95 files changed, 490 insertions, 119 deletions
diff --git a/.gitignore b/.gitignore
index 30793847c..554d1985b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -28,7 +28,7 @@ src/fldd/fldd
 uids.h
 seccomp
 seccomp.debug
-seccomp.i386
+seccomp.32
-seccomp.amd64
+seccomp.64
 seccomp.block_secondary
 seccomp.mdwx
diff --git a/.travis.yml b/.travis.yml
index 9a2c68361..5dd77e1f5 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -3,7 +3,7 @@ dist: trusty
 sudo: true
 script:
-  - sudo apt-get -y install expect csh zsh
+  - sudo apt-get -y install expect csh xzdec
  - ( cd firejail ; ./configure --prefix=/usr --enable-git-install && make && sudo make install && make test-travis )
  - ( cd firejail ; sudo make install-strip DESTDIR=$(readlink -f appdir) )
  - ( cd appdir/ ; tar cfvj ../firejail-build$TRAVIS_BUILD_NUMBER.tar.bz2 . )
diff --git a/Makefile.in b/Makefile.in
index 9111a3c95..e20aa5b62 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -2,7 +2,7 @@ all: apps man filters
 MYLIBS = src/lib
 APPS = src/firejail src/firemon src/firecfg src/libtrace src/libtracelog src/ftee src/faudit src/fnet src/fseccomp src/fcopy src/fldd src/libpostexecseccomp
 MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5
-SECCOMP_FILTERS = seccomp seccomp.debug seccomp.i386 seccomp.amd64 seccomp.block_secondary seccomp.mdwx
+SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.64 seccomp.block_secondary seccomp.mdwx
 prefix=@prefix@
 exec_prefix=@exec_prefix@
@@ -43,8 +43,8 @@ filters: src/fseccomp
 ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP)
        src/fseccomp/fseccomp default seccomp
        src/fseccomp/fseccomp default seccomp.debug allow-debuggers
-        src/fseccomp/fseccomp secondary 32 seccomp.i386
+        src/fseccomp/fseccomp secondary 32 seccomp.32
-        src/fseccomp/fseccomp secondary 64 seccomp.amd64
+        src/fseccomp/fseccomp secondary 64 seccomp.64
        src/fseccomp/fseccomp secondary block seccomp.block_secondary
        src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx
 endif
@@ -103,8 +103,8 @@ ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP)
        install -c -m 0755 src/fseccomp/fseccomp $(DESTDIR)/$(libdir)/firejail/.
        install -c -m 0644 seccomp $(DESTDIR)/$(libdir)/firejail/.
        install -c -m 0644 seccomp.debug $(DESTDIR)/$(libdir)/firejail/.
-        install -c -m 0644 seccomp.i386 $(DESTDIR)/$(libdir)/firejail/.
+        install -c -m 0644 seccomp.32 $(DESTDIR)/$(libdir)/firejail/.
-        install -c -m 0644 seccomp.amd64 $(DESTDIR)/$(libdir)/firejail/.
+        install -c -m 0644 seccomp.64 $(DESTDIR)/$(libdir)/firejail/.
        install -c -m 0644 seccomp.block_secondary $(DESTDIR)/$(libdir)/firejail/.
        install -c -m 0644 seccomp.mdwx $(DESTDIR)/$(libdir)/firejail/.
 endif
diff --git a/README b/README
index 01374f294..cb6386c6f 100644
--- a/README
+++ b/README
@@ -409,6 +409,7 @@ smithsohu (https://github.com/smitsohu)
        - lots of profile hardening and fixes
        - added MuseScore profile
        - fixed device discovery for simple-scan
+        - add novideo support in many profiles
 soredake (https://github.com/soredake)
        - fix steam startup with >=llvm-4
 SpotComms (https://github.com/SpotComms)
@@ -535,6 +536,8 @@ vismir2 (https://github.com/vismir2)
        - claws-mail, mutt, git, emacs, vim profiles
        - lots of profile fixes
        -  support for truecrypt and zuluCrypt
+Vladimir Gorelov (https://github.com/larkvirtual)
+        - added Yandex browser profile
 Vladimir Schowalter (https://github.com/VladimirSchowalter20)
        - apparmor profile enhancements
        - various KDE profile enhancements
diff --git a/README.md b/README.md
index 6f1c892aa..5c193ce77 100644
--- a/README.md
+++ b/README.md
@@ -174,6 +174,15 @@ Check the status of the latest build here: https://travis-ci.org/netblue30/firej
              amd64, i386 and x32 system calls are blocked as well as  chang‐
              ing the execution domain with personality(2) system call.
+       --profile.print=name|pid
+              Print  the  name of the profile file for the sandbox identified
+              by name or or PID.
+              Example:
+              $ firejail --profile.print=browser
+              /etc/firejail/firefox.profile
 `````
 ## /etc/firejail/firejail.config
@@ -214,4 +223,4 @@ IntelliJ IDEA, Android Studio, electron, riot-web,
 Extreme Tux Racer, Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux,
 telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg, hashcat, obs, picard,
 remmina, sdat2img, soundconverter, sqlitebrowse, truecraft, gnome-twitch, tuxguitar,
-musescore, neverball
+musescore, neverball, Yandex Browser
diff --git a/RELNOTES b/RELNOTES
index a54438411..68b8a6bbd 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -6,6 +6,7 @@ firejail (0.9.50~rc1) baseline; urgency=low
  * feature: private /lib directory (--private-lib)
  * feature: disable CDROM/DVD drive (--nodvd)
  * feature: disable DVB devices (--notv)
+  * feature: --profile.print
  * enhancement: print all seccomp filters under --debug
  * enhancement: /proc/sys mounting
  * enhancement: rework IP address assingment for --net options
@@ -27,7 +28,7 @@ firejail (0.9.50~rc1) baseline; urgency=low
  * new profiles: telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg,
  * new profiles: hashcat, obs, picard, remmina, sdat2img, soundconverter
  * new profiles: truecraft, gnome-twitch, tuxguitar, musescore, neverball
-  * new profiles: sqlitebrowse,
+  * new profiles: sqlitebrowse, Yandex Browser
  * bugfixes
 -- netblue30 <netblue30@yahoo.com>  Mon, 12 Jun 2017 20:00:00 -0500
diff --git a/etc/amarok.profile b/etc/amarok.profile
index e10cfbefe..478d5285c 100644
--- a/etc/amarok.profile
+++ b/etc/amarok.profile
@@ -17,6 +17,7 @@ nogroups
 nonewprivs
 noroot
 notv
+novideo
 protocol unix,inet,inet6
 # seccomp
 shell none
diff --git a/etc/audacious.profile b/etc/audacious.profile
index eddc100ca..bd2367fe0 100644
--- a/etc/audacious.profile
+++ b/etc/audacious.profile
@@ -24,8 +24,10 @@ seccomp
 shell none
 tracelog
-private-bin audacious
+# private-bin audacious
 private-dev
 private-tmp
 memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/caja.profile b/etc/caja.profile
index d234e6c9b..97663fddb 100644
--- a/etc/caja.profile
+++ b/etc/caja.profile
@@ -24,6 +24,7 @@ nogroups
 nonewprivs
 noroot
 notv
+novideo
 protocol unix
 seccomp
 shell none
diff --git a/etc/claws-mail.profile b/etc/claws-mail.profile
index bc045fb77..4ab49163b 100644
--- a/etc/claws-mail.profile
+++ b/etc/claws-mail.profile
@@ -22,6 +22,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/cmus.profile b/etc/cmus.profile
index cf0830475..2d6f2454b 100644
--- a/etc/cmus.profile
+++ b/etc/cmus.profile
@@ -17,6 +17,7 @@ netfilter
 nonewprivs
 noroot
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/cpio.profile b/etc/cpio.profile
