46 files changed, 253 insertions, 12 deletions

diff --git a/README.md b/README.md
index 89c4b9c53..9e0116350 100644
--- a/README.md
+++ b/README.md
@@ -116,4 +116,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 
 ## New profiles:
 
-gnome-sound-recorder, godot, jerry, keepassxc-cli, keepassxc-proxy, klatexformula, klatexformula_cmdl, links, newsbeuter, OpenArena, pandoc, qgis, rhythmbox-client, tcpdump, teams-for-linux, tshark, xlinks, zeal, mpg123, conplay, mpg123.bin, mpg123-alsa, mpg123-id3dump, mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss, mpg123-portaudio, mpg123-pulse, mpg123-strip, out123, pavucontrol-qt, gnome-characters, gnome-character-map, rsync, Whalebird, tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat
+gnome-sound-recorder, godot, jerry, keepassxc-cli, keepassxc-proxy, klatexformula, klatexformula_cmdl, links, newsbeuter, OpenArena, pandoc, qgis, rhythmbox-client, tcpdump, teams-for-linux, tshark, xlinks, zeal, mpg123, conplay, mpg123.bin, mpg123-alsa, mpg123-id3dump, mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss, mpg123-portaudio, mpg123-pulse, mpg123-strip, out123, pavucontrol-qt, gnome-characters, gnome-character-map, rsync, Whalebird, tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat, kiwix-desktop
diff --git a/RELNOTES b/RELNOTES
index d639940bd..41a288bd0 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -12,7 +12,8 @@ firejail (0.9.61) baseline; urgency=low
   * new profiles: mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss
   * new profiles: mpg123-portaudio, mpg123-pulse, mpg123-strip, pavucontrol-qt
   * new profiles: gnome-characters, gnome-character-map, rsync, Whalebird,
-  * new profiles: tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat
+  * new profiles: tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat,
+  * new profiles: kiwix-desktop
  -- netblue30 <netblue30@yahoo.com>  Sat, 1 Jun 2019 08:00:00 -0500
 
