46 files changed, 1093 insertions, 10 deletions
diff --git a/README.md b/README.md
index ad90639e2..87a5b3f63 100644
--- a/README.md
+++ b/README.md
@@ -53,4 +53,8 @@ Use this issue to request new profiles: https://github.com/netblue30/firejail/is
 `````
 ## New Profiles
 xiphos, Tor Browser Bundle, display (imagemagik), Wire, mumble, zoom,Guayadeque
+amarok, ark, atool, bleachbit, brasero, dolphin, dragon, elinks, exiftool, file-roller, gedit
+gnome-books, gnome-clocks, gnome-documents, gnome-maps, gnome-music, gnome-photos, gnome-weather
+goobox, gpa, gpg, gpg-agent, highlight, img2txt, k3b, kate, lynx, mediainfo, nautilus, odt2txt, pdftotext
+simple-scan, skanlite, ssh-agent, transmission-cli, transmission-show, w3m, xfburn, xpra
diff --git a/etc/amarok.profile b/etc/amarok.profile
new file mode 100644
index 000000000..962865790
--- /dev/null
+++ b/etc/amarok.profile
@@ -0,0 +1,19 @@
+# amorak profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+shell none
+#seccomp
+protocol unix,inet,inet6
+#private-bin amorak
+private-dev
+private-tmp
+#private-etc none
diff --git a/etc/ark.profile b/etc/ark.profile
new file mode 100644
index 000000000..61b4c6f60
--- /dev/null
+++ b/etc/ark.profile
@@ -0,0 +1,23 @@
+# ark profile
+noblacklist ~/.config/arkrc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+nosound
+shell none
+seccomp
+protocol unix
+# private-bin
+private-dev
+private-tmp
+# private-etc
diff --git a/etc/atool.profile b/etc/atool.profile
new file mode 100644
index 000000000..3fbfb9fc7
--- /dev/null
+++ b/etc/atool.profile
@@ -0,0 +1,24 @@
+# atool profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+# include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+net none
+shell none
+tracelog
+# private-bin atool
+private-tmp
+private-dev
+private-etc none
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile
new file mode 100644
index 000000000..0a71db9f0
--- /dev/null
+++ b/etc/bleachbit.profile
@@ -0,0 +1,21 @@
+# bleachbit profile
+include /etc/firejail/disable-common.inc
+# include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+nosound
+shell none
+seccomp
+protocol unix
+# private-bin
+# private-dev
+# private-tmp
+# private-etc
diff --git a/etc/brasero.profile b/etc/brasero.profile
new file mode 100644
index 000000000..66de6fa50
--- /dev/null
+++ b/etc/brasero.profile
@@ -0,0 +1,23 @@
+# brasero profile
+noblacklist ~/.config/brasero
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin brasero
+# private-tmp
+# private-dev
+# private-etc fonts
diff --git a/etc/dolphin.profile b/etc/dolphin.profile
new file mode 100644
index 000000000..1a6abb71d
--- /dev/null
+++ b/etc/dolphin.profile
@@ -0,0 +1,23 @@
+# dolphin profile
+noblacklist ~/.config/dolphinrc
+noblacklist ~/.local/share/dolphin
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+shell none
+seccomp
+protocol unix
+# private-bin
+# private-dev
+# private-tmp
+# private-etc
diff --git a/etc/dragon.profile b/etc/dragon.profile
new file mode 100644
index 000000000..09cb73802
--- /dev/null
+++ b/etc/dragon.profile
@@ -0,0 +1,22 @@
+# dragon player profile
+noblacklist ~/.config/dragonplayerrc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+shell none
+seccomp
+protocol unix,inet,inet6
+private-bin dragon
+private-dev
+private-tmp
+# private-etc
diff --git a/etc/elinks.profile b/etc/elinks.profile
new file mode 100644
index 000000000..df817ea56
--- /dev/null
+++ b/etc/elinks.profile
@@ -0,0 +1,24 @@
+# elinks profile
+noblacklist ~/.elinks
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin elinks
+private-tmp
+private-dev
+# private-etc none
diff --git a/etc/enchant.profile b/etc/enchant.profile
new file mode 100644
index 000000000..cf8288919
--- /dev/null
+++ b/etc/enchant.profile
@@ -0,0 +1,23 @@
+# enchant profile
+noblacklist ~/.config/enchant
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin enchant
+# private-tmp
+# private-dev
+# private-etc fonts
diff --git a/etc/exiftool.profile b/etc/exiftool.profile
