888 files changed, 1733 insertions, 1057 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 7591e885e..f1167b78b 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -60,7 +60,7 @@ jobs:
    - name: update package information
      run: sudo apt-get update
    - name: install dependencies
-      run: sudo apt-get install gcc-12 libapparmor-dev libselinux1-dev expect xzdec
+      run: sudo apt-get install gcc-12 libapparmor-dev libselinux1-dev expect xzdec whois
    - name: configure
      run: CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux
    - name: make
@@ -73,6 +73,8 @@ jobs:
      run: SHELL=/bin/bash make lab-setup
    - name: run sysutils tests
      run: SHELL=/bin/bash make test-sysutils
+    - name: run private-etc tests
+      run: SHELL=/bin/bash make test-private-etc
    - name: run profile tests
      run: SHELL=/bin/bash make test-profiles
    - name: run fcopy tests
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 9cf216492..c232f59d9 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -88,7 +88,7 @@ jobs:
    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@3ebbd71c74ef574dbc558c82f70e52732c8b44fe
+      uses: github/codeql-action/init@17573ee1cc1b9d061760f3a006fc4aac4f944fd5
      with:
        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
@@ -99,7 +99,7 @@ jobs:
    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
-      uses: github/codeql-action/autobuild@3ebbd71c74ef574dbc558c82f70e52732c8b44fe
+      uses: github/codeql-action/autobuild@17573ee1cc1b9d061760f3a006fc4aac4f944fd5
    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 https://git.io/JvXDl
@@ -113,4 +113,4 @@ jobs:
    #   make release
    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@3ebbd71c74ef574dbc558c82f70e52732c8b44fe
+      uses: github/codeql-action/analyze@17573ee1cc1b9d061760f3a006fc4aac4f944fd5
diff --git a/.github/workflows/profile-checks.yml b/.github/workflows/profile-checks.yml
index 66bba61f5..ad4f86b53 100644
--- a/.github/workflows/profile-checks.yml
+++ b/.github/workflows/profile-checks.yml
@@ -34,8 +34,8 @@ jobs:
          github.com:443
    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
-    - name: sort.py
+#   - name: sort.py
-      run: ./ci/check/profiles/sort.py etc/inc/*.inc etc/{profile-a-l,profile-m-z}/*.profile
+#      run: ./ci/check/profiles/sort.py etc/inc/*.inc etc/{profile-a-l,profile-m-z}/*.profile
 # Currently broken (see #5610)
 #    - name: private-etc-always-required.sh
 #      run: ./ci/check/profiles/private-etc-always-required.sh etc/inc/*.inc etc/{profile-a-l,profile-m-z}/*.profile
diff --git a/.gitignore b/.gitignore
index db3b16893..aae7b817d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -47,6 +47,7 @@ src/fcopy/fcopy
 src/fldd/fldd
 src/fbuilder/fbuilder
 src/profstats/profstats
+src/etc-cleanup/etc-cleanup
 src/bash_completion/firejail.bash_completion
 src/zsh_completion/_firejail
 src/jailcheck/jailcheck
diff --git a/Makefile b/Makefile
index 261de04e0..d7e2eb209 100644
--- a/Makefile
+++ b/Makefile
@@ -12,7 +12,7 @@ endif
 COMPLETIONDIRS = src/zsh_completion src/bash_completion
-APPS = src/firecfg/firecfg src/firejail/firejail src/firemon/firemon src/profstats/profstats src/jailcheck/jailcheck
+APPS = src/firecfg/firecfg src/firejail/firejail src/firemon/firemon src/profstats/profstats src/jailcheck/jailcheck src/etc-cleanup/etc-cleanup
 SBOX_APPS = src/fbuilder/fbuilder src/ftee/ftee src/fids/fids
 SBOX_APPS_NON_DUMPABLE = src/fcopy/fcopy src/fldd/fldd src/fnet/fnet src/fnetfilter/fnetfilter src/fzenity/fzenity
 SBOX_APPS_NON_DUMPABLE += src/fsec-optimize/fsec-optimize src/fsec-print/fsec-print src/fseccomp/fseccomp
@@ -200,6 +200,7 @@ endif
        install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS) $(SECCOMP_FILTERS)
        install -m 0755 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS)
        install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/profstats/profstats
+        install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/etc-cleanup/etc-cleanup
        # plugins w/o read permission (non-dumpable)
        install -m 0711 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS_NON_DUMPABLE)
        install -m 0711 -t $(DESTDIR)$(libdir)/firejail src/fshaper/fshaper.sh
@@ -363,7 +364,7 @@ scan-build: clean
 # make test
 #
-TESTS=profiles apps apps-x11 apps-x11-xorg sysutils utils environment filters fs fcopy fnetfilter
+TESTS=profiles apps apps-x11 apps-x11-xorg sysutils utils environment filters fs fcopy fnetfilter private-etc
 TEST_TARGETS=$(patsubst %,test-%,$(TESTS))
 $(TEST_TARGETS):
@@ -371,9 +372,9 @@ $(TEST_TARGETS):
 # extract some data about the testing setup: kernel, network connectivity, user
-lab-setup:; uname -r; pwd; whoami; cat /etc/resolv.conf; cat /etc/hosts
+lab-setup:; uname -r; pwd; whoami; cat /etc/resolv.conf; cat /etc/hosts; ls /etc
-test: lab-setup test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters
+test: lab-setup test-profiles test-fcopy test-fnetfilter test-fs test-private-etc test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters
        echo "TEST COMPLETE"
 test-noprofiles: lab-setup test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters
diff --git a/README b/README
index fcd0e2437..86bd8cb63 100644
--- a/README
+++ b/README
@@ -147,6 +147,8 @@ announ (https://github.com/announ)
        - mpv and youtube-dl profile fixes
        - git profile fix
        - evince profile fix
+Antoine Catton (https://github.com/acatton)
+        - add keep-shell-rc command and option
 Anton Shestakov (https://github.com/antonv6)
        - add whitelist items for uim
        - allow /etc/vulkan in steam profile
@@ -327,6 +329,8 @@ Dara Adib (https://github.com/daradib)
        - linphone profile fix
 Dario Pellegrini (https://github.com/dpellegr)
        - allowing links in netns
+David Fetter (https://github.com/davidfetter)
+        - bump up copyright years
 David Thole (https://github.com/TheDarkTrumpet)
        - added profile for teams-for-linux
 Davide Beatrici (https://github.com/davidebeatrici)
@@ -683,6 +687,7 @@ LaurentGH (https://github.com/LaurentGH)
        - allow private-bin parameters to be absolute paths
 layderv (https://github.com/layderv)
        - prevent sandbox name from containing only digits
+        - clean escape control characters from the command line
 lecso7 (https://github.com/lecso7)
        - added goldendict profile
        - allow evince to read .cbz file format
@@ -753,6 +758,7 @@ mjudtmann (https://github.com/mjudtmann)
        - lock firejail configuration in disable-mgmt.inc
 Mohammed Anas  (https://github.com/mhmdanas)
        - fix dbus notifications
+        - fix libEGL warning for abiword
 m00nwtchr (https://github.com/m00nwtchr)
        - Whitelist electron-flags.conf for all versions of electron
        - electron profile updates
@@ -771,6 +777,8 @@ Neo00001 (https://github.com/Neo00001)
        - update telegram profile
        - add spectacle profile
        - add kdiff3 profile
+netcarver (https://github.com/netcarver)
+        - prevent access to LUKS keyfile
 NetSysFire (https://github.com/NetSysFire)
        - update weechat profile
        - update megaglest profile
@@ -993,6 +1001,7 @@ slowpeek (https://github.com/slowpeek)
        - allow access to avahi-daemon in apparmor/firejail-default
        - make appimage examples consistent with --appimage option short description
        - blacklist google-drive-ocamlfuse config
+        - blacklist sendgmail config
 smitsohu (https://github.com/smitsohu)
        - read-only kde4 services directory
        - enhanced mediathekview profile
@@ -1239,4 +1248,4 @@ Zack Weinberg (https://github.com/zackw)
 zupatisc (https://github.com/zupatisc)
        - patch-util fix
-Copyright (C) 2014-2022 Firejail Authors
+Copyright (C) 2014-2023 Firejail Authors
diff --git a/README.md b/README.md
index 7d1c88c65..0f6ca9b08 100644
--- a/README.md
+++ b/README.md
@@ -182,6 +182,17 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 ## Current development version: 0.9.73
+### --keep-shell-rc
+`````
+       --keep-shell-rc
+              By default, when using a private home directory, firejail copies
+              files  from the system's user home template (/etc/skel) into it,
+              which overrides attempts to whitelist the original  files  (such
+              as  ~/.bashrc and ~/.zshrc).  This option disables this feature,
+              and enables the user to whitelist the original files.
+`````
 ### private-etc rework
 `````
       --private-etc, --private-etc=file,directory,@group
diff --git a/RELNOTES b/RELNOTES
index 9542ec6dc..d66613616 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,11 +1,17 @@
 firejail (0.9.73) baseline; urgency=low
  * work in progress
+  * feature: Add "keep-shell-rc" command and option (#1127 #5634)
  * modif: Stop forwarding own double-dash to the shell (#5599 #5600)
-  * modif: Prevent sandbox name from containing only digits (#5578)
+  * modif: Prevent sandbox name (--name=) and host name (--hostname=)
+    from containing only digits (#5578)
+  * modif: Escape control characters of the command line (#5613)
+  * modif: Allow only letters and digits for sandbox name (--name=) and
+    host name (--hostname=)
  * bugfix: qutebrowser: links will not open in the existing instance (#5601
    #5618)
  * build: auto-generate syntax files (#5627)
  * build: mark most phony targets as such (#5637)
+  * build: mkdeb.sh: pass all arguments to ./configure (#5654)
  * docs: remove apparmor options in --help when building without apparmor
    support (#5589)
 -- netblue30 <netblue30@yahoo.com>  Mon, 16 Jan 2023 09:00:00 -0500
diff --git a/contrib/fj-mkdeb.py b/contrib/fj-mkdeb.py
index b215b157b..95c6d08e9 100755
--- a/contrib/fj-mkdeb.py
+++ b/contrib/fj-mkdeb.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 # This script automates the creation of a .deb package.  It was originally
diff --git a/contrib/fjclip.py b/contrib/fjclip.py
index 893fff243..5bc1f17ad 100755
--- a/contrib/fjclip.py
+++ b/contrib/fjclip.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 import sys
diff --git a/contrib/fjdisplay.py b/contrib/fjdisplay.py
index a49aa3e36..512a0d3b7 100755
--- a/contrib/fjdisplay.py
+++ b/contrib/fjdisplay.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 import re
diff --git a/contrib/fjresize.py b/contrib/fjresize.py
index 6575d6a0b..bc3dad8f8 100755
--- a/contrib/fjresize.py
+++ b/contrib/fjresize.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 import sys
diff --git a/contrib/gdb-firejail.sh b/contrib/gdb-firejail.sh
index 35348088e..b00cc65bc 100755
--- a/contrib/gdb-firejail.sh
+++ b/contrib/gdb-firejail.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set -x
diff --git a/contrib/jail_prober.py b/contrib/jail_prober.py
index 9776e9380..fcfe90eb7 100755
--- a/contrib/jail_prober.py
+++ b/contrib/jail_prober.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 """
 Figure out which profile options may be causing a particular program to break
diff --git a/contrib/sort.py b/contrib/sort.py
index 638f14516..cdeecf99b 100755
--- a/contrib/sort.py
+++ b/contrib/sort.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 # Requirements:
diff --git a/contrib/syntax/lists/profile_commands_arg0.list b/contrib/syntax/lists/profile_commands_arg0.list
index a402671a6..fd1bdb401 100644
--- a/contrib/syntax/lists/profile_commands_arg0.list
+++ b/contrib/syntax/lists/profile_commands_arg0.list
@@ -10,6 +10,7 @@ disable-mnt
 ipc-namespace
 keep-config-pulse
 keep-dev-shm
+keep-shell-rc
 keep-var-tmp
 machine-id
 memory-deny-write-execute
diff --git a/contrib/syscalls.sh b/contrib/syscalls.sh
index d13f24280..2c5bdf5ec 100755
--- a/contrib/syscalls.sh
+++ b/contrib/syscalls.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 STRACE_OUTPUT_FILE="$(pwd)/strace_output.txt"
diff --git a/contrib/update_deb.sh b/contrib/update_deb.sh
index ad6e728f1..aaefc38a8 100755
--- a/contrib/update_deb.sh
+++ b/contrib/update_deb.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 # Purpose: Fetch, compile, and install firejail from GitHub source. For
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index 03daaa9a6..81f417232 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -450,6 +450,9 @@ blacklist ${HOME}/.vaults
 blacklist /run/timeshift
 blacklist /var/backup
+# dm-crypt / LUKS
+blacklist /crypto_keyfile.bin
 # Remove environment variables with auth tokens.
 # Note however that the sandbox might still have access to the
 # files where these variables are set.
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index e2e97f458..3333dd0fa 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -605,6 +605,7 @@ blacklist ${HOME}/.config/rpcs3
 blacklist ${HOME}/.config/rtv
 blacklist ${HOME}/.config/scribus
 blacklist ${HOME}/.config/scribusrc
+blacklist ${HOME}/.config/sendgmail
 blacklist ${HOME}/.config/sinew.in
 blacklist ${HOME}/.config/sink
 blacklist ${HOME}/.config/skypeforlinux
@@ -1107,6 +1108,7 @@ blacklist ${HOME}/.sbt
 blacklist ${HOME}/.scorched3d
 blacklist ${HOME}/.scribus
 blacklist ${HOME}/.scribusrc
+blacklist ${HOME}/.sendgmail.*
 blacklist ${HOME}/.simutrans
 blacklist ${HOME}/.smartgit/*/passwords
 blacklist ${HOME}/.ssr
diff --git a/etc/inc/whitelist-usr-share-common.inc b/etc/inc/whitelist-usr-share-common.inc
index bb0bcd050..dcf941004 100644
--- a/etc/inc/whitelist-usr-share-common.inc
+++ b/etc/inc/whitelist-usr-share-common.inc
@@ -29,6 +29,7 @@ whitelist /usr/share/gtk-engines
 whitelist /usr/share/gtksourceview-3.0
 whitelist /usr/share/gtksourceview-4
 whitelist /usr/share/hunspell
+whitelist /usr/share/hyphen
 whitelist /usr/share/hwdata
 whitelist /usr/share/icons
 whitelist /usr/share/icu
diff --git a/etc/profile-a-l/1password.profile b/etc/profile-a-l/1password.profile
index bc8bfae0d..b340ad228 100644
--- a/etc/profile-a-l/1password.profile
+++ b/etc/profile-a-l/1password.profile
@@ -11,7 +11,7 @@ noblacklist ${HOME}/.config/1Password
 mkdir ${HOME}/.config/1Password
 whitelist ${HOME}/.config/1Password
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl
+private-etc @tls-ca
 # Needed for keychain things, talking to Firefox, possibly other things?  Not sure how to narrow down
 ignore dbus-user none
diff --git a/etc/profile-a-l/abiword.profile b/etc/profile-a-l/abiword.profile
index eb7a5254f..a0eed24ca 100644
--- a/etc/profile-a-l/abiword.profile
+++ b/etc/profile-a-l/abiword.profile
@@ -41,7 +41,7 @@ tracelog
 private-bin abiword
 private-cache
 private-dev
-private-etc alternatives,fonts,gtk-3.0,ld.so.cache,ld.so.preload,passwd
+private-etc @x11
 private-tmp
 # dbus-user none
diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile
index 96c56d85d..7a36302f1 100644
--- a/etc/profile-a-l/agetpkg.profile
+++ b/etc/profile-a-l/agetpkg.profile
@@ -49,7 +49,7 @@ tracelog
 private-bin agetpkg,python3
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl
+private-etc @tls-ca
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/alacarte.profile b/etc/profile-a-l/alacarte.profile
index 9612ffdd2..22a303cdd 100644
--- a/etc/profile-a-l/alacarte.profile
+++ b/etc/profile-a-l/alacarte.profile
@@ -52,7 +52,7 @@ disable-mnt
 # private-bin alacarte,bash,python*,sh
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,locale.alias,locale.conf,login.defs,mime.types,nsswitch.conf,passwd,pki,X11,xdg
+private-etc @tls-ca,@x11,mime.types
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/alienarena.profile b/etc/profile-a-l/alienarena.profile
index 0f7407f05..9f9bd975a 100644
--- a/etc/profile-a-l/alienarena.profile
+++ b/etc/profile-a-l/alienarena.profile
@@ -43,7 +43,7 @@ disable-mnt
 private-bin alienarena
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11
+private-etc @tls-ca,@x11,bumblebee,glvnd,host.conf,rpc,services
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile
index 4e994c025..5ccb9896f 100644
--- a/etc/profile-a-l/alpine.profile
+++ b/etc/profile-a-l/alpine.profile
@@ -90,7 +90,7 @@ disable-mnt
 private-bin alpine
 private-cache
 private-dev
-private-etc alternatives,c-client.cf,ca-certificates,crypto-policies,host.conf,hostname,hosts,krb5.keytab,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mailcap,mime.types,nsswitch.conf,passwd,pine.conf,pinerc.fixed,pki,protocols,resolv.conf,rpc,services,ssl,terminfo,xdg
+private-etc @tls-ca,@x11,c-client.cf,host.conf,krb5.keytab,mailcap,mime.types,pine.conf,pinerc.fixed,rpc,services,terminfo
 private-tmp
 writable-run-user
 writable-var
diff --git a/etc/profile-a-l/anki.profile b/etc/profile-a-l/anki.profile
index 466f60bda..2d0bfcb6c 100644
--- a/etc/profile-a-l/anki.profile
+++ b/etc/profile-a-l/anki.profile
@@ -49,7 +49,7 @@ disable-mnt
 private-bin anki,python*
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,fonts,gtk-2.0,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,resolv.conf,ssl,Trolltech.conf
+private-etc @tls-ca,@x11
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile
index dab91fe7d..4ad6ac6bc 100644
--- a/etc/profile-a-l/apostrophe.profile
+++ b/etc/profile-a-l/apostrophe.profile
@@ -62,7 +62,7 @@ disable-mnt
 private-bin apostrophe,fmtutil,kpsewhich,mktexfmt,pandoc,pdftex,perl,python3*,sh,xdvipdfmx,xelatex,xetex
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,texlive,X11
+private-etc @x11,texlive
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/archiver-common.profile b/etc/profile-a-l/archiver-common.profile
