11 files changed, 20 insertions, 20 deletions

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index f61e19fdc..f1167b78b 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -62,7 +62,7 @@ jobs:
     - name: install dependencies
       run: sudo apt-get install gcc-12 libapparmor-dev libselinux1-dev expect xzdec whois
     - name: configure
-      run: CC=gcc-12 ./configure --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux --prefix=/usr
+      run: CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux
     - name: make
       run: make
     - name: make install
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index af590e2e1..6dcb40e67 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -9,8 +9,8 @@ build_ubuntu_package:
     image: ubuntu:rolling
     script:
         - apt-get update -qq
-        - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian pkg-config python3 gawk
-        - ./configure --prefix=/usr && make deb && dpkg -i firejail*.deb
+        - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config python3 gawk
+        - ./configure && make deb && dpkg -i firejail*.deb
         - command -V firejail && firejail --version
         - python3 contrib/sort.py etc/profile-*/*.profile etc/inc/*.inc
 
@@ -18,8 +18,8 @@ build_debian_package:
     image: debian:stretch
     script:
         - apt-get update -qq
-        - apt-get install -y -qq build-essential lintian pkg-config gawk
-        - ./configure --prefix=/usr && make deb && dpkg -i firejail*.deb
+        - apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config gawk
+        - ./configure && make deb && dpkg -i firejail*.deb
         - command -V firejail && firejail --version
 
 build_redhat_package:
@@ -49,14 +49,14 @@ build_src_package:
         - command -V firejail && firejail --version
         # - python3 contrib/sort.py etc/*.{profile,inc}
 
-build_apparmor:
+build_no_apparmor:
     image: ubuntu:latest
     script:
         - apt-get update -qq
-        - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config gawk
-        - ./configure && make deb-apparmor && dpkg -i firejail*.deb
+        - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian pkg-config gawk
+        - ./configure && make dist && ./mkdeb.sh --disable-apparmor && dpkg -i firejail*.deb
         - command -V firejail && firejail --version
-        - firejail --version | grep -F 'AppArmor support is enabled'
+        - firejail --version | grep -F 'AppArmor support is disabled'
 
 debian_ci:
     image: registry.salsa.debian.org/salsa-ci-team/ci-image-git-buildpackage:latest
diff --git a/Makefile b/Makefile
index ad6c39001..d7e2eb209 100644
--- a/Makefile
+++ b/Makefile
@@ -340,10 +340,6 @@ asc: config.mk
 deb: dist config.sh
         ./mkdeb.sh
 
-.PHONY: deb-apparmor
-deb-apparmor: dist config.sh
-        env EXTRA_VERSION=-apparmor ./mkdeb.sh --enable-apparmor
-
 .PHONY: test-compile
 test-compile: dist config.mk
         cd test/compile; ./compile.sh $(TARNAME)-$(VERSION)
diff --git a/README b/README
index 697f398fe..86bd8cb63 100644
--- a/README
+++ b/README
@@ -34,7 +34,7 @@ $ sudo apt-get install git build-essential libapparmor-dev pkg-config gawk
 For --selinux option, add libselinux1-dev (libselinux-devel for Fedora).
 
 We build our release firejail.tar.xz and firejail.deb packages using the following command:
-$ make distclean && ./configure && make deb-apparmor
+$ make distclean && ./configure && make deb
 
 
 Maintainer:
@@ -329,6 +329,8 @@ Dara Adib (https://github.com/daradib)
         - linphone profile fix
 Dario Pellegrini (https://github.com/dpellegr)
         - allowing links in netns
+David Fetter (https://github.com/davidfetter)
+        - bump up copyright years
 David Thole (https://github.com/TheDarkTrumpet)
         - added profile for teams-for-linux
 Davide Beatrici (https://github.com/davidebeatrici)
diff --git a/contrib/update_deb.sh b/contrib/update_deb.sh
index 26be5484e..aaefc38a8 100755
--- a/contrib/update_deb.sh
+++ b/contrib/update_deb.sh
@@ -15,7 +15,7 @@ cd firejail
 sed -i "s/# restricted-network .*/restricted-network yes/" \
     etc/firejail.config
 