 firejail (0.9.60) baseline; urgency=low
diff --git a/etc/7za.profile b/etc/7za.profile
index 28e483a8c..14188e1f0 100644
--- a/etc/7za.profile
+++ b/etc/7za.profile
@@ -1,5 +1,6 @@
 # Firejail profile for 7za
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include 7za.local
 # Persistent global definitions
diff --git a/etc/7zr.profile b/etc/7zr.profile
index 1b85badbc..2cb42fa40 100644
--- a/etc/7zr.profile
+++ b/etc/7zr.profile
@@ -1,5 +1,6 @@
 # Firejail profile for 7zr
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include 7zr.local
 # Persistent global definitions
diff --git a/etc/Xephyr.profile b/etc/Xephyr.profile
index 5ef75022b..ab5fdf942 100644
--- a/etc/Xephyr.profile
+++ b/etc/Xephyr.profile
@@ -1,6 +1,7 @@
 # Firejail profile for Xephyr
 # This file is overwritten after every install/update
 # Persistent local customizations
+quiet
 include Xephyr.local
 # Persistent global definitions
 include globals.local
diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile
index 3ecda698e..6559be21a 100644
--- a/etc/Xvfb.profile
+++ b/etc/Xvfb.profile
@@ -1,6 +1,7 @@
 # Firejail profile for Xvfb
 # Description: Virtual Framebuffer 'fake' X server
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include Xvfb.local
 # Persistent global definitions
diff --git a/etc/acat.profile b/etc/acat.profile
index f35adf3dc..522d8db4e 100644
--- a/etc/acat.profile
+++ b/etc/acat.profile
@@ -1,5 +1,6 @@
 # Firejail profile for acat
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include acat.local
 # Persistent global definitions
diff --git a/etc/adiff.profile b/etc/adiff.profile
index f22a27e79..a80886d56 100644
--- a/etc/adiff.profile
+++ b/etc/adiff.profile
@@ -1,5 +1,6 @@
 # Firejail profile for adiff
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include adiff.local
 # Persistent global definitions
diff --git a/etc/als.profile b/etc/als.profile
index aa7f29337..5eae228b6 100644
--- a/etc/als.profile
+++ b/etc/als.profile
@@ -1,5 +1,6 @@
 # Firejail profile for als
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include als.local
 # Persistent global definitions
diff --git a/etc/apack.profile b/etc/apack.profile
index b09d3d718..9fef911af 100644
--- a/etc/apack.profile
+++ b/etc/apack.profile
@@ -1,5 +1,6 @@
 # Firejail profile for apack
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include apack.local
 # Persistent global definitions
diff --git a/etc/arepack.profile b/etc/arepack.profile
index d23fc21db..012f2f049 100644
--- a/etc/arepack.profile
+++ b/etc/arepack.profile
@@ -1,5 +1,6 @@
 # Firejail profile for arepack
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include arepack.local
 # Persistent global definitions
diff --git a/etc/aunpack.profile b/etc/aunpack.profile
index c119ed9ad..6ce4aa491 100644
--- a/etc/aunpack.profile
+++ b/etc/aunpack.profile
@@ -1,5 +1,6 @@
 # Firejail profile for aunpack
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include aunpack.local
 # Persistent global definitions
diff --git a/etc/conplay.profile b/etc/conplay.profile
index 101ce2f17..d0ad7c753 100644
--- a/etc/conplay.profile
+++ b/etc/conplay.profile
@@ -1,4 +1,6 @@
 # Firejail profile for conplay
+# Description: MPEG audio player/decoder
+# This file is overwritten after every install/update
 # Persistent local customizations
 include conplay.local
 # Persistent global definitions
diff --git a/etc/dig.profile b/etc/dig.profile
index 6f2c1f755..611cbf026 100644
--- a/etc/dig.profile
+++ b/etc/dig.profile
@@ -1,7 +1,7 @@
 # Firejail profile for dig
 # Description: DNS lookup utility
-quiet
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include dig.local
 # Persistent global definitions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index c0bf1f8d4..a3f7c570b 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -509,6 +509,8 @@ blacklist ${HOME}/.local/share/kaffeine
 blacklist ${HOME}/.local/share/kate
 blacklist ${HOME}/.local/share/kdenlive
 blacklist ${HOME}/.local/share/kget
+blacklist ${HOME}/.local/share/kiwix
+blacklist ${HOME}/.local/share/kiwix-desktop
 blacklist ${HOME}/.local/share/klavaro
 blacklist ${HOME}/.local/share/kmail2
 blacklist ${HOME}/.local/share/knotes
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile
index c04451373..bba94e3cb 100644
--- a/etc/dnscrypt-proxy.profile
+++ b/etc/dnscrypt-proxy.profile
@@ -1,6 +1,7 @@
 # Firejail profile for dnscrypt-proxy
 # Description: Tool for securing communications between a client and a DNS resolver
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include dnscrypt-proxy.local
 # Persistent global definitions
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile
index daf4795c3..dfb1b61c1 100644
--- a/etc/dnsmasq.profile
+++ b/etc/dnsmasq.profile
@@ -1,6 +1,7 @@
 # Firejail profile for dnsmasq
 # Description: Small caching DNS proxy and DHCP/TFTP server
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include dnsmasq.local
 # Persistent global definitions
diff --git a/etc/ffmpegthumbnailer.profile b/etc/ffmpegthumbnailer.profile
index 3681c40f1..6d72c3b99 100644
--- a/etc/ffmpegthumbnailer.profile
+++ b/etc/ffmpegthumbnailer.profile
@@ -1,6 +1,7 @@
 # Firejail profile for ffmpegthumbnailer
 # Description: FFmpeg-based video thumbnailer
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include ffmpegthumbnailer.local
 # Persistent global definitions
diff --git a/etc/ffplay.profile b/etc/ffplay.profile
index b42cc29bc..71187a5b5 100644
--- a/etc/ffplay.profile
+++ b/etc/ffplay.profile
@@ -1,6 +1,7 @@
 # Firejail profile for ffplay
 # Description: FFmpeg-based media player
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include ffplay.local
 # Persistent global definitions
diff --git a/etc/ffprobe.profile b/etc/ffprobe.profile
index bd8643206..cb24a7d05 100644
--- a/etc/ffprobe.profile
+++ b/etc/ffprobe.profile
@@ -1,6 +1,7 @@
 # Firejail profile for ffprobe
 # Description: FFmpeg-based media prober
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include ffprobe.local
