40 files changed, 457 insertions, 158 deletions

diff --git a/README b/README
index b85aa0208..8cd2f6c7a 100644
--- a/README
+++ b/README
@@ -303,6 +303,9 @@ James Elford (https://github.com/jelford)
         - blacklist sensitive cloud provider files in disable-common
 Jean Lucas (https://github.com/flacks)
         - fix Discord profile
+        - add AnyDesk profile
+        - add WebStorm profile
+        - add XMind profile
 Jericho (https://github.com/attritionorg)
         - spelling
 Jesse Smith (https://github.com/slicer69)
diff --git a/README.md b/README.md
index e072231f4..2718c4d79 100644
--- a/README.md
+++ b/README.md
@@ -369,4 +369,5 @@ tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon, gnome-builder, lobase, asun
 gnome-recipes, akonadi_control, evince-previewer, evince-thumbnailer, blender-2.8,
 thunderbird-beta, ncdu, gnome-logs, gcloud, musixmatch, gunzip, bunzip2, enchant,
 enchant-2, enchant-lsmod, enchant-lsmod-2, Discord, acat, adiff, als, apack, arepack,
-aunpack profiles, ppsspp, scallion, clion, baloo_filemetadata_temp_extractor
+aunpack profiles, ppsspp, scallion, clion, baloo_filemetadata_temp_extractor,
+AnyDesk, webstorm, xmind
diff --git a/RELNOTES b/RELNOTES
index 03e0bf41e..3d03e659c 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -43,7 +43,7 @@ firejail (0.9.53) baseline; urgency=low
   * new profiles: musixmatch, gunzip, bunzip2, enchant-lsmod, enchant-lsmod-2,
   * new profiles: enchant, enchant-2, Discord, acat, adiff, als, apack,
   * new profiles: arepack, aunpack profiles, ppsspp, scallion, clion,
-  * new profiles: baloo_filemetadata_temp_extractor
+  * new profiles: baloo_filemetadata_temp_extractor, AnyDesk, webstorm, xmind
  -- netblue30 <netblue30@yahoo.com>  Thu, 1 Mar 2018 08:00:00 -0500
 
 firejail (0.9.52) baseline; urgency=low
diff --git a/etc/XMind.profile b/etc/XMind.profile
new file mode 100644
index 000000000..ff6258ca2
--- /dev/null
+++ b/etc/XMind.profile
@@ -0,0 +1,38 @@
+# Firejail profile for XMind
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/XMind.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+noblacklist ${HOME}/.xmind
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+mkdir ${HOME}/.xmind
+whitelist ${HOME}/.xmind
+whitelist ${DOWNLOADS}
+include /etc/firejail/whitelist-common.inc
+
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+protocol unix,inet,inet6
+seccomp
+shell none
+
+disable-mnt
+private-bin XMind,sh,cp
+private-tmp
+private-dev
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/android-studio.profile b/etc/android-studio.profile
index b87635ce3..5ff0b7c3a 100644
--- a/etc/android-studio.profile
+++ b/etc/android-studio.profile
@@ -32,7 +32,6 @@ protocol unix,inet,inet6
 seccomp
 shell none
 
-private-dev
 # private-tmp
 
 # noexec /tmp breaks 'Android Profiler'
diff --git a/etc/anydesk.profile b/etc/anydesk.profile
new file mode 100644
index 000000000..17e083f4e
--- /dev/null
+++ b/etc/anydesk.profile
@@ -0,0 +1,34 @@
+# Firejail profile for AnyDesk
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/anydesk.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+noblacklist ${HOME}/.anydesk
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-interpreters.inc
+
+mkdir ${HOME}/.anydesk
+whitelist ${HOME}/.anydesk
+include /etc/firejail/whitelist-common.inc
+
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+protocol unix,inet,inet6
+seccomp
+shell none
+
+disable-mnt
+private-bin anydesk
+private-dev
+private-tmp
diff --git a/etc/baloo_filemetadata_temp_extractor.profile b/etc/baloo_filemetadata_temp_extractor.profile
index 6d09ecf40..87f2949e6 100644
--- a/etc/baloo_filemetadata_temp_extractor.profile
+++ b/etc/baloo_filemetadata_temp_extractor.profile
@@ -1,11 +1,13 @@
 # Firejail profile for baloo_filemetadata_temp_extractor
 # This file is overwritten after every install/update
-# Persistent local customizations
 quiet
+# Persistent local customizations
 include /etc/firejail/baloo_filemetadata_temp_extractor.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
+ignore read-write
+read-only ${HOME}
 