index f082d2e40..7f4bc4a84 100644
--- a/etc/cpio.profile
+++ b/etc/cpio.profile
@@ -17,11 +17,12 @@ include /etc/firejail/disable-programs.inc
 caps.drop all
 net none
-net none
 no3d
 nodvd
+nonewprivs
 nosound
 notv
+novideo
 seccomp
 shell none
 tracelog
diff --git a/etc/curl.profile b/etc/curl.profile
index af7eabf59..972bbe9cc 100644
--- a/etc/curl.profile
+++ b/etc/curl.profile
@@ -23,6 +23,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/cvlc.profile b/etc/cvlc.profile
index e0d32da0f..81ccbc530 100644
--- a/etc/cvlc.profile
+++ b/etc/cvlc.profile
@@ -5,29 +5,8 @@ include /etc/firejail/cvlc.local
 # Persistent global definitions
 include /etc/firejail/globals.local
-noblacklist ${HOME}/.config/vlc
+# cvlc doesn't like private-bin
+ignore private-bin
-include /etc/firejail/disable-common.inc
+# Redirect
-include /etc/firejail/disable-devel.inc
+include /etc/firejail/vlc.profile
-include /etc/firejail/disable-passwdmgr.inc
-include /etc/firejail/disable-programs.inc
-caps.drop all
-netfilter
-# nogroups
-nonewprivs
-noroot
-protocol unix,inet,inet6,netlink
-seccomp
-shell none
-tracelog
-# clvc doesn't like private-bin
-# private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc
-private-dev
-private-tmp
-# mdwe is disabled due to breaking hardware accelerated decoding
-# memory-deny-write-execute
-noexec ${HOME}
-noexec /tmp
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 7ec842728..13ed3f212 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -179,6 +179,8 @@ blacklist ${HOME}/.config/xmms2
 blacklist ${HOME}/.config/xplayer
 blacklist ${HOME}/.config/xreader
 blacklist ${HOME}/.config/xviewer
+blacklist ${HOME}/.config/yandex-browser
+blacklist ${HOME}/.config/yandex-browser-beta
 blacklist ${HOME}/.config/zathura
 blacklist ${HOME}/.config/zoomus.conf
 blacklist ${HOME}/.conkeror.mozdev.org
@@ -428,3 +430,5 @@ blacklist ${HOME}/.cache/vivaldi
 blacklist ${HOME}/.cache/wesnoth
 blacklist ${HOME}/.cache/xmms2
 blacklist ${HOME}/.cache/xreader
+blacklist ${HOME}/.cache/yandex-browser
+blacklist ${HOME}/.cache/yandex-browser-beta
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile
index d82efef04..a1ccfbe22 100644
--- a/etc/dnscrypt-proxy.profile
+++ b/etc/dnscrypt-proxy.profile
@@ -5,19 +5,30 @@ include /etc/firejail/dnscrypt-proxy.local
 # Persistent global definitions
 include /etc/firejail/globals.local
+blacklist /tmp/.X11-unix
 noblacklist /sbin
 noblacklist /usr/sbin
+noblacklist /var/log
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+caps
+# caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot,sys_resource
 no3d
 nodvd
+nonewprivs
 nosound
 notv
+novideo
 seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open
+disable-mnt
 private
 private-dev
+# mdwe can break modules/plugins
+# memory-deny-write-execute
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile
index bf52a5d8a..ce159c343 100644
--- a/etc/dnsmasq.profile
+++ b/etc/dnsmasq.profile
@@ -5,8 +5,11 @@ include /etc/firejail/dnsmasq.local
 # Persistent global definitions
 include /etc/firejail/globals.local
+blacklist /tmp/.X11-unix
 noblacklist /sbin
 noblacklist /usr/sbin
+noblacklist /var/log
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
@@ -14,12 +17,12 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps
-netfilter
 no3d
 nodvd
 nonewprivs
 nosound
 notv
+novideo
 protocol unix,inet,inet6,netlink
 seccomp
diff --git a/etc/dosbox.profile b/etc/dosbox.profile
index bec2960f1..fa9b26e82 100644
--- a/etc/dosbox.profile
+++ b/etc/dosbox.profile
@@ -19,6 +19,7 @@ nogroups
 nonewprivs
 noroot
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/enchant.profile b/etc/enchant.profile
index a7b549a4c..b7034b937 100644
--- a/etc/enchant.profile
+++ b/etc/enchant.profile
@@ -20,6 +20,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix
 seccomp
 shell none
diff --git a/etc/evolution.profile b/etc/evolution.profile
index 2f7f25ff8..9f29b229b 100644
--- a/etc/evolution.profile
+++ b/etc/evolution.profile
@@ -29,6 +29,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/exiftool.profile b/etc/exiftool.profile
index 565212161..75e5be1b9 100644
--- a/etc/exiftool.profile
+++ b/etc/exiftool.profile
@@ -26,6 +26,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix
 seccomp
 shell none
diff --git a/etc/fbreader.profile b/etc/fbreader.profile
index 19d45a1d8..01da2cafe 100644
--- a/etc/fbreader.profile
+++ b/etc/fbreader.profile
@@ -19,6 +19,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/feh.profile b/etc/feh.profile
index 61b456e34..7935b1354 100644
--- a/etc/feh.profile
+++ b/etc/feh.profile
@@ -13,17 +13,19 @@ include /etc/firejail/disable-programs.inc
 caps.drop all
 net none
+no3d
 nodvd
 nogroups
 nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix
 seccomp
 shell none
-private-bin feh
+private-bin feh,jpegexiforient,jpegtran
 private-dev
 private-etc feh
 private-tmp
diff --git a/etc/file.profile b/etc/file.profile
index 9a4dba7ef..a83b2cf7d 100644
--- a/etc/file.profile
+++ b/etc/file.profile
@@ -21,6 +21,7 @@ nogroups
 nonewprivs
 nosound
 notv
+novideo
 protocol unix
 seccomp
 shell none
@@ -30,3 +31,7 @@ x11 none
 private-bin file
 private-dev
 private-etc magic.mgc,magic,localtime
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/filezilla.profile b/etc/filezilla.profile
index 63bfd1e0d..866aaabca 100644
--- a/etc/filezilla.profile
+++ b/etc/filezilla.profile
@@ -19,6 +19,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/firefox.profile b/etc/firefox.profile
index 619fa1562..1bd45ebd1 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -10,7 +10,11 @@ noblacklist ~/.config/okularpartrc
 noblacklist ~/.config/okularrc
 noblacklist ~/.config/qpdfview
 noblacklist ~/.kde/share/apps/okular
+noblacklist ~/.kde/share/config/okularpartrc
+noblacklist ~/.kde/share/config/okularrc
 noblacklist ~/.kde4/share/apps/okular
+noblacklist ~/.kde4/share/config/okularpartrc
+noblacklist ~/.kde4/share/config/okularrc
 noblacklist ~/.local/share/gnome-shell/extensions
 noblacklist ~/.local/share/okular
 noblacklist ~/.local/share/qpdfview
@@ -34,7 +38,11 @@ whitelist ~/.config/pipelight-silverlight5.1
 whitelist ~/.config/pipelight-widevine
 whitelist ~/.config/qpdfview
 whitelist ~/.kde/share/apps/okular
+whitelist ~/.kde/share/config/okularpartrc
+whitelist ~/.kde/share/config/okularrc
 whitelist ~/.kde4/share/apps/okular
+whitelist ~/.kde4/share/config/okularpartrc
+whitelist ~/.kde4/share/config/okularrc
 whitelist ~/.keysnail.js
 whitelist ~/.lastpass
 whitelist ~/.local/share/gnome-shell/extensions
@@ -66,7 +74,6 @@ tracelog
 # private-bin firefox,which,sh,dbus-launch,dbus-send,env
 private-dev
-# private-dev might prevent video calls going out
 # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse
 private-tmp
diff --git a/etc/galculator.profile b/etc/galculator.profile
index a2e855656..37f147f0f 100644
--- a/etc/galculator.profile
+++ b/etc/galculator.profile