index b0f83aa32..ef875c5b7 100644
--- a/etc/profile-a-l/archiver-common.profile
+++ b/etc/profile-a-l/archiver-common.profile
@@ -44,6 +44,7 @@ x11 none
 private-cache
 private-dev
+private-etc
 dbus-user none
 dbus-system none
diff --git a/etc/profile-a-l/aria2c.profile b/etc/profile-a-l/aria2c.profile
index 17eb2451c..7f9463c4f 100644
--- a/etc/profile-a-l/aria2c.profile
+++ b/etc/profile-a-l/aria2c.profile
@@ -45,7 +45,7 @@ private-bin aria2c,gzip
 # Add 'private-cache' to your aria2c.local if you don't use Lutris/winetricks (see issue #2772).
 #private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,groups,ld.so.cache,ld.so.preload,login.defs,machine-id,nsswitch.conf,passwd,pki,resolv.conf,ssl
+private-etc @tls-ca
 private-lib libreadline.so.*
 private-tmp
diff --git a/etc/profile-a-l/arm.profile b/etc/profile-a-l/arm.profile
index ed0629c9b..1c2fbcccc 100644
--- a/etc/profile-a-l/arm.profile
+++ b/etc/profile-a-l/arm.profile
@@ -42,7 +42,7 @@ tracelog
 disable-mnt
 private-bin arm,bash,ldconfig,lsof,ps,python*,sh,tor
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,passwd,pki,resolv.conf,ssl,tor
+private-etc @tls-ca,tor
 private-tmp
 restrict-namespaces
diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile
index b1347b0d9..897140857 100644
--- a/etc/profile-a-l/artha.profile
+++ b/etc/profile-a-l/artha.profile
@@ -54,7 +54,7 @@ disable-mnt
 private-bin artha,enchant,notify-send
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id
+private-etc
 private-lib libnotify.so.*
 private-tmp
diff --git a/etc/profile-a-l/atool.profile b/etc/profile-a-l/atool.profile
index b2bc17c67..672286087 100644
--- a/etc/profile-a-l/atool.profile
+++ b/etc/profile-a-l/atool.profile
@@ -13,7 +13,7 @@ include allow-perl.inc
 noroot
 # without login.defs atool complains and uses UID/GID 1000 by default
-private-etc alternatives,group,ld.so.cache,ld.so.preload,login.defs,passwd,resolv.conf
+private-etc
 private-tmp
 # Redirect
diff --git a/etc/profile-a-l/atril.profile b/etc/profile-a-l/atril.profile
index f24aff108..d0513d2a7 100644
--- a/etc/profile-a-l/atril.profile
+++ b/etc/profile-a-l/atril.profile
@@ -41,7 +41,7 @@ tracelog
 private-bin 7z,7za,7zr,atril,atril-previewer,atril-thumbnailer,sh,tar,unrar,unzip,zipnote
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload
+private-etc
 # atril uses webkit gtk to display epub files
 # waiting for globbing support in private-lib; for now hardcoding it to webkit2gtk-4.0
 #private-lib webkit2gtk-4.0 - problems on Arch with the new version of WebKit
diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile
index 371054728..392b189f8 100644
--- a/etc/profile-a-l/audacity.profile
+++ b/etc/profile-a-l/audacity.profile
@@ -50,6 +50,7 @@ tracelog
 private-bin audacity
 private-dev
+private-etc @tls-ca,@x11
 private-tmp
 # problems on Fedora 27
diff --git a/etc/profile-a-l/audio-recorder.profile b/etc/profile-a-l/audio-recorder.profile
index 74dba7411..deba11a47 100644
--- a/etc/profile-a-l/audio-recorder.profile
+++ b/etc/profile-a-l/audio-recorder.profile
@@ -43,7 +43,7 @@ tracelog
 disable-mnt
 # private-bin audio-recorder
 private-cache
-private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload
+private-etc
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/authenticator-rs.profile b/etc/profile-a-l/authenticator-rs.profile
index 73a2e1806..215f22fd0 100644
--- a/etc/profile-a-l/authenticator-rs.profile
+++ b/etc/profile-a-l/authenticator-rs.profile
@@ -46,7 +46,7 @@ disable-mnt
 private-bin authenticator-rs
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl,xdg
+private-etc @tls-ca,@x11
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/authenticator.profile b/etc/profile-a-l/authenticator.profile
index 02c1d8768..96c70a838 100644
--- a/etc/profile-a-l/authenticator.profile
+++ b/etc/profile-a-l/authenticator.profile
@@ -38,7 +38,7 @@ seccomp
 disable-mnt
 # private-bin authenticator,python*
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl
+private-etc @tls-ca
 private-tmp
 # makes settings immutable
diff --git a/etc/profile-a-l/ballbuster.profile b/etc/profile-a-l/ballbuster.profile
index b60b5715c..9ca947106 100644
--- a/etc/profile-a-l/ballbuster.profile
+++ b/etc/profile-a-l/ballbuster.profile
@@ -44,7 +44,7 @@ disable-mnt
 private-bin ballbuster
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pulse
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/bibletime.profile b/etc/profile-a-l/bibletime.profile
index 85a1a58c7..3fb2a82c3 100644
--- a/etc/profile-a-l/bibletime.profile
+++ b/etc/profile-a-l/bibletime.profile
@@ -51,7 +51,7 @@ disable-mnt
 # private-bin bibletime
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,login.defs,machine-id,passwd,pki,resolv.conf,ssl,sword,sword.conf
+private-etc @tls-ca,sword,sword.conf
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/bijiben.profile b/etc/profile-a-l/bijiben.profile
index b6b52601e..53d212e34 100644
--- a/etc/profile-a-l/bijiben.profile
+++ b/etc/profile-a-l/bijiben.profile
@@ -50,7 +50,7 @@ disable-mnt
 private-bin bijiben
 # private-cache -- access to .cache/tracker is required
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload
+private-etc @x11
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/bitwarden.profile b/etc/profile-a-l/bitwarden.profile
index f8114c71b..ba30c3654 100644
--- a/etc/profile-a-l/bitwarden.profile
+++ b/etc/profile-a-l/bitwarden.profile
@@ -23,7 +23,7 @@ no3d
 nosound
 ?HAS_APPIMAGE: ignore private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl
+private-etc @tls-ca
 private-opt Bitwarden
 # Redirect
diff --git a/etc/profile-a-l/bless.profile b/etc/profile-a-l/bless.profile
index 9badb4357..6dd540943 100644
--- a/etc/profile-a-l/bless.profile
+++ b/etc/profile-a-l/bless.profile
@@ -34,7 +34,7 @@ seccomp
 # private-bin bash,bless,mono,sh
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload,mono
+private-etc mono
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile
index 6e7a87e5f..dccdae924 100644
--- a/etc/profile-a-l/blobby.profile
+++ b/etc/profile-a-l/blobby.profile
@@ -40,7 +40,7 @@ tracelog
 disable-mnt
 private-bin blobby
 private-dev
-private-etc alsa,alternatives,asound.conf,drirc,group,hosts,ld.so.cache,ld.so.preload,login.defs,machine-id,passwd,pulse
+private-etc @x11
 private-lib
 private-tmp
diff --git a/etc/profile-a-l/blobwars.profile b/etc/profile-a-l/blobwars.profile
index e6926ee29..fc0a76945 100644
--- a/etc/profile-a-l/blobwars.profile
+++ b/etc/profile-a-l/blobwars.profile
@@ -42,7 +42,7 @@ disable-mnt
 private-bin blobwars
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload,machine-id
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/bsdtar.profile b/etc/profile-a-l/bsdtar.profile
index fbc7c9056..c5c2e33eb 100644
--- a/etc/profile-a-l/bsdtar.profile
+++ b/etc/profile-a-l/bsdtar.profile
@@ -6,7 +6,7 @@ include bsdtar.local
 # Persistent global definitions
 include globals.local
-private-etc alternatives,group,ld.so.cache,ld.so.preload,localtime,passwd
+private-etc
 # Redirect
 include archiver-common.profile
diff --git a/etc/profile-a-l/cameramonitor.profile b/etc/profile-a-l/cameramonitor.profile
index b2248ad06..df94ac859 100644
--- a/etc/profile-a-l/cameramonitor.profile
+++ b/etc/profile-a-l/cameramonitor.profile
@@ -45,7 +45,7 @@ tracelog
 disable-mnt
 private-bin cameramonitor,python*
 private-cache
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload
+private-etc
 private-tmp
 # dbus-user none
diff --git a/etc/profile-a-l/cargo.profile b/etc/profile-a-l/cargo.profile
index 4c8afd895..a0fe8ddf1 100644
--- a/etc/profile-a-l/cargo.profile
+++ b/etc/profile-a-l/cargo.profile
@@ -16,7 +16,7 @@ noblacklist ${HOME}/.cargo/credentials.toml
 #whitelist ${HOME}/.rustup
 #private-bin cargo,rustc
-private-etc alternatives,ca-certificates,crypto-policies,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,magic,magic.mgc,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl
+private-etc @tls-ca,host.conf,magic,magic.mgc,rpc,services
 memory-deny-write-execute
diff --git a/etc/profile-a-l/cawbird.profile b/etc/profile-a-l/cawbird.profile
index e4e32b265..17887b6cc 100644
--- a/etc/profile-a-l/cawbird.profile
+++ b/etc/profile-a-l/cawbird.profile
@@ -38,7 +38,7 @@ disable-mnt
 private-bin cawbird
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,pki,resolv.conf,ssl,X11,xdg
+private-etc @tls-ca,@x11,host.conf,mime.types
 private-tmp
 # dbus-user none
diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile
index 0c4335e8f..7b0f7bdf0 100644
--- a/etc/profile-a-l/celluloid.profile
+++ b/etc/profile-a-l/celluloid.profile
@@ -52,7 +52,7 @@ tracelog
 private-bin celluloid,env,gnome-mpv,python*,youtube-dl
 private-cache
-private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.preload,libva.conf,localtime,machine-id,pkcs11,pki,resolv.conf,selinux,ssl,xdg
+private-etc @tls-ca,@x11,libva.conf,pkcs11
 private-dev
 private-tmp
diff --git a/etc/profile-a-l/chatterino.profile b/etc/profile-a-l/chatterino.profile
index 4dfd85740..2df03b10b 100644
--- a/etc/profile-a-l/chatterino.profile
+++ b/etc/profile-a-l/chatterino.profile
@@ -70,7 +70,7 @@ private-bin chatterino,cvlc,env,ffmpeg,mpv,nvlc,pgrep,python*,qvlc,rvlc,streamli
 # private-cache may cause issues with mpv (see #2838)
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ca-certificates,dbus-1,fonts,hostname,hosts,kde4rc,kde5rc,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,nvidia,passwd,pulse,resolv.conf,rpc,services,ssl,Trolltech.conf,X11
+private-etc @tls-ca,@x11,dbus-1,rpc,services
 private-srv none
 private-tmp
diff --git a/etc/profile-a-l/cheese.profile b/etc/profile-a-l/cheese.profile
index 8aed77c04..93d9c9a8b 100644
--- a/etc/profile-a-l/cheese.profile
+++ b/etc/profile-a-l/cheese.profile
@@ -51,7 +51,7 @@ disable-mnt
 private-bin cheese
 private-cache
 private-dev
-private-etc alternatives,clutter-1.0,dconf,drirc,fonts,gtk-3.0,ld.so.cache,ld.so.preload
+private-etc @x11,clutter-1.0
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/clawsker.profile b/etc/profile-a-l/clawsker.profile
index 4f4e8e7bf..3b8eb7bbd 100644
--- a/etc/profile-a-l/clawsker.profile
+++ b/etc/profile-a-l/clawsker.profile
@@ -43,7 +43,7 @@ disable-mnt
 private-bin bash,clawsker,perl,sh,which
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload
+private-etc
 private-lib girepository-1.*,libdbus-glib-1.so.*,libetpan.so.*,libgirepository-1.*,libgtk-3.so.*,libgtk-x11-2.0.so.*,libstartup-notification-1.so.*,perl*
 private-tmp
diff --git a/etc/profile-a-l/cmus.profile b/etc/profile-a-l/cmus.profile
index ad6332f78..cc7a43609 100644
--- a/etc/profile-a-l/cmus.profile
+++ b/etc/profile-a-l/cmus.profile
@@ -26,6 +26,6 @@ protocol unix,inet,inet6
 seccomp
 private-bin cmus
-private-etc alternatives,asound.conf,ca-certificates,crypto-policies,group,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl
+private-etc @tls-ca
 restrict-namespaces
diff --git a/etc/profile-a-l/cointop.profile b/etc/profile-a-l/cointop.profile
index c341c4ea2..aa053e2f7 100644
--- a/etc/profile-a-l/cointop.profile
+++ b/etc/profile-a-l/cointop.profile
@@ -52,7 +52,7 @@ disable-mnt
 private-bin cointop
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl
+private-etc @tls-ca,host.conf,rpc,services
 private-lib
 private-tmp
diff --git a/etc/profile-a-l/colorful.profile b/etc/profile-a-l/colorful.profile
index 442d50259..50f8f67f3 100644
--- a/etc/profile-a-l/colorful.profile
+++ b/etc/profile-a-l/colorful.profile
@@ -44,7 +44,7 @@ disable-mnt
 private-bin colorful
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pulse
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/com.github.bleakgrey.tootle.profile b/etc/profile-a-l/com.github.bleakgrey.tootle.profile
index 990b6bc5a..8b7d2317c 100644
--- a/etc/profile-a-l/com.github.bleakgrey.tootle.profile
+++ b/etc/profile-a-l/com.github.bleakgrey.tootle.profile
@@ -44,7 +44,7 @@ disable-mnt
 private-bin com.github.bleakgrey.tootle
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg
+private-etc @tls-ca,@x11,host.conf,mime.types
 private-tmp
 # Settings are immutable
diff --git a/etc/profile-a-l/com.github.dahenson.agenda.profile b/etc/profile-a-l/com.github.dahenson.agenda.profile
index 5f2a1c3e6..ab389d3ee 100644
--- a/etc/profile-a-l/com.github.dahenson.agenda.profile
+++ b/etc/profile-a-l/com.github.dahenson.agenda.profile
@@ -51,7 +51,7 @@ disable-mnt
 private-bin com.github.dahenson.agenda
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload
+private-etc @x11
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
index 21f37494b..6177b52c0 100644
--- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
+++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
@@ -2,7 +2,7 @@
 # Description: Simple and modern GTK eBook reader
 # This file is overwritten after every install/update
 # Persistent local customizations
-include foliate.local
+include com.github.johnfactotum.Foliate.local
 # Persistent global definitions
 include globals.local
@@ -28,7 +28,6 @@ whitelist ${HOME}/.local/share/com.github.johnfactotum.Foliate
 whitelist ${DOCUMENTS}
 whitelist ${DOWNLOADS}
 whitelist /usr/share/com.github.johnfactotum.Foliate
-whitelist /usr/share/hyphen
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
@@ -54,7 +53,7 @@ disable-mnt
 private-bin com.github.johnfactotum.Foliate,gjs
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gconf,gtk-3.0,ld.so.cache,ld.so.preload
+private-etc @x11,gconf
 private-tmp
 read-only ${HOME}
diff --git a/etc/profile-a-l/com.github.phase1geo.minder.profile b/etc/profile-a-l/com.github.phase1geo.minder.profile
index 07a6a6813..22a64cb35 100644
--- a/etc/profile-a-l/com.github.phase1geo.minder.profile
+++ b/etc/profile-a-l/com.github.phase1geo.minder.profile
@@ -51,7 +51,7 @@ disable-mnt
 private-bin com.github.phase1geo.minder
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,X11,xdg
+private-etc @x11,mime.types
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/com.github.tchx84.Flatseal.profile b/etc/profile-a-l/com.github.tchx84.Flatseal.profile
index fd4494e92..eee98ba8d 100644
--- a/etc/profile-a-l/com.github.tchx84.Flatseal.profile
+++ b/etc/profile-a-l/com.github.tchx84.Flatseal.profile
@@ -51,7 +51,7 @@ disable-mnt
 private-bin com.github.tchx84.Flatseal,gjs
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload
+private-etc @x11
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/coyim.profile b/etc/profile-a-l/coyim.profile
index 793de8ab4..21b576fb7 100644
--- a/etc/profile-a-l/coyim.profile
+++ b/etc/profile-a-l/coyim.profile
@@ -39,7 +39,7 @@ tracelog
 disable-mnt
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,machine-id,pki,ssl
+private-etc @tls-ca
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/crow.profile b/etc/profile-a-l/crow.profile
index 842191f3f..601daacfa 100644
--- a/etc/profile-a-l/crow.profile
+++ b/etc/profile-a-l/crow.profile
@@ -38,7 +38,7 @@ seccomp
 disable-mnt
 private-bin crow
 private-dev
-private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl
+private-etc @tls-ca,@x11
 private-opt none
 private-tmp
 private-srv none
diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile
index 63d89ec36..7dd5ca260 100644
--- a/etc/profile-a-l/d-feet.profile
+++ b/etc/profile-a-l/d-feet.profile
@@ -49,7 +49,7 @@ disable-mnt
 private-bin d-feet,python*
 private-cache
 private-dev
-private-etc alternatives,dbus-1,fonts,ld.so.cache,ld.so.preload,machine-id
+private-etc dbus-1
 private-tmp
 #memory-deny-write-execute - breaks on Arch (see issue #1803)
diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile
index b259c7e93..80790bb0c 100644
--- a/etc/profile-a-l/dbus-send.profile
+++ b/etc/profile-a-l/dbus-send.profile
@@ -50,7 +50,7 @@ private
 private-bin dbus-send
 private-cache
 private-dev
-private-etc alternatives,dbus-1,ld.so.cache,ld.so.preload
+private-etc dbus-1
 private-lib libpcre*
 private-tmp
diff --git a/etc/profile-a-l/dconf-editor.profile b/etc/profile-a-l/dconf-editor.profile
index 876e637b2..e2e2492bc 100644
--- a/etc/profile-a-l/dconf-editor.profile
+++ b/etc/profile-a-l/dconf-editor.profile
@@ -42,7 +42,7 @@ disable-mnt
 private-bin dconf-editor
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,machine-id
+private-etc @x11
 private-lib
 private-tmp
diff --git a/etc/profile-a-l/dconf.profile b/etc/profile-a-l/dconf.profile
index 5136445da..2b2ada742 100644
--- a/etc/profile-a-l/dconf.profile
+++ b/etc/profile-a-l/dconf.profile
@@ -45,7 +45,7 @@ disable-mnt
 private-bin dconf,gsettings
 private-cache
 private-dev
-private-etc alternatives,dconf,ld.so.cache,ld.so.preload
+private-etc @x11
 private-lib
 private-tmp
diff --git a/etc/profile-a-l/ddgtk.profile b/etc/profile-a-l/ddgtk.profile
index 8ea5d178e..9811c90d6 100644
--- a/etc/profile-a-l/ddgtk.profile
+++ b/etc/profile-a-l/ddgtk.profile
@@ -44,7 +44,7 @@ tracelog
 disable-mnt
 private-bin bash,dd,ddgtk,grep,lsblk,python*,sed,sh,tr
 private-cache
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/devhelp.profile b/etc/profile-a-l/devhelp.profile
index ef31fc3eb..066cdc8b0 100644
--- a/etc/profile-a-l/devhelp.profile
+++ b/etc/profile-a-l/devhelp.profile
@@ -41,7 +41,7 @@ disable-mnt
 private-bin devhelp
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,ld.so.cache,ld.so.preload,machine-id,ssl
+private-etc @tls-ca,@x11
 private-tmp
 # makes settings immutable
diff --git a/etc/profile-a-l/devilspie.profile b/etc/profile-a-l/devilspie.profile
index 0579547af..4461c2a82 100644
--- a/etc/profile-a-l/devilspie.profile
+++ b/etc/profile-a-l/devilspie.profile
@@ -47,7 +47,7 @@ disable-mnt
 private-bin devilspie
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload
+private-etc
 private-lib gconv
 private-tmp
diff --git a/etc/profile-a-l/dig.profile b/etc/profile-a-l/dig.profile
index 3ee58147a..7c0fee9c3 100644
--- a/etc/profile-a-l/dig.profile
+++ b/etc/profile-a-l/dig.profile
@@ -48,7 +48,7 @@ tracelog
 disable-mnt
 private-bin bash,dig,sh
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload,login.defs,passwd,resolv.conf
+private-etc
 # Add the next line to your dig.local on non Debian/Ubuntu OS (see issue #3038).
 #private-lib
 private-tmp
diff --git a/etc/profile-a-l/discord-common.profile b/etc/profile-a-l/discord-common.profile
index bf49c8d48..c53170126 100644
--- a/etc/profile-a-l/discord-common.profile
+++ b/etc/profile-a-l/discord-common.profile
@@ -24,7 +24,7 @@ whitelist ${HOME}/.config/BetterDiscord
 whitelist ${HOME}/.local/share/betterdiscordctl
 private-bin awk,bash,cut,echo,egrep,electron,electron[0-9],electron[0-9][0-9],fish,grep,head,sed,sh,tclsh,tr,which,xdg-mime,xdg-open,zsh
-private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl
+private-etc @tls-ca
 join-or-start discord
diff --git a/etc/profile-a-l/display.profile b/etc/profile-a-l/display.profile
index 15f6e441d..bf77828be 100644
--- a/etc/profile-a-l/display.profile
+++ b/etc/profile-a-l/display.profile
@@ -39,7 +39,7 @@ seccomp
 private-bin display,python*
 private-dev
 # On Debian-based systems, display is a symlink in /etc/alternatives
-private-etc alternatives,ImageMagick-6,ImageMagick-7,ld.so.cache,ld.so.preload
+private-etc ImageMagick-6,ImageMagick-7
 private-lib gcc/*/*/libgcc_s.so.*,gcc/*/*/libgomp.so.*,ImageMagick*,libfreetype.so.*,libltdl.so.*,libMagickWand-*.so.*,libXext.so.*
 private-tmp
diff --git a/etc/profile-a-l/dolphin-emu.profile b/etc/profile-a-l/dolphin-emu.profile
index acaf2e021..9743ebfbd 100644
--- a/etc/profile-a-l/dolphin-emu.profile
+++ b/etc/profile-a-l/dolphin-emu.profile
@@ -54,7 +54,7 @@ private-bin bash,dolphin-emu,dolphin-emu-x11,sh
 private-cache
 # Add the next line to your dolphin-emu.local if you do not need controller support.
 #private-dev
-private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,kde4rc,kde5rc,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,Trolltech.conf,X11,xdg
+private-etc @tls-ca,@x11,bumblebee,gconf,glvnd,host.conf,mime.types,rpc,services
 private-opt none
 private-tmp
diff --git a/etc/profile-a-l/dosbox.profile b/etc/profile-a-l/dosbox.profile
index 1edbb7ca0..882709808 100644
--- a/etc/profile-a-l/dosbox.profile
+++ b/etc/profile-a-l/dosbox.profile
@@ -37,6 +37,7 @@ tracelog
 private-bin dosbox
 private-dev
+private-etc @games
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/drawio.profile b/etc/profile-a-l/drawio.profile
index 9d9fa291b..79366b8ee 100644
--- a/etc/profile-a-l/drawio.profile
+++ b/etc/profile-a-l/drawio.profile
@@ -44,7 +44,7 @@ seccomp !chroot
 private-bin drawio
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/easystroke.profile b/etc/profile-a-l/easystroke.profile
index 920eb7697..40fd8be7c 100644
--- a/etc/profile-a-l/easystroke.profile
+++ b/etc/profile-a-l/easystroke.profile
@@ -44,7 +44,7 @@ disable-mnt
 #private-bin bash,easystroke,sh
 private-cache
 private-dev
-private-etc alternatives,fonts,group,ld.so.cache,ld.so.preload,passwd
+private-etc
 # breaks custom shell command functionality
 #private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*
 private-tmp
diff --git a/etc/profile-a-l/electron-hardened.inc.profile b/etc/profile-a-l/electron-hardened.inc.profile
index eacf5cebe..a9e1756d9 100644
--- a/etc/profile-a-l/electron-hardened.inc.profile
+++ b/etc/profile-a-l/electron-hardened.inc.profile
@@ -7,4 +7,4 @@ include electron-hardened.inc.local
 #include globals.local
 # Redirect
-include chrome-common-hardened.inc.profile
+include chromium-common-hardened.inc.profile
diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile
index d0d0f2168..4872223f1 100644
--- a/etc/profile-a-l/electron-mail.profile
+++ b/etc/profile-a-l/electron-mail.profile
@@ -29,7 +29,7 @@ read-only ${HOME}/.mozilla/firefox/profiles.ini
 machine-id
 nosound
-private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl
+private-etc @tls-ca,@x11
 private-opt ElectronMail
 dbus-user filter
diff --git a/etc/profile-a-l/electrum.profile b/etc/profile-a-l/electrum.profile
index 78a996f71..48ce0aa22 100644
--- a/etc/profile-a-l/electrum.profile
+++ b/etc/profile-a-l/electrum.profile
@@ -46,7 +46,7 @@ private-bin electrum,python*
 private-cache
 ?HAS_APPIMAGE: ignore private-dev
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,ld.so.cache,ld.so.preload,machine-id,pki,resolv.conf,ssl
+private-etc @tls-ca,@x11
 private-tmp
 # dbus-user none
diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile
index 0d5d18fe2..86442d441 100644
--- a/etc/profile-a-l/email-common.profile
+++ b/etc/profile-a-l/email-common.profile
@@ -69,7 +69,7 @@ tracelog
 # disable-mnt
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gnupg,groups,gtk-2.0,gtk-3.0,hostname,hosts,hosts.conf,ld.so.cache,ld.so.preload,localtime,machine-id,mailname,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssl,timezone,xdg
+private-etc @tls-ca,@x11,gnupg,hosts.conf,mailname,timezone
 private-tmp
 # encrypting and signing email
 writable-run-user
diff --git a/etc/profile-a-l/enchant.profile b/etc/profile-a-l/enchant.profile
index 37a6c088b..051c75fc1 100644
--- a/etc/profile-a-l/enchant.profile
+++ b/etc/profile-a-l/enchant.profile
@@ -47,7 +47,7 @@ x11 none
 private-bin enchant,enchant-*
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload
+private-etc
 private-lib
 private-tmp
diff --git a/etc/profile-a-l/eo-common.profile b/etc/profile-a-l/eo-common.profile
index 83abb551e..c487a5add 100644
--- a/etc/profile-a-l/eo-common.profile
+++ b/etc/profile-a-l/eo-common.profile
@@ -46,7 +46,7 @@ tracelog
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload
+private-etc @x11
 private-lib eog,eom,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.*
 private-tmp
diff --git a/etc/profile-a-l/ephemeral.profile b/etc/profile-a-l/ephemeral.profile
index adda53660..8b32d08b1 100644
--- a/etc/profile-a-l/ephemeral.profile
+++ b/etc/profile-a-l/ephemeral.profile
@@ -55,7 +55,7 @@ disable-mnt
 private-cache
 ?BROWSER_DISABLE_U2F: private-dev
 # private-etc below works fine on most distributions. There are some problems on CentOS.
-#private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,localtime,login.defs,machine-id,mailcap,mime.types,nsswitch.conf,os-release,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+#private-etc @tls-ca,@x11,mailcap,mime.types,os-release
 private-tmp
 # breaks preferences
diff --git a/etc/profile-a-l/equalx.profile b/etc/profile-a-l/equalx.profile
index 2fe0a4af4..8cbdccbb5 100644
--- a/etc/profile-a-l/equalx.profile
+++ b/etc/profile-a-l/equalx.profile
@@ -53,7 +53,7 @@ disable-mnt
 private-bin equalx,gs,pdflatex,pdftocairo
 private-cache
 private-dev
-private-etc alternatives,equalx,equalx.conf,fonts,gtk-2.0,latexmk.conf,ld.so.cache,ld.so.preload,machine-id,papersize,passwd,texlive,Trolltech.conf
+private-etc @x11,equalx,equalx.conf,latexmk.conf,papersize,texlive
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile
index 7d27f12c9..5b9892af3 100644
--- a/etc/profile-a-l/etr.profile
+++ b/etc/profile-a-l/etr.profile
@@ -49,6 +49,7 @@ private-bin etr
 private-cache
 private-dev
 # private-etc alternatives,drirc,machine-id,openal,passwd
+private-etc @games,@x11
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile
index 95115d484..75a3958ad 100644
--- a/etc/profile-a-l/evince.profile
+++ b/etc/profile-a-l/evince.profile
@@ -54,7 +54,7 @@ tracelog
 private-bin evince,evince-previewer,evince-thumbnailer,sh
 private-cache
 private-dev
-private-etc alternatives,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd
+private-etc
 # private-lib might break two-page-view on some systems
 private-lib evince,gcc/*/*/libgcc_s.so.*,gcc/*/*/libstdc++.so.*,gconv,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libarchive.so.*,libdjvulibre.so.*,libgconf-2.so.*,libgraphite2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,libspectre.so.*
 private-tmp
diff --git a/etc/profile-a-l/exiftool.profile b/etc/profile-a-l/exiftool.profile
index 45331487c..a8be4828f 100644
--- a/etc/profile-a-l/exiftool.profile
+++ b/etc/profile-a-l/exiftool.profile
@@ -47,7 +47,7 @@ x11 none
 #private-bin exiftool,perl
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/falkon.profile b/etc/profile-a-l/falkon.profile
index 2daf1ff15..d805766eb 100644
--- a/etc/profile-a-l/falkon.profile
+++ b/etc/profile-a-l/falkon.profile
@@ -47,7 +47,7 @@ disable-mnt
 # private-bin falkon
 private-cache
 private-dev
-private-etc adobe,alternatives,asound.conf,ati,ca-certificates,crypto-policies,dconf,drirc,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg
+private-etc @tls-ca,@x11,adobe,mailcap,mime.types
 private-tmp
 # dbus-user filter
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile
index 248cb5b49..77e16a56b 100644
--- a/etc/profile-a-l/fdns.profile
+++ b/etc/profile-a-l/fdns.profile
@@ -42,7 +42,7 @@ private
 private-bin bash,fdns,sh
 private-cache
 #private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fdns,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pki,ssl
+private-etc @tls-ca,fdns
 # private-lib
 private-tmp
diff --git a/etc/profile-a-l/feh-network.inc.profile b/etc/profile-a-l/feh-network.inc.profile
index 7293e89a8..4b45cd198 100644
--- a/etc/profile-a-l/feh-network.inc.profile
+++ b/etc/profile-a-l/feh-network.inc.profile
@@ -5,4 +5,4 @@ include feh-network.inc.local
 ignore net none
 netfilter
 protocol unix,inet,inet6
-private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl
+private-etc @tls-ca
diff --git a/etc/profile-a-l/feh.profile b/etc/profile-a-l/feh.profile
index be5ab8627..82b3f7645 100644
--- a/etc/profile-a-l/feh.profile
+++ b/etc/profile-a-l/feh.profile
@@ -35,7 +35,7 @@ seccomp
 private-bin feh,jpegexiforient,jpegtran
 private-cache
 private-dev
-private-etc alternatives,feh,ld.so.cache,ld.so.preload
+private-etc feh
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/ffmpeg.profile b/etc/profile-a-l/ffmpeg.profile
index 160f26f78..b7d54f05d 100644
--- a/etc/profile-a-l/ffmpeg.profile
+++ b/etc/profile-a-l/ffmpeg.profile
@@ -47,7 +47,7 @@ tracelog
 private-bin ffmpeg
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,nsswitch.conf,pkcs11,pki,resolv.conf,ssl
+private-etc @tls-ca,pkcs11
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/ffplay.profile b/etc/profile-a-l/ffplay.profile
index 52abb99d4..5cffd4980 100644
--- a/etc/profile-a-l/ffplay.profile
+++ b/etc/profile-a-l/ffplay.profile
@@ -14,7 +14,7 @@ ignore nogroups
 ignore nosound
 private-bin ffplay
-private-etc alsa,alternatives,asound.conf,group,ld.so.cache,ld.so.preload
+private-etc
 # Redirect
 include ffmpeg.profile
diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile
index ef4e0e117..4f39bec55 100644
--- a/etc/profile-a-l/file-roller.profile
+++ b/etc/profile-a-l/file-roller.profile
@@ -42,7 +42,7 @@ tracelog
 private-bin 7z,7za,7zr,ar,arj,atool,bash,brotli,bsdtar,bzip2,compress,cp,cpio,dpkg-deb,file-roller,gtar,gzip,isoinfo,lha,lrzip,lsar,lz4,lzip,lzma,lzop,mv,p7zip,rar,rm,rzip,sh,tar,unace,unalz,unar,uncompress,unrar,unsquashfs,unstuff,unzip,unzstd,xz,xzdec,zip,zoo,zstd
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,xdg
+private-etc @x11
 # private-tmp
 dbus-system none
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile
index 57c9b5dfb..42d12c5d9 100644
--- a/etc/profile-a-l/firefox-common.profile
+++ b/etc/profile-a-l/firefox-common.profile
@@ -57,9 +57,7 @@ seccomp !chroot
 disable-mnt
 ?BROWSER_DISABLE_U2F: private-dev
-# private-etc below works fine on most distributions. There are some problems on CentOS.