 # Redirect
 include /etc/firejail/baloo_file.profile
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index d3dc87089..ea334c289 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -23,10 +23,12 @@ blacklist ${HOME}/.Steampid
 blacklist ${HOME}/.TelegramDesktop
 blacklist ${HOME}/.ViberPC
 blacklist ${HOME}/.VirtualBox
+blacklist ${HOME}/.WebStorm*
 blacklist ${HOME}/.Wolfram Research
 blacklist ${HOME}/.ZAP
 blacklist ${HOME}/.aMule
 blacklist ${HOME}/.android
+blacklist ${HOME}/.anydesk
 blacklist ${HOME}/.arduino15
 blacklist ${HOME}/.arm
 blacklist ${HOME}/.asunder_album_genre
@@ -346,7 +348,6 @@ blacklist ${HOME}/.kodi
 blacklist ${HOME}/.linphone-history.db
 blacklist ${HOME}/.linphonerc
 blacklist ${HOME}/.lmmsrc.xml
-blacklist ${HOME}/.local/lib/python2.7/site-packages
 blacklist ${HOME}/.local/share/0ad
 blacklist ${HOME}/.local/share/3909/PapersPlease
 blacklist ${HOME}/.local/share/Empathy
@@ -504,6 +505,7 @@ blacklist ${HOME}/.wine
 blacklist ${HOME}/.wireshark
 blacklist ${HOME}/.wine64
 blacklist ${HOME}/.xiphos
+blacklist ${HOME}/.xmind
 blacklist ${HOME}/.xmms
 blacklist ${HOME}/.xmr-stak
 blacklist ${HOME}/.xonotic
diff --git a/etc/gajim.profile b/etc/gajim.profile
index 02c818443..8e76352f4 100644
--- a/etc/gajim.profile
+++ b/etc/gajim.profile
@@ -9,9 +9,9 @@ noblacklist ${HOME}/.cache/gajim
 noblacklist ${HOME}/.config/gajim
 noblacklist ${HOME}/.local/share/gajim
 
-# Allow python2.7 (blacklisted by disable-interpreters.inc)
-noblacklist ${PATH}/python2*
-noblacklist /usr/lib/python2*
+# Allow Python (blacklisted by disable-interpreters.inc)
+noblacklist ${PATH}/python3*
+noblacklist /usr/lib/python3*
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
@@ -21,12 +21,10 @@ include /etc/firejail/disable-programs.inc
 
 mkdir ${HOME}/.cache/gajim
 mkdir ${HOME}/.config/gajim
-mkdir ${HOME}/.local/lib/python2.7/site-packages/
 mkdir ${HOME}/.local/share/gajim
 mkdir ${HOME}/Downloads
 whitelist ${HOME}/.cache/gajim
 whitelist ${HOME}/.config/gajim
-whitelist ${HOME}/.local/lib/python2.7/site-packages/
 whitelist ${HOME}/.local/share/gajim
 whitelist ${HOME}/Downloads
 include /etc/firejail/whitelist-common.inc
@@ -43,9 +41,7 @@ seccomp
 shell none
 
 disable-mnt
-private-bin python2.7,gajim
+private-bin python,gajim
 private-dev
-# private-etc fonts
-# private-tmp
-# Allow the local python 2.7 site packages, in case any plugins are using these
-read-only ${HOME}/.local/lib/python2.7/site-packages/
+private-etc alsa,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl
+private-tmp
diff --git a/etc/kodi.profile b/etc/kodi.profile
index 54d548291..85058da3e 100644
--- a/etc/kodi.profile
+++ b/etc/kodi.profile
@@ -19,6 +19,8 @@ include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
+include /etc/firejail/whitelist-var-common.inc
+
 apparmor
 caps.drop all
 netfilter
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile
index 4b3eb1ac7..18fcc59c6 100644
--- a/etc/libreoffice.profile
+++ b/etc/libreoffice.profile
@@ -23,20 +23,22 @@ include /etc/firejail/disable-programs.inc
 
 include /etc/firejail/whitelist-var-common.inc
 
-apparmor
+# Ubuntu 18.04 uses its own apparmor profile
+# uncomment the next line if you are not on Ubuntu
+#apparmor
 caps.drop all
 machine-id
 netfilter
 nodbus
 nodvd
 nogroups
-nonewprivs
+#nonewprivs - fix for Ubuntu 18.04/Debian 10
 noroot
 notv
-protocol unix,inet,inet6
-seccomp
+#protocol unix,inet,inet6  - fix for Ubuntu 18.04/Debian 10
+#seccomp  - fix for Ubuntu 18.04/Debian 10
 shell none
-tracelog
+#tracelog - problems reported by Ubuntu 18.04 apparmor profile in /var/log/syslog
 
 private-dev
 private-tmp
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile
index 38ccb886f..57e1ce5f0 100644
--- a/etc/rhythmbox.profile
+++ b/etc/rhythmbox.profile
@@ -8,7 +8,8 @@ include /etc/firejail/globals.local
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
-include /etc/firejail/disable-interpreters.inc
+# rhythmbox is using Python
+#include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
diff --git a/etc/vlc.profile b/etc/vlc.profile
index 6b0bee7bd..9ccbb7310 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -17,7 +17,7 @@ include /etc/firejail/disable-programs.inc
 
 include /etc/firejail/whitelist-var-common.inc
 
-apparmor
+#apparmor - on Ubuntu 18.04 it refuses to start without dbus access
 caps.drop all
 netfilter
 # nodbus - problems with KDE
diff --git a/etc/webstorm.profile b/etc/webstorm.profile
new file mode 100644
index 000000000..6da71224f
--- /dev/null
+++ b/etc/webstorm.profile
@@ -0,0 +1,36 @@
+# Firejail profile for WebStorm
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/webstorm.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+noblacklist ${HOME}/.WebStorm*
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.java
+noblacklist ${HOME}/.local/share/JetBrains
+noblacklist ${HOME}/.ssh
+noblacklist ${HOME}/.tooling
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-interpreters.inc
+
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+private-dev
+# private-tmp
+
+noexec /tmp
diff --git a/platform/rpm/firejail.spec b/platform/rpm/firejail.spec
index 9fe35e528..76d19ba17 100644
--- a/platform/rpm/firejail.spec
+++ b/platform/rpm/firejail.spec
@@ -19,7 +19,7 @@ using Linux namespaces. It includes a sandbox profile for Mozilla Firefox.
 %setup -q
 