new file mode 100644
index 000000000..384695473
--- /dev/null
+++ b/etc/exiftool.profile
@@ -0,0 +1,28 @@
+# exiftool profile
+noblacklist /usr/bin/perl
+noblacklist /usr/share/perl*
+noblacklist /usr/lib/perl*
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+net none
+shell none
+tracelog
+# private-bin exiftool,perl
+private-tmp
+private-dev
+private-etc none
diff --git a/etc/file-roller.profile b/etc/file-roller.profile
new file mode 100644
index 000000000..6116389db
--- /dev/null
+++ b/etc/file-roller.profile
@@ -0,0 +1,21 @@
+# file-roller profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin file-roller
+# private-tmp
+private-dev
+# private-etc fonts
diff --git a/etc/gedit.profile b/etc/gedit.profile
new file mode 100644
index 000000000..a25286bfa
--- /dev/null
+++ b/etc/gedit.profile
@@ -0,0 +1,26 @@
+# gedit profile
+# when gedit is started via gnome-shell, firejail is not applied because systemd will start it
+noblacklist ~/.config/gedit
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+#include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin gedit
+private-tmp
+private-dev
+# private-etc fonts
diff --git a/etc/gjs.profile b/etc/gjs.profile
new file mode 100644
index 000000000..8d71728a2
--- /dev/null
+++ b/etc/gjs.profile
@@ -0,0 +1,28 @@
+# gjs (gnome javascript bindings) profile
+# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
+noblacklist ~/.cache/org.gnome.Books
+noblacklist ~/.config/libreoffice
+noblacklist ~/.local/share/gnome-photos
+noblacklist ~/.cache/libgweather
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin gjs,gnome-books,gnome-documents,gnome-photos,gnome-maps,gnome-weather
+private-tmp
+private-dev
+# private-etc fonts
diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile
new file mode 100644
index 000000000..10b06e173
--- /dev/null
+++ b/etc/gnome-books.profile
@@ -0,0 +1,26 @@
+# gnome-books profile
+# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
+noblacklist ~/.cache/org.gnome.Books
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin gjs gnome-books
+private-tmp
+private-dev
+private-etc fonts
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile
new file mode 100644
index 000000000..30adadda1
--- /dev/null
+++ b/etc/gnome-clocks.profile
@@ -0,0 +1,22 @@
+# gnome-clocks profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin gnome-clocks
+private-tmp
+private-dev
+# private-etc fonts
diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile
new file mode 100644
index 000000000..c5def7aff
--- /dev/null
+++ b/etc/gnome-documents.profile
@@ -0,0 +1,24 @@
+# gnome-documents profile
+# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
+noblacklist ~/.config/libreoffice
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+private-tmp
+private-dev
diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile
new file mode 100644
index 000000000..f1451506e
--- /dev/null
+++ b/etc/gnome-maps.profile
@@ -0,0 +1,24 @@
+# gnome-maps profile
+# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin gjs gnome-maps
+private-tmp
+private-dev
+# private-etc fonts
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile
new file mode 100644
index 000000000..4a8adeb22
--- /dev/null
+++ b/etc/gnome-music.profile
@@ -0,0 +1,22 @@
+# gnome-music profile
+noblacklist ~/.local/share/gnome-music
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin gnome-music,python3
+private-tmp
+private-dev
+# private-etc fonts
diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile
new file mode 100644
index 000000000..8f9d60cb5
--- /dev/null
+++ b/etc/gnome-photos.profile
@@ -0,0 +1,26 @@
+# gnome-photos profile
+# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
+noblacklist ~/.local/share/gnome-photos
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin gjs gnome-photos
+private-tmp
+private-dev
+# private-etc fonts
diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile
new file mode 100644
index 000000000..9f93b8f15
