49 files changed, 151 insertions, 71 deletions

diff --git a/RELNOTES b/RELNOTES
index aba2e7dee..026c67f9b 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -3,11 +3,11 @@ firejail (0.9.51) baseline; urgency=low
   * enhancement: support Firejail user config directory in firecfg
   * enhancement: disable DBus activation in firecfg
   * enhancement; enumerate root directories in apparmor profile
-  * feature: systemd-resolvd integration
+  * feature: systemd-resolved integration
   * feature: whitelisting /var directory in most profiles
   * feature: GTK2, GTK3 and Qt4 private-lib support
   * feature: test deployment of private-lib for the following
-    applications: evince, galculator, gnome-calculator, hexchat,
+    applications: evince, galculator, gnome-calculator,
     leafpad, mousepad, transmission-gtk, xcalc, xmr-stak-cpu,
     atril, mate-color-select
   * feature: --writable-run-user
diff --git a/etc/Viber.profile b/etc/Viber.profile
index 03e5f1086..f5843bfd4 100644
--- a/etc/Viber.profile
+++ b/etc/Viber.profile
@@ -30,7 +30,7 @@ seccomp
 shell none
 
 disable-mnt
-private-bin sh,bash,dash,dig,awk,Viber
+private-bin sh,bash,dig,awk,Viber
 private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf
 private-tmp
 
diff --git a/etc/apktool.profile b/etc/apktool.profile
index 650c20de7..13c8f3311 100644
--- a/etc/apktool.profile
+++ b/etc/apktool.profile
@@ -25,7 +25,7 @@ protocol unix
 seccomp
 shell none
 
-private-bin apktool,bash,dash,java,dirname,basename,expr,sh
+private-bin apktool,bash,java,dirname,basename,expr,sh
 private-dev
 
 noexec ${HOME}
diff --git a/etc/arm.profile b/etc/arm.profile
index afb6d465a..8b41d787e 100644
--- a/etc/arm.profile
+++ b/etc/arm.profile
@@ -33,7 +33,7 @@ shell none
 tracelog
 
 disable-mnt
-# private-bin arm,tor,sh,bash,dash,python2,python2.7,ps,lsof,ldconfig
+private-bin arm,tor,sh,bash,python*,ps,lsof,ldconfig
 private-dev
 private-etc tor,passwd
 private-tmp
diff --git a/etc/atril.profile b/etc/atril.profile
index 4d7ac5244..8c5bdc6fb 100644
--- a/etc/atril.profile
+++ b/etc/atril.profile
@@ -32,10 +32,13 @@ tracelog
 private-bin atril, atril-previewer, atril-thumbnailer
 private-dev
 private-etc fonts,ld.so.cache
-private-lib
+# atril uses webkit gtk to display epub files
+# waiting for globbing support in private-lib; for now hardcoding it to webkit2gtk-4.0
+private-lib webkit2gtk-4.0
 # atril needs access to /tmp/mozilla* to work in firefox
 # private-tmp
 
-memory-deny-write-execute
+# webkit gtk killed by memory-deny-write-execute
+#memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
diff --git a/etc/bless.profile b/etc/bless.profile
index 27557d9af..e4d2f0730 100644
--- a/etc/bless.profile
+++ b/etc/bless.profile
@@ -26,7 +26,7 @@ protocol unix
 seccomp
 shell none
 
-# private-bin bless,dash,sh,bash,mono
+# private-bin bless,sh,bash,mono
 private-dev
 private-etc fonts,mono
 private-tmp
diff --git a/etc/catfish.profile b/etc/catfish.profile
index 5fc585d90..45aa6c35c 100644
--- a/etc/catfish.profile
+++ b/etc/catfish.profile
@@ -33,6 +33,6 @@ tracelog
 
 # These options work but are disabled in case
 # a users wants to search in these directories.
-# private-bin bash,catfish,env,locate,ls,mlocate,python,python2,python2.7,python3,python3.5,python3.5m,python3m
+# private-bin bash,catfish,env,locate,ls,mlocate,python*
 # private-dev
 # private-tmp
diff --git a/etc/deluge.profile b/etc/deluge.profile
index c311d2fa7..e18e39b1a 100644
--- a/etc/deluge.profile
+++ b/etc/deluge.profile
@@ -30,6 +30,6 @@ seccomp
 shell none
 
