx browser fixes
         - disable-common.inc fixes
diff --git a/README.md b/README.md
index 89f459798..ddc1a9639 100644
--- a/README.md
+++ b/README.md
@@ -196,4 +196,4 @@ simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show,
 xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5,
 PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser,
 Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, baloo_file,
-Nylas, dino, BibleTime
+Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld
diff --git a/RELNOTES b/RELNOTES
index d2c4d7cd9..77a097506 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -36,7 +36,8 @@ firejail (0.9.46-rc1) baseline; urgency=low
   * new profiles: Xonotic, wireshark, keepassx2, QupZilla, FossaMail,
   * new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa,
   * new profiles: Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView,
-  * new profiles: baloo_file, Nylas, dino, BibleTime
+  * new profiles: baloo_file, Nylas, dino, BibleTime, viewnior, Kodi, viking,
+  * new profiles: youtube-dl, meld
   * bugfixes
  -- netblue30 <netblue30@yahoo.com>  Fri, 7 Apr 2017 08:00:00 -0500
 
diff --git a/etc/audacity.profile b/etc/audacity.profile
index 4394416ff..779cd8cdb 100644
--- a/etc/audacity.profile
+++ b/etc/audacity.profile
@@ -11,7 +11,9 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
 caps.drop all
+net none
 netfilter
+no3d
 nogroups
 nonewprivs
 noroot
@@ -23,3 +25,6 @@ tracelog
 private-bin audacity
 private-dev
 private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile
index b406b9985..7ea55f505 100644
--- a/etc/bleachbit.profile
+++ b/etc/bleachbit.profile
@@ -9,17 +9,21 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
+net none
 netfilter
+no3d
 nogroups
 nonewprivs
 noroot
 nosound
-shell none
-seccomp
 protocol unix
+seccomp
+shell none
 
 # private-bin
 # private-dev
 # private-tmp
 # private-etc
 
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/bless.profile b/etc/bless.profile
index b8325de39..869f13cc0 100644
--- a/etc/bless.profile
+++ b/etc/bless.profile
@@ -17,8 +17,20 @@ include /etc/firejail/disable-devel.inc
 
 #Options
 caps.drop all
+net none
 netfilter
+no3d
+nogroups
 nonewprivs
 noroot
-protocol unix,inet,inet6
+nosound
+protocol unix           
 seccomp
+shell none
+
+private-dev
+private-etc fonts,mono
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile
index 603d6345c..efd8b463b 100644
--- a/etc/deadbeef.profile
+++ b/etc/deadbeef.profile
@@ -11,7 +11,17 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
+netfilter
+no3d
+nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
+shell none
+
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/dino.profile b/etc/dino.profile
index a71ab27d7..3de858618 100644
--- a/etc/dino.profile
+++ b/etc/dino.profile
@@ -13,9 +13,9 @@ include /etc/firejail/disable-programs.inc
 whitelist ${HOME}/Downloads
 mkdir ${HOME}/.local/share/dino
 whitelist ${HOME}/.local/share/dino
+include /etc/firejail/whitelist-common.inc
 
 caps.drop all
-machine-id
 netfilter
 no3d
 nogroups
@@ -30,3 +30,6 @@ private-bin dino
 #private-etc fonts #breaks server connection
 private-dev
 private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index bad1f0263..32adac298 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -124,6 +124,7 @@ blacklist ${HOME}/.config/totem
 blacklist ${HOME}/.config/tox
 blacklist ${HOME}/.config/transmission
 blacklist ${HOME}/.config/uGet
+blacklist ${HOME}/.config/viewnior
 blacklist ${HOME}/.config/vivaldi
 blacklist ${HOME}/.config/vlc
 blacklist ${HOME}/.config/wesnoth
@@ -198,6 +199,7 @@ blacklist ${HOME}/.kde/share/config/okularrc
 blacklist ${HOME}/.killingfloor
 blacklist ${HOME}/.kino-history
 blacklist ${HOME}/.kinorc
+blacklist ${HOME}/.kodi
 blacklist ${HOME}/.linphone-history.db
 blacklist ${HOME}/.linphonerc
 blacklist ${HOME}/.lmmsrc.xml
@@ -230,6 +232,7 @@ blacklist ${HOME}/.local/share/gnome-music
 blacklist ${HOME}/.local/share/gnome-photos
 blacklist ${HOME}/.local/share/kate
 blacklist ${HOME}/.local/share/lollypop
+blacklist ${HOME}/.local/share/meld
 blacklist ${HOME}/.local/share/multimc5
 blacklist ${HOME}/.local/share/mupen64plus
 blacklist ${HOME}/.local/share/nautilus
@@ -286,6 +289,8 @@ blacklist ${HOME}/.synfig
 blacklist ${HOME}/.tconn
 blacklist ${HOME}/.thunderbird
 blacklist ${HOME}/.ts3client
+blacklist ${HOME}/.viking
+blacklist ${HOME}/.viking-maps
 blacklist ${HOME}/.vst
 blacklist ${HOME}/.w3m
 blacklist ${HOME}/.warzone2100-3.*
diff --git a/etc/eog.profile b/etc/eog.profile
index c5afec7fa..7c2cd557c 100644
--- a/etc/eog.profile
+++ b/etc/eog.profile
@@ -11,7 +11,9 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
+net none
 netfilter
+no3d
 nogroups
 nonewprivs
 noroot
@@ -24,3 +26,6 @@ private-bin eog
 private-dev
 private-etc fonts
 private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/evince.profile b/etc/evince.profile
index 94cefdd8b..ae50425b9 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -13,6 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 netfilter
 #net none - creates some problems on some distributions
+no3d
 nogroups
 nonewprivs
 noroot
@@ -27,3 +28,6 @@ private-dev
 private-etc fonts
 # evince needs access to /tmp/mozilla* to work in firefox
 # private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/evolution.profile b/etc/evolution.profile
index cb6615716..04bf480ff 100644
--- a/etc/evolution.profile
+++ b/etc/evolution.profile
@@ -9,6 +9,7 @@ noblacklist ~/.cache/evolution
 noblacklist ~/.pki
 noblacklist ~/.pki/nssdb
 noblacklist ~/.gnupg
+noblacklist ~/.bogofilter
 
 noblacklist /var/spool/mail
 noblacklist /var/mail
@@ -20,6 +21,7 @@ include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
 netfilter
+no3d
 nogroups
 nonewprivs
 noroot
@@ -30,3 +32,6 @@ shell none
 
 private-dev
 private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/file-roller.profile b/etc/file-roller.profile
index 804d20ce1..a3f687651 100644
--- a/etc/file-roller.profile
+++ b/etc/file-roller.profile
@@ -9,13 +9,15 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
+net none
+netfilter
+no3d
 nogroups
 nonewprivs
 noroot
 nosound
 protocol unix
 seccomp
-netfilter
 shell none
 tracelog
 