+# private-etc below works fine on most distributions. There could be some problems on CentOS.
-# Add it to your firefox-common.local if you want to enable it.
-#private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
 private-etc @tls-ca,@x11,mailcap,mime.types,os-release
 private-tmp
diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile
index 0984055a3..3f4432857 100644
--- a/etc/profile-a-l/flameshot.profile
+++ b/etc/profile-a-l/flameshot.profile
@@ -51,7 +51,7 @@ tracelog
 disable-mnt
 private-bin flameshot
 private-cache
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.preload,machine-id,pki,resolv.conf,ssl
+private-etc @tls-ca
 private-dev
 #private-tmp
diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile
index a614d7d9f..fe0bc8756 100644
--- a/etc/profile-a-l/fractal.profile
+++ b/etc/profile-a-l/fractal.profile
@@ -46,7 +46,7 @@ disable-mnt
 private-bin fractal
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-etc @tls-ca,@x11,host.conf,mime.types
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/freemind.profile b/etc/profile-a-l/freemind.profile
index ae5843f7f..9bf5a14be 100644
--- a/etc/profile-a-l/freemind.profile
+++ b/etc/profile-a-l/freemind.profile
@@ -43,7 +43,7 @@ disable-mnt
 private-bin bash,cp,dirname,dpkg,echo,freemind,grep,java,lsb_release,mkdir,readlink,rpm,sed,sh,uname,which
 private-cache
 private-dev
-#private-etc alternatives,fonts,java
+#private-etc alternatives,fonts,java*
 private-tmp
 private-opt none
 private-srv none
diff --git a/etc/profile-a-l/freetube.profile b/etc/profile-a-l/freetube.profile
index bcde18b36..bdc5fa557 100644
--- a/etc/profile-a-l/freetube.profile
+++ b/etc/profile-a-l/freetube.profile
@@ -18,7 +18,7 @@ mkdir ${HOME}/.config/FreeTube
 whitelist ${HOME}/.config/FreeTube
 private-bin electron,electron[0-9],electron[0-9][0-9],freetube,sh
-private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg
+private-etc @tls-ca,@x11,host.conf,mime.types
 dbus-user filter
 dbus-user.own org.mpris.MediaPlayer2.chromium.*
diff --git a/etc/profile-a-l/frogatto.profile b/etc/profile-a-l/frogatto.profile
index 067fe3caa..d9ee054ab 100644
--- a/etc/profile-a-l/frogatto.profile
+++ b/etc/profile-a-l/frogatto.profile
@@ -44,7 +44,7 @@ disable-mnt
 private-bin frogatto,sh
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload,machine-id
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/frozen-bubble.profile b/etc/profile-a-l/frozen-bubble.profile
index 86a8a8fc6..f162a4a31 100644
--- a/etc/profile-a-l/frozen-bubble.profile
+++ b/etc/profile-a-l/frozen-bubble.profile
@@ -22,6 +22,7 @@ mkdir ${HOME}/.frozen-bubble
 whitelist ${HOME}/.frozen-bubble
 include whitelist-common.inc
 include whitelist-runuser-common.inc
+whitelist /usr/share/games
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
@@ -42,6 +43,7 @@ tracelog
 disable-mnt
 # private-bin frozen-bubble
 private-dev
+private-etc @games,@x11
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/gajim.profile b/etc/profile-a-l/gajim.profile
index d4d578dd4..ed7b32f6e 100644
--- a/etc/profile-a-l/gajim.profile
+++ b/etc/profile-a-l/gajim.profile
@@ -58,7 +58,7 @@ disable-mnt
 private-bin bash,gajim,gajim-history-manager,gpg,gpg2,paplay,python*,sh,zsh
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.preload,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl,xdg
+private-etc @tls-ca,@x11
 private-tmp
 writable-run-user
diff --git a/etc/profile-a-l/galculator.profile b/etc/profile-a-l/galculator.profile
index 0fba8ac07..96ded592d 100644
--- a/etc/profile-a-l/galculator.profile
+++ b/etc/profile-a-l/galculator.profile
@@ -42,7 +42,7 @@ tracelog
 private-bin galculator
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload
+private-etc
 private-lib
 private-tmp
diff --git a/etc/profile-a-l/gallery-dl.profile b/etc/profile-a-l/gallery-dl.profile
index 2947873ef..9c8200dc4 100644
--- a/etc/profile-a-l/gallery-dl.profile
+++ b/etc/profile-a-l/gallery-dl.profile
@@ -12,7 +12,7 @@ noblacklist ${HOME}/.config/gallery-dl
 noblacklist ${HOME}/.gallery-dl.conf
 private-bin gallery-dl
-private-etc alternatives,gallery-dl.conf,ld.so.cache,ld.so.preload
+private-etc gallery-dl.conf
 # Redirect
 include youtube-dl.profile
diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile
index 106e0eda6..baf8f614e 100644
--- a/etc/profile-a-l/gapplication.profile
+++ b/etc/profile-a-l/gapplication.profile
@@ -48,7 +48,7 @@ private
 private-bin gapplication
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload
+private-etc
 private-tmp
 # Add the next line to your gapplication.local to filter D-Bus names.
diff --git a/etc/profile-a-l/gcloud.profile b/etc/profile-a-l/gcloud.profile
index 313b34a53..ad37312a8 100644
--- a/etc/profile-a-l/gcloud.profile
+++ b/etc/profile-a-l/gcloud.profile
@@ -35,7 +35,7 @@ tracelog
 disable-mnt
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,pki,resolv.conf,ssl
+private-etc @tls-ca
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/gconf.profile b/etc/profile-a-l/gconf.profile
index 5b434342b..ead78d983 100644
--- a/etc/profile-a-l/gconf.profile
+++ b/etc/profile-a-l/gconf.profile
@@ -53,7 +53,7 @@ disable-mnt
 private-bin gconf-editor,gconf-merge-*,gconfpkg,gconftool-2,gsettings-*-convert,python2*
 private-cache
 private-dev
-private-etc alternatives,fonts,gconf,ld.so.cache,ld.so.preload
+private-etc gconf
 private-lib GConf,libpython*,python2*
 private-tmp
diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile
index 6aaf1ab05..a19a20ba7 100644
--- a/etc/profile-a-l/geary.profile
+++ b/etc/profile-a-l/geary.profile
@@ -75,7 +75,7 @@ tracelog
 #private-bin geary,sh
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,group,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,mailcap,mime.types,nsswitch.conf,passwd,pki,resolv.conf,ssl,xdg
+private-etc @tls-ca,@x11,mailcap,mime.types
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/geekbench.profile b/etc/profile-a-l/geekbench.profile
index cda47a7e9..3a929774a 100644
--- a/etc/profile-a-l/geekbench.profile
+++ b/etc/profile-a-l/geekbench.profile
@@ -47,7 +47,7 @@ disable-mnt
 #private-bin bash,geekbench*,sh -- #4576
 private-cache
 private-dev
-private-etc alternatives,group,ld.so.cache,ld.so.preload,lsb-release,passwd
+private-etc lsb-release
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile
index d3d49433b..1c97ad21c 100644
--- a/etc/profile-a-l/gfeeds.profile
+++ b/etc/profile-a-l/gfeeds.profile
@@ -60,7 +60,7 @@ disable-mnt
 private-bin gfeeds,python3*
 # private-cache -- feeds are stored in ~/.cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,group,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,X11,xdg
+private-etc @tls-ca,@x11,dbus-1,gconf,host.conf,mime.types,rpc,services
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile
index 02c4f9509..11d5f620c 100644
--- a/etc/profile-a-l/gget.profile
+++ b/etc/profile-a-l/gget.profile
@@ -48,7 +48,7 @@ disable-mnt
 private-bin gget
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl
+private-etc @tls-ca
 private-lib
 private-tmp
diff --git a/etc/profile-a-l/ghostwriter.profile b/etc/profile-a-l/ghostwriter.profile
index 9c719ddb1..dabf0dd7f 100644
--- a/etc/profile-a-l/ghostwriter.profile
+++ b/etc/profile-a-l/ghostwriter.profile
@@ -51,7 +51,7 @@ private-bin context,gettext,ghostwriter,latex,mktexfmt,pandoc,pdflatex,pdfroff,p
 private-cache
 private-dev
 # passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed
-private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,firejail,fonts,gconf,groups,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,texlive,Trolltech.conf,X11,xdg
+private-etc @tls-ca,@x11,dbus-1,firejail,gconf,host.conf,mime.types,rpc,services,texlive
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile
index f29929a72..717519112 100644
--- a/etc/profile-a-l/gimp.profile
+++ b/etc/profile-a-l/gimp.profile
@@ -59,7 +59,7 @@ seccomp !mbind
 tracelog
 private-dev
-private-etc @x11,gcrypt,python*
+private-etc @tls-ca,@x11,python*
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile
index d315619b7..6eea076f7 100644
--- a/etc/profile-a-l/gist.profile
+++ b/etc/profile-a-l/gist.profile
@@ -51,7 +51,7 @@ tracelog
 disable-mnt
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile
index 2f7068d68..49568ba23 100644
--- a/etc/profile-a-l/git-cola.profile
+++ b/etc/profile-a-l/git-cola.profile
@@ -69,7 +69,7 @@ tracelog
 private-bin basename,bash,cola,envsubst,gettext,git,git-cola,git-dag,git-gui,gitk,gpg,gpg-agent,nano,ps,python*,sh,ssh,ssh-agent,tclsh,tr,wc,which,xed
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gitconfig,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,login.defs,machine-id,mime.types,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssh,ssl,X11,xdg
+private-etc @tls-ca,@x11,gitconfig,host.conf,mime.types,ssh
 private-tmp
 writable-run-user
diff --git a/etc/profile-a-l/gitter.profile b/etc/profile-a-l/gitter.profile
index 0f9ed9592..e3cf87c87 100644
--- a/etc/profile-a-l/gitter.profile
+++ b/etc/profile-a-l/gitter.profile
@@ -36,7 +36,7 @@ seccomp
 disable-mnt
 private-bin bash,env,gitter
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,pulse,resolv.conf,ssl
+private-etc @tls-ca
 private-opt Gitter
 private-dev
 private-tmp
diff --git a/etc/profile-a-l/gl-117.profile b/etc/profile-a-l/gl-117.profile
index 92ba70113..fbfbdd204 100644
--- a/etc/profile-a-l/gl-117.profile
+++ b/etc/profile-a-l/gl-117.profile
@@ -43,7 +43,7 @@ disable-mnt
 private-bin gl-117
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,bumblebee,drirc,glvnd,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nvidia,pulse
+private-etc @x11,bumblebee,glvnd
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/glaxium.profile b/etc/profile-a-l/glaxium.profile
index d61b566d8..5aa69f714 100644
--- a/etc/profile-a-l/glaxium.profile
+++ b/etc/profile-a-l/glaxium.profile
@@ -43,7 +43,7 @@ disable-mnt
 private-bin glaxium
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,bumblebee,drirc,glvnd,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nvidia,pulse
+private-etc @x11,bumblebee,glvnd
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/gmpc.profile b/etc/profile-a-l/gmpc.profile
index b337dc4d5..f3e045000 100644
--- a/etc/profile-a-l/gmpc.profile
+++ b/etc/profile-a-l/gmpc.profile
@@ -43,7 +43,7 @@ tracelog
 disable-mnt
 #private-bin gmpc
 private-cache
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload,resolv.conf
+private-etc
 private-tmp
 writable-run-user
diff --git a/etc/profile-a-l/gnome-calculator.profile b/etc/profile-a-l/gnome-calculator.profile
index 3926146ff..e5c6022e8 100644
--- a/etc/profile-a-l/gnome-calculator.profile
+++ b/etc/profile-a-l/gnome-calculator.profile
@@ -45,6 +45,7 @@ disable-mnt
 private-bin gnome-calculator
 private-cache
 private-dev
+private-etc @x11
 #private-lib gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.*,libgnutls.so.*,libproxy.so.*,librsvg-2.so.*,libxml2.so.*
 private-tmp
diff --git a/etc/profile-a-l/gnome-calendar.profile b/etc/profile-a-l/gnome-calendar.profile
index b0d3f1d34..70a302138 100644
--- a/etc/profile-a-l/gnome-calendar.profile
+++ b/etc/profile-a-l/gnome-calendar.profile
@@ -44,7 +44,7 @@ private
 private-bin gnome-calendar
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,pki,resolv.conf,ssl
+private-etc @tls-ca,@x11
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/gnome-characters.profile b/etc/profile-a-l/gnome-characters.profile
index 2e11f335b..9e9730e53 100644
--- a/etc/profile-a-l/gnome-characters.profile
+++ b/etc/profile-a-l/gnome-characters.profile
@@ -48,7 +48,7 @@ disable-mnt
 private-bin gjs,gnome-characters
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,pango,X11,xdg
+private-etc @x11,gconf,mime.types
 private-tmp
 # Add the next lines to your gnome-characters.local if you don't need access to recently used chars.
diff --git a/etc/profile-a-l/gnome-chess.profile b/etc/profile-a-l/gnome-chess.profile
index 78bd54b64..9f5174b9e 100644
--- a/etc/profile-a-l/gnome-chess.profile
+++ b/etc/profile-a-l/gnome-chess.profile
@@ -49,7 +49,7 @@ disable-mnt
 private-bin fairymax,gnome-chess,gnuchess,hoichess
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gnome-chess,gtk-3.0,ld.so.cache,ld.so.preload
+private-etc @x11,gnome-chess
 private-tmp
 restrict-namespaces
diff --git a/etc/profile-a-l/gnome-clocks.profile b/etc/profile-a-l/gnome-clocks.profile
index 5563afcbd..f290b26de 100644
--- a/etc/profile-a-l/gnome-clocks.profile
+++ b/etc/profile-a-l/gnome-clocks.profile
@@ -41,7 +41,7 @@ disable-mnt
 private-bin gnome-clocks,gsound-play
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,pkcs11,pki,resolv.conf,ssl
+private-etc @tls-ca,@x11,pkcs11
 private-tmp
 restrict-namespaces
diff --git a/etc/profile-a-l/gnome-hexgl.profile b/etc/profile-a-l/gnome-hexgl.profile
index f0493c645..4f436202c 100644
--- a/etc/profile-a-l/gnome-hexgl.profile
+++ b/etc/profile-a-l/gnome-hexgl.profile
@@ -41,7 +41,7 @@ private
 private-bin gnome-hexgl
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.preload,machine-id,pulse
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/gnome-latex.profile b/etc/profile-a-l/gnome-latex.profile
index 43e0a1ec1..b15439aee 100644
--- a/etc/profile-a-l/gnome-latex.profile
+++ b/etc/profile-a-l/gnome-latex.profile
@@ -47,7 +47,7 @@ tracelog
 private-cache
 private-dev
 # passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed
-private-etc alternatives,dconf,fonts,gtk-3.0,latexmk.conf,ld.so.cache,ld.so.preload,login.defs,passwd,texlive
+private-etc @x11,latexmk.conf,texlive
 dbus-system none
diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile
index b619b0f27..61f4f4107 100644
--- a/etc/profile-a-l/gnome-logs.profile
+++ b/etc/profile-a-l/gnome-logs.profile
@@ -39,7 +39,7 @@ disable-mnt
 private-bin gnome-logs
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload,localtime,machine-id
+private-etc
 private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*
 private-tmp
 writable-var-log
diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile
index d14b2a5a1..17f52e588 100644
--- a/etc/profile-a-l/gnome-maps.profile
+++ b/etc/profile-a-l/gnome-maps.profile
@@ -63,7 +63,7 @@ disable-mnt
 private-bin gjs,gnome-maps
 # private-cache -- gnome-maps cache all maps/satelite-images
 private-dev
-private-etc alternatives,ca-certificates,clutter-1.0,crypto-policies,dconf,drirc,fonts,gconf,gcrypt,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,pkcs11,pki,protocols,resolv.conf,rpc,services,ssl,X11,xdg
+private-etc @tls-ca,@x11,clutter-1.0,gconf,host.conf,mime.types,pkcs11,rpc,services
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/gnome-music.profile b/etc/profile-a-l/gnome-music.profile
index ec033dbf0..22d5f87ea 100644
--- a/etc/profile-a-l/gnome-music.profile
+++ b/etc/profile-a-l/gnome-music.profile
@@ -41,7 +41,7 @@ tracelog
 # private-bin calls a file manager - whatever is installed!
 #private-bin env,gio-launch-desktop,gnome-music,python*,yelp
 private-dev
-private-etc alternatives,asound.conf,dconf,fonts,fonts,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,pulse,selinux,xdg
+private-etc @x11
 private-tmp
 restrict-namespaces
diff --git a/etc/profile-a-l/gnome-passwordsafe.profile b/etc/profile-a-l/gnome-passwordsafe.profile
index 0d7fb2de8..450e76082 100644
--- a/etc/profile-a-l/gnome-passwordsafe.profile
+++ b/etc/profile-a-l/gnome-passwordsafe.profile
@@ -52,7 +52,7 @@ disable-mnt
 private-bin gnome-passwordsafe,python3*
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,passwd
+private-etc @x11
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/gnome-pie.profile b/etc/profile-a-l/gnome-pie.profile
index 6d90773aa..ac0fb555d 100644
--- a/etc/profile-a-l/gnome-pie.profile
+++ b/etc/profile-a-l/gnome-pie.profile
@@ -33,7 +33,7 @@ seccomp
 disable-mnt
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id
+private-etc
 private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*
 private-tmp
diff --git a/etc/profile-a-l/gnome-pomodoro.profile b/etc/profile-a-l/gnome-pomodoro.profile
index fb019227f..9906b15d9 100644
--- a/etc/profile-a-l/gnome-pomodoro.profile
+++ b/etc/profile-a-l/gnome-pomodoro.profile
@@ -43,7 +43,7 @@ disable-mnt
 private-bin gnome-pomodoro
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id
+private-etc @x11
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/gnome-recipes.profile b/etc/profile-a-l/gnome-recipes.profile
index 75f3199e2..aa1ded516 100644
--- a/etc/profile-a-l/gnome-recipes.profile
+++ b/etc/profile-a-l/gnome-recipes.profile
@@ -46,7 +46,7 @@ seccomp
 disable-mnt
 private-bin gnome-recipes,tar
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,ssl
+private-etc @tls-ca
 private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,libgnutls.so.*,libjpeg.so.*,libp11-kit.so.*,libproxy.so.*,librsvg-2.so.*
 private-tmp
diff --git a/etc/profile-a-l/gnome-screenshot.profile b/etc/profile-a-l/gnome-screenshot.profile
index 74238a109..25be407b5 100644
--- a/etc/profile-a-l/gnome-screenshot.profile
+++ b/etc/profile-a-l/gnome-screenshot.profile
@@ -41,7 +41,7 @@ tracelog
 disable-mnt
 private-bin gnome-screenshot
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,localtime,machine-id
+private-etc @x11
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/gnome-sound-recorder.profile b/etc/profile-a-l/gnome-sound-recorder.profile
index d07bd80a7..f278b332b 100644
--- a/etc/profile-a-l/gnome-sound-recorder.profile
+++ b/etc/profile-a-l/gnome-sound-recorder.profile
@@ -39,7 +39,7 @@ tracelog
 disable-mnt
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,openal,pango,pulse,xdg
+private-etc @games,@x11
 private-tmp
 restrict-namespaces
diff --git a/etc/profile-a-l/gnome-system-log.profile b/etc/profile-a-l/gnome-system-log.profile
index 4c74c0a61..f4e985342 100644
--- a/etc/profile-a-l/gnome-system-log.profile
+++ b/etc/profile-a-l/gnome-system-log.profile
@@ -42,7 +42,7 @@ disable-mnt
 private-bin gnome-system-log
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload,localtime,machine-id
+private-etc
 private-lib
 private-tmp
 writable-var-log
diff --git a/etc/profile-a-l/gnome-todo.profile b/etc/profile-a-l/gnome-todo.profile
index ae7ea83d8..5c375de2d 100644
--- a/etc/profile-a-l/gnome-todo.profile
+++ b/etc/profile-a-l/gnome-todo.profile
@@ -45,7 +45,7 @@ disable-mnt
 private-bin gnome-todo
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,localtime,passwd,xdg
+private-etc @x11
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/gnome_games-common.profile b/etc/profile-a-l/gnome_games-common.profile
index c9145d78e..c03d41f06 100644
--- a/etc/profile-a-l/gnome_games-common.profile
+++ b/etc/profile-a-l/gnome_games-common.profile
@@ -40,7 +40,7 @@ tracelog
 disable-mnt
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,pango,passwd,X11
+private-etc @x11,gconf
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/gnote.profile b/etc/profile-a-l/gnote.profile
index d7944ae24..c6ce0c2c0 100644
--- a/etc/profile-a-l/gnote.profile
+++ b/etc/profile-a-l/gnote.profile
@@ -50,7 +50,7 @@ disable-mnt
 private-bin gnote
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,pango,X11
+private-etc @x11
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/gnubik.profile b/etc/profile-a-l/gnubik.profile
index bdbcf9baf..025cb74b6 100644
--- a/etc/profile-a-l/gnubik.profile
+++ b/etc/profile-a-l/gnubik.profile
@@ -42,7 +42,7 @@ private
 private-bin gnubik
 private-cache
 private-dev
-private-etc alternatives,drirc,fonts,gtk-2.0,ld.so.cache,ld.so.preload
+private-etc @x11
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/godot.profile b/etc/profile-a-l/godot.profile
index 36a2cae07..5e41384ab 100644
--- a/etc/profile-a-l/godot.profile
+++ b/etc/profile-a-l/godot.profile
@@ -37,7 +37,7 @@ tracelog
 # private-bin godot
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,ld.so.cache,ld.so.preload,machine-id,mono,nsswitch.conf,openal,pki,pulse,resolv.conf,ssl
+private-etc @games,@tls-ca,@x11,mono
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/goldendict.profile b/etc/profile-a-l/goldendict.profile
index 327648cd1..822e5ffc2 100644
--- a/etc/profile-a-l/goldendict.profile
+++ b/etc/profile-a-l/goldendict.profile
@@ -50,7 +50,7 @@ disable-mnt
 private-bin goldendict
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl
+private-etc @tls-ca
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile
index da7c24581..58769643a 100644
--- a/etc/profile-a-l/googler-common.profile
+++ b/etc/profile-a-l/googler-common.profile
@@ -53,7 +53,7 @@ disable-mnt
 private-bin env,python3*,sh,w3m
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl
+private-etc @tls-ca,host.conf,rpc,services
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/gpicview.profile b/etc/profile-a-l/gpicview.profile
index 1012f5774..0525995c3 100644
--- a/etc/profile-a-l/gpicview.profile
+++ b/etc/profile-a-l/gpicview.profile
@@ -40,7 +40,7 @@ tracelog
 private-bin gpicview
 private-cache
 private-dev
-private-etc alternatives,fonts,group,ld.so.cache,ld.so.preload,passwd
+private-etc
 private-lib
 private-tmp
diff --git a/etc/profile-a-l/gpredict.profile b/etc/profile-a-l/gpredict.profile
index 53a6f94e2..99c840a27 100644
--- a/etc/profile-a-l/gpredict.profile
+++ b/etc/profile-a-l/gpredict.profile
@@ -35,7 +35,7 @@ tracelog
 private-bin gpredict
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl
+private-etc @tls-ca
 private-tmp
 restrict-namespaces
diff --git a/etc/profile-a-l/gradio.profile b/etc/profile-a-l/gradio.profile
index 368482fa3..a0d2247e0 100644
--- a/etc/profile-a-l/gradio.profile
+++ b/etc/profile-a-l/gradio.profile
@@ -44,7 +44,7 @@ disable-mnt
 private-bin gradio
 private-cache
 private-dev
-private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg
+private-etc @tls-ca,@x11,host.conf
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
index 02a49134c..19af7c0b9 100644
--- a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
+++ b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
@@ -39,7 +39,7 @@ private
 private-bin gravity-beams-and-evaporating-stars
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/gtk-update-icon-cache.profile b/etc/profile-a-l/gtk-update-icon-cache.profile
index 5fd92fd4f..eb09fe381 100644
--- a/etc/profile-a-l/gtk-update-icon-cache.profile
+++ b/etc/profile-a-l/gtk-update-icon-cache.profile
@@ -45,7 +45,7 @@ disable-mnt
 private-bin gtk-update-icon-cache
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload
+private-etc
 private-lib
 private-tmp
diff --git a/etc/profile-a-l/gucharmap.profile b/etc/profile-a-l/gucharmap.profile
index 68b78ec62..ef4aad4da 100644
--- a/etc/profile-a-l/gucharmap.profile
+++ b/etc/profile-a-l/gucharmap.profile
@@ -42,7 +42,7 @@ disable-mnt
 private-bin gnome-character-map,gucharmap
 private-cache
 private-dev
-private-etc alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,X11,xdg
+private-etc @x11,dbus-1,gconf,mime.types
 private-lib
 private-tmp
diff --git a/etc/profile-a-l/guvcview.profile b/etc/profile-a-l/guvcview.profile
index db307e940..467bee3a0 100644
--- a/etc/profile-a-l/guvcview.profile
+++ b/etc/profile-a-l/guvcview.profile
@@ -47,7 +47,7 @@ disable-mnt
 private-bin guvcview
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,glvnd,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nvidia,pango,pulse,X11
+private-etc @x11,bumblebee,glvnd
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/gwenview.profile b/etc/profile-a-l/gwenview.profile
index 8f7f74e0d..4be71f6d3 100644
--- a/etc/profile-a-l/gwenview.profile
+++ b/etc/profile-a-l/gwenview.profile
@@ -46,7 +46,7 @@ seccomp
 private-bin gimp*,gwenview,kbuildsycoca4,kdeinit4
 private-dev
-private-etc alternatives,fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,ld.so.preload,machine-id,passwd,pulse,xdg
+private-etc @x11,gimp
 # dbus-user none
 # dbus-system none
diff --git a/etc/profile-a-l/hasher-common.profile b/etc/profile-a-l/hasher-common.profile
