35 files changed, 157 insertions, 578 deletions
diff --git a/Makefile.in b/Makefile.in
index abc86c2c3..31c2442ed 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -27,7 +27,7 @@ COMPLETIONDIRS = src/zsh_completion src/bash_completion
 all: all_items mydirs $(MAN_TARGET) filters
 APPS = src/firecfg/firecfg src/firejail/firejail src/firemon/firemon src/profstats/profstats src/jailcheck/jailcheck
 SBOX_APPS = src/fbuilder/fbuilder src/ftee/ftee src/fids/fids
-SBOX_APPS_NON_DUMPABLE = src/fcopy/fcopy src/fldd/fldd src/fnet/fnet src/fnetfilter/fnetfilter
+SBOX_APPS_NON_DUMPABLE = src/fcopy/fcopy src/fldd/fldd src/fnet/fnet src/fnetfilter/fnetfilter src/profstats/profstats
 MYDIRS = src/lib $(MAN_SRC) $(COMPLETIONDIRS)
 MYLIBS = src/libpostexecseccomp/libpostexecseccomp.so src/libtrace/libtrace.so src/libtracelog/libtracelog.so
 COMPLETIONS = src/zsh_completion/_firejail src/bash_completion/firejail.bash_completion
@@ -83,6 +83,7 @@ clean:
        rm -f $(SECCOMP_FILTERS)
        rm -f test/utils/index.html*
        rm -f test/utils/wget-log
+        rm -f test/utils/firejail-test-file*
        rm -f test/utils/lstesting
        rm -f test/environment/index.html*
        rm -f test/environment/wget-log*
@@ -138,8 +139,6 @@ endif
        install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail src/firecfg/firecfg.config
        install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail etc/profile-a-l/*.profile etc/profile-m-z/*.profile etc/inc/*.inc etc/net/*.net etc/firejail.config etc/ids.config
        sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
-        # program used track profile statistics during development - no manpage, this is not a user program
-        install -m 755 -t $(DESTDIR)$(sysconfdir)/firejail src/profstats/profstats
 ifeq ($(BUSYBOX_WORKAROUND),yes)
        ./mketc.sh $(DESTDIR)$(sysconfdir)/firejail/disable-common.inc
 endif
diff --git a/README b/README
index c762c471b..5aa60d83a 100644
--- a/README
+++ b/README
@@ -562,6 +562,7 @@ Jose Riha (https://github.com/jose1711)
        - fix warshow, jumpnbump, tremulous, blobwars profile fixes
        - drop noinput for games with gampad/joystick support
        - goldendict profile fix
+        - whitelist /usr/share/nextcloud to allow access to translation files
 jrabe (https://github.com/jrabe)
        - disallow access to kdbx files
        - Epiphany profile
@@ -882,6 +883,8 @@ Sebastian Hafner (https://github.com/DropNib)
 Senemu (https://github.com/Senemu)
        - protection for .pythonrc.py
        - fixed evince
+Seonwoo Lee (https://github.com/seonwoolee)
+        - fix teams ignoring input sources e.g. microphones
 Sergey Alirzaev (https://github.com/l29ah)
        - firejail.h enum fix
        - firefox-common-addons.inc: + tridactyl
@@ -1106,6 +1109,9 @@ Hugo Osvaldo Barrera (https://github.com/WhyNotHugo)
        - Skype profile tweaks
 xee5ch (https://github.com/xee5ch)
        - skypeforlinux profile
+York Zhao (https://github.com/YorkZ)
+        - tor browser profile fix
+        - allow telegram to open hyperlinks
 Ypnose (https://github.com/Ypnose)
        - disable-shell.inc: add mksh shell
 yumkam (https://github.com/yumkam)
diff --git a/README.md b/README.md
index 6cd1f761f..b16b55d6a 100644
--- a/README.md
+++ b/README.md
@@ -298,34 +298,37 @@ INTRUSION DETECTION SYSTEM (IDS)
 ### Profile Statistics
-A small tool to print profile statistics. Compile as usual and run in /etc/profiles:
+A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory.
+Run it over the profiles in /etc/profiles:
 ```
-$ sudo cp src/profstats/profstats /etc/firejail/.