@@ -24,6 +24,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix
 seccomp
 shell none
diff --git a/etc/geeqie.profile b/etc/geeqie.profile
index c9f9d0074..a50fd4370 100644
--- a/etc/geeqie.profile
+++ b/etc/geeqie.profile
@@ -21,6 +21,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix
 seccomp
 shell none
diff --git a/etc/git.profile b/etc/git.profile
index 92bf66b92..14fb55118 100644
--- a/etc/git.profile
+++ b/etc/git.profile
@@ -29,6 +29,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile
index 4921fb0c4..6547c73df 100644
--- a/etc/gnome-calculator.profile
+++ b/etc/gnome-calculator.profile
@@ -21,6 +21,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/gpa.profile b/etc/gpa.profile
index 58dfcd3e1..8d721e2c0 100644
--- a/etc/gpa.profile
+++ b/etc/gpa.profile
@@ -20,6 +20,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile
index 13bceaa5a..8fd2ce232 100644
--- a/etc/gpg-agent.profile
+++ b/etc/gpg-agent.profile
@@ -23,6 +23,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/gpg.profile b/etc/gpg.profile
index d99afdfe2..8c39f85e3 100644
--- a/etc/gpg.profile
+++ b/etc/gpg.profile
@@ -23,6 +23,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/gpicview.profile b/etc/gpicview.profile
index ec9245e58..26bc589ee 100644
--- a/etc/gpicview.profile
+++ b/etc/gpicview.profile
@@ -20,6 +20,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix
 seccomp
 shell none
diff --git a/etc/gthumb.profile b/etc/gthumb.profile
index 63ad07894..287e214e1 100644
--- a/etc/gthumb.profile
+++ b/etc/gthumb.profile
@@ -21,6 +21,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix
 seccomp
 shell none
diff --git a/etc/guayadeque.profile b/etc/guayadeque.profile
index 7713f216f..14662443c 100644
--- a/etc/guayadeque.profile
+++ b/etc/guayadeque.profile
@@ -18,6 +18,7 @@ nogroups
 nonewprivs
 noroot
 notv
+novideo
 protocol unix,inet,inet6,netlink
 seccomp
 shell none
diff --git a/etc/gzip.profile b/etc/gzip.profile
index 3f6ecec2c..0f04953d8 100644
--- a/etc/gzip.profile
+++ b/etc/gzip.profile
@@ -14,6 +14,7 @@ no3d
 nodvd
 nosound
 notv
+novideo
 shell none
 tracelog
diff --git a/etc/highlight.profile b/etc/highlight.profile
index 83b023a90..d3cacc581 100644
--- a/etc/highlight.profile
+++ b/etc/highlight.profile
@@ -21,6 +21,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix
 seccomp
 shell none
diff --git a/etc/img2txt.profile b/etc/img2txt.profile
index bd454a2c8..943350484 100644
--- a/etc/img2txt.profile
+++ b/etc/img2txt.profile
@@ -19,6 +19,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix
 seccomp
 shell none
diff --git a/etc/lynx.profile b/etc/lynx.profile
index db01a5b8f..d54bed564 100644
--- a/etc/lynx.profile
+++ b/etc/lynx.profile
@@ -21,6 +21,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/mcabber.profile b/etc/mcabber.profile
index bd1ada2b5..2e31e09ec 100644
--- a/etc/mcabber.profile
+++ b/etc/mcabber.profile
@@ -20,6 +20,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol inet,inet6
 seccomp
 shell none
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile
index d6a55610f..e502269f7 100644
--- a/etc/mediainfo.profile
+++ b/etc/mediainfo.profile
@@ -21,6 +21,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix
 seccomp
 shell none
diff --git a/etc/mupdf.profile b/etc/mupdf.profile
index c7bb458df..62527c17d 100644
--- a/etc/mupdf.profile
+++ b/etc/mupdf.profile
@@ -19,6 +19,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix
 seccomp
 # seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,mremap,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile
index 9f3be0d27..4937df51f 100644
--- a/etc/mupen64plus.profile
+++ b/etc/mupen64plus.profile
@@ -26,4 +26,5 @@ nodvd
 nonewprivs
 noroot
 notv
+novideo
 seccomp
diff --git a/etc/musescore.profile b/etc/musescore.profile
index bd00bea69..3b5a0b13c 100644
--- a/etc/musescore.profile
+++ b/etc/musescore.profile
@@ -10,6 +10,11 @@ noblacklist ~/.config/MuseScore
 noblacklist ~/.local/share/data/MusE
 noblacklist ~/.local/share/data/MuseScore
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
 no3d
diff --git a/etc/mutt.profile b/etc/mutt.profile
index 206edefae..aafa3d75d 100644
--- a/etc/mutt.profile
+++ b/etc/mutt.profile
@@ -44,6 +44,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/nautilus.profile b/etc/nautilus.profile
index 57d6faa17..45d23cae6 100644
--- a/etc/nautilus.profile
+++ b/etc/nautilus.profile
@@ -25,6 +25,7 @@ nogroups
 nonewprivs
 noroot
 notv
+novideo
 protocol unix
 seccomp
 shell none
diff --git a/etc/nylas.profile b/etc/nylas.profile
index 5d84d1326..d96c6b0d4 100644
--- a/etc/nylas.profile
+++ b/etc/nylas.profile
@@ -26,6 +26,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix,inet,inet6,netlink
 seccomp
 shell none
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile
index da2d03635..e8c2d54c7 100644
--- a/etc/odt2txt.profile
+++ b/etc/odt2txt.profile
@@ -21,6 +21,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix
 seccomp
 shell none
diff --git a/etc/parole.profile b/etc/parole.profile
index 794d91481..a8ce63e73 100644
--- a/etc/parole.profile
+++ b/etc/parole.profile
@@ -13,7 +13,6 @@ include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
-nodvd
 nonewprivs
 noroot
 notv
diff --git a/etc/pix.profile b/etc/pix.profile
index ed9298727..5440e4634 100644
--- a/etc/pix.profile
+++ b/etc/pix.profile
@@ -22,6 +22,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix
 seccomp
 shell none
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile
index ea635ab6e..86db5c26c 100644
--- a/etc/qbittorrent.profile
+++ b/etc/qbittorrent.profile
@@ -35,6 +35,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix,inet,inet6,netlink
 seccomp
 # shell none
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile
index 7d69f38f9..2d1df0f72 100644
--- a/etc/qpdfview.profile
+++ b/etc/qpdfview.profile
@@ -32,3 +32,5 @@ private-dev
 private-tmp
 memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/quiterss.profile b/etc/quiterss.profile
index 6f20f6d7f..96fe04e83 100644
--- a/etc/quiterss.profile
+++ b/etc/quiterss.profile
@@ -34,6 +34,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/ranger.profile b/etc/ranger.profile
index 717eca099..9be19c4b1 100644
--- a/etc/ranger.profile
+++ b/etc/ranger.profile
@@ -24,6 +24,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix
 seccomp
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile
index a44d99e5b..c18a1b06c 100644
--- a/etc/rtorrent.profile
+++ b/etc/rtorrent.profile
@@ -18,6 +18,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/spotify.profile b/etc/spotify.profile
index 8eac3610b..a9f6cc461 100644
--- a/etc/spotify.profile
+++ b/etc/spotify.profile
@@ -6,10 +6,7 @@ include /etc/firejail/spotify.local
 include /etc/firejail/globals.local
 blacklist ${HOME}/.bashrc
-blacklist /boot
 blacklist /lost+found
-blacklist /opt
-blacklist /root
 blacklist /sbin
 blacklist /srv