index fd8246aae..96e69d6cf 100644
--- a/etc/profile-a-l/hasher-common.profile
+++ b/etc/profile-a-l/hasher-common.profile
@@ -48,6 +48,7 @@ x11 none
 # Add the next line to your hasher-common.local if you don't need to hash files in ~/.cache.
 #private-cache
 private-dev
+private-etc
 # Add the next line to your hasher-common.local if you don't need to hash files in /tmp.
 #private-tmp
diff --git a/etc/profile-a-l/homebank.profile b/etc/profile-a-l/homebank.profile
index 91b73e8e9..ccbb66333 100644
--- a/etc/profile-a-l/homebank.profile
+++ b/etc/profile-a-l/homebank.profile
@@ -49,7 +49,7 @@ disable-mnt
 private-bin homebank
 private-cache
 private-dev
-private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11
+private-etc @tls-ca,@x11,mime.types
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/host.profile b/etc/profile-a-l/host.profile
index b33709ef0..3f7901d3f 100644
--- a/etc/profile-a-l/host.profile
+++ b/etc/profile-a-l/host.profile
@@ -42,7 +42,7 @@ tracelog
 disable-mnt
 private
 private-bin bash,host,sh
-private-etc alternatives,ld.so.cache,ld.so.preload,login.defs,passwd,resolv.conf
+private-etc
 private-dev
 private-tmp
diff --git a/etc/profile-a-l/hyperrogue.profile b/etc/profile-a-l/hyperrogue.profile
index 13dc06ecc..72d28ed08 100644
--- a/etc/profile-a-l/hyperrogue.profile
+++ b/etc/profile-a-l/hyperrogue.profile
@@ -43,7 +43,7 @@ private-bin hyperrogue
 private-cache
 private-cwd
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/i2prouter.profile b/etc/profile-a-l/i2prouter.profile
index 757af67b0..6ee92e986 100644
--- a/etc/profile-a-l/i2prouter.profile
+++ b/etc/profile-a-l/i2prouter.profile
@@ -67,7 +67,7 @@ seccomp
 disable-mnt
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,dconf,group,hostname,hosts,i2p,java-10-openjdk,java-11-openjdk,java-12-openjdk,java-13-openjdk,java-8-openjdk,java-9-openjdk,java-openjdk,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,resolv.conf,ssl
+private-etc @tls-ca,@x11,i2p,java*
 private-tmp
 restrict-namespaces
diff --git a/etc/profile-a-l/io.github.lainsce.Notejot.profile b/etc/profile-a-l/io.github.lainsce.Notejot.profile
index cb2f30350..4730802a2 100644
--- a/etc/profile-a-l/io.github.lainsce.Notejot.profile
+++ b/etc/profile-a-l/io.github.lainsce.Notejot.profile
@@ -50,7 +50,7 @@ disable-mnt
 private-bin io.github.lainsce.Notejot
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11
+private-etc @x11
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/ipcalc.profile b/etc/profile-a-l/ipcalc.profile
index 983c31bcb..7eabbca84 100644
--- a/etc/profile-a-l/ipcalc.profile
+++ b/etc/profile-a-l/ipcalc.profile
@@ -49,7 +49,7 @@ private-bin bash,ipcalc,ipcalc-ng,perl,sh
 # private-cache
 private-dev
 # empty etc directory
-private-etc alternatives,ld.so.cache,ld.so.preload
+private-etc
 private-lib
 private-opt none
 private-tmp
diff --git a/etc/profile-a-l/jerry.profile b/etc/profile-a-l/jerry.profile
index 3136b412e..0cdfa2ace 100644
--- a/etc/profile-a-l/jerry.profile
+++ b/etc/profile-a-l/jerry.profile
@@ -33,7 +33,7 @@ tracelog
 private-bin bash,jerry,sh,stockfish
 private-dev
-private-etc alternatives,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload
+private-etc @x11
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/jitsi-meet-desktop.profile b/etc/profile-a-l/jitsi-meet-desktop.profile
index edb7ed840..8c85d1043 100644
--- a/etc/profile-a-l/jitsi-meet-desktop.profile
+++ b/etc/profile-a-l/jitsi-meet-desktop.profile
@@ -21,7 +21,7 @@ mkdir ${HOME}/.config/Jitsi Meet
 whitelist ${HOME}/.config/Jitsi Meet
 private-bin bash,electron,electron[0-9],electron[0-9][0-9],jitsi-meet-desktop,sh
-private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg
+private-etc @tls-ca,@x11,bumblebee,glvnd,host.conf,mime.types,rpc,services
 # Redirect
 include electron.profile
diff --git a/etc/profile-a-l/jumpnbump.profile b/etc/profile-a-l/jumpnbump.profile
index 66d63283a..cefceefed 100644
--- a/etc/profile-a-l/jumpnbump.profile
+++ b/etc/profile-a-l/jumpnbump.profile
@@ -40,7 +40,7 @@ disable-mnt
 private-bin jumpnbump
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/kalgebra.profile b/etc/profile-a-l/kalgebra.profile
index bde52f30e..a4e67cf6b 100644
--- a/etc/profile-a-l/kalgebra.profile
+++ b/etc/profile-a-l/kalgebra.profile
@@ -41,7 +41,7 @@ disable-mnt
 private-bin kalgebra,kalgebramobile
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/kazam.profile b/etc/profile-a-l/kazam.profile
index c01000af1..70414eeea 100644
--- a/etc/profile-a-l/kazam.profile
+++ b/etc/profile-a-l/kazam.profile
@@ -48,7 +48,7 @@ disable-mnt
 # private-bin kazam,python*
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,pulse,selinux,X11,xdg
+private-etc @x11
 private-tmp
 dbus-system none
diff --git a/etc/profile-a-l/kcalc.profile b/etc/profile-a-l/kcalc.profile
index ea56f2d39..cfb756c43 100644
--- a/etc/profile-a-l/kcalc.profile
+++ b/etc/profile-a-l/kcalc.profile
@@ -59,7 +59,7 @@ disable-mnt
 private-bin kcalc
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload,locale,locale.conf
+private-etc
 # private-lib - problems on Arch
 private-tmp
diff --git a/etc/profile-a-l/kdiff3.profile b/etc/profile-a-l/kdiff3.profile
index e0b3eadfd..d9e4480f5 100644
--- a/etc/profile-a-l/kdiff3.profile
+++ b/etc/profile-a-l/kdiff3.profile
@@ -52,6 +52,7 @@ disable-mnt
 private-bin kdiff3
 private-cache
 private-dev
+private-etc @x11
 dbus-user none
 dbus-system none
diff --git a/etc/profile-a-l/keepassx.profile b/etc/profile-a-l/keepassx.profile
index 935fe3933..4644d598d 100644
--- a/etc/profile-a-l/keepassx.profile
+++ b/etc/profile-a-l/keepassx.profile
@@ -40,7 +40,7 @@ tracelog
 private-bin keepassx,keepassx2
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile
index 80374690c..f7959ca81 100644
--- a/etc/profile-a-l/keepassxc.profile
+++ b/etc/profile-a-l/keepassxc.profile
@@ -89,7 +89,7 @@ private-bin keepassxc,keepassxc-cli,keepassxc-proxy
 # hardware keys) on /dev after it has already started; add "ignore private-dev"
 # to keepassxc.local if this is an issue (see #4883).
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id
+private-etc
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/kid3.profile b/etc/profile-a-l/kid3.profile
index 424fb006e..651571fd9 100644
--- a/etc/profile-a-l/kid3.profile
+++ b/etc/profile-a-l/kid3.profile
@@ -36,7 +36,7 @@ tracelog
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hostname,hosts,kde5rc,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl
+private-etc @tls-ca,@x11
 private-tmp
 private-opt none
 private-srv none
diff --git a/etc/profile-a-l/kiwix-desktop.profile b/etc/profile-a-l/kiwix-desktop.profile
index 5a028aeea..2e369b945 100644
--- a/etc/profile-a-l/kiwix-desktop.profile
+++ b/etc/profile-a-l/kiwix-desktop.profile
@@ -43,7 +43,7 @@ seccomp !chroot
 disable-mnt
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl
+private-etc @tls-ca
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/klavaro.profile b/etc/profile-a-l/klavaro.profile
index 0785b904d..faf6a2d08 100644
--- a/etc/profile-a-l/klavaro.profile
+++ b/etc/profile-a-l/klavaro.profile
@@ -44,7 +44,7 @@ disable-mnt
 private-bin bash,klavaro,sh,tclsh,tclsh*
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload
+private-etc
 private-tmp
 private-opt none
 private-srv none
diff --git a/etc/profile-a-l/ktouch.profile b/etc/profile-a-l/ktouch.profile
index 68ef6111a..b5ce96e70 100644
--- a/etc/profile-a-l/ktouch.profile
+++ b/etc/profile-a-l/ktouch.profile
@@ -45,7 +45,7 @@ disable-mnt
 private-bin ktouch
 private-cache
 private-dev
-private-etc alternatives,fonts,kde5rc,ld.so.cache,ld.so.preload,machine-id
+private-etc @x11
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile
index 0cdfe4f10..5183a9327 100644
--- a/etc/profile-a-l/kube.profile
+++ b/etc/profile-a-l/kube.profile
@@ -67,7 +67,7 @@ tracelog
 private-bin kube,sink_synchronizer
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,gcrypt,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,pki,resolv.conf,selinux,ssl,xdg
+private-etc @tls-ca,@x11
 private-tmp
 writable-run-user
diff --git a/etc/profile-a-l/kwin_x11.profile b/etc/profile-a-l/kwin_x11.profile
index 7ecf26d8e..589811643 100644
--- a/etc/profile-a-l/kwin_x11.profile
+++ b/etc/profile-a-l/kwin_x11.profile
@@ -42,7 +42,7 @@ tracelog
 disable-mnt
 private-bin kwin_x11
 private-dev
-private-etc alternatives,drirc,fonts,kde5rc,ld.so.cache,ld.so.preload,machine-id,xdg
+private-etc @x11
 private-tmp
 restrict-namespaces
diff --git a/etc/profile-a-l/kwrite.profile b/etc/profile-a-l/kwrite.profile
index 18a024c7e..34fe2ace6 100644
--- a/etc/profile-a-l/kwrite.profile
+++ b/etc/profile-a-l/kwrite.profile
@@ -46,7 +46,7 @@ tracelog
 private-bin kbuildsycoca4,kdeinit4,kwrite
 private-dev
-private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,ld.so.preload,machine-id,pulse,xdg
+private-etc @x11
 private-tmp
 # dbus-user none
diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile
index 518928876..d7144d8c3 100644
--- a/etc/profile-a-l/libreoffice.profile
+++ b/etc/profile-a-l/libreoffice.profile
@@ -50,6 +50,7 @@ tracelog
 #private-bin libreoffice,sh,uname,dirname,grep,sed,basename,ls
 private-cache
 private-dev
+private-etc @tls-ca,@x11,cups,gnupg,libreoffice,papersize,ssh
 private-tmp
 dbus-system none
diff --git a/etc/profile-a-l/lifeograph.profile b/etc/profile-a-l/lifeograph.profile
index 025156d2d..4440757ad 100644
--- a/etc/profile-a-l/lifeograph.profile
+++ b/etc/profile-a-l/lifeograph.profile
@@ -48,7 +48,7 @@ disable-mnt
 private-bin lifeograph
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11
+private-etc @x11
 private-tmp
 dbus-user filter
diff --git a/etc/profile-a-l/links-common.profile b/etc/profile-a-l/links-common.profile
index 22a4a2a2a..838d619b7 100644
--- a/etc/profile-a-l/links-common.profile
+++ b/etc/profile-a-l/links-common.profile
@@ -50,7 +50,7 @@ disable-mnt
 private-bin sh
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl
+private-etc @tls-ca
 # Add the next line to your links-common.local to allow external media players.
 # private-etc alsa,asound.conf,machine-id,openal,pulse
 private-tmp
diff --git a/etc/profile-a-l/linuxqq.profile b/etc/profile-a-l/linuxqq.profile
index 8855f09f5..83f3d11d3 100644
--- a/etc/profile-a-l/linuxqq.profile
+++ b/etc/profile-a-l/linuxqq.profile
@@ -23,7 +23,7 @@ noprinters
 # If you don't need/want to save anything to disk you can add `private` to your linuxqq.local.
 #private
-private-etc alsa,alternatives,ca-certificates,crypto-policies,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,login.defs,machine-id,nsswitch.conf,os-release,passwd,pki,pulse,resolv.conf,ssl,xdg
+private-etc @tls-ca,@x11,host.conf,os-release
 private-opt QQ
 dbus-user filter
diff --git a/etc/profile-a-l/lollypop.profile b/etc/profile-a-l/lollypop.profile
index 78b78662b..bb13e0301 100644
--- a/etc/profile-a-l/lollypop.profile
+++ b/etc/profile-a-l/lollypop.profile
@@ -36,7 +36,7 @@ protocol unix,inet,inet6
 seccomp
 private-dev
-private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg
+private-etc @tls-ca,@x11,host.conf
 private-tmp
 restrict-namespaces
diff --git a/etc/profile-a-l/lyx.profile b/etc/profile-a-l/lyx.profile
index ae2f2d434..c3366acef 100644
--- a/etc/profile-a-l/lyx.profile
+++ b/etc/profile-a-l/lyx.profile
@@ -32,7 +32,7 @@ apparmor
 machine-id
 # private-bin atril,dvilualatex,env,latex,lua*,luatex,lyx,lyxclient,okular,pdf2latex,pdflatex,pdftex,perl*,python*,qpdf,qpdfview,sh,tex2lyx,texmf,xelatex
-private-etc alternatives,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,locale,locale.alias,locale.conf,lyx,machine-id,mime.types,passwd,texmf,X11,xdg
+private-etc @x11,lyx,mime.types,texmf
 # Redirect
 include latex-common.profile
diff --git a/etc/profile-m-z/PCSX2.profile b/etc/profile-m-z/PCSX2.profile
index 902fc9a6a..e75de80ac 100644
--- a/etc/profile-m-z/PCSX2.profile
+++ b/etc/profile-m-z/PCSX2.profile
@@ -47,7 +47,7 @@ private-bin PCSX2
 private-cache
 # Add the next line to your PCSX2.local if you do not need controller support.
 #private-dev
-private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg
+private-etc @tls-ca,@x11,bumblebee,gconf,glvnd,host.conf,mime.types,rpc,services
 private-opt none
 private-tmp
diff --git a/etc/profile-m-z/QMediathekView.profile b/etc/profile-m-z/QMediathekView.profile
index 22c4c4631..f8b5cec13 100644
--- a/etc/profile-m-z/QMediathekView.profile
+++ b/etc/profile-m-z/QMediathekView.profile
@@ -71,7 +71,7 @@ disable-mnt
 private-bin mplayer,mpv,QMediathekView,smplayer,totem,vlc,xplayer
 private-cache
 private-dev
-private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,login.defs,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl
+private-etc @tls-ca
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/QOwnNotes.profile b/etc/profile-m-z/QOwnNotes.profile
index 6140de60f..eed839041 100644
--- a/etc/profile-m-z/QOwnNotes.profile
+++ b/etc/profile-m-z/QOwnNotes.profile
@@ -49,7 +49,7 @@ tracelog
 disable-mnt
 private-bin gio,QOwnNotes
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hosts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl
+private-etc @tls-ca,host.conf
 private-tmp
 restrict-namespaces
diff --git a/etc/profile-m-z/Viber.profile b/etc/profile-m-z/Viber.profile
index 2ea185ec0..34d500bb1 100644
--- a/etc/profile-m-z/Viber.profile
+++ b/etc/profile-m-z/Viber.profile
@@ -32,7 +32,7 @@ seccomp !chroot
 disable-mnt
 private-bin awk,bash,dig,sh,Viber
-private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,mailcap,nsswitch.conf,pki,proxychains.conf,pulse,resolv.conf,ssl,X11
+private-etc @tls-ca,@x11,mailcap,proxychains.conf
 private-tmp
 # restrict-namespaces
diff --git a/etc/profile-m-z/Xvfb.profile b/etc/profile-m-z/Xvfb.profile
index 8bf79f554..ee19fa3b0 100644
--- a/etc/profile-m-z/Xvfb.profile
+++ b/etc/profile-m-z/Xvfb.profile
@@ -42,7 +42,7 @@ private
 # private-bin sh,xkbcomp,Xvfb
 # private-bin bash,cat,ls,sh,strace,xkbcomp,Xvfb
 private-dev
-private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.preload,nsswitch.conf,resolv.conf
+private-etc gai.conf,host.conf
 private-tmp
 restrict-namespaces
diff --git a/etc/profile-m-z/magicor.profile b/etc/profile-m-z/magicor.profile
index e5d994b57..d9990825a 100644
--- a/etc/profile-m-z/magicor.profile
+++ b/etc/profile-m-z/magicor.profile
@@ -44,7 +44,7 @@ disable-mnt
 private-bin magicor,python2*
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload,machine-id
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/man.profile b/etc/profile-m-z/man.profile
index 0e3f9e6e2..cdf1d807f 100644
--- a/etc/profile-m-z/man.profile
+++ b/etc/profile-m-z/man.profile
@@ -56,7 +56,7 @@ disable-mnt
 #private-bin apropos,bash,cat,catman,col,gpreconv,groff,grotty,gunzip,gzip,less,man,most,nroff,preconv,sed,sh,tbl,tr,troff,whatis,which,xtotroff,zcat,zsoelim
 private-cache
 private-dev
-private-etc alternatives,fonts,groff,group,ld.so.cache,ld.so.preload,locale,locale.alias,locale.conf,login.defs,man_db.conf,manpath.config,passwd,selinux,sysless,xdg
+private-etc @x11,groff,man_db.conf,manpath.config,sysless
 #private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/marker.profile b/etc/profile-m-z/marker.profile
index 7066f4229..2fb527ad5 100644
--- a/etc/profile-m-z/marker.profile
+++ b/etc/profile-m-z/marker.profile
@@ -53,7 +53,7 @@ tracelog
 private-bin marker,python3*
 private-cache
 private-dev
-private-etc alternatives,dconfgtk-3.0,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,pango,X11
+private-etc @x11
 private-tmp
 dbus-user filter
diff --git a/etc/profile-m-z/masterpdfeditor.profile b/etc/profile-m-z/masterpdfeditor.profile
index 176506ff2..95a16cbb8 100644
--- a/etc/profile-m-z/masterpdfeditor.profile
+++ b/etc/profile-m-z/masterpdfeditor.profile
@@ -35,7 +35,7 @@ tracelog
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload
+private-etc
 private-tmp
 restrict-namespaces
diff --git a/etc/profile-m-z/mate-calc.profile b/etc/profile-m-z/mate-calc.profile
index e3a5c6ab6..ee780333d 100644
--- a/etc/profile-m-z/mate-calc.profile
+++ b/etc/profile-m-z/mate-calc.profile
@@ -41,7 +41,7 @@ seccomp
 disable-mnt
 private-bin mate-calc,mate-calculator
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload
+private-etc @x11
 private-dev
 private-opt none
 private-tmp
diff --git a/etc/profile-m-z/mate-color-select.profile b/etc/profile-m-z/mate-color-select.profile
index 337c2d6e5..37cae5c70 100644
--- a/etc/profile-m-z/mate-color-select.profile
+++ b/etc/profile-m-z/mate-color-select.profile
@@ -32,7 +32,7 @@ seccomp
 disable-mnt
 private-bin mate-color-select
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload
+private-etc
 private-dev
 private-lib
 private-tmp
diff --git a/etc/profile-m-z/mate-dictionary.profile b/etc/profile-m-z/mate-dictionary.profile
index e80b220b7..b56317037 100644
--- a/etc/profile-m-z/mate-dictionary.profile
+++ b/etc/profile-m-z/mate-dictionary.profile
@@ -36,7 +36,7 @@ seccomp
 disable-mnt
 private-bin mate-dictionary
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl
+private-etc @tls-ca
 private-opt mate-dictionary
 private-dev
 private-tmp
diff --git a/etc/profile-m-z/mattermost-desktop.profile b/etc/profile-m-z/mattermost-desktop.profile
index 3c2bf4fa3..f4eb6d404 100644
--- a/etc/profile-m-z/mattermost-desktop.profile
+++ b/etc/profile-m-z/mattermost-desktop.profile
@@ -17,7 +17,7 @@ include disable-shell.inc
 mkdir ${HOME}/.config/Mattermost
 whitelist ${HOME}/.config/Mattermost
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl
+private-etc @tls-ca
 # Not tested
 #dbus-user filter
diff --git a/etc/profile-m-z/mcabber.profile b/etc/profile-m-z/mcabber.profile
index 1ebe9aaba..d880228de 100644
--- a/etc/profile-m-z/mcabber.profile
+++ b/etc/profile-m-z/mcabber.profile
@@ -30,6 +30,6 @@ seccomp
 private-bin mcabber
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,pki,ssl
+private-etc @tls-ca
 restrict-namespaces
diff --git a/etc/profile-m-z/mcomix.profile b/etc/profile-m-z/mcomix.profile
index a3ff768b7..a288f1972 100644
--- a/etc/profile-m-z/mcomix.profile
+++ b/etc/profile-m-z/mcomix.profile
@@ -57,7 +57,7 @@ private-bin 7z,lha,mcomix,mutool,python*,rar,sh,unrar,unzip
 private-cache
 private-dev
 # mcomix <= 1.2 uses gtk-2.0
-private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,X11,xdg
+private-etc @x11,gconf,mime.types
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/mdr.profile b/etc/profile-m-z/mdr.profile
index e1025a1fb..d3b3c6d48 100644
--- a/etc/profile-m-z/mdr.profile
+++ b/etc/profile-m-z/mdr.profile
@@ -44,7 +44,7 @@ disable-mnt
 private-bin mdr
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload
+private-etc
 private-lib
 private-tmp
diff --git a/etc/profile-m-z/mediainfo.profile b/etc/profile-m-z/mediainfo.profile
index 12d692b72..01edd23ab 100644
--- a/etc/profile-m-z/mediainfo.profile
+++ b/etc/profile-m-z/mediainfo.profile
@@ -42,7 +42,7 @@ x11 none
 private-bin mediainfo
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/menulibre.profile b/etc/profile-m-z/menulibre.profile
index cd4938ec6..fcac70fb3 100644
--- a/etc/profile-m-z/menulibre.profile
+++ b/etc/profile-m-z/menulibre.profile
@@ -51,7 +51,7 @@ tracelog
 disable-mnt
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,locale.alias,locale.conf,mime.types,nsswitch.conf,passwd,pki,selinux,X11,xdg
+private-etc @tls-ca,@x11,mime.types
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/mindless.profile b/etc/profile-m-z/mindless.profile
index a26896b19..48ac0ec69 100644
--- a/etc/profile-m-z/mindless.profile
+++ b/etc/profile-m-z/mindless.profile
@@ -41,7 +41,7 @@ private
 private-bin mindless
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/minecraft-launcher.profile b/etc/profile-m-z/minecraft-launcher.profile