+$ /usr/lib/firejail/profstats /etc/firejail/*.profile
-$ cd /etc/firejail
+No include .local found in /etc/firejail/noprofile.profile
-$ ./profstats *.profile
+Warning: multiple caps in /etc/firejail/transmission-daemon.profile
-    profiles                    1167
-    include local profile       1167   (include profile-name.local)
+Stats:
-    include globals             1136   (include globals.local)
+    profiles                    1176
-    blacklist ~/.ssh            1042   (include disable-common.inc)
+    include local profile       1175   (include profile-name.local)
-    seccomp                     1062
+    include globals             1144   (include globals.local)
-    capabilities                1163
+    blacklist ~/.ssh            1050   (include disable-common.inc)
-    noexec                      1049   (include disable-exec.inc)
+    seccomp                     1070
-    noroot                      971
+    capabilities                1171
-    memory-deny-write-execute   256
+    noexec                      1057   (include disable-exec.inc)
-    apparmor                    693
+    noroot                      979
-    private-bin                 677
+    memory-deny-write-execute   258
-    private-dev                 1027
+    apparmor                    700
-    private-etc                 532
+    private-bin                 681
-    private-tmp                 897
+    private-dev                 1033
-    whitelist home directory    557
+    private-etc                 533
-    whitelist var               836   (include whitelist-var-common.inc)
+    private-tmp                 905
-    whitelist run/user          1137   (include whitelist-runuser-common.inc
+    whitelist home directory    562
+    whitelist var               842   (include whitelist-var-common.inc)
+    whitelist run/user          1145   (include whitelist-runuser-common.inc
                                        or blacklist ${RUNUSER})
-    whitelist usr/share         609   (include whitelist-usr-share-common.inc
+    whitelist usr/share         614   (include whitelist-usr-share-common.inc
-    net none                    396
+    net none                    399
-    dbus-user none              656
+    dbus-user none              662
-    dbus-user filter            108
+    dbus-user filter            113
-    dbus-system none            808
+    dbus-system none            816
    dbus-system filter          10
 ```
diff --git a/RELNOTES b/RELNOTES
index 0136b3b04..e16099b39 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,16 +1,17 @@
 firejail (0.9.67) baseline; urgency=low
  * work in progress
-  * exit code: distinguish fatal signals by adding 128
+  * exit code: distinguish fatal signals by adding 128 (#4533)
  * intrusion detection system (--ids-init, --ids-check)
  * deterministic shutdown (--deterministic-exit-code,
-     --deterministic-shutdown)
+     --deterministic-shutdown) (#4635)
+  * noprinters command (#4607)
  * build: firecfg.config is now installed to /etc/firejail/ (#4669)
-  * deprecated --disable-whitelist at compile time
+  * removed --disable-whitelist at compile time
-  * deprecated whitelist=yes/no in /etc/firejail/firejail.config
+  * removed whitelist=yes/no in /etc/firejail/firejail.config
-  * new condition: ALLOW_TRAY
+  * new condition: ALLOW_TRAY (#4510 #4599)
-  * remove (some) environment variables with auth-tokens
+  * remove (some) environment variables with auth-tokens (#4157)
-  * new includes: whitelist-run-common.inc, disable-X11.inc
+  * new includes: whitelist-run-common.inc (#4288), disable-X11.inc (#4462)
-  * removed includes: disable-passwordmgr.inc
+  * removed includes: disable-passwordmgr.inc (#4461)
  * new profiles: microsoft-edge-beta, clion-eap, lifeograph, zim
  * new profiles: io.github.lainsce.Notejot, rednotebook, gallery-dl
  * new profiles: yt-dlp, goldendict, goldendict, bundle, cmake
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index 3ec13e482..b1ec25987 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -630,3 +630,5 @@ blacklist ${RUNUSER}/inaccessible
 blacklist ${RUNUSER}/pk-debconf-socket
 blacklist ${RUNUSER}/update-notifier.pid
+# tor-browser
+blacklist ${HOME}/.local/opt/tor-browser
diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile
index 7bfb61688..2992a2d6f 100644
--- a/etc/profile-a-l/chromium-common.profile
+++ b/etc/profile-a-l/chromium-common.profile
@@ -53,6 +53,9 @@ private-cache
 ?BROWSER_DISABLE_U2F: private-dev
 #private-tmp - issues when using multiple browser sessions
+blacklist ${PATH}/curl
+blacklist ${PATH}/wget
 #dbus-user none - prevents access to passwords saved in GNOME Keyring and KWallet, also breaks Gnome connector.
 dbus-system none
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile
index ef647b5a0..e7d438b46 100644
--- a/etc/profile-a-l/firefox-common.profile
+++ b/etc/profile-a-l/firefox-common.profile
@@ -59,6 +59,9 @@ disable-mnt
 #private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
 private-tmp
+blacklist ${PATH}/curl
+blacklist ${PATH}/wget
 # 'dbus-user none' breaks various desktop integration features like global menus, native notifications,
 # Gnome connector, KDE connect and power management on KDE Plasma.
 dbus-user none
diff --git a/etc/profile-a-l/highlight.profile b/etc/profile-a-l/highlight.profile
index 0145f7ceb..97f190723 100644
--- a/etc/profile-a-l/highlight.profile
+++ b/etc/profile-a-l/highlight.profile
@@ -8,6 +8,9 @@ include globals.local
 blacklist ${RUNUSER}
+# Allow lua (blacklisted by disable-interpreters.inc)
+include allow-lua.inc
 include disable-common.inc
 include disable-devel.inc
 include disable-interpreters.inc
diff --git a/etc/profile-m-z/nextcloud.profile b/etc/profile-m-z/nextcloud.profile