--- /dev/null
+++ b/etc/gnome-weather.profile
@@ -0,0 +1,26 @@
+# gnome-weather profile
+# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
+noblacklist ~/.cache/libgweather
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin gjs gnome-weather
+private-tmp
+private-dev
+# private-etc fonts
diff --git a/etc/goobox.profile b/etc/goobox.profile
new file mode 100644
index 000000000..8990943fc
--- /dev/null
+++ b/etc/goobox.profile
@@ -0,0 +1,20 @@
+# goobox profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin goobox
+# private-tmp
+# private-dev
+# private-etc fonts
diff --git a/etc/gpa.profile b/etc/gpa.profile
new file mode 100644
index 000000000..7d7277190
--- /dev/null
+++ b/etc/gpa.profile
@@ -0,0 +1,23 @@
+# gpa profile
+noblacklist ~/.gnupg
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin gpa,gpg
+private-tmp
+private-dev
+# private-etc none
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile
new file mode 100644
index 000000000..31ed8812e
--- /dev/null
+++ b/etc/gpg-agent.profile
@@ -0,0 +1,24 @@
+# gpg-agent profile
+noblacklist ~/.gnupg
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin gpg-agent,gpg
+private-tmp
+private-dev
+# private-etc none
diff --git a/etc/gpg.profile b/etc/gpg.profile
new file mode 100644
index 000000000..31372eb90
--- /dev/null
+++ b/etc/gpg.profile
@@ -0,0 +1,24 @@
+# gpg profile
+noblacklist ~/.gnupg
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+net none
+shell none
+tracelog
+# private-bin gpg,gpg-agent
+private-tmp
+private-dev
+# private-etc none
diff --git a/etc/highlight.profile b/etc/highlight.profile
new file mode 100644
index 000000000..f95f3924a
--- /dev/null
+++ b/etc/highlight.profile
@@ -0,0 +1,24 @@
+# highlight profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+net none
+shell none
+tracelog
+private-bin highlight
+private-tmp
+private-dev
diff --git a/etc/img2txt.profile b/etc/img2txt.profile
new file mode 100644
index 000000000..d55a31cd0
--- /dev/null
+++ b/etc/img2txt.profile
@@ -0,0 +1,24 @@
+# img2txt profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+net none
+shell none
+tracelog
+#private-bin img2txt
+private-tmp
+private-dev
+#private-etc none
diff --git a/etc/k3b.profile b/etc/k3b.profile
new file mode 100644
index 000000000..6e16d233c
--- /dev/null
+++ b/etc/k3b.profile
@@ -0,0 +1,21 @@
+# k3b profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+nosound
+shell none
+seccomp
+protocol unix
+# private-bin 
+private-dev
+private-tmp
+# private-etc
diff --git a/etc/kate.profile b/etc/kate.profile
new file mode 100644
index 000000000..4b07ea6cb
--- /dev/null
+++ b/etc/kate.profile
@@ -0,0 +1,28 @@
+# kate profile
+noblacklist ~/.local/share/kate
+noblacklist ~/.config/katerc
+noblacklist ~/.config/katepartrc
+noblacklist ~/.config/kateschemarc
+noblacklist ~/.config/katesyntaxhighlightingrc
+noblacklist ~/.config/katevirc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+#include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin kate
+private-tmp
+private-dev
+# private-etc fonts
diff --git a/etc/lynx.profile b/etc/lynx.profile
new file mode 100644
index 000000000..6e150f62e
--- /dev/null
+++ b/etc/lynx.profile
@@ -0,0 +1,22 @@
+# lynx profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin lynx
+private-tmp
+private-dev
+# private-etc none
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile
new file mode 100644
index 000000000..c07a9a9e8
--- /dev/null
+++ b/etc/mediainfo.profile
@@ -0,0 +1,26 @@
+# mediainfo profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+net none
+shell none
+tracelog
+private-bin mediainfo
+private-tmp
+private-dev
+private-etc none
diff --git a/etc/nautilus.profile b/etc/nautilus.profile
new file mode 100644
index 000000000..264ee0b9d
--- /dev/null
+++ b/etc/nautilus.profile
@@ -0,0 +1,26 @@
+# nautilus profile
+# Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there is already a nautilus process running on gnome desktops firejail will have no effect.