 %build
-%configure --disable-userns
+%configure --disable-userns --disable-contrib-install
 make %{?_smp_mflags}
 
 %install
@@ -46,4 +46,4 @@ rm -rf %{buildroot}
 %{_mandir}/man5/__NAME__-login.5.gz
 %{_mandir}/man5/__NAME__-profile.5.gz
 %{_mandir}/man5/__NAME__-users.5.gz
-%config %{_sysconfdir}/__NAME__
+%config(noreplace) %{_sysconfdir}/__NAME__
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 1835502a4..da8937717 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -15,12 +15,14 @@ Viber
 VirtualBox
 Wire
 Xephyr
+XMind
 abrowser
 akonadi_control
 akregator
 amarok
 amule
 android-studio
+anydesk
 apktool
 arch-audit
 archaudit-report
@@ -273,7 +275,7 @@ musescore
 musixmatch
 mutt
 natron
-nautilus
+#nautilus - removed in order to let the application start in a new sandbox when clicking on icons in the file manager
 ncdu
 netsurf
 neverball
@@ -298,7 +300,7 @@ pdftotext
 peek
 picard
 pidgin
-ping
+#ping - disabled until we fix  #1912
 pingus
 pinta
 pithos
@@ -331,6 +333,7 @@ ristretto
 rocketchat
 rtorrent
 runenpass.sh
+scallion
 scribus
 sdat2img
 seamonkey
@@ -410,6 +413,7 @@ vym
 w3m
 warzone2100
 waterfox
+webstorm
 weechat
 weechat-curses
 wesnoth
diff --git a/src/firecfg/util.c b/src/firecfg/util.c
index f0446ca8d..7ed86c36e 100644
--- a/src/firecfg/util.c
+++ b/src/firecfg/util.c
@@ -58,9 +58,15 @@ int which(const char *program) {
                 // use path2 to count the entries
                 char *ptr = strtok(path2, ":");
                 while (ptr) {
-                        if (find(program, ptr)) {
-                                free(path2);
-                                return 1;
+                        // Ubuntu 18.04 is adding  /snap/bin to PATH;
+                        // they populate /snap/bin with simbolic links to /usr/bin/ programs;
+                        // most simlinked programs are not installed by default.
+                        // Removing /snap/bin from our search
+                        if (strcmp(ptr, "/snap/bin") != 0) {
+                                if (find(program, ptr)) {
+                                        free(path2);
+                                        return 1;
+                                }
                         }
                         ptr = strtok(NULL, ":");
                 }
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 0df832c09..14f87c36c 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -524,6 +524,16 @@ unsigned extract_timeout(const char *str);
 void disable_file_or_dir(const char *fname);
 void disable_file_path(const char *path, const char *file);
 
+// Get info regarding the last kernel mount operation.
+// The return value points to a static area, and will be overwritten by subsequent calls.
+// The function does an exit(1) if anything goes wrong.
+typedef struct {
+        char *fsname;
+        char *dir;
+} MountData;
+MountData *get_last_mount(void);
+
+
 // fs_var.c
 void fs_var_log(void);  // mounting /var/log
 void fs_var_lib(void);  // various other fixes for software in /var directory
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c
index d4cdbbe0a..b0ad35299 100644
--- a/src/firejail/fs_bin.c
+++ b/src/firejail/fs_bin.c
@@ -25,6 +25,8 @@
 #include <unistd.h>
 #include <glob.h>
 
+static int prog_cnt = 0;
+
 static char *paths[] = {
         "/usr/local/bin",
         "/usr/bin",
@@ -191,6 +193,7 @@ static void duplicate(char *fname, FILE *fplist) {
                                 // solving problems such as /bin/sh -> /bin/dash
                                 // copy the real file pointed by symlink
                                 sbox_run(SBOX_ROOT| SBOX_SECCOMP, 3, PATH_FCOPY, actual_path, RUN_BIN_DIR);
+                                prog_cnt++;
                                 char *f = strrchr(actual_path, '/');
                                 if (f && *(++f) !='\0')
                                         report_duplication(f);
@@ -201,6 +204,7 @@ static void duplicate(char *fname, FILE *fplist) {
 
         // copy a file or a symlink
         sbox_run(SBOX_ROOT| SBOX_SECCOMP, 3, PATH_FCOPY, full_path, RUN_BIN_DIR);
+        prog_cnt++;
         free(full_path);
         report_duplication(fname);
 }
@@ -256,6 +260,9 @@ void fs_private_bin_list(void) {
         char *private_list = cfg.bin_private_keep;
         assert(private_list);
 
+        // start timetrace
+        timetrace_start();
+
         // create /run/firejail/mnt/bin directory
         mkdir_attr(RUN_BIN_DIR, 0755, 0, 0);
 
@@ -298,4 +305,5 @@ void fs_private_bin_list(void) {
                 }
                 i++;
         }
+        fmessage("%d %s installed in %0.2f ms\n", prog_cnt, (prog_cnt == 1)? "program": "programs", timetrace_end());
 }
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c
index 8a105be97..363b48d1d 100644
--- a/src/firejail/fs_lib.c
+++ b/src/firejail/fs_lib.c
@@ -201,7 +201,7 @@ static char *valid_file(const char *lib) {
                 }
                 free(fname);
         }
-printf("not found %s\n", lib);
+
         fwarning("%s library not found, skipping...\n", lib);
         return NULL;
 }
@@ -352,7 +352,7 @@ void fs_private_lib(void) {
                                                 fslib_copy_dir(name);
                                         free(name);
 