index 354d3351e..2e4a95125 100644
--- a/etc/profile-m-z/nextcloud.profile
+++ b/etc/profile-m-z/nextcloud.profile
@@ -29,6 +29,7 @@ mkdir ${HOME}/.local/share/Nextcloud
 whitelist ${HOME}/Nextcloud
 whitelist ${HOME}/.config/Nextcloud
 whitelist ${HOME}/.local/share/Nextcloud
+whitelist /usr/share/nextcloud
 # Add the next lines to your nextcloud.local to allow sync in more directories.
 #whitelist ${DOCUMENTS}
 #whitelist ${MUSIC}
diff --git a/etc/profile-m-z/teams-for-linux.profile b/etc/profile-m-z/teams-for-linux.profile
index ee19bcd00..5711c1b36 100644
--- a/etc/profile-m-z/teams-for-linux.profile
+++ b/etc/profile-m-z/teams-for-linux.profile
@@ -11,6 +11,8 @@ ignore include disable-xdg.inc
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
+ignore noinput
 ignore dbus-user none
 ignore dbus-system none
diff --git a/etc/profile-m-z/teams.profile b/etc/profile-m-z/teams.profile
index c8d98cbaa..ad52ca45f 100644
--- a/etc/profile-m-z/teams.profile
+++ b/etc/profile-m-z/teams.profile
@@ -13,6 +13,8 @@ ignore include whitelist-usr-share-common.inc
 ignore novideo
 ignore private-tmp
+ignore novideo
 # see #3404
 ignore apparmor
 ignore dbus-user none
diff --git a/etc/profile-m-z/telegram.profile b/etc/profile-m-z/telegram.profile
index dc1f77664..ce0119078 100644
--- a/etc/profile-m-z/telegram.profile
+++ b/etc/profile-m-z/telegram.profile
@@ -8,6 +8,9 @@ include globals.local
 noblacklist ${HOME}/.TelegramDesktop
 noblacklist ${HOME}/.local/share/TelegramDesktop
+# Allow opening hyperlinks
+include allow-bin-sh.inc
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -41,7 +44,7 @@ seccomp.block-secondary
 shell none
 disable-mnt
-private-bin telegram,Telegram,telegram-desktop
+private-bin bash,sh,telegram,Telegram,telegram-desktop,xdg-open
 private-cache
 private-dev
 private-etc alsa,alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,localtime,machine-id,os-release,passwd,pki,pulse,resolv.conf,ssl,xdg
diff --git a/etc/profile-m-z/tor-browser.profile b/etc/profile-m-z/tor-browser.profile
index 76a0e1fa5..13f422b0a 100644
--- a/etc/profile-m-z/tor-browser.profile
+++ b/etc/profile-m-z/tor-browser.profile
@@ -7,9 +7,12 @@ include tor-browser.local
 #include globals.local
 noblacklist ${HOME}/.tor-browser
+noblacklist ${HOME}/.local/opt/tor-browser
 mkdir ${HOME}/.tor-browser
 whitelist ${HOME}/.tor-browser
+mkdir ${HOME}/.local/opt/tor-browser
+whitelist ${HOME}/.local/opt/tor-browser
 # Redirect
 include torbrowser-launcher.profile
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index 4558934da..b410ba68e 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -456,15 +456,20 @@ void fs_check_private_dir(void) {
 void fs_check_private_cwd(const char *dir) {
        EUID_ASSERT();
        invalid_filename(dir, 0); // no globbing
+        if (strcmp(dir, ".") == 0 || *dir != '/')
+                goto errout;
        // Expand the working directory
        cfg.cwd = expand_macros(dir);
        // realpath/is_dir not used because path may not exist outside of jail
-        if (strstr(cfg.cwd, "..")) {
+        if (strstr(cfg.cwd, ".."))
-                fprintf(stderr, "Error: invalid private working directory\n");
+                goto errout;
-                exit(1);
-        }
+        return;
+errout:
+        fprintf(stderr, "Error: invalid private working directory\n");
+        exit(1);
 }
 //***********************************************************************************
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 0262db608..58e374b8b 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1574,7 +1574,6 @@ int main(int argc, char **argv, char **envp) {
                        profile_add(line);
                }
-                // blacklist/deny
                else if (strncmp(argv[i], "--blacklist=", 12) == 0) {
                        char *line;
                        if (asprintf(&line, "blacklist %s", argv[i] + 12) == -1)
@@ -1583,14 +1582,6 @@ int main(int argc, char **argv, char **envp) {
                        profile_check_line(line, 0, NULL);      // will exit if something wrong
                        profile_add(line);
                }
-                else if (strncmp(argv[i], "--deny=", 7) == 0) {
-                        char *line;
-                        if (asprintf(&line, "blacklist %s", argv[i] + 7) == -1)
-                                errExit("asprintf");
-                        profile_check_line(line, 0, NULL);      // will exit if something wrong
-                        profile_add(line);
-                }
                else if (strncmp(argv[i], "--noblacklist=", 14) == 0) {
                        char *line;
                        if (asprintf(&line, "noblacklist %s", argv[i] + 14) == -1)
@@ -1599,16 +1590,6 @@ int main(int argc, char **argv, char **envp) {
                        profile_check_line(line, 0, NULL);      // will exit if something wrong
                        profile_add(line);
                }
-                else if (strncmp(argv[i], "--nodeny=", 9) == 0) {
-                        char *line;
-                        if (asprintf(&line, "noblacklist %s", argv[i] + 9) == -1)
-                                errExit("asprintf");
-                        profile_check_line(line, 0, NULL);      // will exit if something wrong
-                        profile_add(line);
-                }
-                // whitelist
                else if (strncmp(argv[i], "--whitelist=", 12) == 0) {
                        char *line;
                        if (asprintf(&line, "whitelist %s", argv[i] + 12) == -1)
@@ -1617,14 +1598,6 @@ int main(int argc, char **argv, char **envp) {
                        profile_check_line(line, 0, NULL);      // will exit if something wrong
                        profile_add(line);
                }
-                else if (strncmp(argv[i], "--allow=", 8) == 0) {
-                        char *line;
-                        if (asprintf(&line, "whitelist %s", argv[i] + 8) == -1)
-                                errExit("asprintf");
-                        profile_check_line(line, 0, NULL);      // will exit if something wrong
-                        profile_add(line);
-                }
                else if (strncmp(argv[i], "--nowhitelist=", 14) == 0) {
                        char *line;
                        if (asprintf(&line, "nowhitelist %s", argv[i] + 14) == -1)
@@ -1633,15 +1606,6 @@ int main(int argc, char **argv, char **envp) {
                        profile_check_line(line, 0, NULL);      // will exit if something wrong
                        profile_add(line);
                }
-                else if (strncmp(argv[i], "--noallow=", 10) == 0) {
-                        char *line;
-                        if (asprintf(&line, "nowhitelist %s", argv[i] + 10) == -1)
-                                errExit("asprintf");
-                        profile_check_line(line, 0, NULL);      // will exit if something wrong
-                        profile_add(line);
-                }
                else if (strncmp(argv[i], "--mkdir=", 8) == 0) {
                        char *line;
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 5e24591fa..9504b26de 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -1752,44 +1752,6 @@ void profile_read(const char *fname) {
                        continue;
                }
-                // translate allow/deny to whitelist/blacklist
-                if (strncmp(ptr, "allow ", 6) == 0) {
-                        char *tmp;
-                        if (asprintf(&tmp, "whitelist %s", ptr + 6) == -1)