 # deluge is using python on Debian
-# private-bin deluge,sh,python,uname
+private-bin deluge,sh,python*,uname
 private-dev
 private-tmp
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile
index bdbb10b12..5261bb865 100644
--- a/etc/dex2jar.profile
+++ b/etc/dex2jar.profile
@@ -26,7 +26,7 @@ protocol unix
 seccomp
 shell none
 
-private-bin dex2jar,dash,java,sh,bash,expr,dirname,ls,uname,grep
+private-bin dex2jar,java,sh,bash,expr,dirname,ls,uname,grep
 private-dev
 
 noexec ${HOME}
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index 021e6349e..f01953ed4 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -76,6 +76,11 @@ read-only ${HOME}/.kde4/share/kde4/services
 read-only ${HOME}/.kde4/share/config/kdeglobals
 read-only ${HOME}/.local/share/kservices5
 
+# kdeinit sockets
+blacklist /run/user/*/kdeinit*
+blacklist /run/user/*/ksocket-*/kdeinit*
+blacklist /tmp/ksocket-*/kdeinit*
+
 # systemd
 blacklist ${HOME}/.config/systemd
 blacklist ${HOME}/.local/share/systemd
diff --git a/etc/display.profile b/etc/display.profile
index eca749cec..d44733e30 100644
--- a/etc/display.profile
+++ b/etc/display.profile
@@ -26,7 +26,7 @@ seccomp
 shell none
 # x11 xorg - problems on kubuntu 17.04
 
-# private-bin display - requires python
+private-bin display,python*
 private-dev
 # private-etc none - on Debian-based systems display is a symlink in /etc/alternatives
 private-tmp
diff --git a/etc/filezilla.profile b/etc/filezilla.profile
index 866aaabca..544c724bc 100644
--- a/etc/filezilla.profile
+++ b/etc/filezilla.profile
@@ -24,6 +24,6 @@ protocol unix,inet,inet6
 seccomp
 shell none
 
-private-bin filezilla,uname,sh,bash,dash,python,lsb_release,fzputtygen,fzsftp
+private-bin filezilla,uname,sh,bash,python*,lsb_release,fzputtygen,fzsftp
 private-dev
 private-tmp
diff --git a/etc/gajim.profile b/etc/gajim.profile
index f1929c015..9171b93af 100644
--- a/etc/gajim.profile
+++ b/etc/gajim.profile
@@ -38,7 +38,7 @@ seccomp
 shell none
 
 disable-mnt
-# private-bin python2.7 gajim
+private-bin python2.7,gajim
 private-dev
 # private-etc fonts
 # private-tmp
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile
index d1ef20e6b..17288d500 100644
--- a/etc/gnome-music.profile
+++ b/etc/gnome-music.profile
@@ -27,7 +27,7 @@ seccomp
 shell none
 tracelog
 
-# private-bin gnome-music,python3
+private-bin gnome-music,python*
 private-dev
 # private-etc fonts
 private-tmp
diff --git a/etc/google-earth.profile b/etc/google-earth.profile
index b60f5b3a5..2e0d11897 100644
--- a/etc/google-earth.profile
+++ b/etc/google-earth.profile
@@ -41,7 +41,7 @@ protocol unix,inet,inet6
 seccomp
 shell none
 
-private-bin google-earth,sh,bash,dash,grep,sed,ls,dirname
+private-bin google-earth,sh,bash,grep,sed,ls,dirname
 private-dev
 
 noexec ${HOME}
diff --git a/etc/hexchat.profile b/etc/hexchat.profile
index 46ddee61d..5945665cc 100644
--- a/etc/hexchat.profile
+++ b/etc/hexchat.profile
@@ -36,11 +36,11 @@ tracelog
 
 disable-mnt
 # debug note: private-bin requires perl, python, etc on some systems
-private-bin hexchat
+private-bin hexchat,python*
 private-dev
-private-lib
+#private-lib - python problems
 private-tmp
 