index e6bf86802..4f2c89b27 100644
--- a/etc/profile-m-z/minecraft-launcher.profile
+++ b/etc/profile-m-z/minecraft-launcher.profile
@@ -50,7 +50,7 @@ private-cache
 private-dev
 # If multiplayer or realms break, add 'private-etc <your-own-java-folder-from-/etc>'
 # or 'ignore private-etc' to your minecraft-launcher.local.
-private-etc alternatives,asound.conf,ati,ca-certificates,crypto-policies,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,java-10-openjdk,java-11-openjdk,java-12-openjdk,java-13-openjdk,java-14-openjdk,java-7-openjdk,java-8-openjdk,java-9-openjdk,java-openjdk,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,login.defs,machine-id,mime.types,nvidia,passwd,pki,pulse,resolv.conf,selinux,services,ssl,timezone,X11,xdg
+private-etc @tls-ca,@x11,host.conf,java*,mime.types,services,timezone
 private-opt minecraft-launcher
 private-tmp
diff --git a/etc/profile-m-z/minitube.profile b/etc/profile-m-z/minitube.profile
index ce938c867..9e72f9996 100644
--- a/etc/profile-m-z/minitube.profile
+++ b/etc/profile-m-z/minitube.profile
@@ -53,7 +53,7 @@ disable-mnt
 private-bin minitube
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-etc @tls-ca,@x11,host.conf,mime.types
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/mirage.profile b/etc/profile-m-z/mirage.profile
index d36c0fc81..665b32ecf 100644
--- a/etc/profile-m-z/mirage.profile
+++ b/etc/profile-m-z/mirage.profile
@@ -53,7 +53,7 @@ disable-mnt
 private-bin ldconfig,mirage
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-etc @tls-ca,@x11,host.conf,mime.types
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/mirrormagic.profile b/etc/profile-m-z/mirrormagic.profile
index 34721b4a3..4943a80af 100644
--- a/etc/profile-m-z/mirrormagic.profile
+++ b/etc/profile-m-z/mirrormagic.profile
@@ -43,7 +43,7 @@ private
 private-bin mirrormagic
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload,machine-id
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/mocp.profile b/etc/profile-m-z/mocp.profile
index 46320f8ea..2ba03ec97 100644
--- a/etc/profile-m-z/mocp.profile
+++ b/etc/profile-m-z/mocp.profile
@@ -41,7 +41,7 @@ tracelog
 private-bin mocp
 private-cache
 private-dev
-private-etc alternatives,asound.conf,ca-certificates,crypto-policies,group,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl
+private-etc @tls-ca
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/mp3splt-gtk.profile b/etc/profile-m-z/mp3splt-gtk.profile
index 89cee657d..ed344ba3f 100644
--- a/etc/profile-m-z/mp3splt-gtk.profile
+++ b/etc/profile-m-z/mp3splt-gtk.profile
@@ -36,7 +36,7 @@ tracelog
 private-bin mp3splt-gtk
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,openal,pulse
+private-etc @games,@x11
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/mp3splt.profile b/etc/profile-m-z/mp3splt.profile
index 77ad30d0c..ef4635075 100644
--- a/etc/profile-m-z/mp3splt.profile
+++ b/etc/profile-m-z/mp3splt.profile
@@ -43,7 +43,7 @@ disable-mnt
 private-bin flacsplt,mp3splt,mp3wrap,oggsplt
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/mpDris2.profile b/etc/profile-m-z/mpDris2.profile
index 94b342865..a9631733c 100644
--- a/etc/profile-m-z/mpDris2.profile
+++ b/etc/profile-m-z/mpDris2.profile
@@ -48,7 +48,7 @@ seccomp
 private-bin mpDris2,notify-send,python*
 private-cache
 private-dev
-private-etc alternatives,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,resolv.conf
+private-etc
 private-lib libdbus-1.so.*,libdbus-glib-1.so.*,libgirepository-1.0.so.*,libnotify.so.*,libpython*,python2*,python3*
 private-tmp
diff --git a/etc/profile-m-z/mrrescue.profile b/etc/profile-m-z/mrrescue.profile
index 4f7ae09b9..fd79e2a80 100644
--- a/etc/profile-m-z/mrrescue.profile
+++ b/etc/profile-m-z/mrrescue.profile
@@ -51,7 +51,7 @@ disable-mnt
 private-bin love,mrrescue,sh
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload,machine-id
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/ms-office.profile b/etc/profile-m-z/ms-office.profile
index d979e7401..91e990cf6 100644
--- a/etc/profile-m-z/ms-office.profile
+++ b/etc/profile-m-z/ms-office.profile
@@ -34,7 +34,7 @@ tracelog
 disable-mnt
 private-bin bash,env,fonts,jak,ms-office,python*,sh
-private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl
+private-etc @tls-ca
 private-dev
 private-tmp
diff --git a/etc/profile-m-z/mupdf-x11-curl.profile b/etc/profile-m-z/mupdf-x11-curl.profile
index 006f64ba8..f8dec6e7d 100644
--- a/etc/profile-m-z/mupdf-x11-curl.profile
+++ b/etc/profile-m-z/mupdf-x11-curl.profile
@@ -12,7 +12,7 @@ ignore net none
 netfilter
 protocol unix,inet,inet6
-private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl
+private-etc @tls-ca
 # Redirect
 include mupdf.profile
diff --git a/etc/profile-m-z/mupdf.profile b/etc/profile-m-z/mupdf.profile
index 954016c2c..1e92b07bf 100644
--- a/etc/profile-m-z/mupdf.profile
+++ b/etc/profile-m-z/mupdf.profile
@@ -36,7 +36,7 @@ seccomp
 tracelog
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/musictube.profile b/etc/profile-m-z/musictube.profile
index 01b8d20b3..3387ed5de 100644
--- a/etc/profile-m-z/musictube.profile
+++ b/etc/profile-m-z/musictube.profile
@@ -49,7 +49,7 @@ disable-mnt
 private-bin musictube
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-etc @tls-ca,@x11,host.conf,mime.types
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/musixmatch.profile b/etc/profile-m-z/musixmatch.profile
index d2032dcf6..7ce7fbd19 100644
--- a/etc/profile-m-z/musixmatch.profile
+++ b/etc/profile-m-z/musixmatch.profile
@@ -33,6 +33,6 @@ seccomp !chroot
 disable-mnt
 private-dev
-private-etc alternatives,asound.conf,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,machine-id,pki,pulse,ssl
+private-etc @tls-ca
 # restrict-namespaces
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile
index 904b0cd7c..288ffedf1 100644
--- a/etc/profile-m-z/mutt.profile
+++ b/etc/profile-m-z/mutt.profile
@@ -124,7 +124,7 @@ tracelog
 # disable-mnt
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,gai.conf,gcrypt,gnupg,gnutls,hostname,hosts,hosts.conf,ld.so.cache,ld.so.preload,mail,mailname,Mutt,Muttrc,Muttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,terminfo,xdg
+private-etc @tls-ca,@x11,Mutt,Muttrc,Muttrc.d,gai.conf,gnupg,gnutls,hosts.conf,mail,mailname,nntpserver,terminfo
 private-tmp
 writable-run-user
 writable-var
diff --git a/etc/profile-m-z/mypaint.profile b/etc/profile-m-z/mypaint.profile
index 18117965e..774865a38 100644
--- a/etc/profile-m-z/mypaint.profile
+++ b/etc/profile-m-z/mypaint.profile
@@ -42,7 +42,7 @@ tracelog
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload
+private-etc @x11
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/nano.profile b/etc/profile-m-z/nano.profile
index 74403c335..6b4074dfb 100644
--- a/etc/profile-m-z/nano.profile
+++ b/etc/profile-m-z/nano.profile
@@ -48,7 +48,7 @@ private-dev
 # Add the next lines to your nano.local if you want to edit files in /etc directly.
 #ignore private-etc
 #writable-etc
-private-etc alternatives,ld.so.cache,ld.so.preload,nanorc
+private-etc nanorc
 # Add the next line to your nano.local if you want to edit files in /var directly.
 #writable-var
diff --git a/etc/profile-m-z/neochat.profile b/etc/profile-m-z/neochat.profile
index fde1d4d2c..80e28a5e5 100644
--- a/etc/profile-m-z/neochat.profile
+++ b/etc/profile-m-z/neochat.profile
@@ -53,7 +53,7 @@ tracelog
 disable-mnt
 private-bin neochat
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,dbus-1,fonts,host.conf,hostname,hosts,kde4rc,kde5rc,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,pki,protocols,resolv.conf,rpc,services,ssl,Trolltech.conf,X11,xdg
+private-etc @tls-ca,@x11,dbus-1,host.conf,mime.types,rpc,services
 private-tmp
 dbus-user filter
diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile
index f343226ae..5bd1e7cba 100644
--- a/etc/profile-m-z/neomutt.profile
+++ b/etc/profile-m-z/neomutt.profile
@@ -116,7 +116,7 @@ tracelog
 # disable-mnt
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gnupg,hostname,hosts,hosts.conf,ld.so.cache,ld.so.preload,mail,mailname,Mutt,Muttrc,Muttrc.d,neomuttrc,neomuttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,xdg
+private-etc @tls-ca,@x11,Mutt,Muttrc,Muttrc.d,gnupg,hosts.conf,mail,mailname,neomuttrc,neomuttrc.d,nntpserver
 private-tmp
 writable-run-user
 writable-var
diff --git a/etc/profile-m-z/netactview.profile b/etc/profile-m-z/netactview.profile
index 1ede42405..b0828cd76 100644
--- a/etc/profile-m-z/netactview.profile
+++ b/etc/profile-m-z/netactview.profile
@@ -44,7 +44,7 @@ disable-mnt
 private-bin netactview,netactview_polkit
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload,resolv.conf
+private-etc
 private-lib
 private-tmp
diff --git a/etc/profile-m-z/neverball.profile b/etc/profile-m-z/neverball.profile
index 68b0ce2ea..a7c404201 100644
--- a/etc/profile-m-z/neverball.profile
+++ b/etc/profile-m-z/neverball.profile
@@ -43,7 +43,7 @@ disable-mnt
 private-bin neverball
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,machine-id
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/newsboat.profile b/etc/profile-m-z/newsboat.profile
index b80a0a151..a08fbad36 100644
--- a/etc/profile-m-z/newsboat.profile
+++ b/etc/profile-m-z/newsboat.profile
@@ -52,7 +52,7 @@ disable-mnt
 private-bin gzip,lynx,newsboat,sh,w3m
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,lynx.cfg,lynx.lss,pki,resolv.conf,ssl,terminfo
+private-etc @tls-ca,lynx.cfg,lynx.lss,terminfo
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/newsflash.profile b/etc/profile-m-z/newsflash.profile
index 59f16bb10..c7c8abc0b 100644
--- a/etc/profile-m-z/newsflash.profile
+++ b/etc/profile-m-z/newsflash.profile
@@ -50,7 +50,7 @@ disable-mnt
 private-bin com.gitlab.newsflash,newsflash
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,nsswitch.conf,pango,pki,resolv.conf,ssl,X11
+private-etc @tls-ca,@x11
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/nextcloud.profile b/etc/profile-m-z/nextcloud.profile
index c26942c81..d4bad2f67 100644
--- a/etc/profile-m-z/nextcloud.profile
+++ b/etc/profile-m-z/nextcloud.profile
@@ -61,7 +61,7 @@ tracelog
 disable-mnt
 private-bin nextcloud,nextcloud-desktop
 private-cache
-private-etc alternatives,ca-certificates,crypto-policies,drirc,fonts,gcrypt,host.conf,hosts,ld.so.cache,ld.so.preload,machine-id,Nextcloud,nsswitch.conf,os-release,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg
+private-etc @tls-ca,@x11,Nextcloud,host.conf,os-release
 private-dev
 private-tmp
diff --git a/etc/profile-m-z/nheko.profile b/etc/profile-m-z/nheko.profile
index 4e4c7bfe7..cdd2ffc3f 100644
--- a/etc/profile-m-z/nheko.profile
+++ b/etc/profile-m-z/nheko.profile
@@ -47,7 +47,7 @@ disable-mnt
 private-bin nheko
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-etc @tls-ca,@x11,host.conf,mime.types
 private-tmp
 dbus-user filter
diff --git a/etc/profile-m-z/nitroshare.profile b/etc/profile-m-z/nitroshare.profile
index cefe9fa79..7a97ca825 100644
--- a/etc/profile-m-z/nitroshare.profile
+++ b/etc/profile-m-z/nitroshare.profile
@@ -41,7 +41,7 @@ disable-mnt
 private-bin awk,grep,nitroshare,nitroshare-cli,nitroshare-nmh,nitroshare-send,nitroshare-ui
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,dconf,fonts,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,ssl
+private-etc @tls-ca,@x11
 # private-lib libnitroshare.so.*,libqhttpengine.so.*,libqmdnsengine.so.*,nitroshare
 private-tmp
diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile
index f185a04ee..f3b0c8a49 100644
--- a/etc/profile-m-z/nodejs-common.profile
+++ b/etc/profile-m-z/nodejs-common.profile
@@ -92,7 +92,7 @@ seccomp.block-secondary
 disable-mnt
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg
+private-etc @tls-ca,@x11,host.conf,mime.types,rpc,services
 #private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/nomacs.profile b/etc/profile-m-z/nomacs.profile
index ac8336331..87373a02b 100644
--- a/etc/profile-m-z/nomacs.profile
+++ b/etc/profile-m-z/nomacs.profile
@@ -40,7 +40,7 @@ tracelog
 #private-bin nomacs
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.preload,login.defs,machine-id,pki,resolv.conf,ssl
+private-etc @tls-ca,@x11
 private-tmp
 restrict-namespaces
diff --git a/etc/profile-m-z/notify-send.profile b/etc/profile-m-z/notify-send.profile
index 11d6bd795..f0f2cca2e 100644
--- a/etc/profile-m-z/notify-send.profile
+++ b/etc/profile-m-z/notify-send.profile
@@ -48,7 +48,7 @@ private
 private-bin notify-send
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload
+private-etc
 private-tmp
 dbus-user filter
diff --git a/etc/profile-m-z/nslookup.profile b/etc/profile-m-z/nslookup.profile
index 5866cda47..dcd76f2ad 100644
--- a/etc/profile-m-z/nslookup.profile
+++ b/etc/profile-m-z/nslookup.profile
@@ -45,7 +45,7 @@ tracelog
 disable-mnt
 private-bin bash,nslookup,sh
-private-etc alternatives,ld.so.cache,ld.so.preload,login.defs,passwd,resolv.conf
+private-etc
 private-dev
 private-tmp
diff --git a/etc/profile-m-z/nuclear.profile b/etc/profile-m-z/nuclear.profile
index 9f4a6ec46..6ab21af5b 100644
--- a/etc/profile-m-z/nuclear.profile
+++ b/etc/profile-m-z/nuclear.profile
@@ -18,7 +18,7 @@ whitelist ${HOME}/.config/nuclear
 no3d
 # private-bin nuclear
-private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-etc @tls-ca,@x11,host.conf,mime.types
 private-opt nuclear
 # Redirect
diff --git a/etc/profile-m-z/nyx.profile b/etc/profile-m-z/nyx.profile
index 4f767f046..4355fd0c7 100644
--- a/etc/profile-m-z/nyx.profile
+++ b/etc/profile-m-z/nyx.profile
@@ -44,7 +44,7 @@ disable-mnt
 private-bin nyx,python*
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload,passwd,tor
+private-etc tor
 private-opt none
 private-srv none
 private-tmp
diff --git a/etc/profile-m-z/ocenaudio.profile b/etc/profile-m-z/ocenaudio.profile
index 87c665cba..830483bd4 100644
--- a/etc/profile-m-z/ocenaudio.profile
+++ b/etc/profile-m-z/ocenaudio.profile
@@ -53,7 +53,7 @@ tracelog
 private-bin ocenaudio,ocenvst
 private-cache
 private-dev
-private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg
+private-etc @tls-ca,@x11,mime.types
 private-opt ocenaudio
 private-tmp
diff --git a/etc/profile-m-z/odt2txt.profile b/etc/profile-m-z/odt2txt.profile
index 25da2139f..73b72efc2 100644
--- a/etc/profile-m-z/odt2txt.profile
+++ b/etc/profile-m-z/odt2txt.profile
@@ -37,7 +37,7 @@ x11 none
 private-bin odt2txt
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/okular.profile b/etc/profile-m-z/okular.profile
index 568b6566e..8e0758c37 100644
--- a/etc/profile-m-z/okular.profile
+++ b/etc/profile-m-z/okular.profile
@@ -61,7 +61,7 @@ tracelog
 private-bin kbuildsycoca4,kdeinit4,lpr,okular,unar,unrar
 private-dev
-private-etc alternatives,cups,fonts,kde4rc,kde5rc,ld.so.cache,ld.so.preload,machine-id,passwd,xdg
+private-etc @x11,cups
 # private-tmp - on KDE we need access to the real /tmp for data exchange with email clients
 # dbus-user none
diff --git a/etc/profile-m-z/onboard.profile b/etc/profile-m-z/onboard.profile
index 913b499d3..f8be5819b 100644
--- a/etc/profile-m-z/onboard.profile
+++ b/etc/profile-m-z/onboard.profile
@@ -49,7 +49,7 @@ disable-mnt
 private-cache
 private-bin onboard,python*,tput
 private-dev
-private-etc alternatives,dbus-1,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,locale,locale.alias,locale.conf,mime.types,selinux,X11,xdg
+private-etc @x11,dbus-1,mime.types
 private-tmp
 dbus-system none
diff --git a/etc/profile-m-z/open-invaders.profile b/etc/profile-m-z/open-invaders.profile
index f6b070ab3..498a4f6c8 100644
--- a/etc/profile-m-z/open-invaders.profile
+++ b/etc/profile-m-z/open-invaders.profile
@@ -35,6 +35,7 @@ seccomp
 private-bin open-invaders
 private-dev
+private-etc @x11
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/openarena.profile b/etc/profile-m-z/openarena.profile
index 053f54b48..46d0bb86b 100644
--- a/etc/profile-m-z/openarena.profile
+++ b/etc/profile-m-z/openarena.profile
@@ -42,7 +42,7 @@ disable-mnt
 private-bin bash,cut,glxinfo,grep,head,openarena,openarena_ded,quake3,zenity
 private-cache
 private-dev
-private-etc alternatives,drirc,ld.so.cache,ld.so.preload,machine-id,openal,passwd,selinux,udev,xdg
+private-etc @games,@x11,udev
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/openmw.profile b/etc/profile-m-z/openmw.profile
index be97552ab..721b06117 100644
--- a/etc/profile-m-z/openmw.profile
+++ b/etc/profile-m-z/openmw.profile
@@ -52,7 +52,7 @@ tracelog
 private-bin bsatool,esmtool,niftest,openmw,openmw-cs,openmw-essimporter,openmw-iniimporter,openmw-launcher,openmw-wizard
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,bumblebee,drirc,fonts,glvnd,group,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nvidia,openmw,pango,passwd,pulse,Trolltech.conf,X11,xdg
+private-etc @x11,bumblebee,glvnd,mime.types,openmw
 private-opt none
 private-tmp
diff --git a/etc/profile-m-z/otter-browser.profile b/etc/profile-m-z/otter-browser.profile
index 028c6fe90..a1c0462ba 100644
--- a/etc/profile-m-z/otter-browser.profile
+++ b/etc/profile-m-z/otter-browser.profile
@@ -52,7 +52,7 @@ disable-mnt
 private-bin bash,otter-browser,sh,which
 private-cache
 ?BROWSER_DISABLE_U2F: private-dev
-private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-etc @tls-ca,@x11,mailcap,mime.types
 private-tmp
 dbus-system none
diff --git a/etc/profile-m-z/pandoc.profile b/etc/profile-m-z/pandoc.profile
index 2610ae67a..0a906718a 100644
--- a/etc/profile-m-z/pandoc.profile
+++ b/etc/profile-m-z/pandoc.profile
@@ -49,7 +49,7 @@ x11 none
 disable-mnt
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload,texlive,texmf
+private-etc texlive,texmf
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/parole.profile b/etc/profile-m-z/parole.profile
index fb629669a..662896530 100644
--- a/etc/profile-m-z/parole.profile
+++ b/etc/profile-m-z/parole.profile
@@ -26,6 +26,6 @@ seccomp
 private-bin dbus-launch,parole
 private-cache
-private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd,pki,pulse,ssl
+private-etc @tls-ca
 restrict-namespaces
diff --git a/etc/profile-m-z/pavucontrol.profile b/etc/profile-m-z/pavucontrol.profile
index 1780f982c..196ce424d 100644
--- a/etc/profile-m-z/pavucontrol.profile
+++ b/etc/profile-m-z/pavucontrol.profile
@@ -44,7 +44,7 @@ disable-mnt
 private-bin pavucontrol
 private-cache
 private-dev
-private-etc alternatives,asound.conf,avahi,fonts,ld.so.cache,ld.so.preload,machine-id,pulse,resolv.conf
+private-etc avahi
 private-lib
 private-tmp
diff --git a/etc/profile-m-z/pcsxr.profile b/etc/profile-m-z/pcsxr.profile
index 784d82736..5b3cf0fef 100644
--- a/etc/profile-m-z/pcsxr.profile
+++ b/etc/profile-m-z/pcsxr.profile
@@ -47,7 +47,7 @@ private-bin pcsxr
 private-cache
 # Add the next line to your pcsxr.local if you do not need controller support.
 #private-dev
-private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg
+private-etc @tls-ca,@x11,bumblebee,gconf,glvnd,host.conf,mime.types,rpc,services
 private-opt none
 private-tmp
diff --git a/etc/profile-m-z/pdfchain.profile b/etc/profile-m-z/pdfchain.profile
index 2e38dde3b..0ab006084 100644
--- a/etc/profile-m-z/pdfchain.profile
+++ b/etc/profile-m-z/pdfchain.profile
@@ -33,7 +33,7 @@ seccomp
 private-bin pdfchain,pdftk,sh
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,xdg
+private-etc @x11
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/pdftotext.profile b/etc/profile-m-z/pdftotext.profile
index 7ece10835..cb7e0809f 100644
--- a/etc/profile-m-z/pdftotext.profile
+++ b/etc/profile-m-z/pdftotext.profile
@@ -48,7 +48,7 @@ x11 none
 private-bin pdftotext
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/peek.profile b/etc/profile-m-z/peek.profile
index 24a1bc979..96744e019 100644
--- a/etc/profile-m-z/peek.profile
+++ b/etc/profile-m-z/peek.profile
@@ -47,7 +47,7 @@ tracelog
 disable-mnt
 private-bin bash,convert,ffmpeg,firejail,fish,peek,sh,which,zsh
 private-dev
-private-etc alternatives,dconf,firejail,fonts,gtk-3.0,ld.so.cache,ld.so.preload,login.defs,pango,passwd,X11
+private-etc @x11,firejail
 private-tmp
 dbus-user filter
diff --git a/etc/profile-m-z/photoflare.profile b/etc/profile-m-z/photoflare.profile
index dcb52c846..5261093d2 100644
--- a/etc/profile-m-z/photoflare.profile
+++ b/etc/profile-m-z/photoflare.profile
@@ -42,7 +42,7 @@ disable-mnt
 private-bin photoflare
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload,locale,locale.alias,locale.conf,mime.types,X11
+private-etc @x11,mime.types
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/pinball.profile b/etc/profile-m-z/pinball.profile
index 3664e1469..08aa67bf7 100644
--- a/etc/profile-m-z/pinball.profile
+++ b/etc/profile-m-z/pinball.profile
@@ -47,7 +47,7 @@ disable-mnt
 private-bin pinball
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,machine-id,pulse
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/ping.profile b/etc/profile-m-z/ping.profile
index ddb8ff867..dbb333afb 100644
--- a/etc/profile-m-z/ping.profile
+++ b/etc/profile-m-z/ping.profile
@@ -56,7 +56,7 @@ private
 #private-bin ping - has mammoth problems with execvp: "No such file or directory"
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,ld.so.preload,login.defs,passwd,pki,resolv.conf,ssl
+private-etc @tls-ca
 private-lib
 private-tmp
diff --git a/etc/profile-m-z/pingus.profile b/etc/profile-m-z/pingus.profile
index a86b6da04..3ff033e0b 100644
--- a/etc/profile-m-z/pingus.profile
+++ b/etc/profile-m-z/pingus.profile
@@ -50,7 +50,7 @@ disable-mnt
 private-bin pingus,pingus.bin,sh
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload,machine-id
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/pkglog.profile b/etc/profile-m-z/pkglog.profile
index 88173edca..799c8f607 100644
--- a/etc/profile-m-z/pkglog.profile
+++ b/etc/profile-m-z/pkglog.profile
@@ -43,7 +43,7 @@ private
 private-bin pkglog,python*
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload
+private-etc
 private-opt none
 private-tmp
 writable-var-log
diff --git a/etc/profile-m-z/plv.profile b/etc/profile-m-z/plv.profile
index 62927f9f7..34e18cbd7 100644
--- a/etc/profile-m-z/plv.profile
+++ b/etc/profile-m-z/plv.profile
@@ -45,7 +45,7 @@ disable-mnt
 private-bin plv
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload
+private-etc
 private-opt none
 private-tmp
 writable-var-log
diff --git a/etc/profile-m-z/pngquant.profile b/etc/profile-m-z/pngquant.profile
index 8e2c39b83..34199a08d 100644
--- a/etc/profile-m-z/pngquant.profile
+++ b/etc/profile-m-z/pngquant.profile
@@ -46,7 +46,7 @@ x11 none
 private-bin pngquant
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/ppsspp.profile b/etc/profile-m-z/ppsspp.profile