-                                errExit("asprintf");
-                        free(ptr);
-                        ptr = tmp;
-                }
-                else if (strncmp(ptr, "deny ", 5) == 0) {
-                        char *tmp;
-                        if (asprintf(&tmp, "blacklist %s", ptr + 5) == -1)
-                                errExit("asprintf");
-                        free(ptr);
-                        ptr = tmp;
-                }
-                else if (strncmp(ptr, "deny-nolog ", 11) == 0) {
-                        char *tmp;
-                        if (asprintf(&tmp, "blacklist-nolog %s", ptr + 11) == -1)
-                                errExit("asprintf");
-                        free(ptr);
-                        ptr = tmp;
-                }
-                // translate noallow/nodeny to nowhitelist/noblacklist
-                else if (strncmp(ptr, "noallow ", 8) == 0) {
-                        char *tmp;
-                        if (asprintf(&tmp, "nowhitelist %s", ptr + 8) == -1)
-                                errExit("asprintf");
-                        free(ptr);
-                        ptr = tmp;
-                }
-                else if (strncmp(ptr, "nodeny ", 7) == 0) {
-                        char *tmp;
-                        if (asprintf(&tmp, "noblacklist %s", ptr + 7) == -1)
-                                errExit("asprintf");
-                        free(ptr);
-                        ptr = tmp;
-                }
                // process quiet
                // todo: a quiet in the profile file cannot be disabled by --ignore on command line
                if (strcmp(ptr, "quiet") == 0) {
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 96fa4c81a..53b1e6914 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -1058,6 +1058,11 @@ int sandbox(void* sandbox_arg) {
        EUID_USER();
        int cwd = 0;
        if (cfg.cwd) {
+                if (is_link(cfg.cwd)) {
+                        fprintf(stderr, "Error: unable to enter private working directory: %s\n", cfg.cwd);
+                        exit(1);
+                }
                if (chdir(cfg.cwd) == 0)
                        cwd = 1;
                else if (arg_private_cwd) {
diff --git a/src/profstats/Makefile.in b/src/profstats/Makefile.in
index e025f5939..fa1b4f200 100644
--- a/src/profstats/Makefile.in
+++ b/src/profstats/Makefile.in
@@ -3,7 +3,7 @@ all: profstats
 include ../common.mk
-%.o : %.c $(H_FILE_LIST)
+%.o : %.c $(H_FILE_LIST) ../include/common.h
        $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@
 profstats: $(OBJS)
diff --git a/src/profstats/main.c b/src/profstats/main.c
index a472ce259..bc5047bfe 100644
--- a/src/profstats/main.c
+++ b/src/profstats/main.c
@@ -17,10 +17,8 @@
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
-#include <stdio.h>
-#include <stdlib.h>
+#include "../include/common.h"
-#include <string.h>
-#include <assert.h>
 #define MAXBUF 2048
 // stats
@@ -99,8 +97,9 @@ static void usage(void) {
        printf("\n");
 }
-void process_file(const char *fname) {
+static void process_file(char *fname) {
        assert(fname);
+        char *tmpfname = NULL;
        if (arg_debug)
                printf("processing #%s#\n", fname);
@@ -109,9 +108,19 @@ void process_file(const char *fname) {
        FILE *fp = fopen(fname, "r");
        if (!fp) {
-                fprintf(stderr, "Warning: cannot open %s, while processing %s\n", fname, profile);
+                // the file was not found in the current directory
-                level--;
+                // look for it in /etc/firejail directory
-                return;
+                if (asprintf(&tmpfname, "%s/%s", SYSCONFDIR, fname) == -1)
+                        errExit("asprintf");
+                fp = fopen(tmpfname, "r");
+                if (!fp) {
+                        fprintf(stderr, "Warning: cannot open %s or %s, while processing %s\n", fname, tmpfname, profile);
+                        free(tmpfname);
+                        level--;
+                        return;
+                }
+                fname = tmpfname;
        }
        int have_include_local = 0;
@@ -204,6 +213,8 @@ void process_file(const char *fname) {
        if (!have_include_local)
                printf("No include .local found in %s\n", fname);
        level--;
+        if (tmpfname)
+                free(tmpfname);
 }
 int main(int argc, char **argv) {
diff --git a/src/tools/profcleaner.c b/src/tools/profcleaner.c
deleted file mode 100644
index beff93199..000000000
--- a/src/tools/profcleaner.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright (C) 2014-2021 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-//*************************************************************
-// Small utility program to convert profiles from blacklist/whitelist to deny/allow
-// Compile:
-//       gcc -o profcleaner profcleaner.c
-// Usage:
-//       profcleaner *.profile
-//*************************************************************
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#define MAXBUF 4096
-int main(int argc, char **argv) {
-        printf("Usage: profcleaner files\n");
-        int i;
-        for (i = 1; i < argc; i++) {
-                FILE *fp = fopen(argv[i], "r");
-                if (!fp) {
-                        fprintf(stderr, "Error: cannot open %s\n", argv[i]);
-                        return 1;
-                }
-                FILE *fpout = fopen("profcleaner-tmp", "w");
-                if (!fpout) {
-                        fprintf(stderr, "Error: cannot open output file\n");
-                        return 1;
-                }
-                char buf[MAXBUF];
-                while (fgets(buf, MAXBUF, fp)) {
-                        if (strncmp(buf, "blacklist-nolog", 15) == 0)
-                                fprintf(fpout, "deny-nolog %s", buf + 15);
-                        else if (strncmp(buf, "blacklist", 9) == 0)
-                                fprintf(fpout, "deny %s", buf + 9);
-                        else if (strncmp(buf, "noblacklist", 11) == 0)
-                                fprintf(fpout, "nodeny %s", buf + 11);
-                        else if (strncmp(buf, "whitelist", 9) == 0)
-                                fprintf(fpout, "allow %s", buf + 9);
-                        else if (strncmp(buf, "nowhitelist", 11) == 0)
-                                fprintf(fpout, "noallow %s", buf + 11);
-                        else
-                                fprintf(fpout, "%s", buf);
-                }
-                fclose(fp);
-                fclose(fpout);
-                unlink(argv[i]);
-                rename("profcleaner-tmp", argv[i]);
-        }
-        return 0;
-}
diff --git a/src/tools/profcleaner.sh b/src/tools/profcleaner.sh
deleted file mode 100755
index 96402aed6..000000000
--- a/src/tools/profcleaner.sh
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/bin/bash
-# Copyright (C) 2021 Firejail Authors
-#
-# This file is part of firejail project
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License along
-# with this program; if not, write to the Free Software Foundation, Inc.,
-# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-if [[ $1 == --help ]]; then
-        cat <<-EOM
-        USAGE:
-          profcleaner.sh --help        Show this help message and exit
-          profcleaner.sh --system      Clean all profiles in /etc/firejail
-          profcleaner.sh --user        Clean all profiles in ~/.config/firejail
-          profcleaner.sh /path/to/profile1 /path/to/profile2 ...