-memory-deny-write-execute
+# memory-deny-write-execute - breaks python
 noexec ${HOME}
 noexec /tmp
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile
index 0f59b5721..5cb1e1828 100644
--- a/etc/jd-gui.profile
+++ b/etc/jd-gui.profile
@@ -27,7 +27,7 @@ protocol unix
 seccomp
 shell none
 
-private-bin jd-gui,dash,sh,bash
+private-bin jd-gui,sh,bash
 private-dev
 private-tmp
 
diff --git a/etc/macrofusion.profile b/etc/macrofusion.profile
index be66cf6ee..506fdd549 100644
--- a/etc/macrofusion.profile
+++ b/etc/macrofusion.profile
@@ -27,7 +27,7 @@ protocol unix
 seccomp
 shell none
 
-#private-bin python3,macrofusion,env,enfuse,exiftool,align_image_stack
+private-bin python*,macrofusion,env,enfuse,exiftool,align_image_stack
 private-dev
 private-tmp
 
diff --git a/etc/meld.profile b/etc/meld.profile
index f1910d0f4..5043f2496 100644
--- a/etc/meld.profile
+++ b/etc/meld.profile
@@ -26,7 +26,7 @@ protocol unix
 seccomp
 shell none
 
-# private-bin meld,python2,python2.7
+private-bin meld,python*
 private-dev
 private-tmp
 
diff --git a/etc/mpv.profile b/etc/mpv.profile
index eb8a88a4b..2e632eef2 100644
--- a/etc/mpv.profile
+++ b/etc/mpv.profile
@@ -25,5 +25,5 @@ seccomp
 shell none
 tracelog
 
-private-bin mpv,youtube-dl,python,python2.7,python3,python3.5,python3.6,env
+private-bin mpv,youtube-dl,python*,env
 private-dev
diff --git a/etc/multimc5.profile b/etc/multimc5.profile
index 3423c2a88..8a70d9d36 100644
--- a/etc/multimc5.profile
+++ b/etc/multimc5.profile
@@ -35,7 +35,7 @@ shell none
 
 disable-mnt
 # private-bin works, but causes weirdness
-# private-bin multimc5,dash,bash,mkdir,which,zenity,kdialog,ldd,chmod,valgrind,apt-file,pkgfile,dnf,yum,zypper,pfl,java,grep,sort,awk,readlink,dirname
+# private-bin multimc5,bash,mkdir,which,zenity,kdialog,ldd,chmod,valgrind,apt-file,pkgfile,dnf,yum,zypper,pfl,java,grep,sort,awk,readlink,dirname
 private-dev
 private-tmp
 
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile
index f1c3377d9..fd52fb9ee 100644
--- a/etc/pdfsam.profile
+++ b/etc/pdfsam.profile
@@ -26,7 +26,7 @@ protocol unix
 seccomp
 shell none
 
-private-bin pdfsam,dash,sh,bash,java,archlinux-java,grep,awk,dirname,uname,which,sort,find,readlink,expr,ls,java-config
+private-bin pdfsam,sh,bash,java,archlinux-java,grep,awk,dirname,uname,which,sort,find,readlink,expr,ls,java-config
 private-dev
 private-tmp
 
diff --git a/etc/pithos.profile b/etc/pithos.profile
index b81e0b634..f3949d3f1 100644
--- a/etc/pithos.profile
+++ b/etc/pithos.profile
@@ -26,7 +26,7 @@ seccomp
 shell none
 
 disable-mnt
-# private-bin pithos,python,python3,python3.6
+private-bin pithos,env,python*
 private-dev
 private-tmp
 
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile
index ce4c4d416..62a056a30 100644
--- a/etc/sdat2img.profile
+++ b/etc/sdat2img.profile
@@ -26,7 +26,7 @@ protocol unix
 seccomp
 shell none
 
