24 files changed, 239 insertions, 68 deletions
diff --git a/README.md b/README.md
index 8994fcc11..c9711226d 100644
--- a/README.md
+++ b/README.md
@@ -84,7 +84,7 @@ Backup Video Channel: https://www.bitchute.com/profile/JSBsA1aoQVfW/
 We take security bugs very seriously. If you believe you have found one, please report it by emailing us at netblue30@protonmail.com
 `````
-Security Adivsory - Feb 8, 2021
+Security Advisory - Feb 8, 2021
 Summary: A vulnerability resulting in root privilege escalation was discovered in
 Firejail's OverlayFS code,
@@ -333,4 +333,4 @@ Stats:
 vmware-view, display-im6.q16, ipcalc, ipcalc-ng, ebook-convert, ebook-edit, ebook-meta, ebook-polish, lzop,
 avidemux, calligragemini, vmware-player, vmware-workstation, gget, com.github.phase1geo.minder, nextcloud-desktop,
 pcsxr, PPSSPPSDL, openmw, openmw-launcher, jami-gnome, PCSX2, bcompare, b2sum, cksum, md5sum, sha1sum, sha224sum,
-sha256sum, sha384sum, sha512sum, sum
+sha256sum, sha384sum, sha512sum, sum, librewold-nightly, Quodlibet, tmux, sway
diff --git a/RELNOTES b/RELNOTES
index a3e23abd6..8dda7c01c 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -18,7 +18,7 @@ firejail (0.9.65) baseline; urgency=low
  * gget, com.github.phase1geo.minder, nextcloud-desktop, pcsxr
  * PPSSPPSDL, openmw, openmw-launcher, jami-gnome, PCSX2, sum
  * bcompare, b2sum, cksum, md5sum, sha1sum, sha224sum, sha256sum
-  * sha384sum, sha512sum
+  * sha384sum, sha512sum, librewold-nightly, Quodlibet, tmux, sway
 -- netblue30 <netblue30@yahoo.com>  Tue, 9 Feb 2021 09:00:00 -0500
 firejail (0.9.64.4) baseline; urgency=low
diff --git a/etc/apparmor/firejail-local b/etc/apparmor/firejail-local
index 7f2a778ab..3dfd3d0ea 100644
--- a/etc/apparmor/firejail-local
+++ b/etc/apparmor/firejail-local
@@ -8,5 +8,8 @@
 #owner @HOME/bin/** ix
 #owner @HOME/.local/bin/** ix
+# Uncomment to opt-in to apparmor for brave + tor
+#owner @{HOME}/.config/BraveSoftware/Brave-Browser/biahpgbdmdkfgndcmfiipgcebobojjkp/*/** ix,
 # Uncomment to opt-in to apparmor for torbrowser-launcher
 #owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/** ix,
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index 52534a9e9..35f89e11b 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -34,6 +34,7 @@ blacklist ${HOME}/.config/autostart
 blacklist ${HOME}/.config/autostart-scripts
 blacklist ${HOME}/.config/awesome
 blacklist ${HOME}/.config/i3
+blacklist ${HOME}/.config/sway
 blacklist ${HOME}/.config/lxsession/LXDE/autostart
 blacklist ${HOME}/.config/openbox
 blacklist ${HOME}/.config/plasma-workspace
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 828b5c546..0ca8817cb 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -380,6 +380,7 @@ blacklist ${HOME}/.config/qBittorrent
 blacklist ${HOME}/.config/qBittorrentrc
 blacklist ${HOME}/.config/qnapi.ini
 blacklist ${HOME}/.config/qpdfview
+blacklist ${HOME}/.config/quodlibet
 blacklist ${HOME}/.config/qupzilla
 blacklist ${HOME}/.config/qutebrowser
 blacklist ${HOME}/.config/ranger
@@ -478,6 +479,7 @@ blacklist ${HOME}/.equalx
 blacklist ${HOME}/.ethereum
 blacklist ${HOME}/.etr
 blacklist ${HOME}/.filezilla
+blacklist ${HOME}/.firedragon
 blacklist ${HOME}/.flowblade
 blacklist ${HOME}/.fltk
 blacklist ${HOME}/.fossamail
@@ -921,6 +923,7 @@ blacklist ${HOME}/.cache/Otter
 blacklist ${HOME}/.cache/PawelStolowski
 blacklist ${HOME}/.cache/Psi
 blacklist ${HOME}/.cache/QuiteRss
+blacklist ${HOME}/.cache/quodlibet
 blacklist ${HOME}/.cache/Quotient/quaternion
 blacklist ${HOME}/.cache/Shortwave