@@ -23,3 +25,6 @@ tracelog
 # private-tmp
 private-dev
 # private-etc fonts
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/firefox.profile b/etc/firefox.profile
index 1bc3eb769..4d96c05c8 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -21,6 +21,7 @@ nonewprivs
 noroot
 protocol unix,inet,inet6,netlink
 seccomp
+shell none
 tracelog
 
 whitelist ${DOWNLOADS}
@@ -59,3 +60,6 @@ include /etc/firejail/whitelist-common.inc
 #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse
 private-dev 
 private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/gedit.profile b/etc/gedit.profile
index 9f4eee9b3..07bdb1bbe 100644
--- a/etc/gedit.profile
+++ b/etc/gedit.profile
@@ -14,17 +14,22 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
+netfilter
+net none
+no3d
 nogroups
 nonewprivs
 noroot
 nosound
 protocol unix
 seccomp
-netfilter
 shell none
 tracelog
 
 # private-bin gedit
-private-tmp
 private-dev
 # private-etc fonts
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/gimp.profile b/etc/gimp.profile
index 4088bd680..5f8ccb4fb 100644
--- a/etc/gimp.profile
+++ b/etc/gimp.profile
@@ -10,16 +10,18 @@ include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
 netfilter
+net none
 nogroups
 nonewprivs
 noroot
 nosound
 protocol unix
 seccomp
+shell none
 
 # gimp plugins are installed by the user in ~/.gimp-2.8/plug-ins/ directory
 # if you are not using external plugins, you can enable noexec statement below
-# noexec ${HOME} 
+# noexec ${HOME}
 
 noexec /tmp
 
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile
index 714a97650..e9366f07d 100644
--- a/etc/gnome-calculator.profile
+++ b/etc/gnome-calculator.profile
@@ -17,7 +17,20 @@ include /etc/firejail/whitelist-common.inc
 #Options
 caps.drop all
 netfilter
+#net none                                     
+no3d
+nogroups
 nonewprivs
 noroot
+nosound
 protocol unix,inet,inet6
 seccomp
+shell none
+
+private-bin gnome-calculator
+private-dev
+private-etc fonts
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/hexchat.profile b/etc/hexchat.profile
index 53f447f7e..d24f492d8 100644
--- a/etc/hexchat.profile
+++ b/etc/hexchat.profile
@@ -13,6 +13,7 @@ include /etc/firejail/disable-devel.inc
 
 caps.drop all
 netfilter
+no3d
 nogroups
 nonewprivs
 noroot
@@ -30,3 +31,6 @@ private-bin hexchat
 #debug note: private-bin requires perl, python, etc on some systems
 private-dev
 private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile
index 2ba1a4380..6ff618187 100644
--- a/etc/jd-gui.profile
+++ b/etc/jd-gui.profile
@@ -16,8 +16,19 @@ include /etc/firejail/disable-devel.inc
 
 #Options
 caps.drop all
+net none
 netfilter
+no3d
+nogroups
 nonewprivs
 noroot
-protocol unix,inet,inet6
+nosound
+protocol unix
 seccomp
+shell none
+
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/keepass.profile b/etc/keepass.profile
index d269c3e8a..abe52eca3 100644
--- a/etc/keepass.profile
+++ b/etc/keepass.profile
@@ -15,14 +15,18 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
+netfilter
+no3d
 nogroups
 nonewprivs
 noroot
 nosound
 protocol unix,inet,inet6
 seccomp
-netfilter
 shell none
 
-private-tmp
 private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/keepassx.profile b/etc/keepassx.profile
index 379b8a668..845a1bcc9 100644
--- a/etc/keepassx.profile
+++ b/etc/keepassx.profile
@@ -15,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
 net none
+no3d
 nogroups
 nonewprivs
 noroot
@@ -28,3 +29,6 @@ private-bin keepassx
 private-etc fonts
 private-dev
 private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/keepassx2.profile b/etc/keepassx2.profile
index a21caf3f1..32dddc2fe 100644
--- a/etc/keepassx2.profile
+++ b/etc/keepassx2.profile
@@ -15,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
 net none
+no3d
 nogroups
 nonewprivs
 noroot
@@ -24,6 +25,9 @@ seccomp
 shell none
 
 private-bin keepassx2
-private-etc fonts
 private-dev
+private-etc fonts
 private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile
index 654a30682..369d4a5ae 100644
--- a/etc/keepassxc.profile
+++ b/etc/keepassxc.profile
@@ -16,6 +16,7 @@ include /etc/firejail/disable-passwdmgr.inc
 # To use KeePassHTTP, comment out `net none`
 caps.drop all
 net none
+no3d
 nogroups
 nonewprivs
 noroot
@@ -25,6 +26,9 @@ seccomp
 shell none
 
 private-bin keepassxc
-private-etc fonts
 private-dev
+private-etc fonts
 private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/kodi.profile b/etc/kodi.profile
new file mode 100644
index 000000000..b81b010bf
--- /dev/null
+++ b/etc/kodi.profile
@@ -0,0 +1,27 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/kodi.local
+
+# Firejail profile for kodi
+noblacklist ${HOME}/.kodi
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+tracelog
+
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile
index 685073e7c..fb82195b3 100644
--- a/etc/libreoffice.profile
+++ b/etc/libreoffice.profile
@@ -17,7 +17,11 @@ nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
+shell none
 tracelog
 