index 58528c372..da16ae912 100644
--- a/etc/profile-m-z/ppsspp.profile
+++ b/etc/profile-m-z/ppsspp.profile
@@ -42,7 +42,7 @@ seccomp
 private-bin ppsspp,PPSSPP,PPSSPPQt,PPSSPPSDL
 # Add the next line to your ppsspp.local if you do not need controller support.
 #private-dev
-private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl
+private-etc @tls-ca,@x11,host.conf
 private-opt ppsspp
 private-tmp
diff --git a/etc/profile-m-z/pragha.profile b/etc/profile-m-z/pragha.profile
index 73b377712..6d766b212 100644
--- a/etc/profile-m-z/pragha.profile
+++ b/etc/profile-m-z/pragha.profile
@@ -32,7 +32,7 @@ protocol unix,inet,inet6
 seccomp
 private-dev
-private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg
+private-etc @tls-ca,@x11,host.conf
 private-tmp
 restrict-namespaces
diff --git a/etc/profile-m-z/profanity.profile b/etc/profile-m-z/profanity.profile
index 279536bb9..c866c3d16 100644
--- a/etc/profile-m-z/profanity.profile
+++ b/etc/profile-m-z/profanity.profile
@@ -43,7 +43,7 @@ seccomp
 private-bin profanity
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,localtime,mime.types,nsswitch.conf,pki,resolv.conf,ssl
+private-etc @tls-ca,mime.types
 private-tmp
 dbus-user filter
diff --git a/etc/profile-m-z/psi.profile b/etc/profile-m-z/psi.profile
index be06c5d89..a1a0606b9 100644
--- a/etc/profile-m-z/psi.profile
+++ b/etc/profile-m-z/psi.profile
@@ -70,7 +70,7 @@ disable-mnt
 private-bin getopt,psi
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,gcrypt,group,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.preload,machine-id,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg
+private-etc @tls-ca,@x11
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/pybitmessage.profile b/etc/profile-m-z/pybitmessage.profile
index ba71ab29d..0789450cb 100644
--- a/etc/profile-m-z/pybitmessage.profile
+++ b/etc/profile-m-z/pybitmessage.profile
@@ -40,7 +40,7 @@ seccomp
 disable-mnt
 private-bin bash,env,ldconfig,pybitmessage,python*,sh,stat
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,hosts,ld.so.cache,ld.so.preload,localtime,pki,pki,PyBitmessage,PyBitmessage.conf,resolv.conf,selinux,sni-qt.conf,ssl,system-fips,Trolltech.conf,xdg
+private-etc @tls-ca,@x11,PyBitmessage,PyBitmessage.conf,sni-qt.conf,system-fips
 private-tmp
 restrict-namespaces
diff --git a/etc/profile-m-z/qcomicbook.profile b/etc/profile-m-z/qcomicbook.profile
index 71374a8c8..19ef7a464 100644
--- a/etc/profile-m-z/qcomicbook.profile
+++ b/etc/profile-m-z/qcomicbook.profile
@@ -52,7 +52,7 @@ tracelog
 private-bin 7z,7zr,qcomicbook,rar,sh,tar,unace,unrar,unzip
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,Trolltech.conf,X11,xdg
+private-etc @x11,mime.types
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/qgis.profile b/etc/profile-m-z/qgis.profile
index d4b71f972..1f378e004 100644
--- a/etc/profile-m-z/qgis.profile
+++ b/etc/profile-m-z/qgis.profile
@@ -51,7 +51,7 @@ tracelog
 disable-mnt
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,machine-id,pki,QGIS,QGIS.conf,resolv.conf,ssl,Trolltech.conf
+private-etc @tls-ca,@x11,QGIS,QGIS.conf
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/qnapi.profile b/etc/profile-m-z/qnapi.profile
index cafdb98e9..1cfbaee6a 100644
--- a/etc/profile-m-z/qnapi.profile
+++ b/etc/profile-m-z/qnapi.profile
@@ -46,7 +46,7 @@ tracelog
 private-bin 7z,qnapi
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload,resolv.conf
+private-etc
 private-opt none
 private-tmp
diff --git a/etc/profile-m-z/qrencode.profile b/etc/profile-m-z/qrencode.profile
index 09b70756b..42c098487 100644
--- a/etc/profile-m-z/qrencode.profile
+++ b/etc/profile-m-z/qrencode.profile
@@ -46,7 +46,7 @@ disable-mnt
 private-bin qrencode
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload
+private-etc
 private-lib libpcre*
 private-tmp
diff --git a/etc/profile-m-z/qtox.profile b/etc/profile-m-z/qtox.profile
index f95720d71..ab0f9425a 100644
--- a/etc/profile-m-z/qtox.profile
+++ b/etc/profile-m-z/qtox.profile
@@ -42,7 +42,7 @@ disable-mnt
 private-bin qtox
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,localtime,machine-id,pki,pulse,resolv.conf,ssl
+private-etc @tls-ca
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/quaternion.profile b/etc/profile-m-z/quaternion.profile
index ad45a26d5..fbc003d65 100644
--- a/etc/profile-m-z/quaternion.profile
+++ b/etc/profile-m-z/quaternion.profile
@@ -46,7 +46,7 @@ disable-mnt
 private-bin quaternion
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-etc @tls-ca,@x11,host.conf,mime.types
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/quodlibet.profile b/etc/profile-m-z/quodlibet.profile
index ea49684e3..56bfaa917 100644
--- a/etc/profile-m-z/quodlibet.profile
+++ b/etc/profile-m-z/quodlibet.profile
@@ -59,7 +59,7 @@ tracelog
 private-bin exfalso,operon,python*,quodlibet,sh
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,passwd,pki,pulse,resolv.conf,ssl
+private-etc @tls-ca,@x11
 private-tmp
 dbus-system none
diff --git a/etc/profile-m-z/qutebrowser.profile b/etc/profile-m-z/qutebrowser.profile
index ea0e2afa7..0d35dbbad 100644
--- a/etc/profile-m-z/qutebrowser.profile
+++ b/etc/profile-m-z/qutebrowser.profile
@@ -18,6 +18,8 @@ include allow-bin-sh.inc
 include allow-python2.inc
 include allow-python3.inc
+ignore noexec ${HOME}
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -41,7 +43,7 @@ include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
-apparmor
+#apparmor # breaks userscripts under ${HOME}, see #5639
 caps.drop all
 netfilter
 nodvd
@@ -56,7 +58,7 @@ seccomp !chroot,!name_to_handle_at
 disable-mnt
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl
+private-etc @tls-ca
 private-tmp
 dbus-user filter
diff --git a/etc/profile-m-z/raincat.profile b/etc/profile-m-z/raincat.profile
index e320d82f7..72c5f3979 100644
--- a/etc/profile-m-z/raincat.profile
+++ b/etc/profile-m-z/raincat.profile
@@ -39,7 +39,7 @@ private
 private-bin raincat
 private-cache
 private-dev
-private-etc alternatives,drirc,ld.so.cache,ld.so.preload,machine-id,passwd,pulse,timidity,timidity.cfg
+private-etc @games,@x11
 #private-lib
 private-tmp
diff --git a/etc/profile-m-z/rednotebook.profile b/etc/profile-m-z/rednotebook.profile
index 1295ce00d..e0dea194a 100644
--- a/etc/profile-m-z/rednotebook.profile
+++ b/etc/profile-m-z/rednotebook.profile
@@ -58,7 +58,7 @@ disable-mnt
 private-bin python3*,rednotebook
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11
+private-etc @x11
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/regextester.profile b/etc/profile-m-z/regextester.profile
index 571381f57..2e962b1ea 100644
--- a/etc/profile-m-z/regextester.profile
+++ b/etc/profile-m-z/regextester.profile
@@ -42,7 +42,7 @@ disable-mnt
 private-bin regextester
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload
+private-etc
 private-lib libgranite.so.*
 private-tmp
diff --git a/etc/profile-m-z/rsync-download_only.profile b/etc/profile-m-z/rsync-download_only.profile
index 91b18678f..c908319ca 100644
--- a/etc/profile-m-z/rsync-download_only.profile
+++ b/etc/profile-m-z/rsync-download_only.profile
@@ -48,7 +48,7 @@ disable-mnt
 private-bin rsync
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl
+private-etc @tls-ca,host.conf,rpc,services
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/rtv.profile b/etc/profile-m-z/rtv.profile
index 565925e7a..0d57e6916 100644
--- a/etc/profile-m-z/rtv.profile
+++ b/etc/profile-m-z/rtv.profile
@@ -58,7 +58,7 @@ disable-mnt
 private-bin less,python*,rtv,sh,xdg-settings
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mailcap,mime.types,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl,terminfo,xdg
+private-etc @tls-ca,@x11,host.conf,mailcap,mime.types,rpc,services,terminfo
 dbus-user none
 dbus-system none
diff --git a/etc/profile-m-z/scorchwentbonkers.profile b/etc/profile-m-z/scorchwentbonkers.profile
index 6dfb50c5a..fb4325264 100644
--- a/etc/profile-m-z/scorchwentbonkers.profile
+++ b/etc/profile-m-z/scorchwentbonkers.profile
@@ -42,7 +42,7 @@ disable-mnt
 private-bin scorchwentbonkers
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.preload,machine-id,pulse
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/seafile-applet.profile b/etc/profile-m-z/seafile-applet.profile
index 184a06958..bbf46fe19 100644
--- a/etc/profile-m-z/seafile-applet.profile
+++ b/etc/profile-m-z/seafile-applet.profile
@@ -53,7 +53,7 @@ disable-mnt
 private-bin seaf-cli,seaf-daemon,seafile-applet
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl
+private-etc @tls-ca,host.conf,rpc,services
 #private-opt none
 private-tmp
diff --git a/etc/profile-m-z/seahorse-adventures.profile b/etc/profile-m-z/seahorse-adventures.profile
index 7ff252ec7..5985e0da3 100644
--- a/etc/profile-m-z/seahorse-adventures.profile
+++ b/etc/profile-m-z/seahorse-adventures.profile
@@ -47,7 +47,7 @@ private
 private-bin bash,dash,python*,seahorse-adventures,sh
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload,machine-id
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/seahorse.profile b/etc/profile-m-z/seahorse.profile
index e6f51bff9..190082461 100644
--- a/etc/profile-m-z/seahorse.profile
+++ b/etc/profile-m-z/seahorse.profile
@@ -57,7 +57,7 @@ tracelog
 disable-mnt
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,login.defs,nsswitch.conf,pango,passwd,pkcs11,pki,protocols,resolv.conf,rpc,services,ssh,ssl,xdg
+private-etc @tls-ca,@x11,gconf,host.conf,pkcs11,rpc,services,ssh
 private-tmp
 writable-run-user
diff --git a/etc/profile-m-z/shortwave.profile b/etc/profile-m-z/shortwave.profile
index cd2a9f13e..87621de69 100644
--- a/etc/profile-m-z/shortwave.profile
+++ b/etc/profile-m-z/shortwave.profile
@@ -45,7 +45,7 @@ disable-mnt
 private-bin shortwave
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gconf,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,ssl,X11,xdg
+private-etc @tls-ca,@x11,gconf,host.conf,mime.types
 private-tmp
 restrict-namespaces
diff --git a/etc/profile-m-z/shotwell.profile b/etc/profile-m-z/shotwell.profile
index d33a97ffc..387d45cdc 100644
--- a/etc/profile-m-z/shotwell.profile
+++ b/etc/profile-m-z/shotwell.profile
@@ -48,7 +48,7 @@ tracelog
 private-bin shotwell
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id
+private-etc
 private-opt none
 private-tmp
diff --git a/etc/profile-m-z/signal-cli.profile b/etc/profile-m-z/signal-cli.profile
index d2b604df5..d881db714 100644
--- a/etc/profile-m-z/signal-cli.profile
+++ b/etc/profile-m-z/signal-cli.profile
@@ -46,7 +46,7 @@ private-bin java,sh,signal-cli
 private-cache
 private-dev
 # Does not work with all Java configurations. You will notice immediately, so you might want to give it a try
-#private-etc alternatives,ca-certificates,crypto-policies,dbus-1,host.conf,hostname,hosts,java-10-openjdk,java-7-openjdk,java-8-openjdk,java-9-openjdk,java.conf,machine-id,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl
+#private-etc alternatives,ca-certificates,crypto-policies,dbus-1,host.conf,hostname,hosts,java*,machine-id,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl
 private-tmp
 restrict-namespaces
diff --git a/etc/profile-m-z/signal-desktop.profile b/etc/profile-m-z/signal-desktop.profile
index 2c4bdecd8..4a57bf38c 100644
--- a/etc/profile-m-z/signal-desktop.profile
+++ b/etc/profile-m-z/signal-desktop.profile
@@ -19,7 +19,7 @@ read-only ${HOME}/.mozilla/firefox/profiles.ini
 mkdir ${HOME}/.config/Signal
 whitelist ${HOME}/.config/Signal
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl
+private-etc @tls-ca
 dbus-user filter
diff --git a/etc/profile-m-z/simutrans.profile b/etc/profile-m-z/simutrans.profile
index 6ba735556..f88ae65c8 100644
--- a/etc/profile-m-z/simutrans.profile
+++ b/etc/profile-m-z/simutrans.profile
@@ -35,6 +35,7 @@ seccomp
 # private-bin simutrans
 private-dev
+private-etc @games,@x11
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/slack.profile b/etc/profile-m-z/slack.profile
index a511ebb1c..a94176bf7 100644
--- a/etc/profile-m-z/slack.profile
+++ b/etc/profile-m-z/slack.profile
@@ -26,7 +26,7 @@ mkdir ${HOME}/.config/Slack
 whitelist ${HOME}/.config/Slack
 private-bin electron,electron[0-9],electron[0-9][0-9],locale,sh,slack
-private-etc alternatives,asound.conf,ca-certificates,crypto-policies,debian_version,fedora-release,fonts,group,ld.so.cache,ld.so.conf,ld.so.preload,localtime,machine-id,os-release,passwd,pki,pulse,redhat-release,resolv.conf,ssl,system-release,system-release-cpe
+private-etc @tls-ca,debian_version,fedora-release,os-release,redhat-release,system-release,system-release-cpe
 # Redirect
 include electron.profile
diff --git a/etc/profile-m-z/smuxi-frontend-gnome.profile b/etc/profile-m-z/smuxi-frontend-gnome.profile
index ffed9d44c..89342aad8 100644
--- a/etc/profile-m-z/smuxi-frontend-gnome.profile
+++ b/etc/profile-m-z/smuxi-frontend-gnome.profile
@@ -47,7 +47,7 @@ disable-mnt
 private-bin bash,mono,mono-sgen,sh,smuxi-frontend-gnome
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.preload,machine-id,mono,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg
+private-etc @tls-ca,@x11,mono
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/softmaker-common.profile b/etc/profile-m-z/softmaker-common.profile
index b4658b7af..f130176c1 100644
--- a/etc/profile-m-z/softmaker-common.profile
+++ b/etc/profile-m-z/softmaker-common.profile
@@ -42,7 +42,7 @@ tracelog
 private-bin freeoffice-planmaker,freeoffice-presentations,freeoffice-textmaker,planmaker18,planmaker18free,presentations18,presentations18free,sh,textmaker18,textmaker18free
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,SoftMaker,ssl
+private-etc @tls-ca,SoftMaker
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/spectacle.profile b/etc/profile-m-z/spectacle.profile
index 5a1314315..cf64076e3 100644
--- a/etc/profile-m-z/spectacle.profile
+++ b/etc/profile-m-z/spectacle.profile
@@ -55,7 +55,7 @@ disable-mnt
 private-bin spectacle
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload
+private-etc
 private-tmp
 dbus-user filter
diff --git a/etc/profile-m-z/spectral.profile b/etc/profile-m-z/spectral.profile
index 4bc23fc04..41b1f6507 100644
--- a/etc/profile-m-z/spectral.profile
+++ b/etc/profile-m-z/spectral.profile
@@ -45,7 +45,7 @@ disable-mnt
 private-cache
 private-bin spectral
 private-dev
-private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-etc @tls-ca,@x11,host.conf,mime.types
 private-tmp
 dbus-user filter
diff --git a/etc/profile-m-z/spotify.profile b/etc/profile-m-z/spotify.profile
index 721e39cd4..f07b10319 100644
--- a/etc/profile-m-z/spotify.profile
+++ b/etc/profile-m-z/spotify.profile
@@ -45,7 +45,7 @@ disable-mnt
 private-bin bash,cat,dirname,find,grep,head,rm,sh,spotify,tclsh,touch,zenity
 private-dev
 # If you want to see album covers or want to use the radio, add 'ignore private-etc' to your spotify.local.
-private-etc alternatives,ca-certificates,crypto-policies,fonts,group,host.conf,hosts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,pulse,resolv.conf,spotify-adblock,ssl
+private-etc @tls-ca,host.conf,spotify-adblock
 private-opt spotify
 private-srv none
 private-tmp
diff --git a/etc/profile-m-z/sqlitebrowser.profile b/etc/profile-m-z/sqlitebrowser.profile
index 00df625c0..4e28958e4 100644
--- a/etc/profile-m-z/sqlitebrowser.profile
+++ b/etc/profile-m-z/sqlitebrowser.profile
@@ -41,7 +41,7 @@ seccomp.block-secondary
 private-bin sqlitebrowser
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd,pki,resolv.conf,ssl
+private-etc @tls-ca
 private-tmp
 # breaks proxy creation
diff --git a/etc/profile-m-z/standardnotes-desktop.profile b/etc/profile-m-z/standardnotes-desktop.profile
index 868c724d2..95dc35741 100644
--- a/etc/profile-m-z/standardnotes-desktop.profile
+++ b/etc/profile-m-z/standardnotes-desktop.profile
@@ -38,7 +38,7 @@ seccomp !chroot
 disable-mnt
 private-dev
 private-tmp
-private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl,xdg
+private-etc @tls-ca,@x11,host.conf
 dbus-user none
 dbus-system none
diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile
index f807afdc7..a5b4d5d87 100644
--- a/etc/profile-m-z/steam.profile
+++ b/etc/profile-m-z/steam.profile
@@ -175,7 +175,7 @@ seccomp.32 !process_vm_readv
 private-dev
 # private-etc breaks a small selection of games on some systems. Add 'ignore private-etc'
 # to your steam.local to support those.
-private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,lsb-release,machine-id,mime.types,nvidia,os-release,passwd,pki,pulse,resolv.conf,services,ssl,vulkan
+private-etc @games,@tls-ca,@x11,bumblebee,dbus-1,host.conf,lsb-release,mime.types,os-release,services
 private-tmp
 #dbus-user none
diff --git a/etc/profile-m-z/strawberry.profile b/etc/profile-m-z/strawberry.profile
index e9d2ca430..b6b2c63d3 100644
--- a/etc/profile-m-z/strawberry.profile
+++ b/etc/profile-m-z/strawberry.profile
@@ -42,7 +42,7 @@ disable-mnt
 private-bin strawberry,strawberry-tagreader
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl
+private-etc @tls-ca,host.conf
 private-tmp
 dbus-system none
diff --git a/etc/profile-m-z/subdownloader.profile b/etc/profile-m-z/subdownloader.profile
index 896d4bc3e..6de288c46 100644
--- a/etc/profile-m-z/subdownloader.profile
+++ b/etc/profile-m-z/subdownloader.profile
@@ -43,7 +43,7 @@ tracelog
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/supertux2.profile b/etc/profile-m-z/supertux2.profile
index 1f532d76c..2ad107f1a 100644
--- a/etc/profile-m-z/supertux2.profile
+++ b/etc/profile-m-z/supertux2.profile
@@ -43,7 +43,7 @@ tracelog
 disable-mnt
 # private-bin supertux2
 private-cache
-private-etc alternatives,ld.so.cache,ld.so.preload,machine-id
+private-etc
 private-dev
 private-tmp
diff --git a/etc/profile-m-z/supertuxkart.profile b/etc/profile-m-z/supertuxkart.profile
index b4eb70fcb..0a436b22f 100644
--- a/etc/profile-m-z/supertuxkart.profile
+++ b/etc/profile-m-z/supertuxkart.profile
@@ -53,7 +53,7 @@ private-bin supertuxkart
 private-cache
 # Add the next line to your supertuxkart.local if you do not need controller support.
 #private-dev
-private-etc alternatives,ca-certificates,crypto-policies,drirc,hosts,ld.so.cache,ld.so.preload,machine-id,openal,pki,resolv.conf,ssl
+private-etc @games,@tls-ca,@x11
 private-tmp
 private-opt none
 private-srv none
diff --git a/etc/profile-m-z/surf.profile b/etc/profile-m-z/surf.profile
index 3508e11b0..9be7aaf3c 100644
--- a/etc/profile-m-z/surf.profile
+++ b/etc/profile-m-z/surf.profile
@@ -33,7 +33,7 @@ tracelog
 disable-mnt
 private-bin bash,curl,dmenu,ls,printf,sed,sh,sleep,st,stterm,surf,xargs,xprop
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,group,hosts,ld.so.cache,ld.so.preload,machine-id,passwd,pki,resolv.conf,ssl
+private-etc @tls-ca
 private-tmp
 restrict-namespaces
diff --git a/etc/profile-m-z/sysprof.profile b/etc/profile-m-z/sysprof.profile
index cef029401..726baf336 100644
--- a/etc/profile-m-z/sysprof.profile
+++ b/etc/profile-m-z/sysprof.profile
@@ -62,7 +62,7 @@ disable-mnt
 #private-bin sysprof - breaks help menu
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id,ssl
+private-etc @tls-ca
 # private-lib - breaks help menu
 #private-lib gdk-pixbuf-2.*,gio,gtk3,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*,libsysprof-2.so,libsysprof-ui-2.so