 blacklist ${HOME}/.cache/Tox
@@ -950,6 +953,7 @@ blacklist ${HOME}/.cache/epiphany
 blacklist ${HOME}/.cache/evolution
 blacklist ${HOME}/.cache/falkon
 blacklist ${HOME}/.cache/feedreader
+blacklist ${HOME}/.cache/firedragon
 blacklist ${HOME}/.cache/flaska.net/trojita
 blacklist ${HOME}/.cache/folks
 blacklist ${HOME}/.cache/font-manager
diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile
index 4986ac63a..f265c8406 100644
--- a/etc/profile-a-l/apostrophe.profile
+++ b/etc/profile-a-l/apostrophe.profile
@@ -6,15 +6,22 @@ include apostrophe.local
 # Persistent global definitions
 include globals.local
+noblacklist ${HOME}/.texlive20*
 noblacklist ${DOCUMENTS}
 noblacklist ${PICTURES}
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
+# Allow perl (blacklisted by disable-interpreters.inc)
+include allow-perl.inc
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
+# Allow /bin/sh (blacklisted by disable-shell.inc)
+include allow-bin-sh.inc
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -25,7 +32,10 @@ include disable-shell.inc
 include disable-xdg.inc
 whitelist /usr/share/apostrophe
+whitelist /usr/share/texlive
+whitelist /usr/share/texmf
 whitelist /usr/share/pandoc-*
+whitelist /usr/share/perl5
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
@@ -49,10 +59,10 @@ shell none
 tracelog
 disable-mnt
-private-bin apostrophe,pandoc,python3*
+private-bin apostrophe,fmtutil,kpsewhich,mktexfmt,pandoc,pdftex,perl,python3*,sh,xdvipdfmx,xelatex,xetex
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11
+private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,texlive,X11
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/brave.profile b/etc/profile-a-l/brave.profile
index 5a5e9eacd..09548c761 100644
--- a/etc/profile-a-l/brave.profile
+++ b/etc/profile-a-l/brave.profile
@@ -8,7 +8,10 @@ include globals.local
 # noexec /tmp is included in chromium-common.profile and breaks Brave
 ignore noexec /tmp
-# TOR is installed in ${HOME}
+# TOR is installed in ${HOME}.
+# NOTE: chromium-common.profile enables apparmor. To keep that intact
+# you will need to uncomment the 'brave + tor' rule in /etc/apparmor.d/local/firejail-default.
+# Alternatively you can add 'ignore apparmor' to your brave.local.
 ignore noexec ${HOME}
 noblacklist ${HOME}/.cache/BraveSoftware
diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile
index 76a14d99b..0000de441 100644
--- a/etc/profile-a-l/dbus-send.profile
+++ b/etc/profile-a-l/dbus-send.profile
@@ -52,7 +52,7 @@ private-bin dbus-send
 private-cache
 private-dev
 private-etc alternatives,dbus-1
-private-lib libpcre2-8.so.0
+private-lib libpcre*
 private-tmp
 memory-deny-write-execute
diff --git a/etc/profile-a-l/discord-canary.profile b/etc/profile-a-l/discord-canary.profile
index 3e9dacd1e..43db95b8a 100644
--- a/etc/profile-a-l/discord-canary.profile
+++ b/etc/profile-a-l/discord-canary.profile
@@ -10,7 +10,7 @@ noblacklist ${HOME}/.config/discordcanary
 mkdir ${HOME}/.config/discordcanary
 whitelist ${HOME}/.config/discordcanary
-private-bin discord-canary
+private-bin discord-canary,electron,electron[0-9],electron[0-9][0-9]
 private-opt discord-canary
 # Redirect
diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile
index 1c34335d2..f55d23778 100644
--- a/etc/profile-a-l/etr.profile
+++ b/etc/profile-a-l/etr.profile
@@ -44,7 +44,7 @@ disable-mnt
 private-bin etr
 private-cache
 private-dev
-# private-etc alternatives,drirc,machine-id,openal
+# private-etc alternatives,drirc,machine-id,openal,passwd