-        EOM
-        exit 0
-fi
-if [[ $1 == --system ]]; then
-        profiles=(/etc/firejail/*.{inc,local,profile})
-elif [[ $1 == --user ]]; then
-        profiles=("$HOME"/.config/firejail/*.{inc,local,profile})
-else
-        profiles=("$@")
-fi
-sed -i -E \
-        -e "s/^(# |#)?(ignore )?blacklist/\1\2deny/" \
-        -e "s/^(# |#)?(ignore )?noblacklist/\1\2nodeny/" \
-        -e "s/^(# |#)?(ignore )?whitelist/\1\2allow/" \
-        -e "s/^(# |#)?(ignore )?nowhitelist/\1\2noallow/" \
-        "${profiles[@]}"
diff --git a/src/zsh_completion/_firejail.in b/src/zsh_completion/_firejail.in
index 6ce71aed8..8c1d758cc 100644
--- a/src/zsh_completion/_firejail.in
+++ b/src/zsh_completion/_firejail.in
@@ -48,8 +48,8 @@ _firejail_args=(
    '*::arguments:_normal'
    '--appimage[sandbox an AppImage application]'
-    '--build[build a profile for the application and print it on stdout]'
+    '--build[build a whitelisted profile for the application and print it on stdout]'
-    '--build=-[build a profile for the application and save it]: :_files'
+    '--build=-[build a whitelisted profile for the application and save it]: :_files'
    # Ignore that you can do -? too as it's the only short option
    '--help[this help screen]'
    '--join=-[join the sandbox name|pid]: :_all_firejails'
@@ -66,14 +66,14 @@ _firejail_args=(
    '--ids-init[initialize IDS database]'
    '--debug[print sandbox debug messages]'
-    '--debug-allow[debug file system access]'
+    '--debug-blacklists[debug blacklisting]'
    '--debug-caps[print all recognized capabilities]'
-    '--debug-deny[debug file system access]'
    '--debug-errnos[print all recognized error numbers]'
    '--debug-private-lib[debug for --private-lib option]'
    '--debug-protocols[print all recognized protocols]'
    '--debug-syscalls[print all recognized system calls]'
    '--debug-syscalls32[print all recognized 32 bit system calls]'
+    '--debug-whitelists[debug whitelisting]'
    '--caps.print=-[print the caps filter name|pid]:firejail:_all_firejails'
    '--cpu.print=-[print the cpus in use name|pid]: :_all_firejails'
@@ -86,13 +86,13 @@ _firejail_args=(
    '--allusers[all user home directories are visible inside the sandbox]'
    # Should be _files, a comma and files or files -/
    '*--bind=-[mount-bind dirname1/filename1 on top of dirname2/filename2]: :(file1,file2 dir1,dir2)'
+    '*--blacklist=-[blacklist directory or file]: :_files'
    '--caps[enable default Linux capabilities filter]'
    '--caps.drop=all[drop all capabilities]'
    '*--caps.drop=-[drop capabilities: all|cap1,cap2,...]: :_caps'
    '*--caps.keep=-[keep capabilities: cap1,cap2,...]: :_caps'
    '--cgroup=-[place the sandbox in the specified control group]: :'
    '--cpu=-[set cpu affinity]: :->cpus'
-    '*--deny=-[deny access to directory or file]: :_files'
    "--deterministic-exit-code[always exit with first child's status code]"
    '--deterministic-shutdown[terminate orphan processes]'
    '*--dns=-[set DNS server]: :'
@@ -116,7 +116,7 @@ _firejail_args=(
    '--nice=-[set nice value]: :(1 10 15 20)'
    '--no3d[disable 3D hardware acceleration]'
    '--noautopulse[disable automatic ~/.config/pulse init]'
-    '--nodeny=-[disable deny command for file or directory]: :_files'
+    '--noblacklist=-[disable blacklist for file or directory]: :_files'
    '--nodbus[disable D-Bus access]'
    '--nodvd[disable DVD and audio CD devices]'
    '*--noexec=-[remount the file or directory noexec nosuid and nodev]: :_files'
@@ -147,13 +147,13 @@ _firejail_args=(
    '--rlimit-nproc=-[set the maximum number of processes that can be created for the real user ID of the calling process]: :'
    '--rlimit-sigpending=-[set the maximum number of pending signals for a process]: :'
    '*--rmenv=-[remove environment variable in the new sandbox]: :_values environment-variables $(env | cut -d= -f1)'
-    '--seccomp[enable seccomp filter and drop the default syscalls]: :'
+    '--seccomp[enable seccomp filter and apply the default blacklist]: :'
-    '--seccomp=-[enable seccomp filter, drop the default syscall list and the syscalls specified by the command]: :->seccomp'
+    '--seccomp=-[enable seccomp filter, blacklist the default syscall list and the syscalls specified by the command]: :->seccomp'
    '--seccomp.block-secondary[build only the native architecture filters]'
-    '*--seccomp.drop=-[enable seccomp filter, and drop the syscalls specified by the command]: :->seccomp'
+    '*--seccomp.drop=-[enable seccomp filter, and blacklist the syscalls specified by the command]: :->seccomp'
-    '*--seccomp.keep=-[enable seccomp filter, and allow the syscalls specified by the command]: :->seccomp'
+    '*--seccomp.keep=-[enable seccomp filter, and whitelist the syscalls specified by the command]: :->seccomp'
-    '*--seccomp.32.drop=-[enable seccomp filter, and drop the 32 bit syscalls specified by the command]: :'
+    '*--seccomp.32.drop=-[enable seccomp filter, and blacklist the 32 bit syscalls specified by the command]: :'
-    '*--seccomp.32.keep=-[enable seccomp filter, and drop the 32 bit syscalls specified by the command]: :'
+    '*--seccomp.32.keep=-[enable seccomp filter, and whitelist the 32 bit syscalls specified by the command]: :'