-# private-bin sdat2img,env,python,python3,python3.6
+private-bin sdat2img,env,python*
 private-dev
 
 noexec ${HOME}
diff --git a/etc/silentarmy.profile b/etc/silentarmy.profile
index 977cfea99..88bf23158 100644
--- a/etc/silentarmy.profile
+++ b/etc/silentarmy.profile
@@ -28,7 +28,7 @@ shell none
 
 disable-mnt
 private
-# private-bin silentarmy,sa-solver,python3
+private-bin silentarmy,sa-solver,python*
 private-dev
 private-opt none
 private-tmp
diff --git a/etc/spotify.profile b/etc/spotify.profile
index 3506b793b..586934ec3 100644
--- a/etc/spotify.profile
+++ b/etc/spotify.profile
@@ -40,7 +40,7 @@ seccomp
 shell none
 
 disable-mnt
-private-bin spotify,bash,sh,dash
+private-bin spotify,bash,sh
 private-dev
 private-etc fonts,machine-id,pulse,resolv.conf
 private-opt spotify
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile
index e12a38164..57a5c20e3 100644
--- a/etc/start-tor-browser.profile
+++ b/etc/start-tor-browser.profile
@@ -24,7 +24,7 @@ seccomp
 shell none
 tracelog
 
-private-bin bash,dash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf
+private-bin bash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf
 private-dev
 private-etc fonts
 private-tmp
diff --git a/etc/surf.profile b/etc/surf.profile
index 251331902..a12212f16 100644
--- a/etc/surf.profile
+++ b/etc/surf.profile
@@ -26,7 +26,7 @@ seccomp
 shell none
 tracelog
 
-private-bin ls,surf,sh,dash,bash,curl,dmenu,printf,sed,sleep,st,stterm,xargs,xprop
+private-bin ls,surf,sh,bash,curl,dmenu,printf,sed,sleep,st,stterm,xargs,xprop
 private-dev
 private-etc passwd,group,hosts,resolv.conf,fonts,ssl
 private-tmp
diff --git a/etc/tar.profile b/etc/tar.profile
index f14894c25..c8c0b2cae 100644
--- a/etc/tar.profile
+++ b/etc/tar.profile
@@ -20,7 +20,7 @@ shell none
 tracelog
 
 # support compressed archives
-private-bin sh,bash,dash,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop
+private-bin sh,bash,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop
 private-dev
 private-etc passwd,group,localtime
 
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile
index 3b6b65bec..85af86068 100644
--- a/etc/torbrowser-launcher.profile
+++ b/etc/torbrowser-launcher.profile
@@ -32,7 +32,7 @@ seccomp
 shell none
 tracelog
 
-private-bin bash,cp,dash,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python,python2.7,readlink,rm,sed,sh,tail,test,tor-browser-en,torbrowser-launcher
+private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,test,tor-browser-en,torbrowser-launcher
 private-dev
 private-etc fonts
 private-tmp
diff --git a/etc/waterfox.profile b/etc/waterfox.profile
index 67995f345..9626c17aa 100644
--- a/etc/waterfox.profile
+++ b/etc/waterfox.profile
@@ -80,7 +80,7 @@ shell none
 tracelog
 
 # waterfox requires a shell to launch on Arch. We can possibly remove sh though.
-# private-bin waterfox,which,sh,dbus-launch,dbus-send,env,dash,bash
+# private-bin waterfox,which,sh,dbus-launch,dbus-send,env,bash
 private-dev
 # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,waterfox,mime.types,mailcap,asound.conf,pulse
 private-tmp
diff --git a/etc/xchat.profile b/etc/xchat.profile
index ab62160b5..bab108c0a 100644
--- a/etc/xchat.profile
+++ b/etc/xchat.profile
@@ -19,4 +19,4 @@ notv
 protocol unix,inet,inet6
 seccomp
 
-# private-bin requires perl, python, etc.
+# private-bin requires perl, python*, etc.
diff --git a/etc/xonotic.profile b/etc/xonotic.profile
index 6dc62c33b..b3d45dc71 100644
--- a/etc/xonotic.profile
+++ b/etc/xonotic.profile
@@ -29,7 +29,7 @@ seccomp
 shell none
 