 private-dev
 # whitelist /tmp/.X11-unix/
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/lollypop.profile b/etc/lollypop.profile
index 06ed415d6..e84118b9e 100644
--- a/etc/lollypop.profile
+++ b/etc/lollypop.profile
@@ -18,7 +18,17 @@ include /etc/firejail/disable-devel.inc
 #Options
 caps.drop all
 netfilter
+no3d
+nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
+shell none
+
+private-dev
+private-etc fonts
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/meld.profile b/etc/meld.profile
new file mode 100644
index 000000000..4b95b866d
--- /dev/null
+++ b/etc/meld.profile
@@ -0,0 +1,29 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/meld.local
+
+# Firejail profile for meld
+noblacklist ${HOME}/.local/share/meld
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+caps.drop all
+net none
+netfilter
+no3d
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+shell none
+
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/multimc5.profile b/etc/multimc5.profile
index 6b8946be3..12a7646ae 100644
--- a/etc/multimc5.profile
+++ b/etc/multimc5.profile
@@ -26,6 +26,15 @@ include /etc/firejail/whitelist-common.inc
 #Options
 caps.drop all
 netfilter
+nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6
+#seccomp
+shell none
+
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/mumble.profile b/etc/mumble.profile
index d5405a6ae..c5c6a4d1a 100644
--- a/etc/mumble.profile
+++ b/etc/mumble.profile
@@ -18,6 +18,7 @@ include /etc/firejail/whitelist-common.inc
 
 caps.drop all
 netfilter
+no3d
 nonewprivs
 nogroups
 noroot
@@ -28,3 +29,6 @@ tracelog
 
 private-bin mumble
 private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile
index 37adabb39..dfe463c98 100644
--- a/etc/pdfsam.profile
+++ b/etc/pdfsam.profile
@@ -14,8 +14,19 @@ include /etc/firejail/disable-devel.inc
 
 #Options
 caps.drop all
+net none
 netfilter
+no3d
+nogroups
 nonewprivs
 noroot
-protocol unix,inet,inet6
+nosound
+protocol unix
 seccomp
+shell none
+
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/pithos.profile b/etc/pithos.profile
index 500e35989..c25b5772b 100644
--- a/etc/pithos.profile
+++ b/etc/pithos.profile
@@ -17,7 +17,16 @@ include /etc/firejail/whitelist-common.inc
 #Options
 caps.drop all
 netfilter
+no3d
+nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
+shell none
+
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/qtox.profile b/etc/qtox.profile
index 40a959d05..f3158b206 100644
--- a/etc/qtox.profile
+++ b/etc/qtox.profile
@@ -3,7 +3,8 @@
 include /etc/firejail/qtox.local
 
 # qTox instant messaging profile
-noblacklist ${HOME}/.config/tox
+noblacklist ~/.config/tox
+noblacklist ~/.config/qt5ct
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
@@ -11,6 +12,8 @@ include /etc/firejail/disable-passwdmgr.inc
 
 mkdir ${HOME}/.config/tox
 whitelist ${HOME}/.config/tox
+mkdir ${HOME}/.config/qt5ct
+whitelist ${HOME}/.config/qt5ct
 whitelist ${DOWNLOADS}
 
 caps.drop all
diff --git a/etc/ssh.profile b/etc/ssh.profile
index b1ef6b27e..425841399 100644
--- a/etc/ssh.profile
+++ b/etc/ssh.profile
@@ -14,7 +14,18 @@ include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
 netfilter
+no3d
+nogroups
 nonewprivs
 noroot
+nosound
 protocol unix,inet,inet6
 seccomp
+shell none
+tracelog
+
+private-dev
+#private-tmp #Breaks when exiting
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/steam.profile b/etc/steam.profile
index b527589de..536588e4b 100644
--- a/etc/steam.profile
+++ b/etc/steam.profile
@@ -12,7 +12,13 @@ include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
 netfilter
+nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6,netlink
 seccomp
+shell none
+tracelog
+
+private-dev
+private-tmp
diff --git a/etc/totem.profile b/etc/totem.profile
index 0b3942cf0..fadfbb00b 100644
--- a/etc/totem.profile
+++ b/etc/totem.profile
@@ -12,8 +12,18 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
+netfilter
+nogroups
 nonewprivs
 noroot
-netfilter
 protocol unix,inet,inet6
 seccomp
+shell none
+
+private-bin totem
+private-dev
+private-etc fonts
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/viewnior.profile b/etc/viewnior.profile
new file mode 100644
index 000000000..190c04e39
--- /dev/null
+++ b/etc/viewnior.profile
@@ -0,0 +1,30 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/viewnior.local
+
+# Firejail profile for viewnior
+noblacklist ~/.config/viewnior
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+
+blacklist ~/.bashrc
+blacklist ~/.Xauthority
+
+caps.drop all
+net none
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+shell none
+tracelog
+
+private-bin viewnior
+private-dev
+private-etc fonts
+private-tmp
diff --git a/etc/viking.profile b/etc/viking.profile
new file mode 100644
index 000000000..2b68d731c
--- /dev/null
+++ b/etc/viking.profile
@@ -0,0 +1,30 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/viking.local
+
+# Firejail profile for viking
+
+noblacklist ${HOME}/.viking
+noblacklist ${HOME}/.viking-maps
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-devel.inc
+
+caps.drop all
+netfilter
+no3d
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+seccomp
+shell none
+
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/vlc.profile b/etc/vlc.profile
index 0c96f0108..21282dfbd 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -22,3 +22,6 @@ shell none
 private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc
 # private-dev
 private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/wget.profile b/etc/wget.profile
index cd156a376..3ba97d95d 100644
--- a/etc/wget.profile
+++ b/etc/wget.profile
@@ -10,11 +10,11 @@ include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
 netfilter
+no3d
+nogroups
 nonewprivs
 noroot
-nogroups
 nosound
-no3d
 protocol unix,inet,inet6
 seccomp
 shell none
@@ -22,7 +22,9 @@ shell none
 blacklist /tmp/.X11-unix
 