+noblacklist ~/.config/nautilus
+include /etc/firejail/disable-common.inc
+# nautilus needs to be able to start arbitrary applications so we cannot blacklist their files
+#include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin nautilus
+# private-tmp
+# private-dev
+# private-etc fonts
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile
new file mode 100644
index 000000000..329275022
--- /dev/null
+++ b/etc/odt2txt.profile
@@ -0,0 +1,24 @@
+# odt2txt profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+net none
+shell none
+tracelog
+private-bin odt2txt
+private-tmp
+private-dev
+private-etc none
+read-only ${HOME}
diff --git a/etc/okular.profile b/etc/okular.profile
index b43a5fbea..22e223cea 100644
--- a/etc/okular.profile
+++ b/etc/okular.profile
@@ -9,17 +9,17 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
-nogroups
+netfilter
 nonewprivs
+nogroups
 noroot
+nosound
 protocol unix
 seccomp
-nosound
+shell none
+tracelog
+# private-bin okular,kbuildsycoca4,kbuildsycoca5  
+# private-etc X11
 private-dev
+private-tmp
-#Experimental:
-#net none
-#shell none
-#private-bin okular,kbuildsycoca4,kbuildsycoca5
-#private-etc X11
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile
new file mode 100644
index 000000000..632c9d15e
--- /dev/null
+++ b/etc/pdftotext.profile
@@ -0,0 +1,22 @@
+# pdftotext profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+net none
+shell none
+tracelog
+private-bin pdftotext
+private-tmp
+private-dev
+private-etc none
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile
new file mode 100644
index 000000000..03089482b
--- /dev/null
+++ b/etc/simple-scan.profile
@@ -0,0 +1,23 @@
+# simple-scan profile
+noblacklist ~/.cache/simple-scan
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+#seccomp
+netfilter
+shell none
+tracelog
+# private-bin simple-scan
+# private-tmp
+# private-dev
+# private-etc fonts
diff --git a/etc/skanlite.profile b/etc/skanlite.profile
new file mode 100644
index 000000000..6e8face75
--- /dev/null
+++ b/etc/skanlite.profile
@@ -0,0 +1,21 @@
+# skanlite profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+nosound
+shell none
+#seccomp
+protocol unix
+private-bin skanlite
+# private-dev
+# private-tmp
+# private-etc
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile
new file mode 100644
index 000000000..485bd8f3b
--- /dev/null
+++ b/etc/ssh-agent.profile
@@ -0,0 +1,15 @@
+# ssh-agent
+quiet
+noblacklist ~/.ssh
+noblacklist /tmp/ssh-*
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/tracker.profile b/etc/tracker.profile
new file mode 100644
index 000000000..217631216
--- /dev/null
+++ b/etc/tracker.profile
@@ -0,0 +1,24 @@
+# tracker profile
+# Tracker is started by systemd on most systems. Therefore it is not firejailed by default
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin tracker
+# private-tmp
+# private-dev
+# private-etc fonts
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile
new file mode 100644
index 000000000..88ded649c
--- /dev/null
+++ b/etc/transmission-cli.profile
@@ -0,0 +1,24 @@
+# transmission-cli bittorrent profile
+noblacklist ${HOME}/.config/transmission
+noblacklist ${HOME}/.cache/transmission
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+net none
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+shell none
+tracelog
+#private-bin transmission-cli
+private-tmp
+private-dev
+private-etc none
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile
new file mode 100644
index 000000000..5e5284b34
--- /dev/null
+++ b/etc/transmission-show.profile
@@ -0,0 +1,24 @@
+# transmission-show profile
+noblacklist ${HOME}/.config/transmission
+noblacklist ${HOME}/.cache/transmission
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+net none
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+shell none
+tracelog
+# private-bin
+private-tmp
+private-dev
+private-etc none
diff --git a/etc/w3m.profile b/etc/w3m.profile
