39 files changed, 724 insertions, 20 deletions

diff --git a/README.md b/README.md
index 720a25d31..63609b86d 100644
--- a/README.md
+++ b/README.md
@@ -178,4 +178,4 @@ Run ./profstats -h for help.
 ### New profiles:
 
 gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal,
-gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnome-pomodoro, gnome-todo, kmplayer, penguin-command, x2goclient, frogatto, gnome-mines, gnome-nibbles, lightsoff, ts3client_runscript.sh, warmux, ferdi, abiword, four-in-a-row, gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin, gnome-tetravex
+gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnome-pomodoro, gnome-todo, kmplayer, penguin-command, x2goclient, frogatto, gnome-mines, gnome-nibbles, lightsoff, ts3client_runscript.sh, warmux, ferdi, abiword, four-in-a-row, gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin, gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars, hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless, mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers, seahorse-adventures, wordwarvi, xbill, gnome-klotski, five-or-more, swell-foop
diff --git a/RELNOTES b/RELNOTES
index 247a3ebe6..e60dc9d5a 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -18,7 +18,11 @@ firejail (0.9.63) baseline; urgency=low
   * new profiles: frogatto, gnome-mines, gnome-nibbles, lightsoff, warmux
   * new profiles: ts3client_runscript.sh, ferdi, abiword, four-in-a-row
   * new profiles: gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin
-  * new profiles: gnome-tetravex
+  * new profiles: gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars
+  * new profiles: hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless
+  * new profiles: mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers
+  * new profiles: seahorse-adventures, wordwarvi, xbill, gnome-klotski, five-or-more
+  * new profiles: swell-foop
 
 firejail (0.9.62) baseline; urgency=low
   * added file-copy-limit in /etc/firejail/firejail.config
diff --git a/etc/blobwars.profile b/etc/blobwars.profile
new file mode 100644
index 000000000..c0fa5ab91
--- /dev/null
+++ b/etc/blobwars.profile
@@ -0,0 +1,47 @@
+# Firejail profile for blobwars
+# Description: Mission and Objective based 2D Platform Game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include blobwars.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.parallelrealities/blobwars
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.parallelrealities/blobwars
+whitelist ${HOME}/.parallelrealities/blobwars
+whitelist /usr/share/blobwars
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,netlink
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-bin blobwars
+private-cache
+private-dev
+private-etc machine-id
+private-tmp
diff --git a/etc/dig.profile b/etc/dig.profile
index 270a95c05..f283db962 100644
--- a/etc/dig.profile
+++ b/etc/dig.profile
@@ -25,6 +25,7 @@ include disable-xdg.inc
 #mkfile ${HOME}/.digrc -- see #903
 whitelist ${HOME}/.digrc
 include whitelist-common.inc
+include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
@@ -32,6 +33,7 @@ apparmor
 caps.drop all
 ipc-namespace
 machine-id
+memory-deny-write-execute
 netfilter
 no3d
 nodbus
@@ -49,7 +51,6 @@ shell none
 tracelog
 
 disable-mnt
-private
 private-bin bash,dig,sh
 private-dev
 # Uncomment the next line (or put 'private-lib' in your dig.local) on non Debian/Ubuntu OS (see issue #3038)
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 5bb2f851a..afedd0966 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -10,6 +10,7 @@ blacklist ${HOME}/SoftMaker
 blacklist ${HOME}/Standard Notes Backups
 blacklist ${HOME}/TeamSpeak3-Client-linux_x86
 blacklist ${HOME}/TeamSpeak3-Client-linux_amd64
+blacklist ${HOME}/hyperrogue.ini
 blacklist ${HOME}/mps
 blacklist ${HOME}/wallet.dat
 blacklist ${HOME}/.*coin
@@ -410,6 +411,7 @@ blacklist ${HOME}/.jak
 blacklist ${HOME}/.java
 blacklist ${HOME}/.jd