 # private-bin wget
-# private-etc resolv.conf
 private-dev
+# private-etc resolv.conf
 private-tmp
 
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/wireshark.profile b/etc/wireshark.profile
index 90909edf1..dc224b31c 100644
--- a/etc/wireshark.profile
+++ b/etc/wireshark.profile
@@ -18,6 +18,7 @@ include /etc/firejail/disable-passwdmgr.inc
 #protocol unix,inet,inet6,netlink
 
 netfilter
+no3d
 nogroups
 nonewprivs
 nosound
@@ -28,3 +29,6 @@ tracelog
 #private-bin wireshark
 private-dev
 private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/xonotic.profile b/etc/xonotic.profile
index f2690c6c3..6bfb26484 100644
--- a/etc/xonotic.profile
+++ b/etc/xonotic.profile
@@ -23,7 +23,16 @@ include /etc/firejail/whitelist-common.inc
 #Options
 caps.drop all
 netfilter
+nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
+shell none
+
+private-bin xonotic-sdl,xonotic-glx,blind-id
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile
new file mode 100644
index 000000000..720a27af2
--- /dev/null
+++ b/etc/youtube-dl.profile
@@ -0,0 +1,26 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/youtube-dl.local
+
+# Firejail profile for youtube-dl
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-devel.inc
+
+caps.drop all
+netfilter
+no3d
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+seccomp
+shell none
+
+private-dev
+
+noexec ${HOME}
+noexec /tmp
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 5f994128a..0f1f14bf5 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -119,6 +119,7 @@
 /etc/firejail/keepassx2.profile
 /etc/firejail/keepassxc.profile
 /etc/firejail/kmail.profile
+/etc/firejail/kodi.profile
 /etc/firejail/konversation.profile
 /etc/firejail/less.profile
 /etc/firejail/libreoffice.profile
@@ -137,6 +138,7 @@
 /etc/firejail/mathematica.profile
 /etc/firejail/mcabber.profile
 /etc/firejail/mediainfo.profile
+/etc/firejail/meld.profile
 /etc/firejail/midori.profile
 /etc/firejail/mousepad.profile
 /etc/firejail/mpv.profile
@@ -205,6 +207,8 @@
 /etc/firejail/unrar.profile
 /etc/firejail/unzip.profile
 /etc/firejail/uudeview.profile
+/etc/firejail/viewnior.profile
+/etc/firejail/viking.profile
 /etc/firejail/vim.profile
 /etc/firejail/virtualbox.profile
 /etc/firejail/vivaldi.profile
@@ -232,6 +236,7 @@
 /etc/firejail/xviewer.profile
 /etc/firejail/xz.profile
 /etc/firejail/xzdec.profile
+/etc/firejail/youtube-dl.profile
 /etc/firejail/zathura.profile
 /etc/firejail/zoom.profile
 /etc/firejail/wget.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 4a40402d7..dc8df9bac 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -17,6 +17,7 @@ transmission-qt
 transmission-cli
 transmission-show
 uget-gtk
+youtube-dl
 
 # browsers/email
 abrowser
@@ -130,6 +131,7 @@ google-play-music-desktop-player
 gpicview
 img2txt
 k3b
+kodi
 mediainfo
 mediathekview
 mpv
@@ -140,6 +142,7 @@ simple-scan
 skanlite
 spotify
 totem
+viewnior
 vlc
 xfburn
 xmms
@@ -201,11 +204,13 @@ keepass2
 keepassx
 keepassx2
 keepassxc
+meld
 mousepad
 pluma
 Thunar
 thunar
 tracker
+viking
 wireshark
 xiphos
 xed
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index fa66da617..025e715e6 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -113,7 +113,7 @@ static void disable_file(OPERATION op, const char *filename) {
                 else {
                         if (arg_debug) {
                                 if (strcmp(filename, fname))
-                                        printf("Disable %s (requesterd %s)\n", fname, filename);
+                                        printf("Disable %s (requested %s)\n", fname, filename);
                                 else
                                         printf("Disable %s\n", fname);
                         }
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index d24f19da7..70f0388e6 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -23,6 +23,7 @@
 #include <glob.h>
 #include <dirent.h>
 #include <fcntl.h>
+#include <errno.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/wait.h>
@@ -301,7 +302,7 @@ void fs_private(void) {
                 if (mkdir(homedir, S_IRWXU) == -1) {
                         if (mkpath_as_root(homedir) == -1)
                                 errExit("mkpath");
-                        if (mkdir(homedir, S_IRWXU) == -1)
+                        if (mkdir(homedir, S_IRWXU) == -1 && errno != EEXIST)
                                 errExit("mkdir");
                 }
                 if (chown(homedir, u, g) < 0)
diff --git a/test/arguments/arguments.sh b/test/arguments/arguments.sh
index db4c9b472..d9b7058bf 100755
--- a/test/arguments/arguments.sh
+++ b/test/arguments/arguments.sh
@@ -1,6 +1,11 @@
 #!/bin/bash
 
-[ -f argtest ] || make argtest
+if [ -f /etc/debian_version ]; then
+        libdir=$(dirname "$(dpkg -L firejail | grep faudit)")
+        export PATH="$PATH:$libdir"
+else
+        export PATH="$PATH:/usr/lib/firejail"
+fi
 
 echo "TESTING: 1. regular bash session"
 ./bashrun.exp
diff --git a/test/arguments/bashrun.sh b/test/arguments/bashrun.sh
index 0797c92c2..a4773fd6c 100755
--- a/test/arguments/bashrun.sh
+++ b/test/arguments/bashrun.sh
@@ -1,22 +1,22 @@
 #!/bin/bash
 
 echo "TESTING: 1.1 - simple args"
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit arg1 arg2
+firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit arg1 arg2
 
 # simple quotes, testing spaces in file names
 echo "TESTING: 1.2 - args with space and \""
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit "arg1 tail" "arg2 tail"
+firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit "arg1 tail" "arg2 tail"
 
 echo "TESTING: 1.3 - args with space and '"
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit 'arg1 tail' 'arg2 tail'
+firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit 'arg1 tail' 'arg2 tail'
 
 # escaped space in file names
 echo "TESTING: 1.4 - args with space and \\"
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit arg1\ tail arg2\ tail
+firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit arg1\ tail arg2\ tail
 
 # & char appears in URLs - URLs should be quoted
 echo "TESTING: 1.5 - args with & and \""
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit "arg1&tail" "arg2&tail"
+firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit "arg1&tail" "arg2&tail"
 
 echo "TESTING: 1.6 - args with & and '"
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit 'arg1&tail' 'arg2&tail'
+firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit 'arg1&tail' 'arg2&tail'
diff --git a/test/arguments/joinrun.sh b/test/arguments/joinrun.sh
index 2743d823e..3ed166839 100755
--- a/test/arguments/joinrun.sh
+++ b/test/arguments/joinrun.sh
@@ -1,22 +1,22 @@
 #!/bin/bash
 
 echo "TESTING: 3.1 - simple args"
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --join=joinrun /usr/lib/firejail/faudit arg1 arg2
+firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --join=joinrun faudit arg1 arg2
 