 private-tmp
diff --git a/etc/profile-m-z/tar.profile b/etc/profile-m-z/tar.profile
index a9d0a60d1..da3b4f782 100644
--- a/etc/profile-m-z/tar.profile
+++ b/etc/profile-m-z/tar.profile
@@ -17,7 +17,7 @@ ignore include disable-shell.inc
 # all capabilities this is automatically read-only.
 noblacklist /var/lib/pacman
-private-etc alternatives,group,ld.so.cache,ld.so.preload,localtime,login.defs,passwd
+private-etc
 #private-lib libfakeroot,liblzma.so.*,libreadline.so.*
 # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic)
 writable-var
diff --git a/etc/profile-m-z/teams-for-linux.profile b/etc/profile-m-z/teams-for-linux.profile
index 5711c1b36..fd55daa4a 100644
--- a/etc/profile-m-z/teams-for-linux.profile
+++ b/etc/profile-m-z/teams-for-linux.profile
@@ -22,7 +22,7 @@ mkdir ${HOME}/.config/teams-for-linux
 whitelist ${HOME}/.config/teams-for-linux
 private-bin bash,cut,echo,egrep,electron,electron[0-9],electron[0-9][0-9],grep,head,sed,sh,teams-for-linux,tr,xdg-mime,xdg-open,zsh
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,localtime,machine-id,pki,resolv.conf,ssl
+private-etc @tls-ca
 # Redirect
 include electron.profile
diff --git a/etc/profile-m-z/telegram.profile b/etc/profile-m-z/telegram.profile
index 886d303c8..ba915c2d4 100644
--- a/etc/profile-m-z/telegram.profile
+++ b/etc/profile-m-z/telegram.profile
@@ -46,7 +46,7 @@ disable-mnt
 private-bin bash,sh,telegram,Telegram,telegram-desktop,xdg-open
 private-cache
 private-dev
-private-etc alsa,alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,localtime,machine-id,os-release,passwd,pki,pulse,resolv.conf,ssl,xdg
+private-etc @tls-ca,@x11,os-release
 private-tmp
 dbus-user filter
diff --git a/etc/profile-m-z/terasology.profile b/etc/profile-m-z/terasology.profile
index 9249e33c8..ced3aaa8a 100644
--- a/etc/profile-m-z/terasology.profile
+++ b/etc/profile-m-z/terasology.profile
@@ -40,7 +40,7 @@ seccomp
 disable-mnt
 private-dev
-private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,java-7-openjdk,java-8-openjdk,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pki,pulse,resolv.conf,ssl
+private-etc @tls-ca,@x11,dbus-1,host.conf,java*,lsb-release,mime.types
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/tesseract.profile b/etc/profile-m-z/tesseract.profile
index 11a21c471..54568b7d3 100644
--- a/etc/profile-m-z/tesseract.profile
+++ b/etc/profile-m-z/tesseract.profile
@@ -54,7 +54,7 @@ x11 none
 private-bin ambiguous_words,classifier_tester,cntraining,combine_lang_model,combine_tessdata,dawg2wordlist,lstmeval,lstmtraining,merge_unicharsets,mftraining,set_unicharset_properties,shapeclustering,tesseract,text2image,unicharset_extractor,wordlist2dawg
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload
+private-etc
 #private-lib libtesseract.so.*
 private-tmp
diff --git a/etc/profile-m-z/tilp.profile b/etc/profile-m-z/tilp.profile
index f49738f2b..ed8cd7369 100644
--- a/etc/profile-m-z/tilp.profile
+++ b/etc/profile-m-z/tilp.profile
@@ -29,7 +29,7 @@ tracelog
 disable-mnt
 private-bin tilp
 private-cache
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload
+private-etc
 private-tmp
 restrict-namespaces
diff --git a/etc/profile-m-z/tin.profile b/etc/profile-m-z/tin.profile
index 3cbf90660..a03a6caa0 100644
--- a/etc/profile-m-z/tin.profile
+++ b/etc/profile-m-z/tin.profile
@@ -57,7 +57,7 @@ disable-mnt
 private-bin rtin,tin
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload,passwd,resolv.conf,terminfo,tin
+private-etc terminfo,tin
 private-lib terminfo
 private-tmp
diff --git a/etc/profile-m-z/tor.profile b/etc/profile-m-z/tor.profile
index 275b170ff..b58aec926 100644
--- a/etc/profile-m-z/tor.profile
+++ b/etc/profile-m-z/tor.profile
@@ -45,7 +45,7 @@ private
 private-bin bash,tor
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,passwd,pki,ssl,tor
+private-etc @tls-ca,tor
 private-tmp
 writable-var
diff --git a/etc/profile-m-z/torbrowser-launcher.profile b/etc/profile-m-z/torbrowser-launcher.profile
index fab792826..41ac6f7a7 100644
--- a/etc/profile-m-z/torbrowser-launcher.profile
+++ b/etc/profile-m-z/torbrowser-launcher.profile
@@ -58,7 +58,7 @@ seccomp !chroot
 disable-mnt
 private-bin bash,cat,cp,cut,dirname,env,expr,file,gpg,grep,gxmessage,id,kdialog,ln,mkdir,mv,python*,rm,sed,sh,tail,tar,tclsh,test,tor-browser,tor-browser-en,torbrowser-launcher,update-desktop-database,xmessage,xz,zenity
 private-dev
-private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl
+private-etc @tls-ca
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/transgui.profile b/etc/profile-m-z/transgui.profile
index 6069be500..645c55c3b 100644
--- a/etc/profile-m-z/transgui.profile
+++ b/etc/profile-m-z/transgui.profile
@@ -44,7 +44,7 @@ tracelog
 private-bin geoiplookup,geoiplookup6,transgui
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload,resolv.conf
+private-etc
 private-lib libgdk_pixbuf-2.0.so.*,libGeoIP.so*,libgthread-2.0.so.*,libgtk-x11-2.0.so.*,libX11.so.*
 private-tmp
diff --git a/etc/profile-m-z/transmission-cli.profile b/etc/profile-m-z/transmission-cli.profile
index 8a1711e97..5c0690b1d 100644
--- a/etc/profile-m-z/transmission-cli.profile
+++ b/etc/profile-m-z/transmission-cli.profile
@@ -7,8 +7,10 @@ include transmission-cli.local
 # Persistent global definitions
 include globals.local
+whitelist /usr/share/transmission
 private-bin transmission-cli
-private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl
+private-etc @tls-ca
 # Redirect
 include transmission-common.profile
diff --git a/etc/profile-m-z/transmission-common.profile b/etc/profile-m-z/transmission-common.profile
index 0a9029c97..d80eb708b 100644
--- a/etc/profile-m-z/transmission-common.profile
+++ b/etc/profile-m-z/transmission-common.profile
@@ -44,6 +44,7 @@ tracelog
 private-cache
 private-dev
+private-etc @tls-ca,@x11
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/transmission-daemon.profile b/etc/profile-m-z/transmission-daemon.profile
index 5d28f2f10..4fc5a3aa7 100644
--- a/etc/profile-m-z/transmission-daemon.profile
+++ b/etc/profile-m-z/transmission-daemon.profile
@@ -17,7 +17,7 @@ caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
 protocol packet
 private-bin transmission-daemon
-private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl
+private-etc @tls-ca
 read-write /var/lib/transmission
 writable-var-log
diff --git a/etc/profile-m-z/transmission-remote-gtk.profile b/etc/profile-m-z/transmission-remote-gtk.profile
index f93c4229c..a8dd96001 100644
--- a/etc/profile-m-z/transmission-remote-gtk.profile
+++ b/etc/profile-m-z/transmission-remote-gtk.profile
@@ -12,7 +12,7 @@ noblacklist ${HOME}/.config/transmission-remote-gtk
 mkdir ${HOME}/.config/transmission-remote-gtk
 whitelist ${HOME}/.config/transmission-remote-gtk
-private-etc alternatives,fonts,hostname,hosts,ld.so.cache,ld.so.preload,resolv.conf
+private-etc
 ignore memory-deny-write-execute
diff --git a/etc/profile-m-z/transmission-remote.profile b/etc/profile-m-z/transmission-remote.profile
index 565433d99..a431164f6 100644
--- a/etc/profile-m-z/transmission-remote.profile
+++ b/etc/profile-m-z/transmission-remote.profile
@@ -8,7 +8,7 @@ include transmission-remote.local
 include globals.local
 private-bin transmission-remote
-private-etc alternatives,hosts,ld.so.cache,ld.so.preload,nsswitch.conf
+private-etc
 # Redirect
 include transmission-common.profile
diff --git a/etc/profile-m-z/transmission-show.profile b/etc/profile-m-z/transmission-show.profile
index 0a5826ec4..dc667ae05 100644
--- a/etc/profile-m-z/transmission-show.profile
+++ b/etc/profile-m-z/transmission-show.profile
@@ -8,7 +8,7 @@ include transmission-show.local
 include globals.local
 private-bin transmission-show
-private-etc alternatives,hosts,ld.so.cache,ld.so.preload,nsswitch.conf
+private-etc
 # Redirect
 include transmission-common.profile
diff --git a/etc/profile-m-z/trojita.profile b/etc/profile-m-z/trojita.profile
index 63e964355..378c8a1b7 100644
--- a/etc/profile-m-z/trojita.profile
+++ b/etc/profile-m-z/trojita.profile
@@ -53,7 +53,7 @@ tracelog
 private-bin trojita
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,ld.so.preload,pki,resolv.conf,selinux,ssl,xdg
+private-etc @tls-ca,@x11
 private-tmp
 dbus-user filter
diff --git a/etc/profile-m-z/tutanota-desktop.profile b/etc/profile-m-z/tutanota-desktop.profile
index d2cb0cc8a..56eacf338 100644
--- a/etc/profile-m-z/tutanota-desktop.profile
+++ b/etc/profile-m-z/tutanota-desktop.profile
@@ -24,7 +24,7 @@ whitelist ${HOME}/.mozilla/firefox/profiles.ini
 read-only ${HOME}/.mozilla/firefox/profiles.ini
 ?HAS_APPIMAGE: ignore private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl
+private-etc @tls-ca
 private-opt tutanota-desktop
 # Redirect
diff --git a/etc/profile-m-z/twitch.profile b/etc/profile-m-z/twitch.profile
index 987a2b719..1f548a92d 100644
--- a/etc/profile-m-z/twitch.profile
+++ b/etc/profile-m-z/twitch.profile
@@ -18,7 +18,7 @@ mkdir ${HOME}/.config/Twitch
 whitelist ${HOME}/.config/Twitch
 private-bin electron,electron[0-9],electron[0-9][0-9],twitch
-private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-etc @tls-ca,@x11,bumblebee,host.conf,mime.types
 private-opt Twitch
 # Redirect
diff --git a/etc/profile-m-z/udiskie.profile b/etc/profile-m-z/udiskie.profile
index 7e3c7ac5a..c182326bb 100644
--- a/etc/profile-m-z/udiskie.profile
+++ b/etc/profile-m-z/udiskie.profile
@@ -40,7 +40,7 @@ private-bin awk,cut,dbus-send,egrep,file,grep,head,python*,readlink,sed,sh,udisk
 # private-bin thunar
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,xdg
+private-etc @x11,mime.types
 private-tmp
 restrict-namespaces
diff --git a/etc/profile-m-z/unf.profile b/etc/profile-m-z/unf.profile
index 6ec6ea609..aac99aed5 100644
--- a/etc/profile-m-z/unf.profile
+++ b/etc/profile-m-z/unf.profile
@@ -48,7 +48,7 @@ private-bin unf
 private-cache
 ?HAS_APPIMAGE: ignore private-dev
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload
+private-etc
 private-lib gcc/*/*/libgcc_s.so.*
 private-tmp
diff --git a/etc/profile-m-z/unrar.profile b/etc/profile-m-z/unrar.profile
index 443d1f415..43d5dae5e 100644
--- a/etc/profile-m-z/unrar.profile
+++ b/etc/profile-m-z/unrar.profile
@@ -8,7 +8,7 @@ include unrar.local
 include globals.local
 private-bin unrar
-private-etc alternatives,group,ld.so.cache,ld.so.preload,localtime,passwd
+private-etc
 private-tmp
 # Redirect
diff --git a/etc/profile-m-z/unzip.profile b/etc/profile-m-z/unzip.profile
index 97df693ba..9fefe6ad3 100644
--- a/etc/profile-m-z/unzip.profile
+++ b/etc/profile-m-z/unzip.profile
@@ -10,7 +10,7 @@ include globals.local
 # GNOME Shell integration (chrome-gnome-shell)
 noblacklist ${HOME}/.local/share/gnome-shell
-private-etc alternatives,group,ld.so.cache,ld.so.preload,localtime,passwd
+private-etc
 # Redirect
 include archiver-common.profile
diff --git a/etc/profile-m-z/utox.profile b/etc/profile-m-z/utox.profile
index f85e52273..046b75a87 100644
--- a/etc/profile-m-z/utox.profile
+++ b/etc/profile-m-z/utox.profile
@@ -42,7 +42,7 @@ disable-mnt
 private-bin utox
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,localtime,machine-id,openal,pki,pulse,resolv.conf,ssl
+private-etc @games,@tls-ca
 private-tmp
 memory-deny-write-execute
diff --git a/etc/profile-m-z/uudeview.profile b/etc/profile-m-z/uudeview.profile
index 29d88832c..a6d2a65e9 100644
--- a/etc/profile-m-z/uudeview.profile
+++ b/etc/profile-m-z/uudeview.profile
@@ -40,7 +40,7 @@ x11 none
 private-bin uudeview
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload
+private-etc
 dbus-user none
 dbus-system none
diff --git a/etc/profile-m-z/viewnior.profile b/etc/profile-m-z/viewnior.profile
index cdf615a02..aa8199442 100644
--- a/etc/profile-m-z/viewnior.profile
+++ b/etc/profile-m-z/viewnior.profile
@@ -43,7 +43,7 @@ tracelog
 private-bin viewnior
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/virtualbox.profile b/etc/profile-m-z/virtualbox.profile
index b9a5c08e8..37e962867 100644
--- a/etc/profile-m-z/virtualbox.profile
+++ b/etc/profile-m-z/virtualbox.profile
@@ -44,7 +44,7 @@ tracelog
 #disable-mnt
 #private-bin awk,basename,bash,env,gawk,grep,ps,readlink,sh,virtualbox,VirtualBox,VBox*,vbox*,whoami
 private-cache
-private-etc alsa,alternatives,asound.conf,ca-certificates,conf.d,crypto-policies,dconf,fonts,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,pki,pulse,resolv.conf,ssl
+private-etc @tls-ca,@x11,conf.d
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/vmware-view.profile b/etc/profile-m-z/vmware-view.profile
index ba4136413..c2fd14811 100644
--- a/etc/profile-m-z/vmware-view.profile
+++ b/etc/profile-m-z/vmware-view.profile
@@ -48,7 +48,7 @@ tracelog
 disable-mnt
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gai.conf,gconf,glvnd,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,machine-id,magic,magic.mgc,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,proxychains.conf,pulse,resolv.conf,rpc,services,ssl,terminfo,vmware,vmware-tools,vmware-vix,X11,xdg
+private-etc @tls-ca,@x11,bumblebee,gai.conf,gconf,glvnd,host.conf,magic,magic.mgc,mime.types,proxychains.conf,rpc,services,terminfo,vmware,vmware-tools,vmware-vix
 # Logs are kept in /tmp. Add 'ignore private-tmp' to your vmware-view.local if you need them without joining the sandbox.
 private-tmp
diff --git a/etc/profile-m-z/vmware.profile b/etc/profile-m-z/vmware.profile
index 74c951fe6..7619ef47b 100644
--- a/etc/profile-m-z/vmware.profile
+++ b/etc/profile-m-z/vmware.profile
@@ -38,6 +38,6 @@ tracelog
 #disable-mnt
 # Add the next line to your vmware.local to enable private-bin.
 #private-bin env,bash,sh,ovftool,vmafossexec,vmaf_*,vmnet-*,vmplayer,vmrest,vmrun,vmss2core,vmstat,vmware,vmware-*
-private-etc alsa,alternatives,asound.conf,ca-certificates,conf.d,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,mtab,passwd,pki,pulse,resolv.conf,ssl,vmware,vmware-installer,vmware-vix
+private-etc @tls-ca,@x11,conf.d,mtab,vmware,vmware-installer,vmware-vix
 dbus-user none
 dbus-system none
diff --git a/etc/profile-m-z/w3m.profile b/etc/profile-m-z/w3m.profile
index 1e111f83e..edc08ca44 100644
--- a/etc/profile-m-z/w3m.profile
+++ b/etc/profile-m-z/w3m.profile
@@ -61,7 +61,7 @@ disable-mnt
 private-bin perl,sh,w3m
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,mailcap,nsswitch.conf,pki,resolv.conf,ssl
+private-etc @tls-ca,mailcap
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/warmux.profile b/etc/profile-m-z/warmux.profile
index 37a8f78bb..5765613d4 100644
--- a/etc/profile-m-z/warmux.profile
+++ b/etc/profile-m-z/warmux.profile
@@ -48,7 +48,7 @@ disable-mnt
 private-bin warmux
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl
+private-etc @tls-ca,host.conf,rpc,services
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/whalebird.profile b/etc/profile-m-z/whalebird.profile
index 8a9614fb0..62d667d57 100644
--- a/etc/profile-m-z/whalebird.profile
+++ b/etc/profile-m-z/whalebird.profile
@@ -22,7 +22,7 @@ whitelist ${HOME}/.config/Whalebird
 no3d
 private-bin electron,electron[0-9],electron[0-9][0-9],whalebird
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl
+private-etc @tls-ca
 # Redirect
 include electron.profile
diff --git a/etc/profile-m-z/whois.profile b/etc/profile-m-z/whois.profile
index d8c72ac8b..8958564ef 100644
--- a/etc/profile-m-z/whois.profile
+++ b/etc/profile-m-z/whois.profile
@@ -46,7 +46,7 @@ private
 private-bin bash,sh,whois
 private-cache
 private-dev
-private-etc alternatives,hosts,jwhois.conf,ld.so.cache,ld.so.preload,resolv.conf,services,whois.conf
+private-etc jwhois.conf,services,whois.conf
 private-lib gconv
 private-tmp
diff --git a/etc/profile-m-z/wire-desktop.profile b/etc/profile-m-z/wire-desktop.profile
index d8742cd71..fc4fa2435 100644
--- a/etc/profile-m-z/wire-desktop.profile
+++ b/etc/profile-m-z/wire-desktop.profile
@@ -26,7 +26,7 @@ mkdir ${HOME}/.config/Wire
 whitelist ${HOME}/.config/Wire
 private-bin bash,electron,electron[0-9],electron[0-9][0-9],env,sh,wire-desktop
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,machine-id,pki,resolv.conf,ssl
+private-etc @tls-ca
 # Redirect
 include electron.profile
diff --git a/etc/profile-m-z/wordwarvi.profile b/etc/profile-m-z/wordwarvi.profile
index ccc2e8dd0..310e8b470 100644
--- a/etc/profile-m-z/wordwarvi.profile
+++ b/etc/profile-m-z/wordwarvi.profile
@@ -44,7 +44,7 @@ private
 private-bin wordwarvi
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.preload,machine-id,pulse
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/xbill.profile b/etc/profile-m-z/xbill.profile
index 1b44b63e0..e85bb9f18 100644
--- a/etc/profile-m-z/xbill.profile
+++ b/etc/profile-m-z/xbill.profile
@@ -43,7 +43,7 @@ private
 private-bin xbill
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload
+private-etc
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/xfce4-mixer.profile b/etc/profile-m-z/xfce4-mixer.profile
index 95eb2046e..9c4fa8293 100644
--- a/etc/profile-m-z/xfce4-mixer.profile
+++ b/etc/profile-m-z/xfce4-mixer.profile
@@ -45,7 +45,7 @@ disable-mnt
 private-bin xfce4-mixer,xfconf-query
 private-cache
 private-dev
-private-etc alternatives,asound.conf,fonts,ld.so.cache,ld.so.preload,machine-id,pulse
+private-etc
 private-tmp
 dbus-user filter
diff --git a/etc/profile-m-z/xfce4-screenshooter.profile b/etc/profile-m-z/xfce4-screenshooter.profile
index 575acc9b2..4d841b35c 100644
--- a/etc/profile-m-z/xfce4-screenshooter.profile
+++ b/etc/profile-m-z/xfce4-screenshooter.profile
@@ -41,7 +41,7 @@ tracelog
 disable-mnt
 private-bin xfce4-screenshooter,xfconf-query
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl
+private-etc @tls-ca,@x11
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/xiphos.profile b/etc/profile-m-z/xiphos.profile
index 371db722c..76e58aff3 100644
--- a/etc/profile-m-z/xiphos.profile
+++ b/etc/profile-m-z/xiphos.profile
@@ -46,7 +46,7 @@ disable-mnt
 private-bin xiphos
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssli,sword,sword.conf
+private-etc @tls-ca,sword,sword.conf
 private-tmp
 restrict-namespaces
diff --git a/etc/profile-m-z/xlinks.profile b/etc/profile-m-z/xlinks.profile
index 404baf607..b597dc7a2 100644
--- a/etc/profile-m-z/xlinks.profile
+++ b/etc/profile-m-z/xlinks.profile
@@ -14,7 +14,7 @@ include whitelist-common.inc
 # if you want to use user-configured programs add 'private-bin PROGRAM1,PROGRAM2'
 # to your xlinks.local or append 'PROGRAM1,PROGRAM2' to this private-bin line
 private-bin xlinks
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload
+private-etc
 # Redirect
 include links.profile
diff --git a/etc/profile-m-z/xlinks2.profile b/etc/profile-m-z/xlinks2.profile
index d7edd3543..83356fb7b 100644
--- a/etc/profile-m-z/xlinks2.profile
+++ b/etc/profile-m-z/xlinks2.profile
@@ -14,7 +14,7 @@ include whitelist-common.inc
 # if you want to use user-configured programs add 'private-bin PROGRAM1,PROGRAM2'
 # to your xlinks.local or append 'PROGRAM1,PROGRAM2' to this private-bin line
 private-bin xlinks2
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload
+private-etc
 # Redirect
 include links2.profile
diff --git a/etc/profile-m-z/xmr-stak.profile b/etc/profile-m-z/xmr-stak.profile
index ad1ba8ca3..b8bf0ae96 100644
--- a/etc/profile-m-z/xmr-stak.profile
+++ b/etc/profile-m-z/xmr-stak.profile
@@ -37,7 +37,7 @@ disable-mnt
 private ${HOME}/.xmr-stak
 private-bin xmr-stak
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl
+private-etc @tls-ca
 #private-lib libxmrstak_opencl_backend,libxmrstak_cuda_backend
 private-opt cuda
 private-tmp
diff --git a/etc/profile-m-z/xonotic.profile b/etc/profile-m-z/xonotic.profile
index 9128c330b..87e75986d 100644
--- a/etc/profile-m-z/xonotic.profile
+++ b/etc/profile-m-z/xonotic.profile
@@ -45,7 +45,7 @@ disable-mnt
 private-cache
 private-bin blind-id,darkplaces-glx,darkplaces-sdl,dirname,ldd,netstat,ps,readlink,sh,uname,xonotic*
 private-dev
-private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl
+private-etc @tls-ca,@x11,host.conf
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/xournal.profile b/etc/profile-m-z/xournal.profile
index a17464a2a..e2e97f028 100644
--- a/etc/profile-m-z/xournal.profile
+++ b/etc/profile-m-z/xournal.profile
@@ -42,7 +42,7 @@ tracelog
 private-bin xournal
 private-cache
 private-dev
-private-etc alternatives,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd
+private-etc
 # TODO should use private-lib
 private-tmp
diff --git a/etc/profile-m-z/xournalpp.profile b/etc/profile-m-z/xournalpp.profile
index a23ad68df..e1c9c03e8 100644
--- a/etc/profile-m-z/xournalpp.profile
+++ b/etc/profile-m-z/xournalpp.profile
@@ -28,7 +28,7 @@ include whitelist-runuser-common.inc
 #include whitelist-common.inc
 private-bin kpsewhich,pdflatex,xournalpp
-private-etc alternatives,latexmk.conf,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,texlive
+private-etc latexmk.conf,texlive
 # Redirect
 include xournal.profile
diff --git a/etc/profile-m-z/xreader.profile b/etc/profile-m-z/xreader.profile
index ff5dc619b..6edbf9357 100644
--- a/etc/profile-m-z/xreader.profile
+++ b/etc/profile-m-z/xreader.profile
@@ -38,7 +38,7 @@ tracelog
 private-bin xreader,xreader-previewer,xreader-thumbnailer
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload
+private-etc
 private-tmp
 memory-deny-write-execute
diff --git a/etc/profile-m-z/yelp.profile b/etc/profile-m-z/yelp.profile
index 6ea7fdfbd..f5dd0c309 100644
--- a/etc/profile-m-z/yelp.profile
+++ b/etc/profile-m-z/yelp.profile
@@ -55,7 +55,7 @@ disable-mnt
 private-bin groff,man,tbl,troff,yelp
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,crypto-policies,cups,dconf,drirc,fonts,gcrypt,groff,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,man_db.conf,openal,os-release,pulse,sgml,xml
+private-etc @games,@tls-ca,@x11,cups,groff,man_db.conf,os-release,sgml,xml
 private-tmp
 dbus-user filter
diff --git a/etc/profile-m-z/youtube-dl-gui.profile b/etc/profile-m-z/youtube-dl-gui.profile
index c846893ef..b706bec4e 100644
--- a/etc/profile-m-z/youtube-dl-gui.profile
+++ b/etc/profile-m-z/youtube-dl-gui.profile
@@ -48,7 +48,7 @@ disable-mnt
 private-bin atomicparsley,ffmpeg,ffprobe,python*,youtube-dl-gui
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,locale,locale.conf,passwd,pki,resolv.conf,ssl
+private-etc @tls-ca,@x11
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/youtube-dl.profile b/etc/profile-m-z/youtube-dl.profile
index 4f2cc9523..8376b4989 100644
--- a/etc/profile-m-z/youtube-dl.profile
+++ b/etc/profile-m-z/youtube-dl.profile
@@ -57,7 +57,7 @@ tracelog
 private-bin env,ffmpeg,python*,youtube-dl
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,pki,resolv.conf,ssl,youtube-dl.conf
+private-etc @tls-ca,mime.types,youtube-dl.conf
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/youtube-viewers-common.profile b/etc/profile-m-z/youtube-viewers-common.profile
index f66e2938b..9ef90eb92 100644
--- a/etc/profile-m-z/youtube-viewers-common.profile
+++ b/etc/profile-m-z/youtube-viewers-common.profile
@@ -59,7 +59,7 @@ disable-mnt
 private-bin bash,ffmpeg,ffprobe,firefox,mpv,perl,python*,sh,smplayer,stty,wget,wget2,which,xterm,youtube-dl,yt-dlp
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,mime.types,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl,X11,xdg
+private-etc @tls-ca,@x11,host.conf,mime.types
 private-tmp
 dbus-user filter
diff --git a/etc/profile-m-z/youtube.profile b/etc/profile-m-z/youtube.profile
index 5c4d697da..9bb1991c2 100644
--- a/etc/profile-m-z/youtube.profile
+++ b/etc/profile-m-z/youtube.profile
@@ -17,7 +17,7 @@ mkdir ${HOME}/.config/Youtube
 whitelist ${HOME}/.config/Youtube
 private-bin electron,electron[0-9],electron[0-9][0-9],youtube
-private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-etc @tls-ca,@x11,bumblebee,host.conf,mime.types
 private-opt Youtube
 # Redirect
diff --git a/etc/profile-m-z/youtubemusic-nativefier.profile b/etc/profile-m-z/youtubemusic-nativefier.profile
index 2b5ffeaaf..09a8a446f 100644
--- a/etc/profile-m-z/youtubemusic-nativefier.profile
+++ b/etc/profile-m-z/youtubemusic-nativefier.profile
@@ -14,7 +14,7 @@ mkdir ${HOME}/.config/youtubemusic-nativefier-040164
 whitelist ${HOME}/.config/youtubemusic-nativefier-040164
 private-bin electron,electron[0-9],electron[0-9][0-9],youtubemusic-nativefier
-private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-etc @tls-ca,@x11,bumblebee,host.conf,mime.types
 private-opt youtubemusic-nativefier
 # Redirect
diff --git a/etc/profile-m-z/yt-dlp.profile b/etc/profile-m-z/yt-dlp.profile
index 6e835b03f..49d4b3b56 100644
--- a/etc/profile-m-z/yt-dlp.profile
+++ b/etc/profile-m-z/yt-dlp.profile
@@ -15,7 +15,7 @@ noblacklist ${HOME}/yt-dlp.conf
 noblacklist ${HOME}/yt-dlp.conf.txt
 private-bin ffprobe,yt-dlp
-private-etc alternatives,ld.so.cache,ld.so.preload,yt-dlp.conf
+private-etc yt-dlp.conf
 # Redirect
 include youtube-dl.profile
diff --git a/etc/profile-m-z/ytmdesktop.profile b/etc/profile-m-z/ytmdesktop.profile
index aa466871c..43b624705 100644
--- a/etc/profile-m-z/ytmdesktop.profile
+++ b/etc/profile-m-z/ytmdesktop.profile
@@ -14,7 +14,7 @@ mkdir ${HOME}/.config/youtube-music-desktop-app
 whitelist ${HOME}/.config/youtube-music-desktop-app
 # private-bin env,ytmdesktop
-private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-etc @tls-ca,@x11,bumblebee,host.conf,mime.types
 # private-opt
 # Redirect
diff --git a/etc/profile-m-z/zathura.profile b/etc/profile-m-z/zathura.profile
index 1daf89c84..35c3f1300 100644
--- a/etc/profile-m-z/zathura.profile
+++ b/etc/profile-m-z/zathura.profile
@@ -48,7 +48,7 @@ tracelog
 private-bin zathura
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id
+private-etc
 # private-lib has problems on Debian 10
 #private-lib gcc/*/*/libgcc_s.so.*,gcc/*/*/libstdc++.so.*,libarchive.so.*,libdjvulibre.so.*,libgirara-gtk*,libpoppler-glib.so.*,libspectre.so.*,zathura
 private-tmp
diff --git a/etc/profile-m-z/zeal.profile b/etc/profile-m-z/zeal.profile
index 453f40e73..caf9eab63 100644
--- a/etc/profile-m-z/zeal.profile
+++ b/etc/profile-m-z/zeal.profile
@@ -60,7 +60,7 @@ disable-mnt
 private-bin zeal
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,pki,protocols,resolv.conf,rpc,services,ssl,Trolltech.conf,X11,xdg
+private-etc @tls-ca,@x11,host.conf,mime.types,rpc,services
 private-tmp
 dbus-user filter
diff --git a/etc/profile-m-z/zim.profile b/etc/profile-m-z/zim.profile
index a9e5aa5c3..69ec3a706 100644
--- a/etc/profile-m-z/zim.profile
+++ b/etc/profile-m-z/zim.profile
@@ -63,7 +63,7 @@ disable-mnt
 private-bin python*,zim
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11
+private-etc @x11,gconf
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/zulip.profile b/etc/profile-m-z/zulip.profile
index b69de3be1..1622b3886 100644
--- a/etc/profile-m-z/zulip.profile
+++ b/etc/profile-m-z/zulip.profile
@@ -43,7 +43,7 @@ disable-mnt
 private-bin locale,zulip
 private-cache
 private-dev
-private-etc alternatives,asound.conf,fonts,ld.so.cache,ld.so.preload,machine-id
+private-etc
 private-tmp
 restrict-namespaces
diff --git a/gcov.sh b/gcov.sh
index 79736d3d8..34fb6e03e 100755
--- a/gcov.sh
+++ b/gcov.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 gcov_init() {
diff --git a/install.sh b/install.sh
index 2d5f29d41..30155cab4 100755
--- a/install.sh
+++ b/install.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 echo "installing..."