 disable-mnt
-private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dash,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl
+private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl
 private-dev
 # private-etc breaks audio on some distros
 #private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl
diff --git a/etc/xpra.profile b/etc/xpra.profile
index 2bd91e8b5..849bb9868 100644
--- a/etc/xpra.profile
+++ b/etc/xpra.profile
@@ -41,7 +41,7 @@ shell none
 # private home directory doesn't work on some distros, so we go for a regular home
 # private
 # older Xpra versions also use Xvfb
-# private-bin xpra,python,Xvfb,Xorg,sh,xkbcomp,xauth,dbus-launch,pactl,ldconfig,which,strace,bash,cat,ls
+# private-bin xpra,python*,Xvfb,Xorg,sh,xkbcomp,xauth,dbus-launch,pactl,ldconfig,which,strace,bash,cat,ls
 private-dev
 # private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname,machine-id,xpra,X11
 private-tmp
diff --git a/src/fcopy/main.c b/src/fcopy/main.c
index e7b4ffa8a..cbb551125 100644
--- a/src/fcopy/main.c
+++ b/src/fcopy/main.c
@@ -41,6 +41,11 @@ static void copy_file(const char *srcname, const char *destname, mode_t mode, ui
         assert(destname);
         mode &= 07777;
 
+        // don't copy the file if it is already there
+        struct stat s;
+        if (stat(destname, &s) == 0)
+                return;
+
         // open source
         int src = open(srcname, O_RDONLY);
         if (src < 0) {
@@ -113,10 +118,18 @@ void copy_link(const char *target, const char *linkpath, mode_t mode, uid_t uid,
         (void) mode;
         (void) uid;
         (void) gid;
+
+        // if the link is already there, don't create it
+        struct stat s;
+        if (stat(linkpath, &s) == 0)
+               return;  
+
         char *rp = realpath(target, NULL);
         if (rp) {
-                if (symlink(rp, linkpath) == -1)
+                if (symlink(rp, linkpath) == -1) {
+                        free(rp);
                         goto errout;
+                }
                 free(rp);
         }
         else
@@ -129,6 +142,7 @@ errout:
 }
 
 
+
 static int first = 1;
 static int fs_copydir(const char *infname, const struct stat *st, int ftype, struct FTW *sftw) {
         (void) st;
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c
index 0f7ab40ff..2a045f628 100644
--- a/src/firejail/appimage.c
+++ b/src/firejail/appimage.c
@@ -45,7 +45,7 @@ void appimage_set(const char *appimage) {
 
 #ifdef LOOP_CTL_GET_FREE
         // check appimage file
-        invalid_filename(appimage);
+        invalid_filename(appimage, 0); // no globbing
         if (access(appimage, R_OK) == -1) {
                 fprintf(stderr, "Error: cannot access AppImage file\n");
                 exit(1);
diff --git a/src/firejail/cgroup.c b/src/firejail/cgroup.c
index 70f07dd23..8d6496aab 100644
--- a/src/firejail/cgroup.c
+++ b/src/firejail/cgroup.c
@@ -72,7 +72,7 @@ errout:
 void set_cgroup(const char *path) {
         EUID_ASSERT();
 
-        invalid_filename(path);
+        invalid_filename(path, 0); // no globbing
 
         // path starts with /sys/fs/cgroup
         if (strncmp(path, "/sys/fs/cgroup", 14) != 0)
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index b9eb68fb0..e10a5d346 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -499,7 +499,7 @@ void notify_other(int fd);
 char *expand_home(const char *path, const char* homedir);
 const char *gnu_basename(const char *path);
 uid_t pid_get_uid(pid_t pid);
-void invalid_filename(const char *fname);
+void invalid_filename(const char *fname, int globbing);
 uid_t get_group_id(const char *group);
 int remove_directory(const char *path);
 void flush_stdin(void);
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c
index 9aa227caf..6bd7ecd17 100644
--- a/src/firejail/fs_bin.c
+++ b/src/firejail/fs_bin.c
@@ -23,6 +23,7 @@
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <unistd.h>
+#include <glob.h>
 
 static char *paths[] = {
         "/usr/local/bin",
@@ -146,11 +147,13 @@ errexit:
 }
 
 static void duplicate(char *fname, FILE *fplist) {
+        assert(fname);
+
         if (*fname == '~' || strstr(fname, "..")) {
                 fprintf(stderr, "Error: \"%s\" is an invalid filename\n", fname);
                 exit(1);
         }
-        invalid_filename(fname);
+        invalid_filename(fname, 0); // no globbing
 
         char *full_path;
         if (*fname == '/') {
@@ -203,6 +206,52 @@ static void duplicate(char *fname, FILE *fplist) {
         free(full_path);
 }
 