 # simple quotes, testing spaces in file names
 echo "TESTING: 3.2 - args with space and \""
-firejail--env=FIREJAIL_TEST_ARGUMENTS=yes  --quiet /usr/lib/firejail/faudit "arg1 tail" "arg2 tail"
+firejail--env=FIREJAIL_TEST_ARGUMENTS=yes  --quiet faudit "arg1 tail" "arg2 tail"
 
 echo "TESTING: 3.3 - args with space and '"
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit 'arg1 tail' 'arg2 tail'
+firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit 'arg1 tail' 'arg2 tail'
 
 # escaped space in file names
 echo "TESTING: 3.4 - args with space and \\"
-firejail--env=FIREJAIL_TEST_ARGUMENTS=yes  --quiet /usr/lib/firejail/faudit arg1\ tail arg2\ tail
+firejail--env=FIREJAIL_TEST_ARGUMENTS=yes  --quiet faudit arg1\ tail arg2\ tail
 
 # & char appears in URLs - URLs should be quoted
 echo "TESTING: 3.5 - args with & and \""
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit "arg1&tail" "arg2&tail"
+firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit "arg1&tail" "arg2&tail"
 
 echo "TESTING: 3.6 - args with & and '"
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit 'arg1&tail' 'arg2&tail'
+firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit 'arg1&tail' 'arg2&tail'
diff --git a/test/arguments/outrun.sh b/test/arguments/outrun.sh
index a21243873..e2b3046d6 100755
--- a/test/arguments/outrun.sh
+++ b/test/arguments/outrun.sh
@@ -1,22 +1,22 @@
 #!/bin/bash
 
 echo "TESTING: 4.1 - simple args"
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out /usr/lib/firejail/faudit arg1 arg2
+firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out faudit arg1 arg2
 
 # simple quotes, testing spaces in file names
 echo "TESTING: 4.2 - args with space and \""
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out /usr/lib/firejail/faudit "arg1 tail" "arg2 tail"
+firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out faudit "arg1 tail" "arg2 tail"
 
 echo "TESTING: 4.3 - args with space and '"
-firejail--env=FIREJAIL_TEST_ARGUMENTS=yes  --output=out /usr/lib/firejail/faudit 'arg1 tail' 'arg2 tail'
+firejail--env=FIREJAIL_TEST_ARGUMENTS=yes  --output=out faudit 'arg1 tail' 'arg2 tail'
 
 # escaped space in file names
 echo "TESTING: 4.4 - args with space and \\"
-firejail--env=FIREJAIL_TEST_ARGUMENTS=yes  --output=out /usr/lib/firejail/faudit arg1\ tail arg2\ tail
+firejail--env=FIREJAIL_TEST_ARGUMENTS=yes  --output=out faudit arg1\ tail arg2\ tail
 
 # & char appears in URLs - URLs should be quoted
 echo "TESTING: 4.5 - args with & and \""
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out /usr/lib/firejail/faudit "arg1&tail" "arg2&tail"
+firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out faudit "arg1&tail" "arg2&tail"
 
 echo "TESTING: 4.6 - args with & and '"
-firejail--env=FIREJAIL_TEST_ARGUMENTS=yes  --output=out /usr/lib/firejail/faudit 'arg1&tail' 'arg2&tail'
+firejail--env=FIREJAIL_TEST_ARGUMENTS=yes  --output=out faudit 'arg1&tail' 'arg2&tail'
diff --git a/test/environment/csh.exp b/test/environment/csh.exp
index bd0cf8c86..89de94b3c 100755
--- a/test/environment/csh.exp
+++ b/test/environment/csh.exp
@@ -14,7 +14,7 @@ expect {
 }
 sleep 1
 
-send -- "find /home\r"
+send -- "find ~\r"
 expect {
         timeout {puts "TESTING ERROR 1\n";exit}
         ".cshrc"
diff --git a/test/environment/zsh.exp b/test/environment/zsh.exp
index 4380f476c..1b6cdcdc5 100755
--- a/test/environment/zsh.exp
+++ b/test/environment/zsh.exp
@@ -14,7 +14,7 @@ expect {
 }
 sleep 1
 
-send -- "find /home\r"
+send -- "find ~\r"
 expect {
         timeout {puts "TESTING ERROR 1\n";exit}
         ".zshrc"
diff --git a/test/fcopy/cmdline.exp b/test/fcopy/cmdline.exp
index 10dd8da58..798c9e718 100755
--- a/test/fcopy/cmdline.exp
+++ b/test/fcopy/cmdline.exp
@@ -7,7 +7,7 @@ set timeout 10
 spawn $env(SHELL)
 match_max 100000
 
-send -- "/usr/lib/firejail/fcopy\r"
+send -- "fcopy\r"
 expect {
         timeout {puts "TESTING ERROR 0\n";exit}
         "arguments missing"
@@ -18,7 +18,7 @@ expect {
 }
 after 100
 
-send -- "/usr/lib/firejail/fcopy foo\r"
+send -- "fcopy foo\r"
 expect {
         timeout {puts "TESTING ERROR 2\n";exit}
         "arguments missing"
@@ -29,14 +29,14 @@ expect {
 }
 after 100
 
-send -- "/usr/lib/firejail/fcopy f%oo1 foo2\r"
+send -- "fcopy f%oo1 foo2\r"
 expect {
         timeout {puts "TESTING ERROR 4\n";exit}
         "invalid source file name"
 }
 after 100
 
-send -- "/usr/lib/firejail/fcopy foo1 f,oo2\r"
+send -- "fcopy foo1 f,oo2\r"
 expect {
         timeout {puts "TESTING ERROR 5\n";exit}
         "invalid dest file name"
diff --git a/test/fcopy/dircopy.exp b/test/fcopy/dircopy.exp
index 573f454c8..e8462ae82 100755
--- a/test/fcopy/dircopy.exp
+++ b/test/fcopy/dircopy.exp
@@ -13,7 +13,7 @@ match_max 100000
 send -- "rm -fr dest/*\r"
 after 100
 
-send -- "/usr/lib/firejail/fcopy src dest\r"
+send -- "fcopy src dest\r"
 after 100
 
 send -- "find dest\r"
diff --git a/test/fcopy/fcopy.sh b/test/fcopy/fcopy.sh
index 0ae50399a..d122eff5d 100755
--- a/test/fcopy/fcopy.sh
+++ b/test/fcopy/fcopy.sh
@@ -6,6 +6,13 @@
 export MALLOC_CHECK_=3
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
 