-make deb-apparmor
+make deb
 sudo dpkg -i firejail*.deb
 echo "Firejail updated."
 cd ..
diff --git a/etc/inc/whitelist-usr-share-common.inc b/etc/inc/whitelist-usr-share-common.inc
index bb0bcd050..dcf941004 100644
--- a/etc/inc/whitelist-usr-share-common.inc
+++ b/etc/inc/whitelist-usr-share-common.inc
@@ -29,6 +29,7 @@ whitelist /usr/share/gtk-engines
 whitelist /usr/share/gtksourceview-3.0
 whitelist /usr/share/gtksourceview-4
 whitelist /usr/share/hunspell
+whitelist /usr/share/hyphen
 whitelist /usr/share/hwdata
 whitelist /usr/share/icons
 whitelist /usr/share/icu
diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
index f4533b537..6177b52c0 100644
--- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
+++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
@@ -2,7 +2,7 @@
 # Description: Simple and modern GTK eBook reader
 # This file is overwritten after every install/update
 # Persistent local customizations
-include foliate.local
+include com.github.johnfactotum.Foliate.local
 # Persistent global definitions
 include globals.local
 
@@ -28,7 +28,6 @@ whitelist ${HOME}/.local/share/com.github.johnfactotum.Foliate
 whitelist ${DOCUMENTS}
 whitelist ${DOWNLOADS}
 whitelist /usr/share/com.github.johnfactotum.Foliate
-whitelist /usr/share/hyphen
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/open-invaders.profile b/etc/profile-m-z/open-invaders.profile
index f6b070ab3..498a4f6c8 100644
--- a/etc/profile-m-z/open-invaders.profile
+++ b/etc/profile-m-z/open-invaders.profile
@@ -35,6 +35,7 @@ seccomp
 
 private-bin open-invaders
 private-dev
+private-etc @x11
 private-tmp
 
 dbus-user none
diff --git a/etc/profile-m-z/simutrans.profile b/etc/profile-m-z/simutrans.profile
index 6ba735556..f88ae65c8 100644
--- a/etc/profile-m-z/simutrans.profile
+++ b/etc/profile-m-z/simutrans.profile
@@ -35,6 +35,7 @@ seccomp
 
 # private-bin simutrans
 private-dev
+private-etc @games,@x11
 private-tmp
 
 dbus-user none
diff --git a/mkdeb.sh b/mkdeb.sh
index ee00f19ba..edb16fb93 100755
--- a/mkdeb.sh
+++ b/mkdeb.sh
@@ -25,7 +25,7 @@ echo "*****************************************"
 tar -xJvf "$CODE_ARCHIVE"
 #mkdir -p "$INSTALL_DIR"
 cd "$CODE_DIR"
-./configure --prefix=/usr "$@"
+./configure --prefix=/usr --enable-apparmor "$@"
 make -j2
 mkdir debian
 DESTDIR=debian make install-strip
diff --git a/test/environment/rlimit-join.exp b/test/environment/rlimit-join.exp
index 903377e11..c71dad27e 100755
--- a/test/environment/rlimit-join.exp
+++ b/test/environment/rlimit-join.exp
@@ -8,7 +8,7 @@ cd /home
 spawn $env(SHELL)
 match_max 100000
 
-send --  "firejail --noprofile --name=\"rlimit testing\"\r"
+send --  "firejail --noprofile --name=\"rlimittesting\"\r"
 expect {
         timeout {puts "TESTING ERROR 0\n";exit}
         -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
@@ -16,7 +16,7 @@ expect {
 sleep 1
 
 spawn $env(SHELL)
-send --  "firejail --rlimit-nofile=1234 --join=\"rlimit testing\"\r"
+send --  "firejail --rlimit-nofile=1234 --join=\"rlimittesting\"\r"
 expect {
         timeout {puts "TESTING ERROR 1\n";exit}
         "Switching to pid"