+static void globbing(char *fname, FILE *fplist) {
+        assert(fname);
+
+        // go directly to duplicate() if no globbing char is present - see man 7 glob
+        if (strrchr(fname, '*') == NULL &&
+            strrchr(fname, '[') == NULL &&
+            strrchr(fname, '?') == NULL)
+                return duplicate(fname, fplist);
+
+        // loop through paths[]
+        int i = 0;
+        while (paths[i]) {
+                // private-bin-no-local can be disabled in /etc/firejail/firejail.config
+                if (checkcfg(CFG_PRIVATE_BIN_NO_LOCAL) && strstr(paths[i], "local/")) {
+                        i++;
+                        continue;
+                }
+
+                // check file
+                char *pattern;
+                if (asprintf(&pattern, "%s/%s", paths[i], fname) == -1)
+                        errExit("asprintf");
+
+                // globbing
+                glob_t globbuf;
+                int globerr = glob(pattern, GLOB_NOCHECK | GLOB_NOSORT | GLOB_PERIOD, NULL, &globbuf);
+                if (globerr) {
+                        fprintf(stderr, "Error: failed to glob private-bin pattern %s\n", pattern);
+                        exit(1);
+                }
+
+                size_t j;
+                for (j = 0; j < globbuf.gl_pathc; j++) {
+                        assert(globbuf.gl_pathv[j]);
+                        // testing for GLOB_NOCHECK - no pattern matched returns the original pattern
+                        if (strcmp(globbuf.gl_pathv[j], pattern) == 0)
+                                continue;
+
+                        duplicate(globbuf.gl_pathv[j], fplist);
+                }
+
+                globfree(&globbuf);
+                free(pattern);
+                i++;
+        }
+}
 
 void fs_private_bin_list(void) {
         char *private_list = cfg.bin_private_keep;
@@ -228,9 +277,9 @@ void fs_private_bin_list(void) {
         }
 
         char *ptr = strtok(dlist, ",");
-        duplicate(ptr, fplist);
+        globbing(ptr, fplist);
         while ((ptr = strtok(NULL, ",")) != NULL)
-                duplicate(ptr, fplist);
+                globbing(ptr, fplist);
         free(dlist);
         fs_logger_print();
         if (fplist)
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
index b0835d50b..9502844b2 100644
--- a/src/firejail/fs_etc.c
+++ b/src/firejail/fs_etc.c
@@ -103,7 +103,7 @@ static void duplicate(const char *fname, const char *private_dir, const char *pr
                 fprintf(stderr, "Error: \"%s\" is an invalid filename\n", fname);
                 exit(1);
         }
-        invalid_filename(fname);
+        invalid_filename(fname, 0); // no globbing
 
         char *src;
         if (asprintf(&src,  "%s/%s", private_dir, fname) == -1)
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index 9e3678c33..0de003e58 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -325,7 +325,7 @@ void fs_private(void) {
 // check new private home directory (--private= option) - exit if it fails
 void fs_check_private_dir(void) {
         EUID_ASSERT();
-        invalid_filename(cfg.home_private);
+        invalid_filename(cfg.home_private, 0); // no globbing
 
         // Expand the home directory
         char *tmp = expand_home(cfg.home_private, cfg.homedir);
@@ -367,7 +367,7 @@ static char *check_dir_or_file(const char *name) {
         assert(name);
 
         // basic checks
-        invalid_filename(name);
+        invalid_filename(name, 0); // no globbing
         if (arg_debug)
                 printf("Private home: checking %s\n", name);
 
diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c
index 42255070c..0cf715fe2 100644
--- a/src/firejail/fs_hostname.c
+++ b/src/firejail/fs_hostname.c
@@ -129,7 +129,7 @@ void fs_resolvconf(void) {
 
 char *fs_check_hosts_file(const char *fname) {
         assert(fname);
-        invalid_filename(fname);
+        invalid_filename(fname, 0); // no globbing
         char *rv = expand_home(fname, cfg.homedir);
 