 blacklist ${HOME}/.jitsi
+blacklist ${HOME}/.jumpnbump
 blacklist ${HOME}/.kde/share/apps/digikam
 blacklist ${HOME}/.kde/share/apps/gwenview
 blacklist ${HOME}/.kde/share/apps/kaffeine
@@ -532,6 +534,7 @@ blacklist ${HOME}/.local/share/epiphany
 blacklist ${HOME}/.local/share/evolution
 blacklist ${HOME}/.local/share/feedreader
 blacklist ${HOME}/.local/share/feral-interactive
+blacklist ${HOME}/.local/share/five-or-more
 blacklist ${HOME}/.local/share/freecol
 blacklist ${HOME}/.local/share/gajim
 blacklist ${HOME}/.local/share/geary
@@ -541,6 +544,7 @@ blacklist ${HOME}/.local/share/gitg
 blacklist ${HOME}/.local/share/gnome-2048
 blacklist ${HOME}/.local/share/gnome-chess
 blacklist ${HOME}/.local/share/gnome-builder
+blacklist ${HOME}/.local/share/gnome-klotski
 blacklist ${HOME}/.local/share/gnome-latex
 blacklist ${HOME}/.local/share/gnome-mines
 blacklist ${HOME}/.local/share/gnome-music
@@ -574,6 +578,7 @@ blacklist ${HOME}/.local/share/kwrite
 blacklist ${HOME}/.local/share/liferea
 blacklist ${HOME}/.local/share/local-mail
 blacklist ${HOME}/.local/share/lollypop
+blacklist ${HOME}/.local/share/love
 blacklist ${HOME}/.local/share/lugaru
 blacklist ${HOME}/.local/share/mana
 blacklist ${HOME}/.local/share/maps-places.json
@@ -609,6 +614,7 @@ blacklist ${HOME}/.local/share/spotify
 blacklist ${HOME}/.local/share/steam
 blacklist ${HOME}/.local/share/supertux2
 blacklist ${HOME}/.local/share/supertuxkart
+blacklist ${HOME}/.local/share/swell-foop
 blacklist ${HOME}/.local/share/telepathy
 blacklist ${HOME}/.local/share/terasology
 blacklist ${HOME}/.local/share/torbrowser
@@ -624,12 +630,14 @@ blacklist ${HOME}/.local/share/xplayer
 blacklist ${HOME}/.local/share/xreader
 blacklist ${HOME}/.local/share/zathura
 blacklist ${HOME}/.lv2
+blacklist ${HOME}/.magicor
 blacklist ${HOME}/.masterpdfeditor
 blacklist ${HOME}/.mcabber
 blacklist ${HOME}/.mcabberrc
 blacklist ${HOME}/.mediathek3
 blacklist ${HOME}/.megaglest
 blacklist ${HOME}/.minetest
+blacklist ${HOME}/.mirrormagic
 blacklist ${HOME}/.moonchild productions/basilisk
 blacklist ${HOME}/.moonchild productions/pale moon
 blacklist ${HOME}/.mozilla
@@ -655,6 +663,7 @@ blacklist ${HOME}/.openttd
 blacklist ${HOME}/.opera
 blacklist ${HOME}/.opera-beta
 blacklist ${HOME}/.ostrichriders
+blacklist ${HOME}/.parallelrealities/blobwars
 blacklist ${HOME}/.penguin-command
 blacklist ${HOME}/.pingus
 blacklist ${HOME}/.pioneer
@@ -681,6 +690,7 @@ blacklist ${HOME}/.steampid
 blacklist ${HOME}/.stellarium
 blacklist ${HOME}/.subversion
 blacklist ${HOME}/.surf
+blacklist ${HOME}/.swb.ini
 blacklist ${HOME}/.sword
 blacklist ${HOME}/.sylpheed-2.0
 blacklist ${HOME}/.synfig
@@ -716,6 +726,7 @@ blacklist ${HOME}/.widelands
 blacklist ${HOME}/.wine
 blacklist ${HOME}/.wine64
 blacklist ${HOME}/.wireshark
+blacklist ${HOME}/.wordwarvi
 blacklist ${HOME}/.wormux
 blacklist ${HOME}/.xiphos
 blacklist ${HOME}/.xmind
diff --git a/etc/five-or-more.profile b/etc/five-or-more.profile
new file mode 100644
index 000000000..8e07d2453
--- /dev/null
+++ b/etc/five-or-more.profile
@@ -0,0 +1,19 @@
+# Firejail profile for five-or-more
+# Description: GNOME port of the once-popular Colour Lines game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include five-or-more.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.local/share/five-or-more
+
+mkdir ${HOME}/.local/share/five-or-more
+whitelist ${HOME}/.local/share/five-or-more
+
+whitelist /usr/share/five-or-more
+
+private-bin five-or-more
+
+# Redirect
+include gnome_games-common.profile
diff --git a/etc/four-in-a-row.profile b/etc/four-in-a-row.profile
index b468c3435..29f6d1370 100644
--- a/etc/four-in-a-row.profile
+++ b/etc/four-in-a-row.profile
@@ -1,5 +1,5 @@
 # Firejail profile for four-in-a-row
-# Description: Sliding tile puzzle game
+# Description: four-in-a-row game for GNOME
 # This file is overwritten after every install/update
 # Persistent local customizations
 include four-in-a-row.local