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/exfalso.profile b/etc/profile-a-l/exfalso.profile
index 192858304..92e4395c5 100644
--- a/etc/profile-a-l/exfalso.profile
+++ b/etc/profile-a-l/exfalso.profile
@@ -4,58 +4,12 @@
 # Persistent local customizations
 include exfalso.local
 # Persistent global definitions
-include globals.local
+# added by included profile
+#include globals.local
-noblacklist ${HOME}/.quodlibet
-noblacklist ${MUSIC}
-# Allow python (blacklisted by disable-interpreters.inc)
-include allow-python2.inc
-include allow-python3.inc
-whitelist ${DOWNLOADS}
-whitelist ${MUSIC}
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-include disable-shell.inc
-include disable-xdg.inc
-mkdir ${HOME}/.quodlibet
-whitelist ${HOME}/.quodlibet
-include whitelist-common.inc
-include whitelist-usr-share-common.inc
-include whitelist-var-common.inc
-caps.drop all
-ipc-namespace
-machine-id
-netfilter
-no3d
-nodvd
-nogroups
-nonewprivs
-noroot
-nosound
-notv
-nou2f
-novideo
-protocol unix,inet,inet6
-seccomp
-shell none
-private-bin exfalso,python*
-private-cache
-private-dev
-private-etc alternatives,fonts,group,passwd
 private-lib libatk-1.0.so.*,libgdk-3.so.*,libgdk_pixbuf-2.0.so.*,libgirepository-1.0.so.*,libgstreamer-1.0.so.*,libgtk-3.so.*,libgtksourceview-3.0.so.*,libpango-1.0.so.*,libpython*,libreadline.so.*,libsoup-2.4.so.*,libssl.so.1.*,python2*,python3*
-private-tmp
 dbus-user none
-dbus-system none
-#memory-deny-write-execute - breaks on Arch (see issue #1803)
+# Redirect
+include quodlibet.profile
diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile
index 2a1eb2001..50d2b923b 100644
--- a/etc/profile-a-l/file-roller.profile
+++ b/etc/profile-a-l/file-roller.profile
@@ -20,9 +20,9 @@ include whitelist-var-common.inc
 apparmor
 caps.drop all
-#ipc-namespace - causing issues launching on archlinux
 machine-id
 # net none - breaks on older Ubuntu versions
+netfilter
 no3d
 nodvd
 nogroups
@@ -38,7 +38,7 @@ seccomp.block-secondary
 shell none
 tracelog
-private-bin 7z,7za,7zr,ar,arj,bash,brotli,bzip2,compress,cpio,dpkg-deb,file-roller,gtar,gzip,isoinfo,lha,lrzip,lsar,lz4,lzip,lzma,lzop,p7zip,rar,rzip,sh,tar,unace,unalz,unar,uncompress,unrar,unsquashfs,unstuff,unzip,xz,zip,zoo
+private-bin 7z,7za,7zr,ar,arj,atool,bash,brotli,bsdtar,bzip2,compress,cp,cpio,dpkg-deb,file-roller,gtar,gzip,isoinfo,lha,lrzip,lsar,lz4,lzip,lzma,lzop,mv,p7zip,rar,rm,rzip,sh,tar,unace,unalz,unar,uncompress,unrar,unsquashfs,unstuff,unzip,unzstd,xz,xzdec,zip,zoo,zstd
 private-cache
 private-dev
 private-etc dconf,fonts,gtk-3.0,xdg
diff --git a/etc/profile-a-l/firedragon.profile b/etc/profile-a-l/firedragon.profile
new file mode 100644
index 000000000..77487161e
--- /dev/null
+++ b/etc/profile-a-l/firedragon.profile
@@ -0,0 +1,26 @@
+# Firejail profile for FireDragon
+# Description: Librewolf fork with enhanced KDE integration
+# This file is overwritten after every install/update
+# Persistent local customizations
+include firedragon.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.cache/firedragon
+noblacklist ${HOME}/.firedragon
+mkdir ${HOME}/.cache/firedragon
+mkdir ${HOME}/.firedragon
+whitelist ${HOME}/.cache/firedragon
+whitelist ${HOME}/.firedragon
+# Add the next lines to your firedragon.local if you want to use the migration wizard.
+#noblacklist ${HOME}/.mozilla
+#whitelist ${HOME}/.mozilla
+# FireDragon requires a shell to launch on Arch. We can possibly remove sh though.
+# Add the next line to your firedragon.local to enable private-bin.