+if [ -f /etc/debian_version ]; then
+        libdir=$(dirname "$(dpkg -L firejail | grep fcopy)")
+        export PATH="$PATH:$libdir"
+else
+        export PATH="$PATH:/usr/lib/firejail"
+fi
+
 mkdir dest
 
 echo "TESTING: fcopy cmdline (test/fcopy/cmdline.exp)"
diff --git a/test/fcopy/filecopy.exp b/test/fcopy/filecopy.exp
index e0d959c32..824a22bba 100755
--- a/test/fcopy/filecopy.exp
+++ b/test/fcopy/filecopy.exp
@@ -13,7 +13,7 @@ match_max 100000
 send -- "rm -fr dest/*\r"
 after 100
 
-send -- "/usr/lib/firejail/fcopy dircopy.exp dest\r"
+send -- "fcopy dircopy.exp dest\r"
 after 100
 
 send -- "find dest\r"
diff --git a/test/fcopy/linkcopy.exp b/test/fcopy/linkcopy.exp
index beceb3675..46ee327cb 100755
--- a/test/fcopy/linkcopy.exp
+++ b/test/fcopy/linkcopy.exp
@@ -13,7 +13,7 @@ match_max 100000
 send -- "rm -fr dest/*\r"
 after 100
 
-send -- "/usr/lib/firejail/fcopy src/dircopy.exp dest\r"
+send -- "fcopy src/dircopy.exp dest\r"
 after 100
 
 send -- "find dest\r"
diff --git a/test/filters/filters.sh b/test/filters/filters.sh
index 4996e6d66..59d7d7e7f 100755
--- a/test/filters/filters.sh
+++ b/test/filters/filters.sh
@@ -6,6 +6,13 @@
 export MALLOC_CHECK_=3
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
 
+if [ -f /etc/debian_version ]; then
+        libdir=$(dirname "$(dpkg -L firejail | grep fseccomp)")
+        export PATH="$PATH:$libdir"
+else
+        export PATH="$PATH:/usr/lib/firejail"
+fi
+
 echo "TESTING: debug options (test/filters/debug.exp)"
 ./debug.exp
 
diff --git a/test/filters/fseccomp.exp b/test/filters/fseccomp.exp
index 4d876df08..433524680 100755
--- a/test/filters/fseccomp.exp
+++ b/test/filters/fseccomp.exp
@@ -8,39 +8,39 @@ spawn $env(SHELL)
 match_max 100000
 
 after 100
-send -- "/usr/lib/firejail/fseccomp debug-syscalls\r"
+send -- "fseccomp debug-syscalls\r"
 expect {
         timeout {puts "TESTING ERROR 1\n";exit}
         "1      - write"
 }
 
 after 100
-send -- "/usr/lib/firejail/fseccomp debug-errnos\r"
+send -- "fseccomp debug-errnos\r"
 expect {
         timeout {puts "TESTING ERROR 2\n";exit}
         "1      - EPERM"
 }
 
 after 100
-send -- "/usr/lib/firejail/fseccomp debug-protocols\r"
+send -- "fseccomp debug-protocols\r"
 expect {
         timeout {puts "TESTING ERROR 3\n";exit}
         "unix, inet, inet6, netlink, packet,"
 }
 
 after 100
-send -- "/usr/lib/firejail/fseccomp protocol build unix,inet seccomp-test-file\r"
+send -- "fseccomp protocol build unix,inet seccomp-test-file\r"
 after 100
-send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r"
+send -- "fseccomp print seccomp-test-file\r"
 expect {
         timeout {puts "TESTING ERROR 4.1\n";exit}
         "WHITELIST 41 socket"
 }
 
 after 100
-send -- "/usr/lib/firejail/fseccomp secondary 64 seccomp-test-file\r"
+send -- "fseccomp secondary 64 seccomp-test-file\r"
 after 100
-send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r"
+send -- "fseccomp print seccomp-test-file\r"
 expect {
         timeout {puts "TESTING ERROR 5.1\n";exit}
         "BLACKLIST 165 mount"
@@ -55,9 +55,9 @@ expect {
 }
 
 after 100
-send -- "/usr/lib/firejail/fseccomp default seccomp-test-file\r"
+send -- "fseccomp default seccomp-test-file\r"
 after 100
-send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r"
+send -- "fseccomp print seccomp-test-file\r"
 expect {
         timeout {puts "TESTING ERROR 6.1\n";exit}
         "BLACKLIST 165 mount"
@@ -72,9 +72,9 @@ expect {
 }
 
 after 100
-send -- "/usr/lib/firejail/fseccomp drop seccomp-test-file chmod,chown\r"
+send -- "fseccomp drop seccomp-test-file chmod,chown\r"
 after 100
-send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r"
+send -- "fseccomp print seccomp-test-file\r"
 expect {
         timeout {puts "TESTING ERROR 7.1\n";exit}
         "BLACKLIST 165 mount" {puts "TESTING ERROR 7.2\n";exit}
@@ -91,9 +91,9 @@ expect {
 }
 
 after 100
-send -- "/usr/lib/firejail/fseccomp default drop seccomp-test-file chmod,chown\r"
+send -- "fseccomp default drop seccomp-test-file chmod,chown\r"
 after 100
-send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r"
+send -- "fseccomp print seccomp-test-file\r"
 expect {
         timeout {puts "TESTING ERROR 8.1\n";exit}
         "BLACKLIST 165 mount"
@@ -115,9 +115,9 @@ expect {
         "RETURN_ALLOW"
 }
 after 100
-send -- "/usr/lib/firejail/fseccomp keep seccomp-test-file chmod,chown\r"
+send -- "fseccomp keep seccomp-test-file chmod,chown\r"
 after 100
-send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r"
+send -- "fseccomp print seccomp-test-file\r"
 expect {
         timeout {puts "TESTING ERROR 9.1\n";exit}
         "WHITELIST 90 chmod"
diff --git a/test/fs/mkdir_mkfile.exp b/test/fs/mkdir_mkfile.exp
index 28a5ae459..1faa913e0 100755
--- a/test/fs/mkdir_mkfile.exp
+++ b/test/fs/mkdir_mkfile.exp
@@ -16,11 +16,7 @@ expect {
 }
 sleep 1
 