diff --git a/etc/gnome-klotski.profile b/etc/gnome-klotski.profile
new file mode 100644
index 000000000..69b4b0341
--- /dev/null
+++ b/etc/gnome-klotski.profile
@@ -0,0 +1,17 @@
+# Firejail profile for gnome-klotski
+# Description: Sliding block puzzles game for GNOME
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gnome-klotski.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.local/share/gnome-klotski
+
+mkdir ${HOME}/.local/share/gnome-klotski
+whitelist ${HOME}/.local/share/gnome-klotski
+
+private-bin gnome-klotski
+
+# Redirect
+include gnome_games-common.profile
diff --git a/etc/gnome-mahjongg.profile b/etc/gnome-mahjongg.profile
index 653c5f949..04aee8494 100644
--- a/etc/gnome-mahjongg.profile
+++ b/etc/gnome-mahjongg.profile
@@ -1,5 +1,5 @@
 # Firejail profile for gnome-mahjongg
-# Description: Sliding tile puzzle game
+# Description: A matching game played with Mahjongg tiles
 # This file is overwritten after every install/update
 # Persistent local customizations
 include gnome-mahjongg.local
diff --git a/etc/gnome-mines.profile b/etc/gnome-mines.profile
index 9cae75524..9209b9ac3 100644
--- a/etc/gnome-mines.profile
+++ b/etc/gnome-mines.profile
@@ -1,5 +1,5 @@
 # Firejail profile for gnome-mines
-# Description: Sliding tile puzzle game
+# Description: The popular logic puzzle minesweeper
 # This file is overwritten after every install/update
 # Persistent local customizations
 include gnome-mines.local
diff --git a/etc/gnome-nibbles.profile b/etc/gnome-nibbles.profile
index 4e42b6b15..5d4241c80 100644
--- a/etc/gnome-nibbles.profile
+++ b/etc/gnome-nibbles.profile
@@ -1,5 +1,5 @@
 # Firejail profile for gnome-nibbles
-# Description: Sliding tile puzzle game
+# Description: A worm game for GNOME
 # This file is overwritten after every install/update
 # Persistent local customizations
 include gnome-nibbles.local
diff --git a/etc/gnome-robots.profile b/etc/gnome-robots.profile
index 888324a5c..b720bddd3 100644
--- a/etc/gnome-robots.profile
+++ b/etc/gnome-robots.profile
@@ -1,5 +1,5 @@
 # Firejail profile for gnome-robots
-# Description: Sliding tile puzzle game
+# Description: Based on classic BSD Robots
 # This file is overwritten after every install/update
 # Persistent local customizations
 include gnome-robots.local
diff --git a/etc/gnome-sudoku.profile b/etc/gnome-sudoku.profile
index b41bccd1e..fb50723ce 100644
--- a/etc/gnome-sudoku.profile
+++ b/etc/gnome-sudoku.profile
@@ -1,5 +1,5 @@
 # Firejail profile for gnome-sudoku
-# Description: Sliding tile puzzle game
+# Description: puzzle game for the popular Japanese sudoku logic puzzle
 # This file is overwritten after every install/update
 # Persistent local customizations
 include gnome-sudoku.local
diff --git a/etc/gnome-taquin.profile b/etc/gnome-taquin.profile
index efd64d455..83683918e 100644
--- a/etc/gnome-taquin.profile
+++ b/etc/gnome-taquin.profile
@@ -1,5 +1,5 @@
 # Firejail profile for gnome-taquin
-# Description: Sliding tile puzzle game
+# Description: A sliding puzzle game for GNOME
 # This file is overwritten after every install/update
 # Persistent local customizations
 include gnome-taquin.local
diff --git a/etc/gnome-tetravex.profile b/etc/gnome-tetravex.profile
index e9622539c..032242f54 100644
--- a/etc/gnome-tetravex.profile
+++ b/etc/gnome-tetravex.profile
@@ -1,5 +1,5 @@
 # Firejail profile for gnome-tetravex
-# Description: Sliding tile puzzle game
+# Description: A simple puzzle game for GNOME
 # This file is overwritten after every install/update
 # Persistent local customizations
 include gnome-tetravex.local
diff --git a/etc/gravity-beams-and-evaporating-stars.profile b/etc/gravity-beams-and-evaporating-stars.profile
new file mode 100644
index 000000000..a0ffa0d88
--- /dev/null
+++ b/etc/gravity-beams-and-evaporating-stars.profile
@@ -0,0 +1,44 @@
+# Firejail profile for gravity-beams-and-evaporating-stars