 blacklist /sys
diff --git a/etc/tar.profile b/etc/tar.profile
index 34a4f34d6..f14894c25 100644
--- a/etc/tar.profile
+++ b/etc/tar.profile
@@ -15,6 +15,7 @@ no3d
 nodvd
 nosound
 notv
+novideo
 shell none
 tracelog
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile
index 5752c96f3..c7446ed68 100644
--- a/etc/transmission-cli.profile
+++ b/etc/transmission-cli.profile
@@ -20,6 +20,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index c4bf7a08d..0bb721c64 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -27,6 +27,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile
index 5351a1efa..08964bbab 100644
--- a/etc/transmission-qt.profile
+++ b/etc/transmission-qt.profile
@@ -27,6 +27,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile
index 130defc8e..0b09bffcb 100644
--- a/etc/transmission-show.profile
+++ b/etc/transmission-show.profile
@@ -20,6 +20,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix
 seccomp
 shell none
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile
index 877ad635b..56ff4f886 100644
--- a/etc/uget-gtk.profile
+++ b/etc/uget-gtk.profile
@@ -23,6 +23,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/unbound.profile b/etc/unbound.profile
index c1cb86893..afc903e88 100644
--- a/etc/unbound.profile
+++ b/etc/unbound.profile
@@ -5,19 +5,30 @@ include /etc/firejail/unbound.local
 # Persistent global definitions
 include /etc/firejail/globals.local
+blacklist /tmp/.X11-unix
 noblacklist /sbin
 noblacklist /usr/sbin
+noblacklist /var/log
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+caps
+# caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot,sys_resource
 no3d
 nodvd
+nonewprivs
 nosound
 notv
+novideo
 seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open
+disable-mnt
 private
 private-dev
+# mdwe can break modules/plugins
+# memory-deny-write-execute
diff --git a/etc/unrar.profile b/etc/unrar.profile
index 6a3ac5527..12559a721 100644
--- a/etc/unrar.profile
+++ b/etc/unrar.profile
@@ -15,6 +15,7 @@ no3d
 nodvd
 nosound
 notv
+novideo
 shell none
 tracelog
diff --git a/etc/unzip.profile b/etc/unzip.profile
index bb30d74cd..9828fa9b4 100644
--- a/etc/unzip.profile
+++ b/etc/unzip.profile
@@ -15,6 +15,7 @@ no3d
 nodvd
 nosound
 notv
+novideo
 shell none
 tracelog
diff --git a/etc/uudeview.profile b/etc/uudeview.profile
index 192d13f80..b30cbaa2a 100644
--- a/etc/uudeview.profile
+++ b/etc/uudeview.profile
@@ -13,6 +13,7 @@ net none
 nodvd
 nosound
 notv
+novideo
 shell none
 tracelog
diff --git a/etc/viewnior.profile b/etc/viewnior.profile
index a02845885..af4a2d655 100644
--- a/etc/viewnior.profile
+++ b/etc/viewnior.profile
@@ -19,12 +19,14 @@ include /etc/firejail/disable-programs.inc
 caps.drop all
 net none
+no3d
 nodvd
 nogroups
 nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix
 seccomp
 shell none
@@ -34,3 +36,7 @@ private-bin viewnior
 private-dev
 private-etc fonts
 private-tmp
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/vim.profile b/etc/vim.profile
index 7b5566f5b..97ed06d96 100644
--- a/etc/vim.profile
+++ b/etc/vim.profile
@@ -20,5 +20,6 @@ nogroups
 nonewprivs
 noroot
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
diff --git a/etc/w3m.profile b/etc/w3m.profile
index b25e19135..0d3037b26 100644
--- a/etc/w3m.profile
+++ b/etc/w3m.profile
@@ -23,6 +23,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/xiphos.profile b/etc/xiphos.profile
index 38e568860..5a07d4b74 100644
--- a/etc/xiphos.profile
+++ b/etc/xiphos.profile
@@ -28,6 +28,7 @@ nonewprivs
 noroot
 nosound
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/xmms.profile b/etc/xmms.profile
index d2e6eddac..717c81fd0 100644
--- a/etc/xmms.profile
+++ b/etc/xmms.profile
@@ -18,6 +18,7 @@ no3d
 nonewprivs
 noroot
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
diff --git a/etc/xreader.profile b/etc/xreader.profile
index dd09c8a92..c02b9a014 100644
--- a/etc/xreader.profile
+++ b/etc/xreader.profile
@@ -30,7 +30,7 @@ tracelog
 private-bin xreader,xreader-previewer,xreader-thumbnailer
 private-dev
-# private-etc fonts
+# private-etc fonts,ld.so.cache
 # xreader needs access to /tmp/mozilla* to work in firefox
 # private-tmp
diff --git a/etc/xzdec.profile b/etc/xzdec.profile
index 7f21f5d2f..d5c4ac6f0 100644
--- a/etc/xzdec.profile
+++ b/etc/xzdec.profile
@@ -14,6 +14,7 @@ no3d
 nodvd
 nosound
 notv
+novideo
 shell none
 tracelog
diff --git a/etc/yandex-browser.profile b/etc/yandex-browser.profile
new file mode 100644
index 000000000..bfb7b9d87
--- /dev/null
+++ b/etc/yandex-browser.profile
@@ -0,0 +1,42 @@
+# Firejail profile for yandex-browser
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/yandex-browser.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ~/.cache/yandex-browser
+noblacklist ~/.cache/yandex-browser-beta
+noblacklist ~/.config/yandex-browser
+noblacklist ~/.config/yandex-browser-beta
+noblacklist ~/.pki
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-programs.inc
+mkdir ~/.cache/yandex-browser
+mkdir ~/.cache/yandex-browser-beta
+mkdir ~/.config/yandex-browser
+mkdir ~/.config/yandex-browser-beta
+mkdir ~/.pki
+whitelist ${DOWNLOADS}
+whitelist ~/.cache/yandex-browser
+whitelist ~/.cache/yandex-browser-beta
+whitelist ~/.config/yandex-browser
+whitelist ~/.config/yandex-browser-beta
+whitelist ~/.pki
+include /etc/firejail/whitelist-common.inc
+caps.keep sys_chroot,sys_admin
+netfilter
+nodvd
+nogroups
+notv
+shell none
+private-dev
+# private-tmp - problems with multiple browser sessions
+noexec ${HOME}
+noexec /tmp
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index e7eab20a2..cf1c50ec6 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -354,3 +354,4 @@
 /etc/firejail/youtube-dl.profile
 /etc/firejail/zathura.profile
 /etc/firejail/zoom.profile
+/etc/firejail/yandex-browser.profile
diff --git a/platform/rpm/old-mkrpm.sh b/platform/rpm/old-mkrpm.sh
index 505171d1c..7d817c7e2 100755
--- a/platform/rpm/old-mkrpm.sh
+++ b/platform/rpm/old-mkrpm.sh
@@ -36,9 +36,9 @@ install -m 644 /usr/lib/firejail/libtracelog.so  firejail-$VERSION/usr/lib/firej
 install -m 644 /usr/lib/firejail/libtrace.so  firejail-$VERSION/usr/lib/firejail/.
 install -m 644 /usr/lib/firejail/libpostexecseccomp.so  firejail-$VERSION/usr/lib/firejail/.
 install -m 644 /usr/lib/firejail/seccomp  firejail-$VERSION/usr/lib/firejail/.
-install -m 644 /usr/lib/firejail/seccomp.amd64  firejail-$VERSION/usr/lib/firejail/.
+install -m 644 /usr/lib/firejail/seccomp.64  firejail-$VERSION/usr/lib/firejail/.
 install -m 644 /usr/lib/firejail/seccomp.debug  firejail-$VERSION/usr/lib/firejail/.
-install -m 644 /usr/lib/firejail/seccomp.i386  firejail-$VERSION/usr/lib/firejail/.
+install -m 644 /usr/lib/firejail/seccomp.32  firejail-$VERSION/usr/lib/firejail/.
 install -m 644 /usr/lib/firejail/seccomp.block_secondary  firejail-$VERSION/usr/lib/firejail/.
 install -m 644 /usr/lib/firejail/seccomp.mdwx  firejail-$VERSION/usr/lib/firejail/.