+#private-bin bash,dbus-launch,dbus-send,env,firedragon,python*,sh,which
+# Redirect
+include firefox-common.profile
diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile
index 851a7c747..d1c18e690 100644
--- a/etc/profile-a-l/flameshot.profile
+++ b/etc/profile-a-l/flameshot.profile
@@ -54,9 +54,15 @@ private-bin flameshot
 private-cache
 private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.conf,machine-id,pki,resolv.conf,ssl
 private-dev
-private-tmp
+#private-tmp
 dbus-user filter
 dbus-user.own org.dharkael.Flameshot
 dbus-user.own org.flameshot.Flameshot
+dbus-user.talk org.freedesktop.Notifications
+dbus-user.talk org.freedesktop.portal.Desktop
+dbus-user.talk org.gnome.Shell
+dbus-user.talk org.kde.KWin
+dbus-user.talk org.kde.StatusNotifierWatcher
+dbus-user.own org.kde.*
 dbus-system none
diff --git a/etc/profile-a-l/librewolf-nightly.profile b/etc/profile-a-l/librewolf-nightly.profile
index e6c3da608..72df5a52a 100644
--- a/etc/profile-a-l/librewolf-nightly.profile
+++ b/etc/profile-a-l/librewolf-nightly.profile
@@ -6,5 +6,8 @@ include librewolf-nightly.local
 # added by included profile
 #include globals.local
+# Add the next line to your librewolf-nightly.local to enable private-bin.
+#private-bin librewolf-nightly
 # Redirect
 include librewolf.profile
diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile
index 8e891a930..0934e1271 100644
--- a/etc/profile-a-l/librewolf.profile
+++ b/etc/profile-a-l/librewolf.profile
@@ -18,12 +18,40 @@ whitelist ${HOME}/.librewolf
 #noblacklist ${HOME}/.mozilla
 #whitelist ${HOME}/.mozilla
-# librewolf requires a shell to launch on Arch. We can possibly remove sh though.
+# Uncomment or put in your librewolf.local one of the following whitelist to enable KeePassXC Plugin
-# Add the next line to your librewolf.local to enable private-bin.
+# NOTE: start KeePassXC before Librewolf and keep it open to allow communication between them
-#private-bin bash,dbus-launch,dbus-send,env,librewolf,python*,sh,which
+#whitelist ${RUNUSER}/kpxc_server
+#whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
+whitelist /usr/share/doc
+whitelist /usr/share/gtk-doc/html
+whitelist /usr/share/mozilla
+whitelist /usr/share/webext
+include whitelist-usr-share-common.inc
+# Add the next line to your librewolf.local to enable private-bin (Arch Linux).
+#private-bin dbus-launch,dbus-send,librewolf,sh
 # Add the next line to your librewolf.local to enable private-etc. Note
 # that private-etc must first be enabled in firefox-common.local.
 #private-etc librewolf
+dbus-user filter
+# Uncomment or put in your librewolf.local to enable native notifications.
+#dbus-user.talk org.freedesktop.Notifications
+# Uncomment or put in your librewolf.local to allow to inhibit screensavers
+#dbus-user.talk org.freedesktop.ScreenSaver
+# Uncomment or put in your librewolf.local for plasma browser integration
+#dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration
+#dbus-user.talk org.kde.JobViewServer
+#dbus-user.talk org.kde.kuiserver
+# Uncomment or put in your librewolf.local to allow screen sharing under wayland.