+# Description: a game about hurling asteroids into the sun
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gravity-beams-and-evaporating-stars.local
+# Persistent global definitions
+include globals.local
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+whitelist /usr/share/gravity-beams-and-evaporating-stars
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private
+private-bin gravity-beams-and-evaporating-stars
+private-cache
+private-dev
+private-etc fonts,machine-id
+private-tmp
diff --git a/etc/hyperrogue.profile b/etc/hyperrogue.profile
new file mode 100644
index 000000000..e6b385de9
--- /dev/null
+++ b/etc/hyperrogue.profile
@@ -0,0 +1,48 @@
+# Firejail profile for hyperrogue
+# Description: An SDL roguelike in a non-euclidean world
+# This file is overwritten after every install/update
+# Persistent local customizations
+include hyperrogue.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/hyperrogue.ini
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+mkfile ${HOME}/hyperrogue.ini
+whitelist ${HOME}/hyperrogue.ini
+whitelist /usr/share/hyperrogue
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-bin hyperrogue
+private-cache
+private-cwd ${HOME}
+private-dev
+private-etc fonts,machine-id
+private-tmp
diff --git a/etc/jumpnbump-menu.profile b/etc/jumpnbump-menu.profile
new file mode 100644
index 000000000..b1852b015
--- /dev/null
+++ b/etc/jumpnbump-menu.profile
@@ -0,0 +1,15 @@
+# Firejail profile for jumpnbump-menu
+# Description: Level selection and config menu for the Jump 'n Bump game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include jumpnbump-menu.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+include allow-python3.inc
+
+private-bin jumpnbump-menu,python3*
+
+# Redirect
+include jumpnbump.profile
diff --git a/etc/jumpnbump.profile b/etc/jumpnbump.profile
new file mode 100644
index 000000000..c8167e1dc
--- /dev/null
+++ b/etc/jumpnbump.profile
@@ -0,0 +1,47 @@
+# Firejail profile for jumpnbump
+# Description: Cute multiplayer platform game with bunnies
+# This file is overwritten after every install/update
+# Persistent local customizations
+include jumpnbump.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.jumpnbump
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.jumpnbump
+whitelist ${HOME}/.jumpnbump
+whitelist /usr/share/jumpnbump
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,netlink
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-bin jumpnbump
+private-cache
+private-dev
+private-etc none
+private-tmp
diff --git a/etc/lightsoff.profile b/etc/lightsoff.profile
index 65c8bd78d..27185709a 100644
--- a/etc/lightsoff.profile
+++ b/etc/lightsoff.profile
@@ -1,5 +1,5 @@
 # Firejail profile for lightsoff
-# Description: Sliding tile puzzle game
+# Description: GNOME Lightsoff game
 # This file is overwritten after every install/update
 # Persistent local customizations
 include lightsoff.local
diff --git a/etc/magicor.profile b/etc/magicor.profile
new file mode 100644
index 000000000..c34e7b6f2
--- /dev/null
+++ b/etc/magicor.profile
@@ -0,0 +1,49 @@
+# Firejail profile for magicor
+# Description: Push ice blocks around to extinguish all fires
+# This file is overwritten after every install/update
+# Persistent local customizations
+include magicor.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.magicor
+
+# Allow python (blacklisted by disable-interpreters.inc)
+include allow-python2.inc
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.magicor
+whitelist ${HOME}/.magicor
+whitelist /usr/share/magicor
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-bin magicor,python2*
+private-cache
+private-dev
+private-etc machine-id
+private-tmp
diff --git a/etc/mindless.profile b/etc/mindless.profile
new file mode 100644
index 000000000..4f33404eb
--- /dev/null
+++ b/etc/mindless.profile
@@ -0,0 +1,48 @@
+# Firejail profile for mindless
+# Description: figure out the secret code
+# This file is overwritten after every install/update