         // no a link
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c
index 20ffe825a..7975ae323 100644
--- a/src/firejail/fs_mkdir.c
+++ b/src/firejail/fs_mkdir.c
@@ -59,7 +59,7 @@ void fs_mkdir(const char *name) {
         EUID_ASSERT();
 
         // check directory name
-        invalid_filename(name);
+        invalid_filename(name, 0); // no globbing
         char *expanded = expand_home(name, cfg.homedir);
         if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0 &&
             strncmp(expanded, "/tmp", 4) != 0) {
@@ -99,7 +99,7 @@ void fs_mkfile(const char *name) {
         EUID_ASSERT();
 
         // check file name
-        invalid_filename(name);
+        invalid_filename(name, 0); // no globbing
         char *expanded = expand_home(name, cfg.homedir);
         if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0 &&
             strncmp(expanded, "/tmp", 4) != 0) {
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 54cbf1526..458bba6f6 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -572,7 +572,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                                 exit(1);
                         }
                         char *path = argv[i + 1];
-                         invalid_filename(path);
+                         invalid_filename(path, 0); // no globbing
                          if (strstr(path, "..")) {
                                 fprintf(stderr, "Error: invalid file name %s\n", path);
                                 exit(1);
@@ -596,13 +596,13 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                                 exit(1);
                         }
                         char *path1 = argv[i + 1];
-                         invalid_filename(path1);
+                         invalid_filename(path1, 0); // no globbing
                          if (strstr(path1, "..")) {
                                 fprintf(stderr, "Error: invalid file name %s\n", path1);
                                 exit(1);
                          }
                         char *path2 = argv[i + 2];
-                         invalid_filename(path2);
+                         invalid_filename(path2, 0); // no globbing
                          if (strstr(path2, "..")) {
                                 fprintf(stderr, "Error: invalid file name %s\n", path2);
                                 exit(1);
@@ -626,7 +626,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                                 exit(1);
                         }
                         char *path = argv[i + 1];
-                         invalid_filename(path);
+                         invalid_filename(path, 0); // no globbing
                          if (strstr(path, "..")) {
                                 fprintf(stderr, "Error: invalid file name %s\n", path);
                                 exit(1);
@@ -1434,7 +1434,7 @@ int main(int argc, char **argv) {
                                 }
 
                                 // check name
-                                invalid_filename(subdirname);
+                                invalid_filename(subdirname, 0); // no globbing
                                 if (strstr(subdirname, "..") || strstr(subdirname, "/")) {
                                         fprintf(stderr, "Error: invalid overlay name\n");
                                         exit(1);
@@ -1483,7 +1483,7 @@ int main(int argc, char **argv) {
                                 exit(1);
                         }
                         custom_profile_dir = expand_home(argv[i] + 15, cfg.homedir);
-                        invalid_filename(custom_profile_dir);
+                        invalid_filename(custom_profile_dir, 0); // no globbing
                         if (!is_dir(custom_profile_dir) || is_link(custom_profile_dir) || strstr(custom_profile_dir, "..")) {
                                 fprintf(stderr, "Error: invalid profile path\n");
                                 exit(1);
@@ -1542,7 +1542,7 @@ int main(int argc, char **argv) {
                                 }
 
 
-                                invalid_filename(argv[i] + 9);
+                                invalid_filename(argv[i] + 9, 0); // no globbing
 
                                 // extract chroot dirname
                                 cfg.chrootdir = argv[i] + 9;
@@ -2193,7 +2193,7 @@ int main(int argc, char **argv) {
                                 fprintf(stderr, "Error: --shell=none was already specified.\n");
                                 return 1;
                         }
-                        invalid_filename(argv[i] + 8);
+                        invalid_filename(argv[i] + 8, 0); // no globbing
 