new file mode 100644
index 000000000..d765217cf
--- /dev/null
+++ b/etc/w3m.profile
@@ -0,0 +1,23 @@
+# w3m profile
+noblacklist ~/.w3m
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin w3m
+private-tmp
+private-dev
+private-etc none
diff --git a/etc/xfburn.profile b/etc/xfburn.profile
new file mode 100644
index 000000000..1dd24aa61
--- /dev/null
+++ b/etc/xfburn.profile
@@ -0,0 +1,23 @@
+# xfburn profile
+noblacklist ~/.config/xfburn
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin xfburn
+# private-tmp
+# private-dev
+# private-etc fonts
diff --git a/etc/xpra.profile b/etc/xpra.profile
new file mode 100644
index 000000000..8584e4e5b
--- /dev/null
+++ b/etc/xpra.profile
@@ -0,0 +1,21 @@
+# xpra profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+nosound
+shell none
+seccomp
+protocol unix,inet,inet6
+# private-bin 
+private-dev
+private-tmp
+# private-etc
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 6377c7426..60b4e0508 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -5,13 +5,18 @@
 /etc/firejail/Telegram.profile
 /etc/firejail/Wire.profile
 /etc/firejail/abrowser.profile
+/etc/firejail/amarok.profile
+/etc/firejail/ark.profile
 /etc/firejail/atom-beta.profile
 /etc/firejail/atom.profile
+/etc/firejail/atool.profile
 /etc/firejail/atril.profile
 /etc/firejail/audacious.profile
 /etc/firejail/audacity.profile
 /etc/firejail/aweather.profile
 /etc/firejail/bitlbee.profile
+/etc/firejail/bleachbit.profile
+/etc/firejail/brasero.profile
 /etc/firejail/brave.profile
 /etc/firejail/cherrytree.profile
 /etc/firejail/chromium-browser.profile
@@ -34,17 +39,23 @@
 /etc/firejail/display.profile
 /etc/firejail/dnscrypt-proxy.profile
 /etc/firejail/dnsmasq.profile
+/etc/firejail/dolphin.profile
 /etc/firejail/dosbox.profile
+/etc/firejail/dragon.profile
 /etc/firejail/dropbox.profile
+/etc/firejail/elinks.profile
 /etc/firejail/emacs.profile
 /etc/firejail/empathy.profile
+/etc/firejail/enchant.profile
 /etc/firejail/eog.profile
 /etc/firejail/eom.profile
 /etc/firejail/epiphany.profile
 /etc/firejail/evince.profile
 /etc/firejail/evolution.profile
+/etc/firejail/exiftool.profile
 /etc/firejail/fbreader.profile
 /etc/firejail/feh.profile
+/etc/firejail/file-roller.profile
 /etc/firejail/file.profile
 /etc/firejail/filezilla.profile
 /etc/firejail/firefox-esr.profile
@@ -54,16 +65,29 @@
 /etc/firejail/flowblade.profile
 /etc/firejail/franz.profile
 /etc/firejail/gajim.profile
+/etc/firejail/gedit.profile
 /etc/firejail/gimp.profile
 /etc/firejail/git.profile
 /etc/firejail/gitter.profile
+/etc/firejail/gjs.profile
+/etc/firejail/gnome-books.profile
 /etc/firejail/gnome-chess.profile
+/etc/firejail/gnome-clocks.profile
+/etc/firejail/gnome-documents.profile
+/etc/firejail/gnome-maps.profile
 /etc/firejail/gnome-mplayer.profile
+/etc/firejail/gnome-music.profile
+/etc/firejail/gnome-photos.profile
+/etc/firejail/gnome-weather.profile
+/etc/firejail/goobox.profile
 /etc/firejail/google-chrome-beta.profile
 /etc/firejail/google-chrome-stable.profile
 /etc/firejail/google-chrome-unstable.profile
 /etc/firejail/google-chrome.profile
 /etc/firejail/google-play-music-desktop-player.profile
+/etc/firejail/gpa.profile
+/etc/firejail/gpg-agent.profile
+/etc/firejail/gpg.profile
 /etc/firejail/gpredict.profile
 /etc/firejail/gtar.profile
 /etc/firejail/gthumb.profile
@@ -72,12 +96,16 @@
 /etc/firejail/gzip.profile
 /etc/firejail/hedgewars.profile
 /etc/firejail/hexchat.profile
+/etc/firejail/highlight.profile
 /etc/firejail/icecat.profile
 /etc/firejail/icedove.profile
 /etc/firejail/iceweasel.profile
+/etc/firejail/img2txt.profile
 /etc/firejail/inkscape.profile
 /etc/firejail/inox.profile
 /etc/firejail/jitsi.profile
+/etc/firejail/k3b.profile
+/etc/firejail/kate.profile
 /etc/firejail/keepass.profile
 /etc/firejail/keepass2.profile
 /etc/firejail/keepassx.profile
@@ -96,16 +124,20 @@
 /etc/firejail/lowriter.profile