+# Persistent local customizations
+include mindless.local
+# Persistent global definitions
+include globals.local
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+whitelist /usr/share/mindless
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+machine-id
+net none
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private
+private-bin mindless
+private-cache
+private-dev
+private-etc fonts
+private-tmp
+
+memory-deny-write-execute
diff --git a/etc/mirrormagic.profile b/etc/mirrormagic.profile
new file mode 100644
index 000000000..8892ca94d
--- /dev/null
+++ b/etc/mirrormagic.profile
@@ -0,0 +1,48 @@
+# Firejail profile for mirrormagic
+# Description: Puzzle game where you steer a beam of light using mirrors
+# This file is overwritten after every install/update
+# Persistent local customizations
+include mirrormagic.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.mirrormagic
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.mirrormagic
+whitelist ${HOME}/.mirrormagic
+whitelist /usr/share/mirrormagic
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,netlink
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private
+private-bin mirrormagic
+private-cache
+private-dev
+private-etc machine-id
+private-tmp
diff --git a/etc/mrrescue.profile b/etc/mrrescue.profile
new file mode 100644
index 000000000..869a162f8
--- /dev/null
+++ b/etc/mrrescue.profile
@@ -0,0 +1,47 @@
+# Firejail profile for mrrescue
+# Description: Arcade-style fire fighting game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include mrrescue.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.local/share/love
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.local/share/love
+whitelist ${HOME}/.local/share/love
+whitelist /usr/share/mrrescue
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,netlink
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-bin love,mrrescue,sh
+private-cache
+private-dev
+private-etc machine-id
+private-tmp
diff --git a/etc/mumble.profile b/etc/mumble.profile
index 94ccbad0c..a16934806 100644
--- a/etc/mumble.profile
+++ b/etc/mumble.profile
@@ -34,7 +34,7 @@ nogroups
 nonewprivs
 noroot
 notv
-protocol unix,inet,inet6
+protocol unix,inet,inet6,netlink
 seccomp
 shell none
 tracelog
diff --git a/etc/nslookup.profile b/etc/nslookup.profile
index 4aa1cfcbf..9ed6ef1e9 100644
--- a/etc/nslookup.profile
+++ b/etc/nslookup.profile
@@ -21,6 +21,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
+whitelist ${HOME}/.nslookuprc
+include whitelist-common.inc
+include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
@@ -28,6 +31,7 @@ apparmor
 caps.drop all
 ipc-namespace
 machine-id
+memory-deny-write-execute
 netfilter
 no3d
 nodbus
@@ -45,7 +49,6 @@ shell none
 tracelog
 
 disable-mnt
-private
 private-bin bash,nslookup,sh
 private-dev
 private-tmp
diff --git a/etc/scorched3d-wrapper.profile b/etc/scorched3d-wrapper.profile
new file mode 100644
index 000000000..3eed8842b
--- /dev/null
+++ b/etc/scorched3d-wrapper.profile
@@ -0,0 +1,5 @@
+# Firejail profile for scorched3d
+# This file is overwritten after every install/update
+
+# Redirect
+include scorched3d.profile
diff --git a/etc/scorchwentbonkers.profile b/etc/scorchwentbonkers.profile
new file mode 100644
index 000000000..fcb3d5f29
--- /dev/null
+++ b/etc/scorchwentbonkers.profile
@@ -0,0 +1,47 @@
+# Firejail profile for scorchwentbonkers
+# Description: Realtime remake of Scorched Earth
+# This file is overwritten after every install/update
+# Persistent local customizations
+include scorchwentbonkers.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.swb.ini
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.swb.ini
+whitelist ${HOME}/.swb.ini
+whitelist /usr/share/scorchwentbonkers
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-bin scorchwentbonkers
+private-cache
+private-dev
+private-etc alsa,asound.conf,machine-id,pulse
+private-tmp