@@ -492,9 +492,9 @@ rm -rf %{buildroot}
 /usr/lib/firejail/fnet
 /usr/lib/firejail/fseccomp
 /usr/lib/firejail/seccomp
-/usr/lib/firejail/seccomp.amd64
+/usr/lib/firejail/seccomp.64
 /usr/lib/firejail/seccomp.debug
-/usr/lib/firejail/seccomp.i386
+/usr/lib/firejail/seccomp.32
 /usr/lib/firejail/seccomp.block_secondary
 /usr/lib/firejail/seccomp.mdwx
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 6bdeaab77..10a0cfd98 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -311,6 +311,7 @@ xplayer
 xpra
 xreader
 xviewer
+yandex-browser
 youtube-dl
 zathura
 zoom
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 435b9527d..75450fe0f 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -34,6 +34,7 @@
 #define RUN_FIREJAIL_X11_DIR    "/run/firejail/x11"
 #define RUN_FIREJAIL_NETWORK_DIR        "/run/firejail/network"
 #define RUN_FIREJAIL_BANDWIDTH_DIR      "/run/firejail/bandwidth"
+#define RUN_FIREJAIL_PROFILE_DIR                "/run/firejail/profile"
 #define RUN_NETWORK_LOCK_FILE   "/run/firejail/firejail.lock"
 #define RUN_RO_DIR      "/run/firejail/firejail.ro.dir"
 #define RUN_RO_FILE     "/run/firejail/firejail.ro.file"
@@ -54,15 +55,15 @@
 #define RUN_SECCOMP_PROTOCOL    "/run/firejail/mnt/seccomp.protocol"    // protocol filter
 #define RUN_SECCOMP_CFG "/run/firejail/mnt/seccomp"                     // configured filter
-#define RUN_SECCOMP_AMD64       "/run/firejail/mnt/seccomp.amd64"       // amd64 filter installed on i386 architectures
+#define RUN_SECCOMP_64  "/run/firejail/mnt/seccomp.64"          // 64bit arch filter installed on 32bit architectures
-#define RUN_SECCOMP_I386        "/run/firejail/mnt/seccomp.i386"                // i386 filter installed on amd64 architectures
+#define RUN_SECCOMP_32  "/run/firejail/mnt/seccomp.32"          // 32bit arch filter installed on 64bit architectures
 #define RUN_SECCOMP_MDWX        "/run/firejail/mnt/seccomp.mdwx"                // filter for memory-deny-write-execute
 #define RUN_SECCOMP_BLOCK_SECONDARY     "/run/firejail/mnt/seccomp.block_secondary"     // secondary arch blocking filter
 #define RUN_SECCOMP_POSTEXEC    "/run/firejail/mnt/seccomp.postexec"            // filter for post-exec library
 #define PATH_SECCOMP_DEFAULT (LIBDIR "/firejail/seccomp")                       // default filter built during make
 #define PATH_SECCOMP_DEFAULT_DEBUG (LIBDIR "/firejail/seccomp.debug")   // default filter built during make
-#define PATH_SECCOMP_AMD64 (LIBDIR "/firejail/seccomp.amd64")           // amd64 filter built during make
+#define PATH_SECCOMP_64 (LIBDIR "/firejail/seccomp.64")                 // 64bit arch filter built during make
-#define PATH_SECCOMP_I386 (LIBDIR "/firejail/seccomp.i386")                     // i386 filter built during make
+#define PATH_SECCOMP_32 (LIBDIR "/firejail/seccomp.32")                 // 32bit arch filter built during make
 #define PATH_SECCOMP_MDWX (LIBDIR "/firejail/seccomp.mdwx")             // filter for memory-deny-write-execute built during make
 #define PATH_SECCOMP_BLOCK_SECONDARY (LIBDIR "/firejail/seccomp.block_secondary")       // secondary arch blocking filter built during make
@@ -410,6 +411,7 @@ void net_config_interface(const char *dev, uint32_t ip, uint32_t mask, int mtu);
 // preproc.c
 void preproc_build_firejail_dir(void);
 void preproc_mount_mnt_dir(void);
+void preproc_clean_run(void);
 // fs.c
 // blacklist files or directoies by mounting empty files on top of them
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 480df1766..dad8545a0 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -368,12 +368,12 @@ void fs_whitelist(void) {
                // replace ~/ or ${HOME} into /home/username
                new_name = expand_home(dataptr, cfg.homedir);
                assert(new_name);
-                if (arg_debug)
+                if (arg_debug || arg_debug_whitelists)
                        fprintf(stderr, "Debug %d: new_name #%s#, %s\n", __LINE__, new_name, (nowhitelist_flag)? "nowhitelist": "whitelist");
                // valid path referenced to filesystem root
                if (*new_name != '/') {
-                        if (arg_debug)
+                        if (arg_debug || arg_debug_whitelists)
                                fprintf(stderr, "Debug %d: \n", __LINE__);
                        goto errexit;
                }
@@ -417,6 +417,8 @@ void fs_whitelist(void) {
                        entry->data = EMPTY_STRING;
                        continue;
                }
+                else if (arg_debug_whitelists)
+                        printf("real path %s\n", fname);
                if (nowhitelist_flag) {
                        // store the path in nowhitelist array
@@ -501,9 +503,15 @@ void fs_whitelist(void) {
                else if (strncmp(new_name, "/dev/", 5) == 0) {
                        entry->dev_dir = 1;
                        dev_dir = 1;
-                        // both path and absolute path are under /dev
-                        if (strncmp(fname, "/dev/", 5) != 0) {
+                        // special handling for /dev/shm
-                                goto errexit;
+                        // on some platforms (Debian wheezy, Ubuntu 14.04), it is a symlink to /run/shm
+                        if (strcmp(new_name, "/dev/shm") == 0 && strcmp(fname, "/run/shm") == 0);
+                        else {
+                                // both path and absolute path are under /dev
+                                if (strncmp(fname, "/dev/", 5) != 0) {
+                                        goto errexit;
+                                }
                        }
                }
                else if (strncmp(new_name, "/opt/", 5) == 0) {
@@ -708,7 +716,6 @@ void fs_whitelist(void) {
        }
        // go through profile rules again, and interpret whitelist commands
        entry = cfg.profile;
        while (entry) {
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 3f805a7e0..c317aa477 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -130,15 +130,22 @@ unsigned long long start_timestamp;
 static void set_name_file(pid_t pid);
 static void delete_name_file(pid_t pid);
+static void delete_profile_file(pid_t pid);
 static void delete_x11_file(pid_t pid);
 void clear_run_files(pid_t pid) {
        bandwidth_del_run_file(pid);            // bandwidth file
        network_del_run_file(pid);              // network map file
        delete_name_file(pid);
+        delete_profile_file(pid);
        delete_x11_file(pid);
 }
+static void clear_atexit(void) {
+        EUID_ROOT();
+        clear_run_files(getpid());
+}
 static void myexit(int rv) {
        logmsg("exiting...");
        if (!arg_command && !arg_quiet)
@@ -465,6 +472,26 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                exit(0);
        }
 #endif
+        else if (strncmp(argv[i], "--profile.print=", 16) == 0) {
+                pid_t pid = read_pid(argv[i] + 16);
+                // print /run/firejail/profile/<PID> file
+                char *fname;
+                if (asprintf(&fname, RUN_FIREJAIL_PROFILE_DIR "/%d", pid) == -1)
+                        errExit("asprintf");
+                FILE *fp = fopen(fname, "r");
+                if (!fp) {
+                        fprintf(stderr, "Error: sandbox %s not found\n", argv[i] + 16);
+                        exit(1);
+                }
+#define MAXBUF 4096
+                char buf[MAXBUF];
+                if (fgets(buf, MAXBUF, fp))
+                        printf("%s", buf);
+                fclose(fp);
+                exit(0);
+                
+        }
        else if (strncmp(argv[i], "--cpu.print=", 12) == 0) {
                // join sandbox by pid or by name
                pid_t pid = read_pid(argv[i] + 12);
@@ -738,6 +765,15 @@ static void delete_name_file(pid_t pid) {
        free(fname);
 }
+static void delete_profile_file(pid_t pid) {
+        char *fname;
+        if (asprintf(&fname, "%s/%d", RUN_FIREJAIL_PROFILE_DIR, pid) == -1)
+                errExit("asprintf");
+        int rv = unlink(fname);
+        (void) rv;
+        free(fname);
+}
 void set_x11_file(pid_t pid, int display) {
        char *fname;
        if (asprintf(&fname, "%s/%d", RUN_FIREJAIL_X11_DIR, pid) == -1)
@@ -825,12 +861,14 @@ int main(int argc, char **argv) {
        char *custom_profile_dir = NULL; // custom profile directory
+        atexit(clear_atexit);
        // get starting timestamp
        start_timestamp = getticks();
        // build /run/firejail directory structure
        preproc_build_firejail_dir();
+        preproc_clean_run();
        if (check_arg(argc, argv, "--quiet"))