-                                        // /usr/lib/x86_linux-gnu - debian & frriends
+                                        // /usr/lib/x86_linux-gnu - debian & friends
                                         if (asprintf(&name, "/usr/lib/x86_64-linux-gnu/%s", ptr) == -1)
                                                 errExit("asprintf");
                                         if (is_dir(name))
@@ -377,20 +377,12 @@ void fs_private_lib(void) {
                 printf("*** Installing system libraries\n");
         fslib_install_system();
 
-        fmessage("Installed %d libraries and %d directories\n", lib_cnt, dir_cnt);
+        fmessage("Installed %d %s and %d %s\n", lib_cnt, (lib_cnt == 1)? "library": "libraries",
+                dir_cnt, (dir_cnt == 1)? "directory": "directories");
 
-        // bring in firejail directory for --trace options
+        // bring in firejail directory for --trace and seccomp post exec
         fslib_copy_dir(LIBDIR "/firejail");
 
-        // ... and for sandbox in sandbox functionality
-        fslib_copy_libs(LIBDIR "/firejail/faudit");
-        fslib_copy_libs(LIBDIR "/firejail/fbuilder");
-        fslib_copy_libs(LIBDIR "/firejail/fcopy");
-        fslib_copy_libs(LIBDIR "/firejail/fldd");
-        fslib_copy_libs(LIBDIR "/firejail/fnet");
-        fslib_copy_libs(LIBDIR "/firejail/fnetfilter");
-        fslib_copy_libs(LIBDIR "/firejail/fseccomp");
-        fslib_copy_libs(LIBDIR "/firejail/ftee");
         // mount lib filesystem
         mount_directories();
 }
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index d4c7de342..60bb0f6ed 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -317,6 +317,16 @@ static void whitelist_path(ProfileEntry *entry) {
         if (mount(wfile, path, NULL, MS_BIND|MS_REC, NULL) < 0)
                 errExit("mount bind");
 
+        // check the last mount operation
+        MountData *mptr = get_last_mount(); // will do exit(1) if the mount cannot be found
+
+        // No mounts are allowed on top level directories. A destination such as "/etc" is very bad!
+        //  - there should be more than one '/' char in dest string
+        if (mptr->dir == strrchr(mptr->dir, '/')) {
+                fprintf(stderr, "Error: invalid mount on top of %s\n", mptr->dir);
+                exit(1);
+        }
+
         free(wfile);
         return;
 
@@ -859,6 +869,15 @@ void fs_whitelist(void) {
                                                 fprintf(stderr, "Warning cannot create symbolic link %s\n", entry->link);
                                         else if (arg_debug || arg_debug_whitelists)
                                                 printf("Created symbolic link %s -> %s\n", entry->link, entry->data + 10);
+
+                                        // check again for files in /tmp directory
+                                        if (strncmp(entry->link, "/tmp/", 5) == 0) {
+                                                char *path = realpath(entry->link, NULL);
+                                                if (path == NULL || strncmp(path, "/tmp/", 5) != 0) {
+                                                        fprintf(stderr, "Error: invalid symbolic link %s\n", entry->link);
+                                                        exit(1);
+                                                }
+                                        }
                                 }
                         }
                 }
diff --git a/src/firejail/util.c b/src/firejail/util.c
index a44e52e98..f441f283f 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -1029,3 +1029,39 @@ void disable_file_path(const char *path, const char *file) {
         free(fname);
 }
 
+#define MAX_BUF 4096
+static char mbuf[MAX_BUF];
+static MountData mdata;
+
+// Get info regarding the last kernel mount operation.
+// The return value points to a static area, and will be overwritten by subsequent calls.
+// The function does an exit(1) if anything goes wrong.
+MountData *get_last_mount(void) {
+        // open /proc/self/mounts
+        FILE *fp = fopen("/proc/self/mounts", "r");
+        if (!fp)
+                goto errexit;
+
+        mbuf[0] = '\0';
+        while (fgets(mbuf, MAX_BUF, fp));
+        fclose(fp);
+        if (arg_debug || arg_debug_whitelists)
+                printf("%s", mbuf);
+
+        // there should be no reason to have a new mount on top of a top level directory
+        mdata.fsname = mbuf;
+        mdata.dir = strstr(mbuf, " ");
+        if (!mdata.dir)
+                goto errexit;
+        mdata.dir++;
+        char *end = strstr(mdata.dir, " ");
+        if (!end)
+                goto errexit;
+        *end = '\0';
+
+        return &mdata;
+
+errexit:
+        fprintf(stderr, "Error: cannot read /proc/self/mounts");
+        exit(1);
+}
diff --git a/src/fldd/main.c b/src/fldd/main.c
index be4500d2a..4658e82fb 100644
--- a/src/fldd/main.c
+++ b/src/fldd/main.c
@@ -340,10 +340,8 @@ printf("\n");
         else {
                 if (is_lib_64(argv[1]))
                         parse_elf(argv[1]);
-                else {
-                        fprintf(stderr, "Error fldd: %s is not a 64bit program/library\n", argv[1]);
-                        exit(1);
-                }
+                else
+                        fprintf(stderr, "Warning fldd: %s is not a 64bit program/library\n", argv[1]);
         }
 
 
diff --git a/src/lib/firejail_user.c b/src/lib/firejail_user.c
index 09a4da0e7..0cc0ac6c1 100644
--- a/src/lib/firejail_user.c
+++ b/src/lib/firejail_user.c
@@ -47,7 +47,8 @@ int firejail_user_check(const char *name) {
                 return 1;
 