diff --git a/etc/seahorse-adventures.profile b/etc/seahorse-adventures.profile
new file mode 100644
index 000000000..5fd654eed
--- /dev/null
+++ b/etc/seahorse-adventures.profile
@@ -0,0 +1,48 @@
+# Firejail profile for seahorse-adventures
+# Description: Help barbie the seahorse float on bubbles to the moon
+# This file is overwritten after every install/update
+# Persistent local customizations
+include seahorse-adventures.local
+# Persistent global definitions
+include globals.local
+
+# Allow python (blacklisted by disable-interpreters.inc)
+include allow-python2.inc
+include allow-python3.inc
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+whitelist /usr/share/seahorse-adventures
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private
+private-bin python*,seahorse-adventures
+private-cache
+private-dev
+private-etc machine-id
+private-tmp
diff --git a/etc/slack.profile b/etc/slack.profile
index 9a10e38fe..b2828fcb1 100644
--- a/etc/slack.profile
+++ b/etc/slack.profile
@@ -19,16 +19,12 @@ whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-var-common.inc
 
-caps.drop all
+caps.keep sys_admin,sys_chroot
 netfilter
 nodvd
 nogroups
-nonewprivs
-noroot
 notv
 nou2f
-protocol unix,inet,inet6,netlink
-seccomp !chroot
 shell none
 
 disable-mnt
@@ -36,4 +32,3 @@ private-bin locale,slack
 private-cache
 private-dev
 private-etc alternatives,asound.conf,ca-certificates,crypto-policies,debian_version,fedora-release,fonts,group,ld.so.cache,ld.so.conf,localtime,machine-id,os-release,passwd,pki,pulse,redhat-release,resolv.conf,ssl,system-release,system-release-cpe
-private-tmp
diff --git a/etc/ssh.profile b/etc/ssh.profile
index cbd59c6e0..a69fdb0f5 100644
--- a/etc/ssh.profile
+++ b/etc/ssh.profile
@@ -12,6 +12,7 @@ noblacklist /tmp/ssh-*
 noblacklist ${HOME}/.ssh
 # nc can be used as ProxyCommand, e.g. when using tor
 noblacklist ${PATH}/nc
+noblacklist ${PATH}/ncat
 
 include disable-common.inc
 include disable-exec.inc
diff --git a/etc/steam.profile b/etc/steam.profile
index c6f0ca145..ef927ba89 100644
--- a/etc/steam.profile
+++ b/etc/steam.profile
@@ -36,29 +36,37 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
+mkdir ${HOME}/.config/unity3d
 mkdir ${HOME}/.killingfloor
 mkdir ${HOME}/.local/share/3909/PapersPlease
 mkdir ${HOME}/.local/share/aspyr-media
 mkdir ${HOME}/.local/share/cdprojektred
 mkdir ${HOME}/.local/share/feral-interactive
+mkdir ${HOME}/.local/share/Paradox Interactive
 mkdir ${HOME}/.local/share/Steam
 mkdir ${HOME}/.local/share/SuperHexagon
 mkdir ${HOME}/.local/share/Terraria
 mkdir ${HOME}/.local/share/vpltd
 mkdir ${HOME}/.local/share/vulkan
+mkdir ${HOME}/.mbwarband
+mkdir ${HOME}/.paradoxinteractive
 mkdir ${HOME}/.steam
 mkfile ${HOME}/.steampath
 mkfile ${HOME}/.steampid
+whitelist ${HOME}/.config/unity3d
 whitelist ${HOME}/.killingfloor
 whitelist ${HOME}/.local/share/3909/PapersPlease
 whitelist ${HOME}/.local/share/aspyr-media
 whitelist ${HOME}/.local/share/cdprojektred
 whitelist ${HOME}/.local/share/feral-interactive
+whitelist ${HOME}/.local/share/Paradox Interactive
 whitelist ${HOME}/.local/share/Steam
 whitelist ${HOME}/.local/share/SuperHexagon
 whitelist ${HOME}/.local/share/Terraria
 whitelist ${HOME}/.local/share/vpltd
 whitelist ${HOME}/.local/share/vulkan
+whitelist ${HOME}/.mbwarband
+whitelist ${HOME}/.paradoxinteractive
 whitelist ${HOME}/.steam
 whitelist ${HOME}/.steampath
 whitelist ${HOME}/.steampid
diff --git a/etc/swell-foop.profile b/etc/swell-foop.profile
new file mode 100644
index 000000000..127d413ad
--- /dev/null
+++ b/etc/swell-foop.profile
@@ -0,0 +1,19 @@
+# Firejail profile for swell-foop
+# Description: GNOME colored tiles puzzle game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include swell-foop.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.local/share/swell-foop
+
+mkdir ${HOME}/.local/share/swell-foop
+whitelist ${HOME}/.local/share/swell-foop
+
+whitelist /usr/share/swell-foop