-send -- "find ~\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "_firejail_test_file"
-}
+send -- "find ~ | LC_ALL=C sort\r"
 expect {
         timeout {puts "TESTING ERROR 1\n";exit}
         "_firejail_test_dir"
@@ -41,6 +37,10 @@ expect {
         timeout {puts "TESTING ERROR 1\n";exit}
         "_firejail_test_dir/dir1/dir2/dir3/file1"
 }
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "_firejail_test_file"
+}
 after 100
 send -- "exit\r"
 after 100
diff --git a/test/fs/private-home-dir.exp b/test/fs/private-home-dir.exp
index 77baeeb5f..9c97ff4ea 100755
--- a/test/fs/private-home-dir.exp
+++ b/test/fs/private-home-dir.exp
@@ -41,7 +41,11 @@ expect {
 }
 after 100
 
-send -- "ls -al ~\r"
+send -- "find ~ | LC_ALL=C sort\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        ".Xauthority"
+}
 expect {
         timeout {puts "TESTING ERROR 2\n";exit}
         ".asoundrc"
@@ -50,10 +54,6 @@ expect {
         timeout {puts "TESTING ERROR 3\n";exit}
         ".bashrc"
 }
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        ".Xauthority"
-}
 after 100
 
 send -- "exit\r"
diff --git a/test/fs/private.exp b/test/fs/private.exp
index c7059079d..e522ca5a1 100755
--- a/test/fs/private.exp
+++ b/test/fs/private.exp
@@ -37,18 +37,18 @@ expect {
 }
 after 100
 
-send -- "ls -al ~\r"
+send -- "find ~ | LC_ALL=C sort\r"
 expect {
         timeout {puts "TESTING ERROR 2\n";exit}
-        ".asoundrc"
+        ".Xauthority"
 }
 expect {
         timeout {puts "TESTING ERROR 3\n";exit}
-        ".bashrc"
+        ".asoundrc"
 }
 expect {
         timeout {puts "TESTING ERROR 4\n";exit}
-        ".Xauthority"
+        ".bashrc"
 }
 after 100
 
diff --git a/test/fs/whitelist-double.exp b/test/fs/whitelist-double.exp
index dd2336ce1..ac6adc165 100755
--- a/test/fs/whitelist-double.exp
+++ b/test/fs/whitelist-double.exp
@@ -32,10 +32,10 @@ expect {
         "123"
 }
 
-send -- "rm /tmp/firejal-deleteme\r"
+send -- "rm -v /tmp/firejal-deleteme\r"
 expect {
         timeout {puts "TESTING ERROR 3\n";exit}
-        "0"
+        "removed"
 }
 after 100
 
diff --git a/test/fs/whitelist-empty.exp b/test/fs/whitelist-empty.exp
index e1c3ffb4a..9e4406263 100755
--- a/test/fs/whitelist-empty.exp
+++ b/test/fs/whitelist-empty.exp
@@ -14,36 +14,36 @@ expect {
 }
 sleep 1
 
-send -- "ls -l ~/ | wc -l\r"
+send -- "ls -l ~\r"
 expect {
         timeout {puts "TESTING ERROR 1\n";exit}
         "0"
 }
 
-send -- "ls -l /tmp | wc -l\r"
+send -- "ls -l /tmp\r"
 expect {
         timeout {puts "TESTING ERROR 2\n";exit}
         "0"
 }
 
-send -- "ls -l /media | wc -l\r"
+send -- "ls -l /media\r"
 expect {
         timeout {puts "TESTING ERROR 3\n";exit}
         "0"
 }
 
-send -- "ls -l /var | wc -l\r"
+send -- "ls -l /var\r"
 expect {
         timeout {puts "TESTING ERROR 4\n";exit}
         "0"
 }
 
-send -- "ls -l /dev | wc -l\r"
+send -- "ls -l /dev\r"
 expect {
         timeout {puts "TESTING ERROR 5\n";exit}
         "0"
 }
-send -- "ls -l /opt | wc -l\r"
+send -- "ls -l /opt\r"
 expect {
         timeout {puts "TESTING ERROR 6\n";exit}
         "0"
diff --git a/test/network/4bridges_arp.exp b/test/network/4bridges_arp.exp
index 80760eb3a..e84ec719c 100755
--- a/test/network/4bridges_arp.exp
+++ b/test/network/4bridges_arp.exp
@@ -150,22 +150,26 @@ expect {
 send -- "ip route show\r"
 expect {
         timeout {puts "TESTING ERROR 10.2\n";exit}
-        "10.10.20.0/29 dev eth0  proto kernel  scope link"
+        "10.10.20.0/29 dev eth0  proto kernel  scope link" {puts "old iproute2\n";}
+        "10.10.20.0/29 dev eth0 proto kernel scope link" {puts "new iproute2\n";}
 }
 send -- "ip route show\r"
 expect {
         timeout {puts "TESTING ERROR 10.2\n";exit}
-        "10.10.30.0/24 dev eth1  proto kernel  scope link"
+        "10.10.30.0/24 dev eth1  proto kernel  scope link" {puts "old iproute2\n";}
+        "10.10.30.0/24 dev eth1 proto kernel scope link" {puts "new iproute2\n";}
 }
 send -- "ip route show\r"
 expect {
         timeout {puts "TESTING ERROR 10.2\n";exit}
-        "10.10.40.0/24 dev eth2  proto kernel  scope link"
+        "10.10.40.0/24 dev eth2  proto kernel  scope link" {puts "old iproute2\n";}
+        "10.10.40.0/24 dev eth2 proto kernel scope link" {puts "new iproute2\n";}
 }
 send -- "ip route show\r"
 expect {
         timeout {puts "TESTING ERROR 10.2\n";exit}
-        "10.10.50.0/24 dev eth3  proto kernel  scope link"
+        "10.10.50.0/24 dev eth3  proto kernel  scope link" {puts "old iproute2\n";}
+        "10.10.50.0/24 dev eth3 proto kernel scope link" {puts "new iproute2\n";}
 }
 send -- "exit\r"
 after 100
diff --git a/test/network/4bridges_ip.exp b/test/network/4bridges_ip.exp
index 5e136926b..74a1e5d68 100755
--- a/test/network/4bridges_ip.exp
+++ b/test/network/4bridges_ip.exp
@@ -150,25 +150,29 @@ expect {
 send -- "ip route show\r"
 expect {
         timeout {puts "TESTING ERROR 10.2\n";exit}
-        "10.10.20.0/29 dev eth0  proto kernel  scope link"
+        "10.10.20.0/29 dev eth0  proto kernel  scope link" {puts "old iproute2\n";}
+        "10.10.20.0/29 dev eth0 proto kernel scope link" {puts "new iproute2\n";}
 }
 