                arg_quiet = 1;
@@ -2554,14 +2592,10 @@ int main(int argc, char **argv) {
                close(lockfd);
        }
-        // create name file under /run/firejail
        // handle CTRL-C in parent
        signal (SIGINT, my_handler);
        signal (SIGTERM, my_handler);
        // wait for the child to finish
        EUID_USER();
        int status = 0;
diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c
index bf1ef0469..42502008e 100644
--- a/src/firejail/preproc.c
+++ b/src/firejail/preproc.c
@@ -20,6 +20,8 @@
 #include "firejail.h"
 #include <sys/mount.h>
 #include <sys/stat.h>
+#include <sys/types.h>
+#include <dirent.h>
 static int tmpfs_mounted = 0;
@@ -48,6 +50,10 @@ void preproc_build_firejail_dir(void) {
                create_empty_dir_as_root(RUN_FIREJAIL_NAME_DIR, 0755);
        }
+        if (stat(RUN_FIREJAIL_PROFILE_DIR, &s)) {
+                create_empty_dir_as_root(RUN_FIREJAIL_PROFILE_DIR, 0755);
+        }
        if (stat(RUN_FIREJAIL_X11_DIR, &s)) {
                create_empty_dir_as_root(RUN_FIREJAIL_X11_DIR, 0755);
        }
@@ -79,8 +85,8 @@ void preproc_mount_mnt_dir(void) {
                        copy_file(PATH_SECCOMP_BLOCK_SECONDARY, RUN_SECCOMP_BLOCK_SECONDARY, getuid(), getgid(), 0644); // root needed
                else {
                        //copy default seccomp files
-                        copy_file(PATH_SECCOMP_I386, RUN_SECCOMP_I386, getuid(), getgid(), 0644); // root needed
+                        copy_file(PATH_SECCOMP_32, RUN_SECCOMP_32, getuid(), getgid(), 0644); // root needed
-                        copy_file(PATH_SECCOMP_AMD64, RUN_SECCOMP_AMD64, getuid(), getgid(), 0644); // root needed
+                        copy_file(PATH_SECCOMP_64, RUN_SECCOMP_64, getuid(), getgid(), 0644); // root needed
                }
                if (arg_allow_debuggers)
                        copy_file(PATH_SECCOMP_DEFAULT_DEBUG, RUN_SECCOMP_CFG, getuid(), getgid(), 0644); // root needed
@@ -98,3 +104,77 @@ void preproc_mount_mnt_dir(void) {
                        errExit("set_perms");
        }
 }
+// clean run directory
+void preproc_clean_run(void) {
+        int max_pids=32769;
+        int start_pid = 100;
+        // extract real max_pids
+        FILE *fp = fopen("/proc/sys/kernel/pid_max", "r");
+        if (fp) {
+                int val;
+                if (fscanf(fp, "%d", &val) == 1) {
+                        if (val >= max_pids)
+                                max_pids = val + 1;
+                }
+                fclose(fp);
+        }
+        int *pidarr = malloc(max_pids * sizeof(int));
+        if (!pidarr)
+                errExit("malloc");
+        memset(pidarr, 0, max_pids * sizeof(int));
+        // open /proc directory
+        DIR *dir;
+        if (!(dir = opendir("/proc"))) {
+                // sleep 2 seconds and try again
+                sleep(2);
+                if (!(dir = opendir("/proc"))) {
+                        fprintf(stderr, "Error: cannot open /proc directory\n");
+                        exit(1);
+                }
+        }
+        // read /proc and populate pidarr with all active processes
+        struct dirent *entry;
+        char *end;
+        while ((entry = readdir(dir)) != NULL) {
+                pid_t pid = strtol(entry->d_name, &end, 10);
+                pid %= max_pids;
+                if (end == entry->d_name || *end)
+                        continue;
+        
+                if (pid < start_pid)
+                        continue;
+                pidarr[pid] = 1;
+        }
+        closedir(dir);
+        // open /run/firejail/profile directory
+        if (!(dir = opendir(RUN_FIREJAIL_PROFILE_DIR))) {
+                // sleep 2 seconds and try again
+                sleep(2);
+                if (!(dir = opendir(RUN_FIREJAIL_PROFILE_DIR))) {
+                        fprintf(stderr, "Error: cannot open %s directory\n", RUN_FIREJAIL_PROFILE_DIR);
+                        exit(1);
+                }
+        }
+        // read /run/firejail/profile directory and clean leftover files
+        while ((entry = readdir(dir)) != NULL) {
+                pid_t pid = strtol(entry->d_name, &end, 10);
+                pid %= max_pids;
+                if (end == entry->d_name || *end)
+                        continue;
+        
+                if (pid < start_pid)
+                        continue;
+                if (pidarr[pid] == 0)
+                        clear_run_files(pid);
+        }
+        closedir(dir);
+        free(pidarr);
+}
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index fc390c83a..e61f59f46 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -1193,6 +1193,29 @@ void profile_read(const char *fname) {
                exit(1);
        }
+        // save the name of the file for --profile.print option
+        if (include_level == 0) {
+                char *runfile;
+                if (asprintf(&runfile, "%s/%d", RUN_FIREJAIL_PROFILE_DIR, getpid()) == -1)
+                        errExit("asprintf");
+                EUID_ROOT();
+                // the file is deleted first
+                FILE *fp = fopen(runfile, "w");
+                if (!fp) {
+                        fprintf(stderr, "Error: cannot create %s\n", runfile);
+                        exit(1);
+                }
+                fprintf(fp, "%s\n", fname);
+                // mode and ownership
+                SET_PERMS_STREAM(fp, 0, 0, 0644);
+                fclose(fp);
+                EUID_USER();
+                free(runfile);
+        }
        int msg_printed = 0;
        // read the file line by line
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c
index 7b45e2574..e75863c3a 100644
--- a/src/firejail/seccomp.c
+++ b/src/firejail/seccomp.c
@@ -137,22 +137,22 @@ errexit:
        exit(1);
 }
-// i386 filter installed on amd64 architectures
+// 32 bit arch filter installed on 64 bit architectures
-#if defined(__x86_64__)
+#if defined(__LP64__)
 static void seccomp_filter_32(void) {
-        if (seccomp_load(RUN_SECCOMP_I386) == 0) {
+        if (seccomp_load(RUN_SECCOMP_32) == 0) {
                if (arg_debug)
-                        printf("Dual i386/amd64 seccomp filter configured\n");
+                        printf("Dual 32/64 bit seccomp filter configured\n");
        }
 }
 #endif
-// amd64 filter installed on i386 architectures
+// 64 bit arch filter installed on 32 bit architectures
-#if defined(__i386__)
+#if defined(__ILP32__)
 static void seccomp_filter_64(void) {
-        if (seccomp_load(RUN_SECCOMP_AMD64) == 0) {
+        if (seccomp_load(RUN_SECCOMP_64) == 0) {
                if (arg_debug)
-                        printf("Dual i386/amd64 seccomp filter configured\n");
+                        printf("Dual 32/64 bit seccomp filter configured\n");
        }
 }
 #endif
@@ -177,10 +177,10 @@ int seccomp_filter_drop(void) {
                        if (arg_seccomp_block_secondary)
                                seccomp_filter_block_secondary();
                        else {
-#if defined(__x86_64__)
+#if defined(__LP64__)
                                seccomp_filter_32();
 #endif
-#if defined(__i386__)
+#if defined(__ILP32__)
                                seccomp_filter_64();
 #endif
                        }
@@ -190,10 +190,10 @@ int seccomp_filter_drop(void) {
                        if (arg_seccomp_block_secondary)
                                seccomp_filter_block_secondary();
                        else {
-#if defined(__x86_64__)
+#if defined(__LP64__)
                                seccomp_filter_32();
 #endif
-#if defined(__i386__)
+#if defined(__ILP32__)
                                seccomp_filter_64();
 #endif
                        }
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index 10e6ab687..fc7dbd69c 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -159,6 +159,7 @@ void usage(void) {
        printf("    --private-tmp - mount a tmpfs on top of /tmp directory.\n");
        printf("    --private-opt=file,directory - build a new /opt in a temporary filesystem.\n");
        printf("    --profile=filename - use a custom profile.\n");
+        printf("    --profile.print=name|pid - print the name of profile file.\n");
        printf("    --profile-path=directory - use this directory to look for profile files.\n");
        printf("    --protocol=protocol,protocol,protocol - enable protocol filter.\n");
        printf("    --protocol.print=name|pid - print the protocol filter.\n");
diff --git a/src/fseccomp/seccomp.c b/src/fseccomp/seccomp.c
index 7262bc2ca..e14a473fe 100644
--- a/src/fseccomp/seccomp.c