+
+private-bin swell-foop
+
+# Redirect
+include gnome_games-common.profile
diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile
index 1e623f9ce..489de67bb 100644
--- a/etc/unknown-horizons.profile
+++ b/etc/unknown-horizons.profile
@@ -16,10 +16,14 @@ include disable-programs.inc
 mkdir ${HOME}/.unknown-horizons
 whitelist ${HOME}/.unknown-horizons
 include whitelist-common.inc
+include whitelist-runuser-common.inc
+whitelist /usr/share/unknown-horizons
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
 apparmor
 caps.drop all
+# memory-deny-write-execute - doesn't work
 nodvd
 nogroups
 nonewprivs
diff --git a/etc/whitelist-usr-share-common.inc b/etc/whitelist-usr-share-common.inc
index 8a0f6774a..193b00a2a 100644
--- a/etc/whitelist-usr-share-common.inc
+++ b/etc/whitelist-usr-share-common.inc
@@ -50,6 +50,7 @@ whitelist /usr/share/qt4
 whitelist /usr/share/qt5
 whitelist /usr/share/sounds
 whitelist /usr/share/tcl8.6
+whitelist /usr/share/tcltk
 whitelist /usr/share/terminfo
 whitelist /usr/share/texlive
 whitelist /usr/share/texmf
diff --git a/etc/wordwarvi.profile b/etc/wordwarvi.profile
new file mode 100644
index 000000000..ea750e172
--- /dev/null
+++ b/etc/wordwarvi.profile
@@ -0,0 +1,49 @@
+# Firejail profile for wordwarvi
+# Description: Old school '80's style side scrolling space shoot'em up game.
+# This file is overwritten after every install/update
+# Persistent local customizations
+include wordwarvi.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.wordwarvi
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.wordwarvi
+whitelist ${HOME}/.wordwarvi
+whitelist /usr/share/wordwarvi
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+net none
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private
+private-bin wordwarvi
+private-cache
+private-dev
+private-etc alsa,asound.conf,machine-id,pulse
+private-tmp
diff --git a/etc/xbill.profile b/etc/xbill.profile
new file mode 100644
index 000000000..fc29dced6
--- /dev/null
+++ b/etc/xbill.profile
@@ -0,0 +1,51 @@
+# Firejail profile for xbill
+# Description: save your computers from Wingdows [TM] virus
+# This file is overwritten after every install/update
+# Persistent local customizations
+include xbill.local
+# Persistent global definitions
+include globals.local
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+whitelist /usr/share/xbill
+whitelist /var/games/xbill/scores
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+machine-id
+net none
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private
+private-bin xbill
+private-cache
+private-dev
+private-etc none
+private-tmp
+
+memory-deny-write-execute
+read-only ${HOME}
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index e79fd4b14..9d9d4012a 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -80,6 +80,7 @@ bleachbit
 blender
 blender-2.8
 bless
+blobwars
 bluefish
 bnox
 brackets
@@ -212,6 +213,7 @@ firefox-esr
 firefox-nightly
 firefox-wayland
 firefox-x11
+five-or-more
 flacsplt
 flameshot
 flashpeak-slimjet
@@ -271,6 +273,7 @@ gnome-contacts
 gnome-documents
 gnome-font-viewer
 gnome-hexgl
+gnome-klotski
 gnome-latex
 gnome-logs
 gnome-mahjongg
@@ -309,6 +312,7 @@ gpicview
 gpredict
 gradio
 gramps
+gravity-beams-and-evaporating-stars
 gthumb
 guayadeque
 gucharmap
@@ -322,6 +326,7 @@ hexchat
 highlight
 host
 hugin
+hyperrogue
 iagno
 icecat
 icedove
@@ -341,6 +346,8 @@ jd-gui
 jdownloader
 jerry
 jitsi
+jumpnbump
+jumpnbump-menu
 k3b
 kaffeine
 kalgebra
@@ -409,6 +416,7 @@ lximage-qt
 lxmusic
 lynx
 macrofusion
+magicor
 manaplus
 masterpdfeditor
 masterpdfeditor4
@@ -429,7 +437,9 @@ mendeleydesktop
 meteo-qt
 midori
 min
+mindless
 minetest
+mirrormagic
 mousepad
 mp3splt
 mp3splt-gtk
@@ -449,6 +459,7 @@ mpg123-strip
 mplayer
 mpsyt
 mpv
+mrrescue
 ms-excel
 ms-office
 ms-onenote
@@ -578,9 +589,12 @@ runenpass.sh
 sayonara
 scallion
 scorched3d
+scorched3d-wrapper
+scorchwentbonkers
 scribus
 sdat2img