    # FIXME: Add errnos
    '--seccomp-error-action=-[change error code, kill process or log the attempt]: :(kill log)'
    '--shell=none[run the program directly without a user shell]'
@@ -161,7 +161,7 @@ _firejail_args=(
    '--timeout=-[kill the sandbox automatically after the time has elapsed]: :'
    #'(--tracelog)--trace[trace open, access and connect system calls]'
    '(--tracelog)--trace=-[trace open, access and connect system calls]: :_files'
-    '(--trace)--tracelog[add a syslog message for every access to files or directories dropped by the security profile]'
+    '(--trace)--tracelog[add a syslog message for every access to files or directories blacklisted by the security profile]'
    '(--private-etc)--writable-etc[/etc directory is mounted read-write]'
    '--writable-run-user[allow access to /run/user/$UID/systemd and /run/user/$UID/gnupg]'
    '--writable-var[/var directory is mounted read-write]'
@@ -255,8 +255,8 @@ _firejail_args=(
    '*--tmpfs=-[mount a tmpfs filesystem on directory dirname]: :_files -/'
 #endif
-    '*--noallow=-[disable allow command for file or directory]: :_files'
+    '*--nowhitelist=-[disable whitelist for file or directory]: :_files'
-    '*--allow=-[allow file system access]: :_files'
+    '*--whitelist=-[whitelist directory or file]: :_files'
 #ifdef HAVE_X11
    '--x11[enable X11 sandboxing. The software checks first if Xpra is installed, then it checks if Xephyr is installed. If all fails, it will attempt to use X11 security extension]'
diff --git a/test/filters/filters.sh b/test/filters/filters.sh
index a9f06b60a..eb4e4702c 100755
--- a/test/filters/filters.sh
+++ b/test/filters/filters.sh
@@ -115,13 +115,6 @@ echo "TESTING: seccomp numeric (test/filters/seccomp-numeric.exp)"
 ./seccomp-numeric.exp
 if [ "$(uname -m)" = "x86_64" ]; then
-        echo "TESTING: seccomp dual filter (test/filters/seccomp-dualfilter.exp)"
-        ./seccomp-dualfilter.exp
-else
-        echo "TESTING SKIP: seccomp dual, not running on x86_64"
-fi
-if [ "$(uname -m)" = "x86_64" ]; then
       echo "TESTING: seccomp join (test/filters/seccomp-join.exp)"
        ./seccomp-join.exp
 else
diff --git a/test/filters/fseccomp.exp b/test/filters/fseccomp.exp
index 59f812d6d..6becbff22 100755
--- a/test/filters/fseccomp.exp
+++ b/test/filters/fseccomp.exp
@@ -111,7 +111,7 @@ expect {
 }
 expect {
        timeout {puts "TESTING ERROR 9.3\n";exit}
-        "ret KILL"
+        "ret ERRNO"
 }
diff --git a/test/filters/memwrexe b/test/filters/memwrexe
index 669f0d320..1173cdc07 100755
--- a/test/filters/memwrexe
+++ b/test/filters/memwrexe
Binary files differ
diff --git a/test/filters/memwrexe-32 b/test/filters/memwrexe-32
index 70c98b796..bdf71dcb4 100755
--- a/test/filters/memwrexe-32
+++ b/test/filters/memwrexe-32
Binary files differ
diff --git a/test/filters/memwrexe.c b/test/filters/memwrexe.c
index 4fbf05f78..d8bf4edaa 100644
--- a/test/filters/memwrexe.c
+++ b/test/filters/memwrexe.c
@@ -42,6 +42,11 @@ int main(int argc, char **argv) {
                }
                void *p = mmap (0, size, PROT_WRITE|PROT_READ|PROT_EXEC, MAP_SHARED, fd, 0);
+                if (p == MAP_FAILED) {
+                        printf("mmap failed\n");
+                        return 0;
+                }
                printf("mmap successful\n");
                // wait for expect to timeout
@@ -70,7 +75,12 @@ int main(int argc, char **argv) {
                        return 1;
                }
-                mprotect(p, size, PROT_READ|PROT_WRITE|PROT_EXEC);
+                int rv = mprotect(p, size, PROT_READ|PROT_WRITE|PROT_EXEC);
+                if (rv) {
+                        printf("mprotect failed\n");
+                        return 1;
+                }
                printf("mprotect successful\n");
                // wait for expect to timeout
@@ -82,7 +92,7 @@ int main(int argc, char **argv) {
        else if (strcmp(argv[1], "memfd_create") == 0) {
                int fd = syscall(SYS_memfd_create, "memfd_create", 0);
                if (fd == -1) {
-                        fprintf(stderr, "TESTING ERROR: cannot run memfd_create test\n");
+                        printf("memfd_create failed\n");
                        return 1;
                }
                printf("memfd_create successful\n");
diff --git a/test/filters/noroot.exp b/test/filters/noroot.exp
index 64f72f610..5fc16c47f 100755
--- a/test/filters/noroot.exp
+++ b/test/filters/noroot.exp
@@ -72,7 +72,7 @@ expect {
 send -- "cat /proc/self/gid_map | wc -l\r"
 expect {
        timeout {puts "TESTING ERROR 12\n";exit}
-        "5"
+        "9"
 }
@@ -104,7 +104,7 @@ expect {
 send -- "cat /proc/self/gid_map | wc -l\r"
 expect {
        timeout {puts "TESTING ERROR 17\n";exit}
-        "5"
+        "9"
 }
 # check seccomp disabled and all caps enabled
diff --git a/test/filters/protocol.exp b/test/filters/protocol.exp
index 071460e4c..09c742378 100755
--- a/test/filters/protocol.exp
+++ b/test/filters/protocol.exp
@@ -7,179 +7,38 @@ set timeout 10
 spawn $env(SHELL)
 match_max 100000
-send -- "firejail --noprofile --protocol=unix ./syscall_test socket\r"
+send -- "firejail --noprofile --protocol=unix --debug\r"