         // other system users will run the program as is
-        if (getuid() < UID_MIN || strcmp(name, "nobody") == 0)
+        uid_t uid = getuid();
+        if ((uid < UID_MIN && uid != 0) || strcmp(name, "nobody") == 0)
                 return 0;
 
         // check file existence
diff --git a/test/apps-x11-xorg/apps-x11-xorg.sh b/test/apps-x11-xorg/apps-x11-xorg.sh
index 32331f786..ea07d3713 100755
--- a/test/apps-x11-xorg/apps-x11-xorg.sh
+++ b/test/apps-x11-xorg/apps-x11-xorg.sh
@@ -6,7 +6,7 @@
 export MALLOC_CHECK_=3
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
 
-which firefox
+which firefox 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: firefox x11 xorg"
@@ -15,7 +15,7 @@ else
         echo "TESTING SKIP: firefox not found"
 fi
 
-which transmission-gtk
+which transmission-gtk 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: transmission-gtk x11 xorg"
@@ -24,7 +24,7 @@ else
         echo "TESTING SKIP: transmission-gtk not found"
 fi
 
-which thunderbird
+which thunderbird 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: thunderbird x11 xorg"
diff --git a/test/apps-x11/apps-x11.sh b/test/apps-x11/apps-x11.sh
index 2e0031dd9..c12b11f3e 100755
--- a/test/apps-x11/apps-x11.sh
+++ b/test/apps-x11/apps-x11.sh
@@ -10,20 +10,20 @@ echo "TESTING: no x11 (test/apps-x11/x11-none.exp)"
 ./x11-none.exp
 
 
-which xterm
+which xterm 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: xterm x11 xorg"
         ./xterm-xorg.exp
 
-        which xpra
+        which xpra 2>/dev/null
         if [ "$?" -eq 0 ];
         then
         echo "TESTING: xterm x11 xpra"
         ./xterm-xpra.exp
         fi
 
-        which Xephyr
+        which Xephyr 2>/dev/null
         if [ "$?" -eq 0 ];
         then
         echo "TESTING: xterm x11 xephyr"
@@ -34,13 +34,13 @@ else
 fi
 
 # check xpra/xephyr
-which xpra
+which xpra 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "xpra found"
 else
         echo "xpra not found"
-        which Xephyr
+        which Xephyr 2>/dev/null
         if [ "$?" -eq 0 ];
         then
                 echo "Xephyr found"
@@ -50,7 +50,7 @@ else
         fi
 fi
 
-which firefox
+which firefox 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: firefox x11"
@@ -59,7 +59,7 @@ else
         echo "TESTING SKIP: firefox not found"
 fi
 
-which chromium
+which chromium 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: chromium x11"
@@ -68,7 +68,7 @@ else
         echo "TESTING SKIP: chromium not found"
 fi
 
-which transmission-gtk
+which transmission-gtk 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: transmission-gtk x11"
@@ -77,7 +77,7 @@ else
         echo "TESTING SKIP: transmission-gtk not found"
 fi
 
-which thunderbird
+which thunderbird 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: thunderbird x11"
diff --git a/test/apps/apps.sh b/test/apps/apps.sh
index 4e0a9cc08..a3d0c4dc7 100755
--- a/test/apps/apps.sh
+++ b/test/apps/apps.sh
@@ -10,7 +10,7 @@ LIST="firefox midori chromium opera transmission-qt qbittorrent uget-gtk filezil
 LIST+="vlc fbreader deluge gnome-mplayer xchat wine kcalc ktorrent hexchat"
 
 for app in $LIST; do
-        which $app
+        which $app 2>/dev/null
         if [ "$?" -eq 0 ];
         then
                 echo "TESTING: $app"
diff --git a/test/arguments/arguments.sh b/test/arguments/arguments.sh
index 049236900..d9f2d4697 100755
--- a/test/arguments/arguments.sh
+++ b/test/arguments/arguments.sh
@@ -3,10 +3,8 @@
 if [ -f /etc/debian_version ]; then
         libdir=$(dirname "$(dpkg -L firejail | grep faudit)")
         export PATH="$PATH:$libdir"
-else
-        export PATH="$PATH:/usr/lib/firejail"
 fi
-export PATH="$PATH:/usr/lib/firejail"
+export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail"
 
 echo "TESTING: 1. regular bash session"
 ./bashrun.exp
diff --git a/test/environment/environment.sh b/test/environment/environment.sh
index 364a4b65b..97ba8ba58 100755
--- a/test/environment/environment.sh
+++ b/test/environment/environment.sh
@@ -38,7 +38,7 @@ echo "TESTING: environment variables (test/environment/env.exp)"
 echo "TESTING: shell none(test/environment/shell-none.exp)"
 ./shell-none.exp
 
-which dash
+which dash 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: dash (test/environment/dash.exp)"
@@ -47,7 +47,7 @@ else
         echo "TESTING SKIP: dash not found"
 fi
 