 send -- "ip route show\r"
 expect {
         timeout {puts "TESTING ERROR 10.3\n";exit}
-        "10.10.30.0/24 dev eth1  proto kernel  scope link  src 10.10.30.50"
+        "10.10.30.0/24 dev eth1  proto kernel  scope link  src 10.10.30.50" {puts "old iproute2\n";}
+        "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50" {puts "new iproute2\n";}
 }
 
 send -- "ip route show\r"
 expect {
         timeout {puts "TESTING ERROR 10.4\n";exit}
-        "10.10.40.0/24 dev eth2  proto kernel  scope link  src 10.10.40.100"
+        "10.10.40.0/24 dev eth2  proto kernel  scope link  src 10.10.40.100" {puts "old iproute2\n";}
+        "10.10.40.0/24 dev eth2  proto kernel scope link src 10.10.40.100" {puts "new iproute2\n";}
 }
 
 send -- "ip route show\r"
 expect {
         timeout {puts "TESTING ERROR 10.5\n";exit}
-        "10.10.50.0/24 dev eth3  proto kernel  scope link"
+        "10.10.50.0/24 dev eth3  proto kernel  scope link" {puts "old iproute2\n";}
+        "10.10.50.0/24 dev eth3 proto kernel scope link" {puts "new iproute2\n";}
 }
 
 send -- "exit\r"
diff --git a/test/network/interface.exp b/test/network/interface.exp
index bd8777c33..638e6d32b 100755
--- a/test/network/interface.exp
+++ b/test/network/interface.exp
@@ -27,8 +27,9 @@ expect {
         "eth0.5"
 }
 expect {
-        timeout {puts "TESTING ERROR 2n";exit}
-        "Link"
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Link" {puts "old net-tools\n";}
+        "flags" {puts "new net-tools\n";}
 }
 expect {
         timeout {puts "TESTING ERROR 3\n";exit}
@@ -47,7 +48,8 @@ expect {
 }
 expect {
         timeout {puts "TESTING ERROR 6\n";exit}
-        "Link"
+        "Link" {puts "old net-tools\n";}
+        "flags" {puts "new net-tools\n";}
 }
 expect {
         timeout {puts "TESTING ERROR 7\n";exit}
diff --git a/test/network/net_defaultgw.exp b/test/network/net_defaultgw.exp
index c7178616a..763eee38e 100755
--- a/test/network/net_defaultgw.exp
+++ b/test/network/net_defaultgw.exp
@@ -41,7 +41,8 @@ expect {
 send -- "ip route show\r"
 expect {
         timeout {puts "TESTING ERROR 10.2\n";exit}
-        "10.10.20.0/29 dev eth0  proto kernel  scope link"
+        "10.10.20.0/29 dev eth0  proto kernel  scope link" {puts "old iproute2\n";}
+        "10.10.20.0/29 dev eth0 proto kernel scope link" {puts "new iproute2\n";}
 }
 send -- "exit\r"
 after 100
diff --git a/test/network/net_defaultgw2.exp b/test/network/net_defaultgw2.exp
index 088dfeee8..e7483c921 100755
--- a/test/network/net_defaultgw2.exp
+++ b/test/network/net_defaultgw2.exp
@@ -29,13 +29,15 @@ expect {
 send -- "ip route show\r"
 expect {
         timeout {puts "TESTING ERROR 10.2\n";exit}
-        "10.10.20.0/29 dev eth0  proto kernel  scope link"
+        "10.10.20.0/29 dev eth0  proto kernel  scope link" {puts "old iproute2\n";}
+        "10.10.20.0/29 dev eth0 proto kernel scope link" {puts "new iproute2\n";}
 }
 
 send -- "ip route show\r"
 expect {
         timeout {puts "TESTING ERROR 10.3\n";exit}
-        "10.10.30.0/24 dev eth1  proto kernel  scope link"
+        "10.10.30.0/24 dev eth1  proto kernel  scope link" {puts "old iproute2\n";}
+        "10.10.30.0/24 dev eth1 proto kernel scope link" {puts "new iproute2\n";}
 }
 send -- "exit\r"
 after 100
diff --git a/test/network/net_ip.exp b/test/network/net_ip.exp
index c6b84781c..8ec676dd1 100755
--- a/test/network/net_ip.exp
+++ b/test/network/net_ip.exp
@@ -67,7 +67,8 @@ expect {
 send -- "ip route show\r"
 expect {
         timeout {puts "TESTING ERROR 10\n";exit}
-        "10.10.20.0/29 dev eth0  proto kernel  scope link"
+        "10.10.20.0/29 dev eth0  proto kernel  scope link" {puts "old iproute2\n";}
+        "10.10.20.0/29 dev eth0 proto kernel scope link" {puts "new iproute2\n";}
 }
 send -- "exit\r"
 after 100
diff --git a/test/network/net_profile.exp b/test/network/net_profile.exp
index febbcfcd7..b3bc9b441 100755
--- a/test/network/net_profile.exp
+++ b/test/network/net_profile.exp
@@ -38,13 +38,15 @@ sleep 1
 send -- "ip route show\r"
 expect {
         timeout {puts "TESTING ERROR 1\n";exit}
-        "10.10.30.0/24 dev eth1  proto kernel  scope link  src 10.10.30.50"
+        "10.10.30.0/24 dev eth1  proto kernel  scope link  src 10.10.30.50" {puts "old iproute2\n";}
+        "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50" {puts "new iproute2\n";}
 }
 
 send -- "ip route show\r"
 expect {
         timeout {puts "TESTING ERROR 2\n";exit}
-        "10.10.40.0/24 dev eth2  proto kernel  scope link  src 10.10.40.100"
+        "10.10.40.0/24 dev eth2  proto kernel  scope link  src 10.10.40.100" {puts "old iproute2\n";}
+        "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100" {puts "new iproute2\n";}
 }
 
 
diff --git a/test/utils/audit.exp b/test/utils/audit.exp
index 566493947..f0c1906a0 100755
--- a/test/utils/audit.exp
+++ b/test/utils/audit.exp
@@ -35,7 +35,7 @@ expect {
 after 100
 
 
-send -- "firejail --audit=/usr/lib/firejail/faudit\r"
+send -- "firejail --audit\r"
 expect {
         timeout {puts "TESTING ERROR 6\n";exit}
         "Firejail Audit"