 # Persistent global definitions
diff --git a/etc/kiwix-desktop.profile b/etc/kiwix-desktop.profile
new file mode 100644
index 000000000..db8f7880c
--- /dev/null
+++ b/etc/kiwix-desktop.profile
@@ -0,0 +1,49 @@
+# Firejail profile for kiwix-desktop
+# Description: view/manage ZIM files
+# This file is overwritten after every install/update
+# Persistent local customizations
+include kiwix-desktop.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.local/share/kiwix
+noblacklist ${HOME}/.local/share/kiwix-desktop
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.local/share/kiwix
+mkdir ${HOME}/.local/share/kiwix-desktop
+whitelist ${HOME}/.local/share/kiwix
+whitelist ${HOME}/.local/share/kiwix-desktop
+include whitelist-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+netfilter
+# no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+# nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
+shell none
+
+disable-mnt
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,machine-id,pki,pulse,resolv.conf,ssl
+private-tmp
diff --git a/etc/lrunzip.profile b/etc/lrunzip.profile
index 72abec8bb..c010cbd96 100644
--- a/etc/lrunzip.profile
+++ b/etc/lrunzip.profile
@@ -1,6 +1,7 @@
 # Firejail profile for lrunzip
 # Description: Multi-threaded compression with rzip/lzma, lzo and zpaq
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include lrunzip.local
 # Persistent global definitions
diff --git a/etc/lrz.profile b/etc/lrz.profile
index c1f928bde..8077be945 100644
--- a/etc/lrz.profile
+++ b/etc/lrz.profile
@@ -1,6 +1,7 @@
 # Firejail profile for lrz
 # Description: Multi-threaded compression with rzip/lzma, lzo and zpaq
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include lrz.local
 # Persistent global definitions
diff --git a/etc/lrzcat.profile b/etc/lrzcat.profile
index edcd7f8cd..d05ee7aae 100644
--- a/etc/lrzcat.profile
+++ b/etc/lrzcat.profile
@@ -1,6 +1,7 @@
 # Firejail profile for lrzcat
 # Description: Multi-threaded compression with rzip/lzma, lzo and zpaq
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include lrzcat.local
 # Persistent global definitions
diff --git a/etc/lrzip.profile b/etc/lrzip.profile
index a69096e28..3767767f6 100644
--- a/etc/lrzip.profile
+++ b/etc/lrzip.profile
@@ -1,6 +1,7 @@
 # Firejail profile for lrzip
 # Description: Multi-threaded compression with rzip/lzma, lzo and zpaq
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include lrzip.local
 # Persistent global definitions
diff --git a/etc/lrztar.profile b/etc/lrztar.profile
index 54b04b4ec..673e9f62e 100644
--- a/etc/lrztar.profile
+++ b/etc/lrztar.profile
@@ -1,6 +1,7 @@
 # Firejail profile for lrztar
 # Description: Multi-threaded compression with rzip/lzma, lzo and zpaq
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include lrztar.local
 # Persistent global definitions
diff --git a/etc/lrzuntar.profile b/etc/lrzuntar.profile
index f21169b24..245d1c669 100644
--- a/etc/lrzuntar.profile
+++ b/etc/lrzuntar.profile
@@ -1,6 +1,7 @@
 # Firejail profile for lrzuntar
 # Description: Multi-threaded compression with rzip/lzma, lzo and zpaq
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include lrzuntar.local
 # Persistent global definitions
diff --git a/etc/nano.profile b/etc/nano.profile
index 30a6e03e7..9965d8a6b 100644
--- a/etc/nano.profile
+++ b/etc/nano.profile
@@ -1,6 +1,7 @@
 # Firejail profile for nano
 # Description: nano is an easy text editor for the terminal
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include nano.local
 # Persistent global definitions
diff --git a/etc/p7zip.profile b/etc/p7zip.profile
index 644292f2b..7e0069afc 100644
--- a/etc/p7zip.profile
+++ b/etc/p7zip.profile
@@ -1,6 +1,7 @@
 # Firejail profile for p7zip
 # Description: 7zr file archiver with high compression ratio
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include p7zip.local
 # Persistent global definitions
diff --git a/etc/qt-faststart.profile b/etc/qt-faststart.profile
index cf459472a..2cdff33a6 100644
--- a/etc/qt-faststart.profile
+++ b/etc/qt-faststart.profile
@@ -1,6 +1,7 @@
 # Firejail profile for qt-faststart
 # Description: FFmpeg-based media utility
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include qt-faststart.local
 # Persistent global definitions
diff --git a/etc/rnano.profile b/etc/rnano.profile
index 565c957e0..d9048982a 100644
--- a/etc/rnano.profile
+++ b/etc/rnano.profile
@@ -1,6 +1,7 @@
 # Firejail profile for rnano
 # Description: A restricted nano
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include rnano.local
 # Persistent global definitions
diff --git a/etc/scp.profile b/etc/scp.profile
index ca902061c..287b8029a 100644
--- a/etc/scp.profile
+++ b/etc/scp.profile
@@ -1,6 +1,7 @@
 # Firejail profile for scp
 # Description: Secure shell copy
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include scp.local
 # Persistent global definitions
diff --git a/etc/seahorse-daemon.profile b/etc/seahorse-daemon.profile
index 7c0e59c74..6410da4d8 100644
--- a/etc/seahorse-daemon.profile
+++ b/etc/seahorse-daemon.profile
@@ -1,6 +1,7 @@
 # Firejail profile for seahorse-daemon
 # Description: PGP encryption and signing
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include seahorse-daemon.local
 # Persistent global definitions
diff --git a/etc/sftp.profile b/etc/sftp.profile
index c980e1751..66dc2a57b 100644
--- a/etc/sftp.profile
+++ b/etc/sftp.profile
@@ -1,6 +1,7 @@
 # Firejail profile for sftp
 # Description: Secure file transport protocol
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include sftp.local
 # Persistent global definitions
diff --git a/etc/tb-starter-wrapper.profile b/etc/tb-starter-wrapper.profile
index 8a7d45449..7cf85b387 100644
--- a/etc/tb-starter-wrapper.profile
+++ b/etc/tb-starter-wrapper.profile
@@ -13,7 +13,5 @@ noblacklist ${HOME}/.tb
 mkdir ${HOME}/.tb
 whitelist ${HOME}/.tb
 