+#whitelist ${RUNUSER}/pipewire-0
+#dbus-user.talk org.freedesktop.portal.*
+# Also uncomment or put in your librewolf.local if screen sharing sharing still
+# does not work with the above lines (might depend on the portal
+# implementation)
+#ignore noroot
+ignore dbus-user none
 # Redirect
 include firefox-common.profile
diff --git a/etc/profile-a-l/sway.profile b/etc/profile-a-l/sway.profile
new file mode 100644
index 000000000..4637419bf
--- /dev/null
+++ b/etc/profile-a-l/sway.profile
@@ -0,0 +1,19 @@
+# Firejail profile for Sway
+# Description: i3-compatible Wayland compositor 
+# This file is overwritten after every install/update
+# Persistent local customizations
+include sway.local
+# Persistent global definitions
+include globals.local
+# all applications started in sway will run in this profile
+noblacklist ${HOME}/.config/sway
+# sway uses ~/.config/i3 as fallback if there is no ~/.config/sway
+noblacklist ${HOME}/.config/i3
+include disable-common.inc
+caps.drop all
+netfilter
+noroot
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/profile-m-z/mumble.profile b/etc/profile-m-z/mumble.profile
index 0c4efc3d3..c7f59c5ee 100644
--- a/etc/profile-m-z/mumble.profile
+++ b/etc/profile-m-z/mumble.profile
@@ -29,7 +29,6 @@ include whitelist-var-common.inc
 caps.drop all
 netfilter
-no3d
 nodvd
 nogroups
 nonewprivs
diff --git a/etc/profile-m-z/qrencode.profile b/etc/profile-m-z/qrencode.profile
index 952e9f5f3..6480651b2 100644
--- a/etc/profile-m-z/qrencode.profile
+++ b/etc/profile-m-z/qrencode.profile
@@ -48,7 +48,7 @@ private-bin qrencode
 private-cache
 private-dev
 private-etc none
-private-lib libpcre2-8.so.0
+private-lib libpcre*
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/quodlibet.profile b/etc/profile-m-z/quodlibet.profile
new file mode 100644
index 000000000..e3680dcf1
--- /dev/null
+++ b/etc/profile-m-z/quodlibet.profile
@@ -0,0 +1,66 @@
+# Firejail profile for quodlibet
+# Description: Music player and music library manager
+# This file is overwritten after every install/update
+# Persistent local customizations
+include quodlibet.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.cache/quodlibet
+noblacklist ${HOME}/.config/quodlibet
+noblacklist ${HOME}/.quodlibet
+noblacklist ${MUSIC}
+include allow-bin-sh.inc
+# Allow python (blacklisted by disable-interpreters.inc)
+include allow-python2.inc
+include allow-python3.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.cache/quodlibet
+mkdir ${HOME}/.config/quodlibet
+mkdir ${HOME}/.quodlibet
+whitelist ${HOME}/.cache/quodlibet
+whitelist ${HOME}/.config/quodlibet
+whitelist ${HOME}/.quodlibet
+whitelist ${DOWNLOADS}
+whitelist ${MUSIC}
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+private-bin exfalso,operon,python*,quodlibet,sh
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,passwd,pki,pulse,resolv.conf,ssl
+private-tmp
+dbus-system none
diff --git a/etc/profile-m-z/tmux.profile b/etc/profile-m-z/tmux.profile
new file mode 100644
index 000000000..706f39f24
--- /dev/null
+++ b/etc/profile-m-z/tmux.profile
@@ -0,0 +1,45 @@
+# Firejail profile for tmux
+# Description: terminal multiplexer
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include tmux.local
+# Persistent global definitions
+include globals.local
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
+noblacklist /tmp/tmux-*
+# include disable-common.inc
+# include disable-devel.inc
+# include disable-exec.inc
+include disable-passwdmgr.inc
+# include disable-programs.inc
+caps.drop all
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+# private-cache
+private-dev
+# private-tmp
+dbus-user none
+dbus-system none
diff --git a/etc/templates/profile.template b/etc/templates/profile.template
index 065245a63..043e83c58 100644
--- a/etc/templates/profile.template
+++ b/etc/templates/profile.template
@@ -103,6 +103,9 @@ include globals.local
 # Allow ruby (blacklisted by disable-interpreters.inc)
 #include allow-ruby.inc
+# Allow /bin/sh (blacklisted by disable-shell.inc)
+#include allow-bin-sh.inc
 # Allow ssh (blacklisted by disable-common.inc)
 #include allow-ssh.inc
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index be50d5f44..667631c17 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -236,6 +236,7 @@ ffplay
 ffprobe
 file-roller
 filezilla
+firedragon
 firefox
 firefox-beta
 firefox-developer-edition
diff --git a/src/profstats/main.c b/src/profstats/main.c
index a810a11f8..5035280b1 100644
--- a/src/profstats/main.c
+++ b/src/profstats/main.c
@@ -341,7 +341,7 @@ int main(int argc, char **argv) {
        printf("Stats:\n");
        printf("    profiles\t\t\t%d\n", cnt_profiles);
        printf("    include local profile\t%d   (include profile-name.local)\n", cnt_dotlocal);
-        printf("    include globals\t\t%d   (include globals.local)\n", cnt_dotlocal);
+        printf("    include globals\t\t%d   (include globals.local)\n", cnt_globalsdotlocal);
        printf("    blacklist ~/.ssh\t\t%d   (include disable-common.inc)\n", cnt_ssh);
        printf("    seccomp\t\t\t%d\n", cnt_seccomp);
        printf("    capabilities\t\t%d\n", cnt_caps);