                         if (cfg.shell) {
                                 fprintf(stderr, "Error: only one user shell can be specified\n");
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c
index 14b3b54a6..cb0d9d7af 100644
--- a/src/firejail/netfilter.c
+++ b/src/firejail/netfilter.c
@@ -45,7 +45,7 @@ static char *client_filter =
 
 void check_netfilter_file(const char *fname) {
         EUID_ASSERT();
-        invalid_filename(fname);
+        invalid_filename(fname, 0); // no globbing
 
         if (is_dir(fname) || is_link(fname) || strstr(fname, "..") || access(fname, R_OK )) {
                 fprintf(stderr, "Error: invalid network filter file %s\n", fname);
diff --git a/src/firejail/netns.c b/src/firejail/netns.c
index fdd108652..f52613490 100644
--- a/src/firejail/netns.c
+++ b/src/firejail/netns.c
@@ -49,7 +49,7 @@ void check_netns(const char *nsname) {
                 fprintf(stderr, "Error: invalid netns name %s\n", nsname);
                 exit(1);
         }
-        invalid_filename(nsname);
+        invalid_filename(nsname, 0); // no globbing
         char *control_file = netns_control_file(nsname);
 
         EUID_ASSERT();
diff --git a/src/firejail/output.c b/src/firejail/output.c
index b99604ec4..4f68b8ca3 100644
--- a/src/firejail/output.c
+++ b/src/firejail/output.c
@@ -48,7 +48,7 @@ void check_output(int argc, char **argv) {
         drop_privs(0);
         char *outfile = argv[outindex];
         outfile += (enable_stderr)? 16:9;
-        invalid_filename(outfile);
+        invalid_filename(outfile, 0); // no globbing
 
         // do not accept directories, links, and files with ".."
         if (strstr(outfile, "..") || is_link(outfile) || is_dir(outfile)) {
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 789a8b060..a1c94579c 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -925,7 +925,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                         }
 
                         // check name
-                        invalid_filename(subdirname);
+                        invalid_filename(subdirname, 0); // no globbing
                         if (strstr(subdirname, "..") || strstr(subdirname, "/")) {
                                 fprintf(stderr, "Error: invalid overlay name\n");
                                 exit(1);
@@ -993,8 +993,8 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                         }
 
                         // check directories
-                        invalid_filename(dname1);
-                        invalid_filename(dname2);
+                        invalid_filename(dname1, 0); // no globbing
+                        invalid_filename(dname2, 0); // no globbing
                         if (strstr(dname1, "..") || strstr(dname2, "..")) {
                                 fprintf(stderr, "Error: invalid file name.\n");
                                 exit(1);
@@ -1123,7 +1123,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
         }
 
         // some characters just don't belong in filenames
-        invalid_filename(ptr);
+        invalid_filename(ptr, 1); // globbing
         if (strstr(ptr, "..")) {
                 if (lineno == 0)
                         fprintf(stderr, "Error: \"%s\" is an invalid filename\n", ptr);
@@ -1170,7 +1170,7 @@ void profile_read(const char *fname) {
         }
 
         // check file
-        invalid_filename(fname);
+        invalid_filename(fname, 0); // no globbing
         if (strlen(fname) == 0 || is_dir(fname)) {
                 fprintf(stderr, "Error: invalid profile file\n");
                 exit(1);
diff --git a/src/firejail/util.c b/src/firejail/util.c
index 4d1c94c25..559f7ee48 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -747,7 +747,7 @@ uid_t pid_get_uid(pid_t pid) {
 }
 
 
-void invalid_filename(const char *fname) {
+void invalid_filename(const char *fname, int globbing) {
 //      EUID_ASSERT();
         assert(fname);
         const char *ptr = fname;
@@ -763,10 +763,19 @@ void invalid_filename(const char *fname) {
                 return;
 
         int len = strlen(ptr);
-        // file globbing ('*') is allowed
-        if (strcspn(ptr, "\\&!?\"'<>%^(){}[];,") != (size_t)len) {
-                fprintf(stderr, "Error: \"%s\" is an invalid filename\n", ptr);
-                exit(1);
+        
+        if (globbing) {
+                // file globbing ('*?[]') is allowed
+                if (strcspn(ptr, "\\&!\"'<>%^(){};,") != (size_t)len) {
+                        fprintf(stderr, "Error: \"%s\" is an invalid filename\n", ptr);
+                        exit(1);
+                }
+        }
+        else {
+                if (strcspn(ptr, "\\&!?\"'<>%^(){};,*[]") != (size_t)len) {
+                        fprintf(stderr, "Error: \"%s\" is an invalid filename\n", ptr);
+                        exit(1);
+                }
         }
 }