-x11 xorg
-
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile
index 00b82e852..8485c0c4c 100644
--- a/etc/torbrowser-launcher.profile
+++ b/etc/torbrowser-launcher.profile
@@ -48,7 +48,7 @@ shell none
 #tracelog
 
 disable-mnt
-private-bin bash,cat,cp,cut,dirname,env,expr,file,getconf,gpg,grep,gxmessage,id,kdialog,ln,mkdir,mv,pwd,python*,readlink,realpath,rm,sed,sh,tail,tar,tclsh,test,tor-browser,tor-browser-en,torbrowser-launcher,update-desktop-database,xmessage,xz,zenity
+private-bin bash,cat,cp,cut,dirname,env,expr,file,gpg,grep,gxmessage,kdialog,ln,mkdir,mv,python*,rm,sed,sh,tail,tar,tclsh,test,tor-browser,tor-browser-en,torbrowser-launcher,update-desktop-database,xmessage,xz,zenity
 private-dev
-private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,machine-id,pki,pulse,resolv.conf,ssl
+private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,ld.so.cache,machine-id,pki,pulse,resolv.conf,ssl
 private-tmp
diff --git a/etc/transmission-create.profile b/etc/transmission-create.profile
index 9b84bc33a..92a4770e2 100644
--- a/etc/transmission-create.profile
+++ b/etc/transmission-create.profile
@@ -1,6 +1,7 @@
 # Firejail profile for transmission-create
 # Description: CLI utility to create BitTorrent .torrent files
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include transmission-create.local
 # Persistent global definitions
diff --git a/etc/transmission-edit.profile b/etc/transmission-edit.profile
index 07990aa15..6d8a98911 100644
--- a/etc/transmission-edit.profile
+++ b/etc/transmission-edit.profile
@@ -1,6 +1,7 @@
 # Firejail profile for transmission-edit
 # Description: CLI utility to modify BitTorrent .torrent files' announce URLs
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include transmission-edit.local
 # Persistent global definitions
diff --git a/etc/transmission-remote-cli.profile b/etc/transmission-remote-cli.profile
index 98b875fc5..2e7a31545 100644
--- a/etc/transmission-remote-cli.profile
+++ b/etc/transmission-remote-cli.profile
@@ -1,6 +1,7 @@
 # Firejail profile for transmission-remote-cli
 # Description: A remote control utility for transmission-daemon (CLI)
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include transmission-remote-cli.local
 # Persistent global definitions
diff --git a/etc/transmission-remote-gtk.profile b/etc/transmission-remote-gtk.profile
index b7173def5..5a57e4887 100644
--- a/etc/transmission-remote-gtk.profile
+++ b/etc/transmission-remote-gtk.profile
@@ -1,6 +1,7 @@
 # Firejail profile for transmission-remote-gtk
 # Description: A remote control utility for transmission-daemon (GTK GUI)
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include transmission-remote-gtk.local
 # Persistent global definitions
diff --git a/etc/whois.profile b/etc/whois.profile
index f101ee637..859542533 100644
--- a/etc/whois.profile
+++ b/etc/whois.profile
@@ -1,7 +1,7 @@
 # Firejail profile for whois
 # Description: Intelligent WHOIS client
-quiet
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include whois.local
 # Persistent global definitions
diff --git a/etc/xpra.profile b/etc/xpra.profile
index 6f66b9300..1033a7471 100644
--- a/etc/xpra.profile
+++ b/etc/xpra.profile
@@ -1,6 +1,7 @@
 # Firejail profile for xpra
 # Description: Tool to detach/reattach running X programs
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include xpra.local
 # Persistent global definitions
diff --git a/etc/zpaq.profile b/etc/zpaq.profile
index 6bf3605eb..80329ecfd 100644
--- a/etc/zpaq.profile
+++ b/etc/zpaq.profile
@@ -1,6 +1,7 @@
 # Firejail profile for zpaq
 # Description: Programmable file compressor, library and utilities. Based on the PAQ compression algorithm.
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include zpaq.local
 # Persistent global definitions
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 59d64ceb4..daaa4919e 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -314,6 +314,7 @@ kid3
 kid3-cli
 kid3-qt
 kino
+kiwix-desktop
 klatexformula
 klatexformula_cmdl
 klavaro
diff --git a/src/libtrace/libtrace.c b/src/libtrace/libtrace.c
index 60fdb5470..71a1234cc 100644
--- a/src/libtrace/libtrace.c
+++ b/src/libtrace/libtrace.c
@@ -43,7 +43,16 @@ static orig_fopen64_t orig_fopen64 = NULL;
 //
 // library constructor/destructor
 //
+//#define PRINTF_DEVTTY
+#ifdef PRINTF_DEVTTY
+// Replacing printf with fprintf to /dev/tty in order to fix #561
+// In some cases this crashes the program running in the sandbox.
+// Example:
+//                  $ firejail --trace mkdir ttt
+// logs the following error in syslog:
+//                  debian kernel: [18521.399073] mkdir[12206]: segfault at 0 ip 00007f77ebf41f6b sp 00007ffe1a0161e0 error 4 in libc-2.24.so[7f77ebe4b000+195000]
 static FILE *ftty = NULL;
+#endif
 static pid_t mypid = 0;
 #define MAXNAME 16
 static char myname[MAXNAME] = {'\0', };
@@ -53,7 +62,10 @@ void init(void) {
         orig_fopen = (orig_fopen_t)dlsym(RTLD_NEXT, "fopen");
 