 expect {
        timeout {puts "TESTING ERROR 1\n";exit}
-        "Permission denied" {puts "TESTING SKIP: permission denied\n"; exit}
+        "0009: 20 00 00 00000000   ld  data.syscall-number"
-        "Child process initialized"
 }
 expect {
-        timeout {puts "TESTING ERROR 1.1\n";exit}
-        "Permission denied" {puts "TESTING SKIP: permission denied\n"; exit}
-        "socket AF_INET"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.2\n";exit}
-        "Operation not supported"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.3\n";exit}
-        "socket AF_INET6"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.4\n";exit}
-        "Operation not supported"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.5\n";exit}
-        "socket AF_NETLINK"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.6\n";exit}
-        "Operation not supported"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.7\n";exit}
-        "socket AF_UNIX"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.8\n";exit}
-        "socket AF_PACKETX"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.9\n";exit}
-        "Operation not supported"
-}
-sleep 1
-send -- "firejail --noprofile --protocol=inet6,packet ./syscall_test socket\r"
-expect {
        timeout {puts "TESTING ERROR 2\n";exit}
-        "Child process initialized"
+        "000a: 15 01 00 00000029   jeq socket 000c (false 000b)"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.1\n";exit}
-        "socket AF_INET"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.2\n";exit}
-        "Operation not supported"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.3\n";exit}
-        "socket AF_INET6"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.4\n";exit}
-        "socket AF_NETLINK"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.5\n";exit}
-        "Operation not supported"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.6\n";exit}
-        "socket AF_UNIX"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.7\n";exit}
-        "Operation not supported"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.8\n";exit}
-        "socket AF_PACKETX"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.9\n";exit}
-        "after socket"
 }
-sleep 1
-# profile testing
-send -- "firejail --profile=protocol1.profile ./syscall_test socket\r"
 expect {
        timeout {puts "TESTING ERROR 3\n";exit}
-        "Child process initialized"
+        "000b: 06 00 00 7fff0000   ret ALLOW"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "socket AF_INET"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.2\n";exit}
-        "Operation not supported"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.3\n";exit}
-        "socket AF_INET6"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.4\n";exit}
-        "Operation not supported"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.5\n";exit}
-        "socket AF_NETLINK"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.6\n";exit}
-        "Operation not supported"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.7\n";exit}
-        "socket AF_UNIX"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.8\n";exit}
-        "socket AF_PACKETX"
 }
 expect {
-        timeout {puts "TESTING ERROR 3.9\n";exit}
-        "Operation not supported"
-}
-sleep 1
-send -- "firejail --profile=protocol2.profile ./syscall_test socket\r"
-expect {
        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
+        "000c: 20 00 00 00000010   ld  data.args"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.1\n";exit}
-        "socket AF_INET"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.2\n";exit}
-        "Operation not supported"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.3\n";exit}
-        "socket AF_INET6"
 }
 expect {
-        timeout {puts "TESTING ERROR 4.4\n";exit}
+        timeout {puts "TESTING ERROR 5\n";exit}
-        "socket AF_NETLINK"
+        "000d: 15 00 01 00000001   jeq 1 000e (false 000f)"
 }
 expect {
-        timeout {puts "TESTING ERROR 4.5\n";exit}
+        timeout {puts "TESTING ERROR 6\n";exit}
-        "Operation not supported"
+        "000e: 06 00 00 7fff0000   ret ALLOW"
+        ""
 }
 expect {
-        timeout {puts "TESTING ERROR 4.6\n";exit}
+        timeout {puts "TESTING ERROR 7\n";exit}
-        "socket AF_UNIX"
+        "000f: 06 00 00 0005005f   ret ERRNO(95)"
 }
-expect {
-        timeout {puts "TESTING ERROR 4.7\n";exit}
-        "Operation not supported"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.8\n";exit}
-        "socket AF_PACKETX"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.9\n";exit}
-        "after socket"
-}
-after 100
+after 100
+send -- "exit\r"
+after 100
 puts "\nall done\n"
diff --git a/test/filters/seccomp-dualfilter.exp b/test/filters/seccomp-dualfilter.exp
deleted file mode 100755
index e655be848..000000000
--- a/test/filters/seccomp-dualfilter.exp
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2021 Firejail Authors
-# License GPL v2
-set timeout 1
-spawn $env(SHELL)
-match_max 100000
-send -- "./syscall_test\r"
-expect {
-        timeout {puts "\nTESTING SKIP: 64-bit support missing\n";exit}