 seahorse
+seahorse-adventures
 seahorse-daemon
 seahorse-tool
 seamonkey
@@ -620,6 +634,7 @@ subdownloader
 supertux2
 supertuxkart
 surf
+swell-foop
 sylpheed
 synfigstudio
 sysprof
@@ -735,7 +750,9 @@ wireshark-qt
 wpp
 wps
 wpspdf
+wordwarvi
 x2goclient
+xbill
 xcalc
 xchat
 xed
diff --git a/src/profstats/main.c b/src/profstats/main.c
index 7c6bfce9d..ac02c69bc 100644
--- a/src/profstats/main.c
+++ b/src/profstats/main.c
@@ -38,6 +38,7 @@ static int cnt_whitelistvar = 0;	// include whitelist-var-common.inc
 static int cnt_whitelistrunuser = 0;    // include whitelist-runuser-common.inc
 static int cnt_whitelistusrshare = 0;   // include whitelist-usr-share-common.inc
 static int cnt_ssh = 0;
+static int cnt_mdwx = 0;
 
 static int level = 0;
 static int arg_debug = 0;
@@ -51,6 +52,7 @@ static int arg_whitelistvar = 0;
 static int arg_whitelistrunuser = 0;
 static int arg_whitelistusrshare = 0;
 static int arg_ssh = 0;
+static int arg_mdwx = 0;
 
 static char *profile = NULL;
 
@@ -66,6 +68,7 @@ static void usage(void) {
         printf("   --private-dev - print profiles without private-dev\n");
         printf("   --private-tmp - print profiles without private-tmp\n");
         printf("   --seccomp - print profiles without seccomp\n");
+        printf("   --memory-deny-write-execute - profile without it\n");
         printf("   --whitelist-var - print profiles without \"include whitelist-var-common.inc\"\n");
         printf("   --whitelist-runuser - print profiles without \"include whitelist-runuser-common.inc\"\n");
         printf("   --whitelist-usrshare - print profiles without \"include whitelist-usr-share-common.inc\"\n");
@@ -114,6 +117,8 @@ void process_file(const char *fname) {
                         cnt_whitelistusrshare++;
                 else if (strncmp(ptr, "include disable-common.inc", 26) == 0)
                         cnt_ssh++;
+                else if (strncmp(ptr, "memory-deny-write-execute", 25) == 0)
+                        cnt_mdwx++;
                 else if (strncmp(ptr, "net none", 8) == 0)
                         cnt_netnone++;
                 else if (strncmp(ptr, "apparmor", 8) == 0)
@@ -161,6 +166,8 @@ int main(int argc, char **argv) {
                         arg_caps = 1;
                 else if (strcmp(argv[i], "--seccomp") == 0)
                         arg_seccomp = 1;
+                else if (strcmp(argv[i], "--memory-deny-write-execute") == 0)
+                        arg_mdwx = 1;
                 else if (strcmp(argv[i], "--noexec") == 0)
                         arg_noexec = 1;
                 else if (strcmp(argv[i], "--private-dev") == 0)
@@ -205,6 +212,7 @@ int main(int argc, char **argv) {
                 int whitelistrunuser = cnt_whitelistrunuser;
                 int whitelistusrshare = cnt_whitelistusrshare;
                 int ssh = cnt_ssh;
+                int mdwx = cnt_mdwx;
 
                 // process file
                 profile = argv[i];
@@ -242,6 +250,8 @@ int main(int argc, char **argv) {
                         printf("No include whitelist-usr-share-common.inc found in %s\n", argv[i]);
                 if (arg_ssh && ssh == cnt_ssh)
                         printf("No include disable-common.inc found in %s\n", argv[i]);
+                if (arg_mdwx && mdwx == cnt_mdwx)
+                        printf("No memory-deny-write-execute found in %s\n", argv[i]);
 
                 assert(level == 0);
         }
@@ -255,6 +265,7 @@ int main(int argc, char **argv) {
         printf("    seccomp\t\t\t%d\n", cnt_seccomp);
         printf("    capabilities\t\t%d\n", cnt_caps);
         printf("    noexec\t\t\t%d   (include disable-exec.inc)\n", cnt_noexec);
+        printf("    memory-deny-write-execute\t%d\n", cnt_mdwx);
         printf("    apparmor\t\t\t%d\n", cnt_apparmor);
         printf("    private-dev\t\t\t%d\n", cnt_privatedev);
         printf("    private-tmp\t\t\t%d\n", cnt_privatetmp);