         // tty
+#ifdef PRINTF_DEVTTY
         ftty = orig_fopen("/dev/tty", "w");
+printf("*** ftty %p ***\n", ftty);
+#endif
 
         // pid
         mypid = getpid();
@@ -79,7 +91,9 @@ void init(void) {
 
 static void fini(void) __attribute__((destructor));
 void fini(void) {
+#ifdef PRINTF_DEVTTY
         fclose(ftty);
+#endif
 }
 
 //
@@ -226,23 +240,43 @@ static char *translate(XTable *table, int val) {
 static void print_sockaddr(int sockfd, const char *call, const struct sockaddr *addr, int rv) {
         if (addr->sa_family == AF_INET) {
                 struct sockaddr_in *a = (struct sockaddr_in *) addr;
+#ifdef PRINTF_DEVTTY
                 fprintf(ftty, "%u:%s:%s %d %s port %u:%d\n", mypid, myname, call, sockfd, inet_ntoa(a->sin_addr), ntohs(a->sin_port), rv);
+#else
+                printf("%u:%s:%s %d %s port %u:%d\n", mypid, myname, call, sockfd, inet_ntoa(a->sin_addr), ntohs(a->sin_port), rv);
+#endif
         }
         else if (addr->sa_family == AF_INET6) {
                 struct sockaddr_in6 *a = (struct sockaddr_in6 *) addr;
                 char str[INET6_ADDRSTRLEN];
                 inet_ntop(AF_INET6, &(a->sin6_addr), str, INET6_ADDRSTRLEN);
+#ifdef PRINTF_DEVTTY
                 fprintf(ftty, "%u:%s:%s %d %s:%d\n", mypid, myname, call, sockfd, str, rv);
+#else
+                printf("%u:%s:%s %d %s:%d\n", mypid, myname, call, sockfd, str, rv);
+#endif
         }
         else if (addr->sa_family == AF_UNIX) {
                 struct sockaddr_un *a = (struct sockaddr_un *) addr;
                 if (a->sun_path[0])
+#ifdef PRINTF_DEVTTY
                         fprintf(ftty, "%u:%s:%s %d %s:%d\n", mypid, myname, call, sockfd, a->sun_path, rv);
+#else
+                        printf("%u:%s:%s %d %s:%d\n", mypid, myname, call, sockfd, a->sun_path, rv);
+#endif
                 else
+#ifdef PRINTF_DEVTTY
                         fprintf(ftty, "%u:%s:%s %d @%s:%d\n", mypid, myname, call, sockfd, a->sun_path + 1, rv);
+#else
+                        printf("%u:%s:%s %d @%s:%d\n", mypid, myname, call, sockfd, a->sun_path + 1, rv);
+#endif
         }
         else {
+#ifdef PRINTF_DEVTTY
                 fprintf(ftty, "%u:%s:%s %d family %d:%d\n", mypid, myname, call, sockfd, addr->sa_family, rv);
+#else
+                printf("%u:%s:%s %d family %d:%d\n", mypid, myname, call, sockfd, addr->sa_family, rv);
+#endif
         }
 }
 
@@ -258,7 +292,11 @@ int open(const char *pathname, int flags, mode_t mode) {
                 orig_open = (orig_open_t)dlsym(RTLD_NEXT, "open");
 
         int rv = orig_open(pathname, flags, mode);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:open %s:%d\n", mypid, myname, pathname, rv);
+#else
+        printf("%u:%s:open %s:%d\n", mypid, myname, pathname, rv);
+#endif
         return rv;
 }
 
@@ -269,7 +307,11 @@ int open64(const char *pathname, int flags, mode_t mode) {
                 orig_open64 = (orig_open64_t)dlsym(RTLD_NEXT, "open64");
 
         int rv = orig_open64(pathname, flags, mode);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:open64 %s:%d\n", mypid, myname, pathname, rv);
+#else
+        printf("%u:%s:open64 %s:%d\n", mypid, myname, pathname, rv);
+#endif
         return rv;
 }
 
