5 files changed, 36 insertions, 40 deletions

diff --git a/README b/README
index 65eeccd03..6cab5bd7a 100644
--- a/README
+++ b/README
@@ -25,6 +25,33 @@ Reiner Herrmann (https://github.com/reinerh)
         - clang-analyzer fixes
         - Debian reproducible build
         - unit testing framework
+Aleksey Manevich (https://github.com/manevich)
+        - several profile fixes
+        - fix problem with relative path in storage_find function
+        - fix build for systems without bash
+        - fix double quotes/single quotes problem
+Fred-Barclay (https://github.com/Fred-Barclay)
+        - added Vivaldi, Atril profiles
+        - added PaleMoon profile
+        - split Icedove and Thunderbird profiles
+        - added 0ad profile
+        - fixed version for .deb packages
+        - added Warzone2100 profile
+        - blacklisted VeraCrypt
+        - added Gpredict profile
+        - added Aweather, Stellarium profiles
+        - fixed HexChat and Atril profiles
+        - fixed disable-common.inc for mate-terminal
+        - blacklisted escape-happy terminals in disable-common.inc
+        - blacklisted g++
+        - added xplayer, xreader, and xviewer profiles
+        - added Brave profile
+        - added Gitter profile
+        - various organising
+        - added LibreOffice profile
+        - added pix profile
+        - added audacity profile
+        - fixed Telegram and qtox profiles
 Jaykishan Mutkawoa (https://github.com/jmutkawoa)
         - cpio profile
 Paupiah Yash (https://github.com/CaffeinatedStud)
@@ -80,27 +107,6 @@ Joan Figueras (https://github.com/figue)
         - added abrowser profile
         - added Google-Play-Music-Desktop-Player
         - added cyberfox profile
-Fred-Barclay (https://github.com/Fred-Barclay)
-        - added Vivaldi, Atril profiles
-        - added PaleMoon profile
-        - split Icedove and Thunderbird profiles
-        - added 0ad profile
-        - fixed version for .deb packages
-        - added Warzone2100 profile
-        - blacklisted VeraCrypt
-        - added Gpredict profile
-        - added Aweather, Stellarium profiles
-        - fixed HexChat and Atril profiles
-        - fixed disable-common.inc for mate-terminal
-        - blacklisted escape-happy terminals in disable-common.inc
-        - blacklisted g++
-        - added xplayer, xreader, and xviewer profiles
-        - added Brave profile
-        - added Gitter profile
-        - various organising
-        - added LibreOffice profile
-        - added pix profile
-        - added audacity profile
 Petter Reinholdtsen (pere@hungry.com)
         - Opera profile patch
 n1trux (https://github.com/n1trux)
@@ -131,10 +137,6 @@ Tom Mellor (https://github.com/kalegrill)
 Martin Carpenter (https://github.com/mcarpenter)
         - security audit and bug fixes
         - Centos 6.x support
-Aleksey Manevich (https://github.com/manevich)
-        - several profile fixes
-        - fix problem with relative path in storage_find function
-        - fix build for systems without bash
 pszxzsd (https://github.com/pszxzsd)
         -uGet profile
 Rahiel Kasim (https://github.com/rahiel)
diff --git a/etc/Telegram.profile b/etc/Telegram.profile
index 8e91e426b..2e0f97821 100644
--- a/etc/Telegram.profile
+++ b/etc/Telegram.profile
@@ -1,13 +1,2 @@
 # Telegram IRC profile
-noblacklist ${HOME}/.TelegramDesktop
-include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-programs.inc
-include /etc/firejail/disable-devel.inc
-
-caps.drop all
-netfilter
-nonewprivs
-noroot
-protocol unix,inet,inet6
-seccomp
-
+include /etc/firejail/telegram.profile
diff --git a/etc/qtox.profile b/etc/qtox.profile
index 3a19efa3a..39f900748 100644
--- a/etc/qtox.profile
+++ b/etc/qtox.profile
@@ -3,6 +3,7 @@ noblacklist ${HOME}/.config/tox
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
 
 mkdir ${HOME}/.config/tox
 whitelist ${HOME}/.config/tox
@@ -10,7 +11,11 @@ whitelist ${DOWNLOADS}
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
+netfilter
 nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
+shell none
+tracelog
+
diff --git a/src/firejail/join.c b/src/firejail/join.c
index aba8f064b..47d31669d 100644
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@@ -62,9 +62,9 @@ static void extract_command(int argc, char **argv, int index) {
         *cfg.command_line = '\0';
         for (i = index; i < argc; i++) {
                 if (strchr(argv[i], '&')) {
-                        strcat(cfg.command_line, "\"");
+                        strcat(cfg.command_line, "\'");
                         strcat(cfg.command_line, argv[i]);
-                        strcat(cfg.command_line, "\" ");
+                        strcat(cfg.command_line, "\' ");
                 }
                 else {
                         strcat(cfg.command_line, argv[i]);
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 6faec9109..7b956bf64 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -2005,7 +2005,7 @@ int main(int argc, char **argv) {
                                 sprintf(ptr1, "%s ", argv[i + prog_index]);
                         }
                         else {
-                                sprintf(ptr1, "\"%s\" ", argv[i + prog_index]);
+                                sprintf(ptr1, "\'%s\' ", argv[i + prog_index]);
                         }
                         sprintf(ptr2, "%s ", argv[i + prog_index]);