-which csh
+which csh 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: csh (test/environment/csh.exp)"
@@ -56,7 +56,7 @@ else
         echo "TESTING SKIP: csh not found"
 fi
 
-which zsh
+which zsh 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: zsh (test/environment/zsh.exp)"
@@ -68,7 +68,7 @@ fi
 echo "TESTING: firejail in firejail - single sandbox (test/environment/firejail-in-firejail.exp)"
 ./firejail-in-firejail.exp
 
-which aplay
+which aplay 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: sound (test/environment/sound.exp)"
@@ -83,7 +83,7 @@ echo "TESTING: nice (test/environment/nice.exp)"
 echo "TESTING: quiet (test/environment/quiet.exp)"
 ./quiet.exp
 
-which strace
+which strace 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: --allow-debuggers (test/environment/allow-debuggers.exp)"
diff --git a/test/fcopy/fcopy.sh b/test/fcopy/fcopy.sh
index 0e7cb2e5e..b225f9ea0 100755
--- a/test/fcopy/fcopy.sh
+++ b/test/fcopy/fcopy.sh
@@ -11,7 +11,7 @@ if [ -f /etc/debian_version ]; then
         export PATH="$PATH:$libdir"
 fi
 
-export PATH="$PATH:/usr/lib/firejail"
+export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail"
 
 mkdir dest
 
diff --git a/test/filters/filters.sh b/test/filters/filters.sh
index 97ecc8be0..d0a34ccc5 100755
--- a/test/filters/filters.sh
+++ b/test/filters/filters.sh
@@ -9,11 +9,9 @@ export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
 if [ -f /etc/debian_version ]; then
         libdir=$(dirname "$(dpkg -L firejail | grep fseccomp)")
         export PATH="$PATH:$libdir"
-else
-        export PATH="$PATH:/usr/lib/firejail"
 fi
+export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail"
 
-export PATH="$PATH:/usr/lib/firejail"
 
 if [ "$(uname -m)" = "x86_64" ]; then
     echo "TESTING: memory-deny-write-execute (test/filters/memwrexe.exp)"
@@ -79,7 +77,7 @@ echo "TESTING: seccomp errno (test/filters/seccomp-errno.exp)"
 echo "TESTING: seccomp su (test/filters/seccomp-su.exp)"
 ./seccomp-su.exp
 
-which strace
+which strace 2>/dev/null
 if [ $? -eq 0 ]; then
         echo "TESTING: seccomp ptrace (test/filters/seccomp-ptrace.exp)"
         ./seccomp-ptrace.exp
diff --git a/test/fnetfilter/fnetfilter.sh b/test/fnetfilter/fnetfilter.sh
index bae952ee9..aa2eb707a 100755
--- a/test/fnetfilter/fnetfilter.sh
+++ b/test/fnetfilter/fnetfilter.sh
@@ -11,7 +11,7 @@ if [ -f /etc/debian_version ]; then
         export PATH="$PATH:$libdir"
 fi
 
-export PATH="$PATH:/usr/lib/firejail"
+export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail"
 
 chmod 400 outlocked
 
diff --git a/test/fs/invalid_filename.exp b/test/fs/invalid_filename.exp
index e16798ab8..84abe74cd 100755
--- a/test/fs/invalid_filename.exp
+++ b/test/fs/invalid_filename.exp
@@ -7,11 +7,7 @@ set timeout 10
 spawn $env(SHELL)
 match_max 100000
 
-send -- "firejail --debug-check-filename --noprofile --blacklist=\"bla&&bla\"\r"
-expect {
-        timeout {puts "TESTING ERROR 1.1\n";exit}
-        "Checking filename bla&&bla"
-}
+send -- "firejail --noprofile --blacklist=\"bla&&bla\"\r"
 expect {
         timeout {puts "TESTING ERROR 1.2\n";exit}
         "Error:"
@@ -22,11 +18,7 @@ expect {
 }
 after 100
 
-send -- "firejail --debug-check-filename --noprofile --cgroup=\"bla&&bla\"\r"
-expect {
-        timeout {puts "TESTING ERROR 2.1\n";exit}
-        "Checking filename bla&&bla"
-}
+send -- "firejail --noprofile --cgroup=\"bla&&bla\"\r"
 expect {
         timeout {puts "TESTING ERROR 2.2\n";exit}
         "Error:"
@@ -37,12 +29,7 @@ expect {
 }
 after 100
 
-send -- "firejail --debug-check-filename --noprofile --chroot=\"bla&&bla\"\r"
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "Checking filename bla&&bla" {puts "normal system\n"}
-        "Error: --chroot option is not available on Grsecurity systems" { puts "\nall done\n"; exit}
-}
+send -- "firejail --noprofile --chroot=\"bla&&bla\"\r"
 expect {
         timeout {puts "TESTING ERROR 3.2\n";exit}
         "Error:"
@@ -53,11 +40,7 @@ expect {
 }
 after 100
 
-send -- "firejail --debug-check-filename --noprofile --netfilter=\"bla&&bla\"\r"
-expect {
-        timeout {puts "TESTING ERROR 4.1\n";exit}
-        "Checking filename bla&&bla"
-}
+send -- "firejail --noprofile --netfilter=\"bla&&bla\"\r"
 expect {
         timeout {puts "TESTING ERROR 4.2\n";exit}
         "Error:"
@@ -68,22 +51,14 @@ expect {
 }
 after 100
 