@@ -281,7 +323,11 @@ int openat(int dirfd, const char *pathname, int flags, mode_t mode) {
                 orig_openat = (orig_openat_t)dlsym(RTLD_NEXT, "openat");
 
         int rv = orig_openat(dirfd, pathname, flags, mode);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:openat %s:%d\n", mypid, myname, pathname, rv);
+#else
+        printf("%u:%s:openat %s:%d\n", mypid, myname, pathname, rv);
+#endif
         return rv;
 }
 
@@ -292,7 +338,11 @@ int openat64(int dirfd, const char *pathname, int flags, mode_t mode) {
                 orig_openat64 = (orig_openat64_t)dlsym(RTLD_NEXT, "openat64");
 
         int rv = orig_openat64(dirfd, pathname, flags, mode);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:openat64 %s:%d\n", mypid, myname, pathname, rv);
+#else
+        printf("%u:%s:openat64 %s:%d\n", mypid, myname, pathname, rv);
+#endif
         return rv;
 }
 
@@ -303,7 +353,11 @@ FILE *fopen(const char *pathname, const char *mode) {
                 orig_fopen = (orig_fopen_t)dlsym(RTLD_NEXT, "fopen");
 
         FILE *rv = orig_fopen(pathname, mode);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:fopen %s:%p\n", mypid, myname, pathname, rv);
+#else
+        printf("%u:%s:fopen %s:%p\n", mypid, myname, pathname, rv);
+#endif
         return rv;
 }
 
@@ -313,7 +367,11 @@ FILE *fopen64(const char *pathname, const char *mode) {
                 orig_fopen64 = (orig_fopen_t)dlsym(RTLD_NEXT, "fopen64");
 
         FILE *rv = orig_fopen64(pathname, mode);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:fopen64 %s:%p\n", mypid, myname, pathname, rv);
+#else
+        printf("%u:%s:fopen64 %s:%p\n", mypid, myname, pathname, rv);
+#endif
         return rv;
 }
 #endif /* __GLIBC__ */
@@ -327,7 +385,11 @@ FILE *freopen(const char *pathname, const char *mode, FILE *stream) {
                 orig_freopen = (orig_freopen_t)dlsym(RTLD_NEXT, "freopen");
 
         FILE *rv = orig_freopen(pathname, mode, stream);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:freopen %s:%p\n", mypid, myname, pathname, rv);
+#else
+        printf("%u:%s:freopen %s:%p\n", mypid, myname, pathname, rv);
+#endif
         return rv;
 }
 
@@ -339,7 +401,11 @@ FILE *freopen64(const char *pathname, const char *mode, FILE *stream) {
                 orig_freopen64 = (orig_freopen64_t)dlsym(RTLD_NEXT, "freopen64");
 
         FILE *rv = orig_freopen64(pathname, mode, stream);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:freopen64 %s:%p\n", mypid, myname, pathname, rv);
+#else
+        printf("%u:%s:freopen64 %s:%p\n", mypid, myname, pathname, rv);
+#endif
         return rv;
 }
 #endif /* __GLIBC__ */
@@ -352,7 +418,11 @@ int unlink(const char *pathname) {
                 orig_unlink = (orig_unlink_t)dlsym(RTLD_NEXT, "unlink");
 
         int rv = orig_unlink(pathname);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:unlink %s:%d\n", mypid, myname, pathname, rv);
+#else
+        printf("%u:%s:unlink %s:%d\n", mypid, myname, pathname, rv);
+#endif
         return rv;
 }
 
@@ -363,7 +433,11 @@ int unlinkat(int dirfd, const char *pathname, int flags) {
                 orig_unlinkat = (orig_unlinkat_t)dlsym(RTLD_NEXT, "unlinkat");
 
         int rv = orig_unlinkat(dirfd, pathname, flags);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:unlinkat %s:%d\n", mypid, myname, pathname, rv);
+#else
+        printf("%u:%s:unlinkat %s:%d\n", mypid, myname, pathname, rv);
+#endif
         return rv;
 }
 
@@ -375,7 +449,11 @@ int mkdir(const char *pathname, mode_t mode) {
                 orig_mkdir = (orig_mkdir_t)dlsym(RTLD_NEXT, "mkdir");
 
         int rv = orig_mkdir(pathname, mode);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:mkdir %s:%d\n", mypid, myname, pathname, rv);
+#else
+        printf("%u:%s:mkdir %s:%d\n", mypid, myname, pathname, rv);
+#endif
         return rv;
 }
 
@@ -386,7 +464,11 @@ int mkdirat(int dirfd, const char *pathname, mode_t mode) {
                 orig_mkdirat = (orig_mkdirat_t)dlsym(RTLD_NEXT, "mkdirat");
 
         int rv = orig_mkdirat(dirfd, pathname, mode);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:mkdirat %s:%d\n", mypid, myname, pathname, rv);
+#else
+        printf("%u:%s:mkdirat %s:%d\n", mypid, myname, pathname, rv);
+#endif
         return rv;
 }
 