+++ b/src/fseccomp/seccomp.c
@@ -191,6 +191,21 @@ void seccomp_keep(const char *fname1, const char *fname2, char *list) {
        close(fd);
 }
+#if defined(__x86_64__) || defined(__aarch64__) || defined(__powerpc64__)
+# define filter_syscall SYS_mmap
+# undef block_syscall
+#elif defined(__i386__)
+# define filter_syscall SYS_mmap2
+# define block_syscall SYS_mmap
+#elif defined(__arm__)
+# define filter_syscall SYS_mmap2
+# undef block_syscall
+#else
+# warning "Platform does not support seccomp memory-deny-write-execute filter yet"
+# undef filter_syscall
+# undef block_syscall
+#endif
 void memory_deny_write_execute(const char *fname) {
        // open file
        int fd = open(fname, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
@@ -203,22 +218,19 @@ void memory_deny_write_execute(const char *fname) {
        // build filter
        static const struct sock_filter filter[] = {
-#ifdef __i386__
+#ifdef block_syscall
                // block old multiplexing mmap syscall for i386
-                BLACKLIST(SYS_mmap),
+                BLACKLIST(block_syscall),
 #endif
+#ifdef filter_syscall
                // block mmap(,,x|PROT_WRITE|PROT_EXEC) so W&X memory can't be created
-#ifdef __i386__
+                BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, filter_syscall, 0, 5),
-                // mmap2 is used for mmap on i386 these days
-                BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_mmap2, 0, 5),
-#else
-                BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_mmap, 0, 5),
-#endif
                EXAMINE_ARGUMENT(2),
                BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_WRITE|PROT_EXEC),
                BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_WRITE|PROT_EXEC, 0, 1),
                KILL_PROCESS,
                RETURN_ALLOW,
+#endif
                // block mprotect(,,PROT_EXEC) so writable memory can't be turned into executable
                BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_mprotect, 0, 5),
@@ -228,7 +240,7 @@ void memory_deny_write_execute(const char *fname) {
                KILL_PROCESS,
                RETURN_ALLOW,
-// shmat is not implemented as a syscall on some platforms (i386, possibly arm)
+// shmat is not implemented as a syscall on some platforms (i386, powerpc64, powerpc64le)
 #ifdef SYS_shmat
                // block shmat(,,x|SHM_EXEC) so W&X shared memory can't be created
                BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_shmat, 0, 5),
diff --git a/src/fseccomp/seccomp_print.c b/src/fseccomp/seccomp_print.c
index 3793e125d..e8df2bda5 100644
--- a/src/fseccomp/seccomp_print.c
+++ b/src/fseccomp/seccomp_print.c
@@ -90,7 +90,7 @@ static int detect_filter_type(void) {
        }
        
        
-        // testing for secondare amd64 filter
+        // testing for secondary 64 bit filter
        const struct sock_filter start_secondary_64[] = {
                VALIDATE_ARCHITECTURE_64,
                EXAMINE_SYSCALL,
@@ -102,7 +102,7 @@ static int detect_filter_type(void) {
                return sizeof(start_secondary_64) / sizeof(struct sock_filter);
        }
        
-        // testing for secondare i386 filter
+        // testing for secondary 32 bit filter
        const struct sock_filter start_secondary_32[] = {
                VALIDATE_ARCHITECTURE_32,
                EXAMINE_SYSCALL,
diff --git a/src/fseccomp/seccomp_secondary.c b/src/fseccomp/seccomp_secondary.c
index dd69b58cc..da6a693e6 100644
--- a/src/fseccomp/seccomp_secondary.c
+++ b/src/fseccomp/seccomp_secondary.c
@@ -108,7 +108,7 @@ void seccomp_secondary_64(const char *fname) {
        write_filter(fname, sizeof(filter), filter);
 }
-// i386 filter installed on amd64 architectures
+// 32 bit arch filter installed on 64 bit architectures
 void seccomp_secondary_32(const char *fname) {
        // hardcoded syscall values
        struct sock_filter filter[] = {
diff --git a/src/fseccomp/syscall.c b/src/fseccomp/syscall.c
index 8c18b2d14..abdedb957 100644
--- a/src/fseccomp/syscall.c
+++ b/src/fseccomp/syscall.c
@@ -83,6 +83,9 @@ static const SyscallGroupList sysgroups[] = {
 #ifdef SYS_vm86old
          "vm86old"
 #endif
+#if !defined(SYS_modify_ldt) && !defined(SYS_subpage_prot) && !defined(SYS_switch_endian) && !defined(SYS_vm86) && !defined(SYS_vm86old)
+          "__dummy_syscall__" // workaround for arm64, s390x and sparc64 which don't have any of above defined and empty syscall lists are not allowed
+#endif
        },
        { .name = "@debug", .list =
 #ifdef SYS_lookup_dcookie
diff --git a/src/include/seccomp.h b/src/include/seccomp.h
index 2f2b2384d..133b6ce72 100644
--- a/src/include/seccomp.h
+++ b/src/include/seccomp.h
@@ -91,10 +91,64 @@ struct seccomp_data {
 #if defined(__i386__)
 # define ARCH_NR        AUDIT_ARCH_I386
+# define ARCH_32        AUDIT_ARCH_I386
+# define ARCH_64        AUDIT_ARCH_X86_64
 #elif defined(__x86_64__)
 # define ARCH_NR        AUDIT_ARCH_X86_64
+# define ARCH_32        AUDIT_ARCH_I386
+# define ARCH_64        AUDIT_ARCH_X86_64
+#elif defined(__aarch64__)
+# define ARCH_NR        AUDIT_ARCH_AARCH64
+# define ARCH_32        AUDIT_ARCH_ARM
+# define ARCH_64        AUDIT_ARCH_AARCH64
 #elif defined(__arm__)
 # define ARCH_NR        AUDIT_ARCH_ARM
+# define ARCH_32        AUDIT_ARCH_ARM
+# define ARCH_64        AUDIT_ARCH_AARCH64
+#elif defined(__mips__) && __BYTE_ORDER == __BIG_ENDIAN && _MIPS_SIM == _MIPS_SIM_ABI32
+# define ARCH_NR        AUDIT_ARCH_MIPS
+# define ARCH_32        AUDIT_ARCH_MIPS
+# define ARCH_64        AUDIT_ARCH_MIPS64
+#elif defined(__mips__) && __BYTE_ORDER == __LITTLE_ENDIAN && _MIPS_SIM == _MIPS_SIM_ABI32
+# define ARCH_NR        AUDIT_ARCH_MIPSEL
+# define ARCH_32        AUDIT_ARCH_MIPSEL
+# define ARCH_64        AUDIT_ARCH_MIPSEL64
+#elif defined(__mips__) && __BYTE_ORDER == __BIG_ENDIAN && _MIPS_SIM == _MIPS_SIM_ABI64
+# define ARCH_NR        AUDIT_ARCH_MIPS64
+# define ARCH_32        AUDIT_ARCH_MIPS
+# define ARCH_64        AUDIT_ARCH_MIPS64
+#elif defined(__mips__) && __BYTE_ORDER == __LITTLE_ENDIAN && _MIPS_SIM == _MIPS_SIM_ABI64
+# define ARCH_NR        AUDIT_ARCH_MIPSEL64
+# define ARCH_32        AUDIT_ARCH_MIPSEL
+# define ARCH_64        AUDIT_ARCH_MIPSEL64
+#elif defined(__mips__) && __BYTE_ORDER == __BIG_ENDIAN && _MIPS_SIM == _MIPS_SIM_NABI32
+# define ARCH_NR        AUDIT_ARCH_MIPS64N32
+# define ARCH_32        AUDIT_ARCH_MIPS64N32
+# define ARCH_64        AUDIT_ARCH_MIPS64
+#elif defined(__mips__) && __BYTE_ORDER == __LITTLE_ENDIAN && _MIPS_SIM == _MIPS_SIM_NABI32
+# define ARCH_NR        AUDIT_ARCH_MIPSEL64N32
+# define ARCH_32        AUDIT_ARCH_MIPSEL64N32
+# define ARCH_64        AUDIT_ARCH_MIPSEL64
+#elif defined(__powerpc64__) && __BYTE_ORDER == __BIG_ENDIAN
+# define ARCH_NR        AUDIT_ARCH_PPC64
+# define ARCH_32        AUDIT_ARCH_PPC
+# define ARCH_64        AUDIT_ARCH_PPC64
+#elif defined(__powerpc64__) && __BYTE_ORDER == __LITTLE_ENDIAN
+# define ARCH_NR        AUDIT_ARCH_PPC64LE
+# define ARCH_32        AUDIT_ARCH_PPC
+# define ARCH_64        AUDIT_ARCH_PPC64LE
+#elif defined(__powerpc__)
+# define ARCH_NR        AUDIT_ARCH_PPC
+# define ARCH_32        AUDIT_ARCH_PPC
+# define ARCH_64        AUDIT_ARCH_PPC64LE
+#elif defined(__s390x__)
+# define ARCH_NR        AUDIT_ARCH_S390X
+# define ARCH_32        AUDIT_ARCH_S390
+# define ARCH_64        AUDIT_ARCH_S390X
+#elif defined(__s390__)
+# define ARCH_NR        AUDIT_ARCH_S390
+# define ARCH_32        AUDIT_ARCH_S390
+# define ARCH_64        AUDIT_ARCH_S390X
 #else
 # warning "Platform does not support seccomp filter yet"
 # define ARCH_NR        0
@@ -112,12 +166,12 @@ struct seccomp_data {
 #define VALIDATE_ARCHITECTURE_64 \
     BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \
-     BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, AUDIT_ARCH_X86_64, 1, 0), \
+     BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_64, 1, 0), \
     BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
 #define VALIDATE_ARCHITECTURE_32 \
     BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \
-     BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, AUDIT_ARCH_I386, 1, 0), \
+     BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_32, 1, 0), \
     BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
 #if defined(__x86_64__)
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 9ae5d6782..a70f662fd 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1424,6 +1424,19 @@ Example:
 $ firejail \-\-profile=myprofile
 .TP
+\fB\-\-profile.print=name|pid
+Print the name of the profile file for the sandbox identified by name or or PID.
