6 files changed, 8 insertions, 1 deletions

diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile
index 3e5878574..88b29cfbd 100644
--- a/etc/profile-a-l/curl.profile
+++ b/etc/profile-a-l/curl.profile
@@ -54,6 +54,7 @@ tracelog
 private-cache
 private-dev
 # private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl
+private-etc TLS-CA
 private-tmp
 
 dbus-user none
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile
index 60d64736e..c1a8c9e28 100644
--- a/etc/profile-a-l/firefox-common.profile
+++ b/etc/profile-a-l/firefox-common.profile
@@ -60,6 +60,7 @@ disable-mnt
 # private-etc below works fine on most distributions. There are some problems on CentOS.
 # Add it to your firefox-common.local if you want to enable it.
 #private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-etc GUI,NETWORK,TLS-CA,os-release,mime.types,mailcap
 private-tmp
 
 blacklist ${PATH}/curl
diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile
index 083b85a91..9635bb6e3 100644
--- a/etc/profile-a-l/gimp.profile
+++ b/etc/profile-a-l/gimp.profile
@@ -59,6 +59,7 @@ seccomp !mbind
 tracelog
 
 private-dev
+private-etc GUI,gcrypt,python*
 private-tmp
 
 dbus-user none
diff --git a/etc/profile-a-l/inkscape.profile b/etc/profile-a-l/inkscape.profile
index 1034c225f..c32536929 100644
--- a/etc/profile-a-l/inkscape.profile
+++ b/etc/profile-a-l/inkscape.profile
@@ -54,6 +54,7 @@ tracelog
 # private-bin inkscape,potrace,python* - problems on Debian stretch
 private-cache
 private-dev
+private-etc inkscape: GUI,ImageMagick*,python*
 private-tmp
 
 dbus-user none
diff --git a/etc/profile-m-z/warzone2100.profile b/etc/profile-m-z/warzone2100.profile
index 50c776412..d5a853fcd 100644
--- a/etc/profile-m-z/warzone2100.profile
+++ b/etc/profile-m-z/warzone2100.profile
@@ -46,6 +46,7 @@ tracelog
 disable-mnt
 private-bin bash,dash,sh,warzone2100,which
 private-dev
+private-etc GUI,GAMES
 private-tmp
 
 restrict-namespaces
diff --git a/src/include/etc_groups.h b/src/include/etc_groups.h
index 066c97570..421837fbb 100644
--- a/src/include/etc_groups.h
+++ b/src/include/etc_groups.h
@@ -35,8 +35,10 @@ static char *etc_list[ETC_MAX + 1] = { // plus 1 for ending NULL pointer
         "locale.alias",
         "locale.conf",
         "localtime",
+        "login.defs", // firejail reading UID/GID MIN and MAX at startup
         "nsswitch.conf",
         "passwd",
+        "group",
         NULL
 };
 
@@ -77,6 +79,7 @@ static char *etc_group_gui[] = {
         "gtk-3.0",
         "kde4rc",
         "kde5rc",
+        "pango", // text rendering/internationalization
         NULL
 };
 
@@ -85,7 +88,6 @@ static char *etc_group_games[] = {
         "timidity", // MIDI
         "timidity.cfg",
         "openal", // 3D sound
-        "gcrypt", // GNU crypto library
         NULL
 };