@@ -397,7 +479,11 @@ int rmdir(const char *pathname) {
                 orig_rmdir = (orig_rmdir_t)dlsym(RTLD_NEXT, "rmdir");
 
         int rv = orig_rmdir(pathname);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:rmdir %s:%d\n", mypid, myname, pathname, rv);
+#else
+        printf("%u:%s:rmdir %s:%d\n", mypid, myname, pathname, rv);
+#endif
         return rv;
 }
 
@@ -409,7 +495,11 @@ int stat(const char *pathname, struct stat *statbuf) {
                 orig_stat = (orig_stat_t)dlsym(RTLD_NEXT, "stat");
 
         int rv = orig_stat(pathname, statbuf);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:stat %s:%d\n", mypid, myname, pathname, rv);
+#else
+        printf("%u:%s:stat %s:%d\n", mypid, myname, pathname, rv);
+#endif
         return rv;
 }
 
@@ -421,7 +511,11 @@ int stat64(const char *pathname, struct stat64 *statbuf) {
                 orig_stat64 = (orig_stat64_t)dlsym(RTLD_NEXT, "stat64");
 
         int rv = orig_stat64(pathname, statbuf);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:stat64 %s:%d\n", mypid, myname, pathname, rv);
+#else
+        printf("%u:%s:stat64 %s:%d\n", mypid, myname, pathname, rv);
+#endif
         return rv;
 }
 #endif /* __GLIBC__ */
@@ -434,7 +528,11 @@ int lstat(const char *pathname, struct stat *statbuf) {
                 orig_lstat = (orig_lstat_t)dlsym(RTLD_NEXT, "lstat");
 
         int rv = orig_lstat(pathname, statbuf);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:lstat %s:%d\n", mypid, myname, pathname, rv);
+#else
+        printf("%u:%s:lstat %s:%d\n", mypid, myname, pathname, rv);
+#endif
         return rv;
 }
 
@@ -446,7 +544,11 @@ int lstat64(const char *pathname, struct stat64 *statbuf) {
                 orig_lstat64 = (orig_lstat64_t)dlsym(RTLD_NEXT, "lstat64");
 
         int rv = orig_lstat64(pathname, statbuf);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:lstat64 %s:%d\n", mypid, myname, pathname, rv);
+#else
+        printf("%u:%s:lstat64 %s:%d\n", mypid, myname, pathname, rv);
+#endif
         return rv;
 }
 #endif /* __GLIBC__ */
@@ -459,7 +561,11 @@ DIR *opendir(const char *pathname) {
                 orig_opendir = (orig_opendir_t)dlsym(RTLD_NEXT, "opendir");
 
         DIR *rv = orig_opendir(pathname);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:opendir %s:%p\n", mypid, myname, pathname, rv);
+#else
+        printf("%u:%s:opendir %s:%p\n", mypid, myname, pathname, rv);
+#endif
         return rv;
 }
 
@@ -471,7 +577,11 @@ int access(const char *pathname, int mode) {
                 orig_access = (orig_access_t)dlsym(RTLD_NEXT, "access");
 
         int rv = orig_access(pathname, mode);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:access %s:%d\n", mypid, myname, pathname, rv);
+#else
+        printf("%u:%s:access %s:%d\n", mypid, myname, pathname, rv);
+#endif
         return rv;
 }
 
@@ -529,7 +639,11 @@ int socket(int domain, int type, int protocol) {
                         sprintf(ptr, "%s", str);
         }
 
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%s:%d\n", socketbuf, rv);
+#else
+        printf("%s:%d\n", socketbuf, rv);
+#endif
         return rv;
 }
 
@@ -567,7 +681,11 @@ int system(const char *command) {
                 orig_system = (orig_system_t)dlsym(RTLD_NEXT, "system");
 
         int rv = orig_system(command);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:system %s:%d\n", mypid, myname, command, rv);
+#else
+        printf("%u:%s:system %s:%d\n", mypid, myname, command, rv);
+#endif
 
         return rv;
 }
@@ -579,7 +697,11 @@ int setuid(uid_t uid) {
                 orig_setuid = (orig_setuid_t)dlsym(RTLD_NEXT, "setuid");
 
         int rv = orig_setuid(uid);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:setuid %d:%d\n", mypid, myname, uid, rv);
+#else
+        printf("%u:%s:setuid %d:%d\n", mypid, myname, uid, rv);
+#endif
 
         return rv;
 }
@@ -591,7 +713,11 @@ int setgid(gid_t gid) {
                 orig_setgid = (orig_setgid_t)dlsym(RTLD_NEXT, "setgid");
 
         int rv = orig_setgid(gid);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:setgid %d:%d\n", mypid, myname, gid, rv);
+#else
+        printf("%u:%s:setgid %d:%d\n", mypid, myname, gid, rv);
+#endif
 