-        "Usage"
-}
-send -- "./syscall_test32\r"
-expect {
-        timeout {puts "\nTESTING SKIP: 32-bit support missing\n";exit}
-        "Usage"
-}
-set timeout 10
-send -- "firejail ./syscall_test mount\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Child process initialized"
-}
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "before mount"
-}
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "after mount" {puts "TESTING ERROR 3\n";exit}
-        "Parent is shutting down"
-}
-sleep 1
-send -- "firejail ./syscall_test32 mount\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "before mount"
-}
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        "after mount" {puts "TESTING ERROR 7\n";exit}
-        "Parent is shutting down"
-}
-after 100
-puts "\nall done\n"
diff --git a/test/filters/seccomp-postexec.exp b/test/filters/seccomp-postexec.exp
index 18263520a..fe0e40e60 100755
--- a/test/filters/seccomp-postexec.exp
+++ b/test/filters/seccomp-postexec.exp
@@ -14,20 +14,17 @@ expect {
 }
 expect {
        timeout {puts "TESTING ERROR 1\n";exit}
-        "data.architecture"
-}
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
        "monitoring pid"
 }
+sleep 1
+send -- "ls\r"
 expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
+        timeout {puts "TESTING ERROR 2\n";exit}
-        "Sandbox monitor: waitpid"
+        "not permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Parent is shutting down"
 }
-sleep 1
+send -- "exit\r"
+after 100
 puts "all done\n"
diff --git a/test/filters/seccomp-ptrace.exp b/test/filters/seccomp-ptrace.exp
index ec8ab615c..05fd6eabb 100755
--- a/test/filters/seccomp-ptrace.exp
+++ b/test/filters/seccomp-ptrace.exp
@@ -17,8 +17,7 @@ sleep 2
 send -- "strace ls\r"
 expect {
        timeout {puts "TESTING ERROR 1\n";exit}
-        "Bad system call" {puts "version 1\n";}
+        "not permitted"
-        " unexpected signal 31" {puts "version 2\n"}
 }
 send -- "exit\r"
diff --git a/test/filters/syscall_test b/test/filters/syscall_test
deleted file mode 100755
index bf29c5b99..000000000
--- a/test/filters/syscall_test
+++ /dev/null
Binary files differ
diff --git a/test/filters/syscall_test.c b/test/filters/syscall_test.c
deleted file mode 100644
index 55ee31afb..000000000
--- a/test/filters/syscall_test.c
+++ /dev/null
@@ -1,82 +0,0 @@
-// This file is part of Firejail project
-// Copyright (C) 2014-2021 Firejail Authors
-// License GPL v2
-#include <stdlib.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <linux/netlink.h>
-#include <net/ethernet.h>
-#include <sys/mount.h>
-int main(int argc, char **argv) {
-        if (argc != 2) {
-                printf("Usage: test [sleep|socket|mkdir|mount]\n");
-                return 1;
-        }
-        if (strcmp(argv[1], "sleep") == 0) {
-                printf("before sleep\n");
-                sleep(1);
-                printf("after sleep\n");
-        }
-        else if (strcmp(argv[1], "socket") == 0) {
-                int sock;
-                printf("testing socket AF_INET\n");
-                if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
-                        perror("socket");
-                }
-                else
-                        close(sock);
-                printf("testing socket AF_INET6\n");
-                if ((sock = socket(AF_INET6, SOCK_STREAM, 0)) < 0) {
-                        perror("socket");
-                }
-                else
-                        close(sock);
-                printf("testing socket AF_NETLINK\n");
-                if ((sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE)) < 0) {
-                        perror("socket");
-                }
-                else
-                        close(sock);
-                printf("testing socket AF_UNIX\n");
-                if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
-                        perror("socket");
-                }
-                else
-                        close(sock);
-                // root needed to be able to handle this
-                printf("testing socket AF_PACKETX\n");
-                if ((sock = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ARP))) < 0) {
-                        perror("socket");
-                }
-                else
-                        close(sock);
-                printf("after socket\n");
-        }
-        else if (strcmp(argv[1], "mkdir") == 0) {
-                printf("before mkdir\n");
-                mkdir("tmp", 0777);
-                printf("after mkdir\n");
-        }
-        else if (strcmp(argv[1], "mount") == 0) {
-                printf("before mount\n");
-                if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME,  "mode=755,gid=0") < 0) {
-                        perror("mount");
-                }
-                printf("after mount\n");
-        }
-        else {
-                fprintf(stderr, "Error: invalid argument\n");
-                return 1;
-        }
-        return 0;
-}
diff --git a/test/filters/syscall_test32 b/test/filters/syscall_test32
deleted file mode 100755
index 8d72f58c4..000000000
--- a/test/filters/syscall_test32
+++ /dev/null
Binary files differ