8 files changed, 46 insertions, 5 deletions

diff --git a/README.md b/README.md
index d12b9ee4e..8372841a5 100644
--- a/README.md
+++ b/README.md
@@ -207,4 +207,5 @@ curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, Geary, Liferea, peek, s
 IntelliJ IDEA, Android Studio, electron, riot-web,
 Extreme Tux Racer, Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux,
 telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg, hashcat, obs, picard,
-remmina, sdat2img, soundconverter, sqlitebrowse, truecraft, gnome-twitch
+remmina, sdat2img, soundconverter, sqlitebrowse, truecraft, gnome-twitch, tuxguitar,
+musescore
diff --git a/RELNOTES b/RELNOTES
index 36dd39686..0e61019d9 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -19,7 +19,7 @@ firejail (0.9.49) baseline; urgency=low
   * new profiles: Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux
   * new profiles: telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg,
   * new profiles: hashcat, obs, picard, remmina, sdat2img, soundconverter, sqlitebrowse,
-  * new profiles: truecraft, gnome-twitch
+  * new profiles: truecraft, gnome-twitch, tuxguitar, musescore
   * bugfixes
  -- netblue30 <netblue30@yahoo.com>  Mon, 12 Jun 2017 20:00:00 -0500
 
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index a54d2a739..7b0e6e9eb 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -44,6 +44,8 @@ blacklist ${HOME}/.config/Luminance
 blacklist ${HOME}/.config/Meltytech
 blacklist ${HOME}/.config/Mousepad
 blacklist ${HOME}/.config/Mumble
+blacklist ${HOME}/.config/MusE
+blacklist ${HOME}/.config/MuseScore
 blacklist ${HOME}/.config/Nylas Mail
 blacklist ${HOME}/.config/Qlipper
 blacklist ${HOME}/.config/QuiteRss
@@ -274,6 +276,8 @@ blacklist ${HOME}/.local/share/caja-python
 blacklist ${HOME}/.local/share/cdprojektred
 blacklist ${HOME}/.local/share/clipit
 blacklist ${HOME}/.local/share/data/Mumble
+blacklist ${HOME}/.local/share/data/MusE
+blacklist ${HOME}/.local/share/data/MuseScore
 blacklist ${HOME}/.local/share/dino
 blacklist ${HOME}/.local/share/dolphin
 blacklist ${HOME}/.local/share/epiphany
diff --git a/etc/musescore.profile b/etc/musescore.profile
new file mode 100644
index 000000000..bd00bea69
--- /dev/null
+++ b/etc/musescore.profile
@@ -0,0 +1,30 @@
+# Firejail profile for musescore
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/musescore.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+noblacklist ~/.config/MusE
+noblacklist ~/.config/MuseScore
+noblacklist ~/.local/share/data/MusE
+noblacklist ~/.local/share/data/MuseScore
+
+caps.drop all
+netfilter
+no3d
+nodvd
+nonewprivs
+noroot
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+
+# private-bin musescore,mscore
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index d11f473ed..6473c6fef 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -216,6 +216,7 @@
 /etc/firejail/mumble.profile
 /etc/firejail/mupdf.profile
 /etc/firejail/mupen64plus.profile
+/etc/firejail/musescore.profile
 /etc/firejail/mutt.profile
 /etc/firejail/nautilus.profile
 /etc/firejail/nemo.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index d66b026b0..15e95b9a7 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -193,6 +193,7 @@ multimc5
 mumble
 mupdf
 mupen64plus
+musescore
 mutt
 nautilus
 netsurf
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 8dd4ef8fa..e9b27f9e4 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -830,7 +830,7 @@ $ firejail \-\-net=none vlc
 .br
 
 .br
-Note: \-\-net=none could crush the application on some platforms.
+Note: \-\-net=none can crash the application on some platforms.
 In these cases, it can be replaced with \-\-protocol=unix.
 
 .TP
diff --git a/test/filters/filters.sh b/test/filters/filters.sh
index 8f659237a..611580612 100755
--- a/test/filters/filters.sh
+++ b/test/filters/filters.sh
@@ -15,8 +15,12 @@ fi
 
 export PATH="$PATH:/usr/lib/firejail"
 
-echo "TESTING: memory-deny-write-execute (test/filters/memwrexe.exp)"
-./memwrexe.exp
+if [ "$(uname -m)" = "x86_64" ]; then
+    echo "TESTING: memory-deny-write-execute (test/filters/memwrexe.exp)"
+    ./memwrexe.exp
+else
+    echo "TESTING SKIP: memwrexe binary only running on x86_64."
+fi
 
 echo "TESTING: debug options (test/filters/debug.exp)"
 ./debug.exp