+.br
+.br
+Example:
+.br
+$ firejail \-\-profile.print=browser
+.br
+/etc/firejail/firefox.profile
+.br
+.TP
 \fB\-\-profile-path=directory
 Use this directory to look for profile files. Use an absolute path or a path in the home directory starting with ~/.
 For more information, see \fBSECURITY PROFILES\fR section below and \fBRELOCATING PROFILE FILES\fR in
diff --git a/test/filters/seccomp-debug-32.exp b/test/filters/seccomp-debug-32.exp
index 6983758c3..098b309f5 100755
--- a/test/filters/seccomp-debug-32.exp
+++ b/test/filters/seccomp-debug-32.exp
@@ -43,7 +43,7 @@ expect {
 }
 expect {
        timeout {puts "TESTING ERROR 7\n";exit}
-        "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter"
+        "Installing /run/firejail/mnt/seccomp.64 seccomp filter"
 }
 expect {
        timeout {puts "TESTING ERROR 9\n";exit}
@@ -56,13 +56,13 @@ send --  "firejail --debug --ignore=seccomp sleep 1; echo done\r"
 expect {
        timeout {puts "TESTING ERROR 10\n";exit}
        "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 11\n";exit}
-        "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 12\n";exit}
+        "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 12\n";exit}
        "Child process initialized"
 }
 expect {
        timeout {puts "TESTING ERROR 13\n";exit}
        "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 14\n";exit}
-        "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 15\n";exit}
+        "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 15\n";exit}
        "done"
 }
 after 100
@@ -82,7 +82,7 @@ expect {
 expect {
        timeout {puts "TESTING ERROR 21\n";exit}
        "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 22\n";exit}
-        "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter"
+        "Installing /run/firejail/mnt/seccomp.64 seccomp filter"
 }
 expect {
        timeout {puts "TESTING ERROR 23\n";exit}
@@ -110,12 +110,12 @@ expect {
 send --  "firejail --debug --seccomp.block-secondary sleep 1; echo done\r"
 expect {
        timeout {puts "TESTING ERROR 27\n";exit}
-        "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 28\n";exit}
+        "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 28\n";exit}
        "Child process initialized"
 }
 expect {
        timeout {puts "TESTING ERROR 29\n";exit}
-        "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 30\n";exit}
+        "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 30\n";exit}
        "Installing /run/firejail/mnt/seccomp seccomp filter"
 }
 expect {
@@ -128,12 +128,12 @@ after 100
 send --  "firejail --debug --profile=block-secondary.profile sleep 1; echo done\r"
 expect {
        timeout {puts "TESTING ERROR 33\n";exit}
-        "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 34\n";exit}
+        "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 34\n";exit}
        "Child process initialized"
 }
 expect {
        timeout {puts "TESTING ERROR 35\n";exit}
-        "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 35\n";exit}
+        "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 35\n";exit}
        "Installing /run/firejail/mnt/seccomp seccomp filter"
 }
 expect {
diff --git a/test/filters/seccomp-debug.exp b/test/filters/seccomp-debug.exp
index 7a4a13991..4986a6bf6 100755
--- a/test/filters/seccomp-debug.exp
+++ b/test/filters/seccomp-debug.exp
@@ -31,7 +31,7 @@ expect {
 after 100
-# amd64 architecture
+# 64 bit architecture
 send --  "firejail --debug sleep 1; echo done\r"
 expect {
        timeout {puts "TESTING ERROR 5\n";exit}
@@ -43,7 +43,7 @@ expect {
 }
 expect {
        timeout {puts "TESTING ERROR 7\n";exit}
-        "Installing /run/firejail/mnt/seccomp.i386 seccomp filter"
+        "Installing /run/firejail/mnt/seccomp.32 seccomp filter"
 }
 expect {
        timeout {puts "TESTING ERROR 8\n";exit}
@@ -55,18 +55,18 @@ expect {
 }
 after 100
-# amd64 architecture - ignore seccomp
+# 64 bit architecture - ignore seccomp
 send --  "firejail --debug --ignore=seccomp sleep 1; echo done\r"
 expect {
        timeout {puts "TESTING ERROR 10\n";exit}
        "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 11\n";exit}
-        "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" {puts "TESTING ERROR 12\n";exit}
+        "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 12\n";exit}
        "Child process initialized"
 }
 expect {
        timeout {puts "TESTING ERROR 13\n";exit}
        "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 14\n";exit}
-        "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" {puts "TESTING ERROR 15\n";exit}
+        "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 15\n";exit}
        "Installing /run/firejail/mnt/seccomp.protocol seccomp filter"
 }
 expect {
@@ -75,7 +75,7 @@ expect {
 }
 after 100
-# amd64 architecture - ignore protocol
+# 64 bit architecture - ignore protocol
 send --  "firejail --debug --ignore=protocol sleep 1; echo done\r"
 expect {
        timeout {puts "TESTING ERROR 17\n";exit}
@@ -90,7 +90,7 @@ expect {
 expect {
        timeout {puts "TESTING ERROR 21\n";exit}
        "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 22\n";exit}
-        "Installing /run/firejail/mnt/seccomp.i386 seccomp filter"
+        "Installing /run/firejail/mnt/seccomp.32 seccomp filter"
 }
 expect {
        timeout {puts "TESTING ERROR 23\n";exit}
@@ -114,21 +114,21 @@ expect {
 }
-# amd64 architecture - seccomp.block-secondary
+# 64 bit architecture - seccomp.block-secondary
 send --  "firejail --debug --seccomp.block-secondary sleep 1; echo done\r"
 expect {
        timeout {puts "TESTING ERROR 27\n";exit}
-        "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" {puts "TESTING ERROR 28\n";exit}
+        "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 28\n";exit}
        "Child process initialized"
 }
 expect {
        timeout {puts "TESTING ERROR 29\n";exit}
-        "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" {puts "TESTING ERROR 30\n";exit}
+        "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 30\n";exit}
        "Installing /run/firejail/mnt/seccomp seccomp filter"
 }
 expect {
        timeout {puts "TESTING ERROR 31\n";exit}
-        "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" {puts "TESTING ERROR 32\n";exit}
+        "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 32\n";exit}
        "Installing /run/firejail/mnt/seccomp.protocol seccomp filter"
 }
 expect {
@@ -137,16 +137,16 @@ expect {
 }
 after 100
-# amd64 architecture - seccomp.block-secondary, profile
+# 64 bit architecture - seccomp.block-secondary, profile
 send --  "firejail --debug --profile=block-secondary.profile sleep 1; echo done\r"
 expect {
        timeout {puts "TESTING ERROR 33\n";exit}
-        "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" {puts "TESTING ERROR 34\n";exit}
+        "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 34\n";exit}
        "Child process initialized"
 }
 expect {
        timeout {puts "TESTING ERROR 35\n";exit}
-        "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" {puts "TESTING ERROR 35\n";exit}
+        "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 35\n";exit}
        "Installing /run/firejail/mnt/seccomp seccomp filter"
 }
 expect {
diff --git a/test/fs/whitelist-dev.exp b/test/fs/whitelist-dev.exp
index b064671b6..b6ae6319f 100755
--- a/test/fs/whitelist-dev.exp
+++ b/test/fs/whitelist-dev.exp
@@ -25,14 +25,14 @@ sleep 1
 send -- "firejail --whitelist=/dev/null --whitelist=/dev/shm --whitelist=/dev/random\r"
 expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
+        timeout {puts "TESTING ERROR 2\n";exit}
        "Child process initialized"
 }
 sleep 1
 send -- "find /dev | wc -l\r"
 expect {
-        timeout {puts "TESTING ERROR 0.1\n";exit}
+        timeout {puts "TESTING ERROR 3\n";exit}
        "4"
 }
 after 100
@@ -41,14 +41,14 @@ sleep 1
 send -- "firejail --private-dev --debug\r"
 expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
+        timeout {puts "TESTING ERROR 4\n";exit}
        "Child process initialized"
 }
 sleep 1
 send -- "ls -l /dev | wc -l\r"
 expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
+        timeout {puts "TESTING ERROR 5\n";exit}
        "12" {puts "OK\n"}
        "13" {puts "OK\n"}
        "14" {puts "OK\n"}
diff --git a/test/profiles/test-profile.exp b/test/profiles/test-profile.exp
index 6bc47f33f..63fb3a150 100755
--- a/test/profiles/test-profile.exp
+++ b/test/profiles/test-profile.exp
@@ -18,6 +18,5 @@ expect {
        timeout {puts "TESTING ERROR 0\n";exit}
        "done"
 }
-send -- "exit\r"
 after 100
 puts "\n"