-send -- "firejail --debug-check-filename --noprofile --output=\"bla&&bla\"\r"
-expect {
-        timeout {puts "TESTING ERROR 5.2\n";exit}
-        "Error:"
-}
+send -- "firejail --noprofile --output=\"bla&&bla\"\r"
 expect {
         timeout {puts "TESTING ERROR 5.3\n";exit}
         "is an invalid filename"
 }
 after 100
 
-send -- "firejail --debug-check-filename --noprofile --private=\"bla&&bla\"\r"
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "Checking filename bla&&bla"
-}
+send -- "firejail --noprofile --private=\"bla&&bla\"\r"
 expect {
         timeout {puts "TESTING ERROR 6.2\n";exit}
         "Error:"
@@ -94,11 +69,7 @@ expect {
 }
 after 100
 
-send -- "firejail --debug-check-filename --noprofile --private-bin=\"bla&&bla\"\r"
-expect {
-        timeout {puts "TESTING ERROR 7.1\n";exit}
-        "Checking filename bla&&bla"
-}
+send -- "firejail --noprofile --private-bin=\"bla&&bla\"\r"
 expect {
         timeout {puts "TESTING ERROR 7.2\n";exit}
         "Error:"
@@ -109,11 +80,7 @@ expect {
 }
 after 100
 
-send -- "firejail --debug-check-filename --noprofile --private-home=\"bla&&bla\"\r"
-expect {
-        timeout {puts "TESTING ERROR 8.1\n";exit}
-        "Checking filename bla&&bla"
-}
+send -- "firejail --noprofile --private-home=\"bla&&bla\"\r"
 expect {
         timeout {puts "TESTING ERROR 8.2\n";exit}
         "Error:"
@@ -124,11 +91,7 @@ expect {
 }
 after 100
 
-send -- "firejail --debug-check-filename --noprofile --private-etc=\"bla&&bla\"\r"
-expect {
-        timeout {puts "TESTING ERROR 9.1\n";exit}
-        "Checking filename bla&&bla"
-}
+send -- "firejail --noprofile --private-etc=\"bla&&bla\"\r"
 expect {
         timeout {puts "TESTING ERROR 9.2\n";exit}
         "Error:"
@@ -139,11 +102,7 @@ expect {
 }
 after 100
 
-send -- "firejail --debug-check-filename --profile=\"bla&&bla\"\r"
-expect {
-        timeout {puts "TESTING ERROR 10.1\n";exit}
-        "Checking filename bla&&bla"
-}
+send -- "firejail --profile=\"bla&&bla\"\r"
 expect {
         timeout {puts "TESTING ERROR 10.2\n";exit}
         "Error:"
@@ -154,11 +113,7 @@ expect {
 }
 after 100
 
-send -- "firejail --debug-check-filename --read-only=\"bla&&bla\"\r"
-expect {
-        timeout {puts "TESTING ERROR 11.1\n";exit}
-        "Checking filename bla&&bla"
-}
+send -- "firejail --read-only=\"bla&&bla\"\r"
 expect {
         timeout {puts "TESTING ERROR 11.2\n";exit}
         "Error:"
@@ -169,11 +124,7 @@ expect {
 }
 after 100
 
-send -- "firejail --debug-check-filename --shell=\"bla&&bla\"\r"
-expect {
-        timeout {puts "TESTING ERROR 12.1\n";exit}
-        "Checking filename bla&&bla"
-}
+send -- "firejail --shell=\"bla&&bla\"\r"
 expect {
         timeout {puts "TESTING ERROR 12.2\n";exit}
         "Error:"
@@ -185,11 +136,7 @@ expect {
 after 100
 
 
-send -- "firejail --debug-check-filename --whitelist=\"bla&&bla\"\r"
-expect {
-        timeout {puts "TESTING ERROR 14.1\n";exit}
-        "Checking filename bla&&bla"
-}
+send -- "firejail --whitelist=\"bla&&bla\"\r"
 expect {
         timeout {puts "TESTING ERROR 14.2\n";exit}
         "Error:"
diff --git a/test/overlay/overlay.sh b/test/overlay/overlay.sh
index 6b7f779d7..9daf1f5f6 100755
--- a/test/overlay/overlay.sh
+++ b/test/overlay/overlay.sh
@@ -21,7 +21,7 @@ rm -fr ~/_firejail_test_*
 ./fs-tmpfs.exp
 rm -fr ~/_firejail_test_*
 
-which firefox
+which firefox 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: overlay firefox"
@@ -30,7 +30,7 @@ else
         echo "TESTING SKIP: firefox not found"
 fi
 
-which firefox
+which firefox 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: overlay firefox x11 xorg"
@@ -41,13 +41,13 @@ fi
 
 
 # check xpra/xephyr
-which xpra
+which xpra 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "xpra found"
 else
         echo "xpra not found"
-        which Xephyr
+        which Xephyr 2>/dev/null
         if [ "$?" -eq 0 ];
         then
                 echo "Xephyr found"
@@ -57,7 +57,7 @@ else
         fi
 fi
 