         return rv;
 }
@@ -603,7 +729,11 @@ int setfsuid(uid_t uid) {
                 orig_setfsuid = (orig_setfsuid_t)dlsym(RTLD_NEXT, "setfsuid");
 
         int rv = orig_setfsuid(uid);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:setfsuid %d:%d\n", mypid, myname, uid, rv);
+#else
+        printf("%u:%s:setfsuid %d:%d\n", mypid, myname, uid, rv);
+#endif
 
         return rv;
 }
@@ -615,7 +745,11 @@ int setfsgid(gid_t gid) {
                 orig_setfsgid = (orig_setfsgid_t)dlsym(RTLD_NEXT, "setfsgid");
 
         int rv = orig_setfsgid(gid);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:setfsgid %d:%d\n", mypid, myname, gid, rv);
+#else
+        printf("%u:%s:setfsgid %d:%d\n", mypid, myname, gid, rv);
+#endif
 
         return rv;
 }
@@ -627,7 +761,11 @@ int setreuid(uid_t ruid, uid_t euid) {
                 orig_setreuid = (orig_setreuid_t)dlsym(RTLD_NEXT, "setreuid");
 
         int rv = orig_setreuid(ruid, euid);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:setreuid %d %d:%d\n", mypid, myname, ruid, euid, rv);
+#else
+        printf("%u:%s:setreuid %d %d:%d\n", mypid, myname, ruid, euid, rv);
+#endif
 
         return rv;
 }
@@ -639,7 +777,11 @@ int setregid(gid_t rgid, gid_t egid) {
                 orig_setregid = (orig_setregid_t)dlsym(RTLD_NEXT, "setregid");
 
         int rv = orig_setregid(rgid, egid);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:setregid %d %d:%d\n", mypid, myname, rgid, egid, rv);
+#else
+        printf("%u:%s:setregid %d %d:%d\n", mypid, myname, rgid, egid, rv);
+#endif
 
         return rv;
 }
@@ -651,7 +793,11 @@ int setresuid(uid_t ruid, uid_t euid, uid_t suid) {
                 orig_setresuid = (orig_setresuid_t)dlsym(RTLD_NEXT, "setresuid");
 
         int rv = orig_setresuid(ruid, euid, suid);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:setresuid %d %d %d:%d\n", mypid, myname, ruid, euid, suid, rv);
+#else
+        printf("%u:%s:setresuid %d %d %d:%d\n", mypid, myname, ruid, euid, suid, rv);
+#endif
 
         return rv;
 }
@@ -663,7 +809,11 @@ int setresgid(gid_t rgid, gid_t egid, gid_t sgid) {
                 orig_setresgid = (orig_setresgid_t)dlsym(RTLD_NEXT, "setresgid");
 
         int rv = orig_setresgid(rgid, egid, sgid);
+#ifdef PRINTF_DEVTTY
         fprintf(ftty, "%u:%s:setresgid %d %d %d:%d\n", mypid, myname, rgid, egid, sgid, rv);
+#else
+        printf("%u:%s:setresgid %d %d %d:%d\n", mypid, myname, rgid, egid, sgid, rv);
+#endif
 
         return rv;
 }
@@ -678,6 +828,10 @@ static void log_exec(int argc, char** argv) {
         int rv = readlink("/proc/self/exe", buf, PATH_MAX);
         if (rv != -1) {
                 buf[rv] = '\0'; // readlink does not add a '\0' at the end
+#ifdef PRINTF_DEVTTY
                 fprintf(ftty, "%u:%s:exec %s:0\n", mypid, myname, buf);
+#else
+                printf("%u:%s:exec %s:0\n", mypid, myname, buf);
+#endif
         }
 }
diff --git a/test/fs/whitelist-dev.exp b/test/fs/whitelist-dev.exp
index d2cb72edd..1df8c361c 100755
--- a/test/fs/whitelist-dev.exp
+++ b/test/fs/whitelist-dev.exp
@@ -14,10 +14,10 @@ expect {
 }
 sleep 1
 
-send -- "find /dev | wc -l\r"
+send -- "ls /dev | wc -l\r"
 expect {
         timeout {puts "TESTING ERROR 1\n";exit}
-        "2"
+        "1"
 }
 after 100
 send -- "exit\r"
@@ -33,7 +33,7 @@ sleep 1
 send -- "find /dev | wc -l\r"
 expect {
         timeout {puts "TESTING ERROR 3\n";exit}
-        "4"
+        "1"
 }
 after 100
 send -- "exit\r"
@@ -46,7 +46,7 @@ expect {
 }
 sleep 1
 
-send -- "ls -l /dev | wc -l\r"
+send -- "ls /dev | wc -l\r"
 expect {
         timeout {puts "TESTING ERROR 5\n";exit}
         "12" {puts "OK\n"}