 /etc/firejail/luminance-hdr.profile
 /etc/firejail/lxterminal.profile
+/etc/firejail/lynx.profile
 /etc/firejail/mathematica.profile
 /etc/firejail/mcabber.profile
+/etc/firejail/mediainfo.profile
 /etc/firejail/midori.profile
 /etc/firejail/mpv.profile
 /etc/firejail/mumble.profile
 /etc/firejail/mupdf.profile
 /etc/firejail/mupen64plus.profile
 /etc/firejail/mutt.profile
+/etc/firejail/nautilus.profile
 /etc/firejail/netsurf.profile
 /etc/firejail/nolocal.net
+/etc/firejail/odt2txt.profile
 /etc/firejail/okular.profile
 /etc/firejail/openbox.profile
 /etc/firejail/openshot.profile
@@ -113,6 +145,7 @@
 /etc/firejail/opera.profile
 /etc/firejail/palemoon.profile
 /etc/firejail/parole.profile
+/etc/firejail/pdftotext.profile
 /etc/firejail/pidgin.profile
 /etc/firejail/pix.profile
 /etc/firejail/polari.profile
@@ -131,12 +164,15 @@
 /etc/firejail/seamonkey-bin.profile
 /etc/firejail/seamonkey.profile
 /etc/firejail/server.profile
+/etc/firejail/simple-scan.profile
+/etc/firejail/skanlite.profile
 /etc/firejail/skype.profile
 /etc/firejail/skypeforlinux.profile
 /etc/firejail/slack.profile
 /etc/firejail/snap.profile
 /etc/firejail/soffice.profile
 /etc/firejail/spotify.profile
+/etc/firejail/ssh-agent.profile
 /etc/firejail/ssh.profile
 /etc/firejail/start-tor-browser.profile
 /etc/firejail/steam.profile
@@ -147,8 +183,11 @@
 /etc/firejail/telegram.profile
 /etc/firejail/thunderbird.profile
 /etc/firejail/totem.profile
+/etc/firejail/tracker.profile
+/etc/firejail/transmission-cli.profile
 /etc/firejail/transmission-gtk.profile
 /etc/firejail/transmission-qt.profile
+/etc/firejail/transmission-show.profile
 /etc/firejail/uget-gtk.profile
 /etc/firejail/unbound.profile
 /etc/firejail/unrar.profile
@@ -159,6 +198,7 @@
 /etc/firejail/vivaldi-beta.profile
 /etc/firejail/vivaldi.profile
 /etc/firejail/vlc.profile
+/etc/firejail/w3m.profile
 /etc/firejail/warzone2100.profile
 /etc/firejail/webserver.net
 /etc/firejail/weechat-curses.profile
@@ -168,9 +208,11 @@
 /etc/firejail/wine.profile
 /etc/firejail/wire.profile
 /etc/firejail/xchat.profile
+/etc/firejail/xfburn.profile
 /etc/firejail/xiphos.profile
 /etc/firejail/xpdf.profile
 /etc/firejail/xplayer.profile
+/etc/firejail/xpra.profile
 /etc/firejail/xreader.profile
 /etc/firejail/xviewer.profile
 /etc/firejail/xz.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index d10d59657..7d7fad0a6 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -14,6 +14,8 @@ qbittorrent
 rtorrent
 transmission-gtk
 transmission-qt
+transmission-cli
+transmission-show
 uget-gtk
 # browsers/email
@@ -51,6 +53,9 @@ thunderbird
 vivaldi-beta
 vivaldi
 evolution
+elinks
+lynx
+w3m
 # chat/messaging
 bitlbee
@@ -94,21 +99,41 @@ wesnot
 warzone2100
 # Media
+amarok
 audacious
 audacity
+bleachbit
+brasero
 clementine
 cmus
 deadbeef
 display
+dolphin
+dragon
+exiftool
 feh
+gjs
+gnome-books
+gnome-clocks
+gnome-documents
+gnome-maps
 gnome-mplayer
+gnome-music
+goobox
 google-play-music-desktop-player
+img2txt
+k3b
+mediainfo
 mpv
+nautilus
 parole
 rhythmbox
+simple-scan
+skanlite
 spotify
 totem
 vlc
+xfburn
 xplayer
 xviewer
 eom
@@ -121,10 +146,13 @@ atril
 cherrytree
 evince
 fbreader
+gedit
 gimp
 gthumb
 gwenview
+highlight
 inkscape
+kate
 libreoffice
 localc
 lodraw
@@ -141,7 +169,9 @@ soffice
 synfigstudio
 Mathematica
 mathematica
+odt2txt
 okular
+pdftotext
 pix
 xpdf
 xreader
@@ -151,14 +181,40 @@ flowblade
 eog
 # other
-ssh
-atom-beta
 atom
+atom-beta
+gpa
+gpg
+# don't run ssh-agent and gpg-agent with firejail by default
+# this will break many processes using them in the background 
+# ssh-agent
+# gpg-agent
+git
 ranger
 keepass
 keepass2
 keepassx
+ssh
+tracker
 xiphos
+xpra
 # weather/climate
 aweather
+gnome-weather
+# compressing tools
+ark
+atool
+file-roller
+# when used by other processes in the background, it will break stuff
+#7z
+#cpio
+#gtar
+#gzip
+#tar
+#unrar
+#unzip
+#xz
+#xzdec