-which firefox
+which firefox 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: overlay firefox x11"
diff --git a/test/private-lib/gedit.exp b/test/private-lib/gedit.exp
new file mode 100755
index 000000000..00fa934e7
--- /dev/null
+++ b/test/private-lib/gedit.exp
@@ -0,0 +1,83 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2018 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail /usr/bin/gedit\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Reading profile /etc/firejail/gedit.profile"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 3
+
+spawn $env(SHELL)
+send -- "firejail --list\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "gedit"
+}
+after 100
+
+# grsecurity exit
+send -- "file /proc/sys/kernel/grsecurity\r"
+expect {
+        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
+        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
+        "cannot open" {puts "grsecurity not present\n"}
+}
+
+send -- "firejail --name=blablabla\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+spawn $env(SHELL)
+send -- "firemon --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
+        ":firejail /usr/bin/gedit"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
+        "Seccomp:       2"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1\n";exit}
+        "name=blablabla"
+}
+after 100
+send -- "firemon --caps\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        ":firejail /usr/bin/gedit"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.1\n";exit}
+        "CapBnd:"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.2\n";exit}
+        "0000000000000000"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.3\n";exit}
+        "name=blablabla"
+}
+after 100
+
+puts "\nall done\n"
diff --git a/test/private-lib/pluma.exp b/test/private-lib/pluma.exp
new file mode 100755
index 000000000..92ae0a345
--- /dev/null
+++ b/test/private-lib/pluma.exp
@@ -0,0 +1,83 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2018 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail pluma\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Reading profile /etc/firejail/pluma.profile"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 3
+
+spawn $env(SHELL)
+send -- "firejail --list\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "pluma"
+}
+after 100
+
+# grsecurity exit
+send -- "file /proc/sys/kernel/grsecurity\r"
+expect {
+        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
+        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
+        "cannot open" {puts "grsecurity not present\n"}
+}
+
+send -- "firejail --name=blablabla\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+spawn $env(SHELL)
+send -- "firemon --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
+        ":firejail pluma"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
+        "Seccomp:       2"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1\n";exit}
+        "name=blablabla"
+}
+after 100
+send -- "firemon --caps\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        ":firejail pluma"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.1\n";exit}
+        "CapBnd:"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.2\n";exit}
+        "0000000000000000"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.3\n";exit}
+        "name=blablabla"
+}
+after 100
+
+puts "\nall done\n"
diff --git a/test/private-lib/private-lib.sh b/test/private-lib/private-lib.sh
index 312fe502a..edf81917a 100755
--- a/test/private-lib/private-lib.sh
+++ b/test/private-lib/private-lib.sh
@@ -5,11 +5,11 @@
 
 export MALLOC_CHECK_=3
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
-LIST="evince galculator gnome-calculator leafpad mousepad transmission-gtk xcalc atril gpicview eom eog"
+LIST="evince galculator gnome-calculator gedit leafpad mousepad pluma transmission-gtk xcalc atril gpicview eom eog"
 
 
 for app in $LIST; do
-        which $app
+        which $app 2>/dev/null
         if [ "$?" -eq 0 ];
         then
                 echo "TESTING: private-lib $app"
diff --git a/test/root/root.sh b/test/root/root.sh
index 4f217b727..a20142c5f 100755
--- a/test/root/root.sh
+++ b/test/root/root.sh
@@ -7,7 +7,7 @@
 #********************************
 # firecfg
 #********************************
-which less
+which less 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: firecfg (test/root/firecfg.exp)"
diff --git a/test/sysutils/sysutils.sh b/test/sysutils/sysutils.sh
index dd09e4533..6794af520 100755
--- a/test/sysutils/sysutils.sh
+++ b/test/sysutils/sysutils.sh
@@ -6,7 +6,7 @@
 export MALLOC_CHECK_=3
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
 
-which cpio
+which cpio 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: cpio"
@@ -24,7 +24,7 @@ fi
 #       echo "TESTING SKIP: strings not found"
 #fi
 
-which gzip
+which gzip 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: gzip"
@@ -33,7 +33,7 @@ else
         echo "TESTING SKIP: gzip not found"
 fi
 
-which xzdec
+which xzdec 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: xzdec"
@@ -42,7 +42,7 @@ else
         echo "TESTING SKIP: xzdec not found"
 fi
 
-which xz
+which xz 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: xz"
@@ -51,7 +51,7 @@ else
         echo "TESTING SKIP: xz not found"
 fi
 
-which less
+which less 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: less"
@@ -60,7 +60,7 @@ else
         echo "TESTING SKIP: less not found"
 fi
 
-which file
+which file 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: file"
@@ -69,7 +69,7 @@ else
         echo "TESTING SKIP: file not found"
 fi
 
-which tar
+which tar 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: tar"
@@ -78,7 +78,7 @@ else
         echo "TESTING SKIP: tar not found"
 fi
 
-which ping
+which ping 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: ping"
diff --git a/test/utils/utils.sh b/test/utils/utils.sh
index 5438e11a8..d98e4c2e4 100755
--- a/test/utils/utils.sh
+++ b/test/utils/utils.sh
@@ -10,7 +10,7 @@ if [ -f /etc/debian_version ]; then
         libdir=$(dirname "$(dpkg -L firejail | grep faudit)")
         export PATH="$PATH:$libdir"
 fi
-export PATH="$PATH:/usr/lib/firejail"
+export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail"
 
 echo "testing" > ~/firejail-test-file-7699
 echo "testing" > /tmp/firejail-test-file-7699
@@ -39,7 +39,7 @@ echo "TESTING: version (test/utils/version.exp)"
 echo "TESTING: help (test/utils/help.exp)"
 ./help.exp
 
-which man
+which man 2>/dev/null
 if [ "$?" -eq 0 ];
 then
         echo "TESTING: man (test/utils/man.exp)"