diff --git a/linecnt.sh b/linecnt.sh
index 06d136d8c..93cdbd8fc 100755
--- a/linecnt.sh
+++ b/linecnt.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 gcov_init() {
diff --git a/mkasc.sh b/mkasc.sh
index 6de64c6f2..de9bf9851 100755
--- a/mkasc.sh
+++ b/mkasc.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 echo "Calculating SHA256 for all files in /transfer - firejail version $1"
diff --git a/mkdeb.sh b/mkdeb.sh
index 6d7f8b209..edb16fb93 100755
--- a/mkdeb.sh
+++ b/mkdeb.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 # based on http://tldp.org/HOWTO/html_single/Debian-Binary-Package-Building-HOWTO/
diff --git a/mketc.sh b/mketc.sh
index 0e681fa28..c95e688c0 100755
--- a/mketc.sh
+++ b/mketc.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 sed -i -e '
diff --git a/mkman.sh b/mkman.sh
index 79ad16252..58a44ecda 100755
--- a/mkman.sh
+++ b/mkman.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set -e
diff --git a/mkuid.sh b/mkuid.sh
index 7db6c9ac5..90f536aa6 100755
--- a/mkuid.sh
+++ b/mkuid.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 echo "extracting UID_MIN and GID_MIN"
diff --git a/platform/debian/copyright b/platform/debian/copyright
index aef85743e..0c9b982c6 100644
--- a/platform/debian/copyright
+++ b/platform/debian/copyright
@@ -7,7 +7,7 @@ This is the Debian/Ubuntu prepackaged version of firejail.
    and networking stack isolation, and it runs on any recent Linux system. It
    includes a sandbox profile for Mozilla Firefox.
-    Copyright (C) 2014-2022 Firejail Authors (see README file for more details)
+    Copyright (C) 2014-2023 Firejail Authors (see README file for more details)
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/platform/rpm/mkrpm.sh b/platform/rpm/mkrpm.sh
index d597d32fd..34104c7b2 100755
--- a/platform/rpm/mkrpm.sh
+++ b/platform/rpm/mkrpm.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # Usage: ./platform/rpm/mkrpm.sh firejail <version> "<config options>"
diff --git a/src/etc-cleanup/Makefile b/src/etc-cleanup/Makefile
new file mode 100644
index 000000000..349da8821
--- /dev/null
+++ b/src/etc-cleanup/Makefile
@@ -0,0 +1,9 @@
+ROOT = ../..
+-include $(ROOT)/config.mk
+PROG = etc-cleanup
+TARGET = $(PROG)
+MOD_HDRS = ../include/etc-groups.h
+include $(ROOT)/src/prog.mk
diff --git a/src/etc-cleanup/main.c b/src/etc-cleanup/main.c
new file mode 100644
index 000000000..a51043e66
--- /dev/null
+++ b/src/etc-cleanup/main.c
@@ -0,0 +1,255 @@
+/*
+ * Copyright (C) 2014-2023 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#include "../include/etc_groups.h"
+#include "../include/common.h"
+#include <stdarg.h>
+#define MAX_BUF 4098
+#define MAX_ARR 1024
+char *arr[MAX_ARR] = {NULL};
+int arr_cnt = 0;
+static int arr_tls_ca = 0;
+static int arr_x11 = 0;
+static int arr_games = 0;
+static char outbuf[256 * 1024];
+static char *outptr;
+static int arg_replace = 0;
+static int arg_debug = 0;
+void outprintf(char* fmt, ...) {
+        va_list args;
+        va_start(args,fmt);
+        outptr += vsprintf(outptr, fmt, args);
+        va_end(args);
+}
+static int arr_check(const char *fname, char **pptr) {
+        assert(fname);
+        assert(pptr);
+        while (*pptr != NULL) {
+                if (strcmp(fname, *pptr) == 0)
+                        return 1;
+                pptr++;
+        }
+        return 0;
+}
+static void arr_add(const char *fname) {
+        assert(fname);
+        assert(arr_cnt < MAX_ARR);
+        int i;
+        for (i = 0; i < arr_cnt; i++)
+                if (strcmp(arr[i], fname) == 0)
+                        return;
+        arr[arr_cnt] = strdup(fname);
+        if (!arr[arr_cnt])
+                errExit("strdup");
+        arr_cnt++;
+}
+int arr_cmp(const void *p1, const void *p2) {
+        char **ptr1 = (char **) p1;
+        char **ptr2 = (char **) p2;
+        return strcmp(*ptr1, *ptr2);
+}
+static void arr_sort(void) {
+        qsort(&arr[0], arr_cnt, sizeof(char *), arr_cmp);
+}
+static void arr_clean(void) {
+        int i;
+        for (i = 0; i < arr_cnt; i++) {
+                free(arr[i]);
+                arr[i] = NULL;
+        }
+        arr_cnt = 0;
+        arr_games = 0;
+        arr_tls_ca = 0;
+        arr_x11 = 0;
+}
+static char *arr_print(void) {
+        char *last_line = outptr;
+        outprintf("private-etc ");
+        if (arr_games)
+                outprintf("@games,");
+        if (arr_tls_ca)
+                outprintf("@tls-ca,");
+        if (arr_x11)
+                outprintf("@x11,");
+        int i;
+        for (i = 0; i < arr_cnt; i++)
+                outprintf("%s,", arr[i]);
+        if (*(outptr - 1) == ' ' || *(outptr - 1) == ',') {
+                outptr--;
+                *outptr = '\0';
+        }
+        outprintf("\n");
+        return last_line;
+}
+static void process_file(const char *fname) {
+        assert(fname);
+        FILE *fp = fopen(fname, "r");
+        if (!fp) {
+                fprintf(stderr, "Error: cannot open %s file\n", fname);
+                exit(1);
+        }
+        outptr = outbuf;
+        *outptr = '\0';
+        arr_clean();
+        char line[MAX_BUF];
+        char orig_line[MAX_BUF];
+        int cnt = 0;
+        int print = 0;
+        while (fgets(line, MAX_BUF, fp)) {
+                cnt++;
+                if (strncmp(line, "private-etc", 11) != 0)  {
+                        outprintf("%s", line);
+                        continue;
+                }
+                strcpy(orig_line,line);
+                char *ptr = strchr(line, '\n');
+                if (ptr)
+                        *ptr = '\0';
+                ptr = line + 12;
+                while (*ptr == ' ' || *ptr == '\t')
+                        ptr++;
+                // check for blanks and tabs
+                char *ptr2 = ptr;
+                while (*ptr2 != '\0') {
+                        if (*ptr2 == ' ' || *ptr2 == '\t') {
+                                fprintf(stderr, "Error: invalid private-etc line %s:%d\n", fname, cnt);
+                                exit(1);
+                        }
+                        ptr2++;
+                }
+                ptr = strtok(ptr, ",");
+                while (ptr) {
+                        if (arg_debug)
+                                printf("%s\n", ptr);
+                        if (arr_check(ptr, &etc_list[0]));
+                        else if (arr_check(ptr, &etc_group_sound[0]));
+                        else if (arr_check(ptr, &etc_group_network[0]));
+                        else if (strcmp(ptr, "@games") == 0)
+                                arr_games = 1;
+                        else if (strcmp(ptr, "@tls-ca") == 0)
+                                arr_tls_ca = 1;
+                        else if (strcmp(ptr, "@x11") == 0)
+                                arr_x11 = 1;
+                        else if (arr_check(ptr, &etc_group_games[0]))
+                                arr_games = 1;
+                        else if (arr_check(ptr, &etc_group_tls_ca[0]))
+                                arr_tls_ca = 1;
+                        else if (arr_check(ptr, &etc_group_x11[0]))
+                                arr_x11 = 1;
+                        else
+                                arr_add(ptr);
+                        ptr = strtok(NULL, ",");
+                }
+                arr_sort();
+                char *last_line = arr_print();
+                if (strcmp(last_line, orig_line) == 0) {
+                        fclose(fp);
+                        return;
+                }
+                printf("\n********************\nfile: %s\n\nold: %s\nnew: %s\n", fname, orig_line, last_line);
+                print = 1;
+        }
+        fclose(fp);
+        if (print && arg_replace) {
+                fp = fopen(fname, "w");
+                if (!fp) {
+                        fprintf(stderr, "Error: cannot open profile file\n");
+                        exit(1);
+                }
+                fprintf(fp, "%s", outbuf);
+                fclose(fp);
+        }
+}
+static void usage(void) {
+        printf("usage: cleanup-etc [options] file.profile [file.profile]\n");
+        printf("Group and clean private-etc entries in one or more profile files.\n");
+        printf("Options:\n");
+        printf("   --debug - print debug messages\n");
+        printf("   -h, -?, --help - this help screen\n");
+        printf("   --replace - replace profile file\n");
+}
+int main(int argc, char **argv) {
+        if (argc < 2) {
+                fprintf(stderr, "Error: invalid number of parameters\n");
+                usage();
+                return 1;
+        }
+        int i;
+        for (i = 1; i < argc; i++) {
+                if (strcmp(argv[i], "-h") == 0 ||
+                     strcmp(argv[i], "-?") == 0 ||
+                     strcmp(argv[i], "--help") == 0) {
+                        usage();
+                        return 0;
+                }
+                else if (strcmp(argv[i], "--debug") == 0)
+                        arg_debug = 1;
+                else if (strcmp(argv[i], "--replace") == 0)
+                        arg_replace = 1;
+                else if (*argv[i] == '-') {
+                        fprintf(stderr, "Error: invalid program option %s\n", argv[i]);
+                        return 1;
+                }
+                else
+                        break;
+        }
+        for (; i < argc; i++)
+                process_file(argv[i]);
+        return 0;
+}
+\ No newline at end of file
diff --git a/src/fbuilder/build_bin.c b/src/fbuilder/build_bin.c
index 041c52629..2a88d44c0 100644
--- a/src/fbuilder/build_bin.c
+++ b/src/fbuilder/build_bin.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c
index 88b5eaad3..f00134e1d 100644
--- a/src/fbuilder/build_fs.c
+++ b/src/fbuilder/build_fs.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fbuilder/build_home.c b/src/fbuilder/build_home.c
index 00f227c95..6d96b69cc 100644
--- a/src/fbuilder/build_home.c
+++ b/src/fbuilder/build_home.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c
index d57db7f42..75f1c10d7 100644
--- a/src/fbuilder/build_profile.c
+++ b/src/fbuilder/build_profile.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fbuilder/build_seccomp.c b/src/fbuilder/build_seccomp.c
index b772de45f..159340dea 100644
--- a/src/fbuilder/build_seccomp.c
+++ b/src/fbuilder/build_seccomp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fbuilder/fbuilder.h b/src/fbuilder/fbuilder.h
index b07209e51..c82f90c8d 100644
--- a/src/fbuilder/fbuilder.h
+++ b/src/fbuilder/fbuilder.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fbuilder/filedb.c b/src/fbuilder/filedb.c
index 89b6980d2..4089f3806 100644
--- a/src/fbuilder/filedb.c
+++ b/src/fbuilder/filedb.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fbuilder/main.c b/src/fbuilder/main.c
index aa49b2489..ebb273f12 100644
--- a/src/fbuilder/main.c
+++ b/src/fbuilder/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fbuilder/utils.c b/src/fbuilder/utils.c
index f89e69679..fa432d003 100644
--- a/src/fbuilder/utils.c
+++ b/src/fbuilder/utils.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fcopy/main.c b/src/fcopy/main.c
index b0b7f7024..f1deabf2e 100644
--- a/src/fcopy/main.c
+++ b/src/fcopy/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fids/blake2b.c b/src/fids/blake2b.c
index ec7cf8602..ca884dfc0 100644
--- a/src/fids/blake2b.c
+++ b/src/fids/blake2b.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fids/db.c b/src/fids/db.c
index e8dfab1ac..6a21a4e14 100644
--- a/src/fids/db.c
+++ b/src/fids/db.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fids/db_exclude.c b/src/fids/db_exclude.c
index cfb37219c..18a05209a 100644
--- a/src/fids/db_exclude.c
+++ b/src/fids/db_exclude.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fids/fids.h b/src/fids/fids.h
index 93ae106a1..8bbdcb6db 100644
--- a/src/fids/fids.h
+++ b/src/fids/fids.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fids/main.c b/src/fids/main.c
index e6be365d1..f1dfdac8e 100644
--- a/src/fids/main.c
+++ b/src/fids/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c
index 408662907..963e05ff3 100644
--- a/src/firecfg/desktop_files.c
+++ b/src/firecfg/desktop_files.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 793ec9a52..db73dd1f6 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -519,6 +519,7 @@ matrix-mirage
 mattermost-desktop
 mcabber
 mcomix
+md5sum
 mediainfo
 mediathekview
 megaglest
@@ -736,6 +737,11 @@ seahorse-tool
 seamonkey
 seamonkey-bin
 secret-tool
+sha1sum
+sha224sum
+sha256sum
+sha348sum
+sha512sum
 shellcheck
 shortwave
 shotcut
@@ -775,6 +781,7 @@ straw-viewer
 strings
 studio.sh
 subdownloader
+sum
 supertux2
 supertuxkart
 surf
diff --git a/src/firecfg/firecfg.h b/src/firecfg/firecfg.h
index f54bfd5b5..825bf8d03 100644
--- a/src/firecfg/firecfg.h
+++ b/src/firecfg/firecfg.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firecfg/firejail-welcome.sh b/src/firecfg/firejail-welcome.sh
index 3ff06d87e..a8482a957 100755
--- a/src/firecfg/firejail-welcome.sh
+++ b/src/firecfg/firejail-welcome.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2020-2022 Firejail Authors
+# Copyright (C) 2020-2023 Firejail Authors
 # License GPL v2
 #
 # Usage: firejail-welcome PROGRAM SYSCONFDIR USER_NAME
diff --git a/src/firecfg/main.c b/src/firecfg/main.c
index 07e30415b..e1ff7e17a 100644
--- a/src/firecfg/main.c
+++ b/src/firecfg/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firecfg/sound.c b/src/firecfg/sound.c
index 9d04c951b..2c8c28191 100644
--- a/src/firecfg/sound.c
+++ b/src/firecfg/sound.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firecfg/util.c b/src/firecfg/util.c
index 4697e7dd9..dc24d4e68 100644
--- a/src/firecfg/util.c
+++ b/src/firecfg/util.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c
index 479473572..f93891af2 100644
--- a/src/firejail/appimage.c
+++ b/src/firejail/appimage.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/appimage_size.c b/src/firejail/appimage_size.c
index 4f8c7a7aa..6bb530d12 100644
--- a/src/firejail/appimage_size.c
+++ b/src/firejail/appimage_size.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/arp.c b/src/firejail/arp.c
index cbd80dee0..bfb522d38 100644
--- a/src/firejail/arp.c
+++ b/src/firejail/arp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c
index fa9d3a940..b6a588e36 100644
--- a/src/firejail/bandwidth.c
+++ b/src/firejail/bandwidth.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/caps.c b/src/firejail/caps.c
index d88a99132..d11adc9d5 100644
--- a/src/firejail/caps.c
+++ b/src/firejail/caps.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index 62b8c4dc4..56f983854 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c
index 72322221c..fef7eb724 100644
--- a/src/firejail/chroot.c
+++ b/src/firejail/chroot.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/cmdline.c b/src/firejail/cmdline.c
index 6f7739da0..45b82f4f7 100644
--- a/src/firejail/cmdline.c
+++ b/src/firejail/cmdline.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/cpu.c b/src/firejail/cpu.c
index 917726359..ada76bc76 100644
--- a/src/firejail/cpu.c
+++ b/src/firejail/cpu.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/dbus.c b/src/firejail/dbus.c
index 66738bd4b..a41071305 100644
--- a/src/firejail/dbus.c
+++ b/src/firejail/dbus.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/dhcp.c b/src/firejail/dhcp.c
index fb66d74ff..60fa34517 100644
--- a/src/firejail/dhcp.c
+++ b/src/firejail/dhcp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/env.c b/src/firejail/env.c
index 8d2b9ea5a..ede5f812d 100644
--- a/src/firejail/env.c
+++ b/src/firejail/env.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 66d2d8b83..30c1b441c 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -332,6 +332,7 @@ extern int arg_nice;		// nice value configured
 extern int arg_ipc;             // enable ipc namespace
 extern int arg_writable_etc;    // writable etc
 extern int arg_keep_config_pulse;       // disable automatic ~/.config/pulse init
+extern int arg_keep_shell_rc;   // do not copy shell configuration from /etc/skel
 extern int arg_writable_var;    // writable var
 extern int arg_keep_var_tmp; // don't overwrite /var/tmp
 extern int arg_writable_run_user;       // writable /run/user
@@ -524,6 +525,7 @@ int macro_id(const char *name);
 // util.c
+int invalid_name(const char *name);
 void errLogExit(char* fmt, ...) __attribute__((noreturn));
 void fwarning(char* fmt, ...);
 void fmessage(char* fmt, ...);
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 89a67f686..d7a2edc3b 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c
index 6228e9740..04c5a7d07 100644
--- a/src/firejail/fs_bin.c
+++ b/src/firejail/fs_bin.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c
index a6fbbb89a..51a58013d 100644
--- a/src/firejail/fs_dev.c
+++ b/src/firejail/fs_dev.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
index 83f140d80..6c4d4c0c6 100644
--- a/src/firejail/fs_etc.c
+++ b/src/firejail/fs_etc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index 8c4cb3d4f..624e74fe4 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -361,7 +361,8 @@ void fs_private_homedir(void) {
        }
        EUID_USER();
-        skel(homedir);
+        if (!arg_keep_shell_rc)
+                skel(homedir);
        if (xflag)
                copy_xauthority();
        if (aflag)
@@ -430,7 +431,8 @@ void fs_private(void) {
                selinux_relabel_path(homedir, homedir);
        }
-        skel(homedir);
+        if (!arg_keep_shell_rc)
+                skel(homedir);
        if (xflag)
                copy_xauthority();
        if (aflag)
@@ -682,7 +684,8 @@ void fs_private_home_list(void) {
                errExit("mounting tmpfs");
        EUID_USER();
-        skel(homedir);
+        if (!arg_keep_shell_rc)
+                skel(homedir);
        if (xflag)
                copy_xauthority();
        if (aflag)
diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c
index dca394865..bf4435310 100644
--- a/src/firejail/fs_hostname.c
+++ b/src/firejail/fs_hostname.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c
index 5d6d81ae1..e349941fa 100644
--- a/src/firejail/fs_lib.c
+++ b/src/firejail/fs_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/fs_lib2.c b/src/firejail/fs_lib2.c
index aefd38e3c..540c3286f 100644
--- a/src/firejail/fs_lib2.c
+++ b/src/firejail/fs_lib2.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/fs_logger.c b/src/firejail/fs_logger.c
index 8b6c41278..b2db40a62 100644
--- a/src/firejail/fs_logger.c
+++ b/src/firejail/fs_logger.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c
index 30dbd8e9b..d59735401 100644
--- a/src/firejail/fs_mkdir.c
+++ b/src/firejail/fs_mkdir.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/fs_overlayfs.c b/src/firejail/fs_overlayfs.c
index 167a7e28b..b2b24cf69 100644
--- a/src/firejail/fs_overlayfs.c
+++ b/src/firejail/fs_overlayfs.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c
index 4cecea9ce..05fd89f53 100644
--- a/src/firejail/fs_trace.c
+++ b/src/firejail/fs_trace.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c
index ad5ee6759..690780a0e 100644
--- a/src/firejail/fs_var.c
+++ b/src/firejail/fs_var.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 3377b2592..471fa3a56 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/ids.c b/src/firejail/ids.c
index fdb78d6e6..e371f5c6d 100644
--- a/src/firejail/ids.c
+++ b/src/firejail/ids.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/join.c b/src/firejail/join.c
index 01fd6c41d..5ef54002b 100644
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/ls.c b/src/firejail/ls.c
index 6494372cb..f2782de35 100644
--- a/src/firejail/ls.c
+++ b/src/firejail/ls.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/macros.c b/src/firejail/macros.c
index 3f9460041..27bb4227a 100644
--- a/src/firejail/macros.c
+++ b/src/firejail/macros.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 02fcb77d7..7a9d3d00d 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -127,6 +127,7 @@ int arg_nice = 0;				// nice value configured
 int arg_ipc = 0;                                        // enable ipc namespace
 int arg_writable_etc = 0;                       // writable etc
 int arg_keep_config_pulse = 0;                  // disable automatic ~/.config/pulse init
+int arg_keep_shell_rc = 0;                      // do not copy shell configuration from /etc/skel
 int arg_writable_var = 0;                       // writable var
 int arg_keep_var_tmp = 0;                       // don't overwrite /var/tmp
 int arg_writable_run_user = 0;                  // writable /run/user
@@ -1975,6 +1976,9 @@ int main(int argc, char **argv, char **envp) {
                else if (strcmp(argv[i], "--keep-config-pulse") == 0) {
                        arg_keep_config_pulse = 1;
                }
+                else if (strcmp(argv[i], "--keep-shell-rc") == 0) {
+                        arg_keep_shell_rc = 1;
+                }
                else if (strcmp(argv[i], "--writable-var") == 0) {
                        arg_writable_var = 1;
                }
@@ -2172,22 +2176,13 @@ int main(int argc, char **argv, char **envp) {
                // hostname, etc
                //*************************************
                else if (strncmp(argv[i], "--name=", 7) == 0) {
-                        int only_numbers = 1;
                        cfg.name = argv[i] + 7;
                        if (strlen(cfg.name) == 0) {
                                fprintf(stderr, "Error: please provide a name for sandbox\n");
                                return 1;
                        }
-                        const char *c = cfg.name;
+                        if (invalid_name(cfg.name)) {
-                        while (*c) {
+                                fprintf(stderr, "Error: invalid sandbox name\n");
-                                if (!isdigit(*c)) {
-                                        only_numbers = 0;
-                                        break;
-                                }
-                                ++c;
-                        }
-                        if (only_numbers) {
-                                fprintf(stderr, "Error: invalid sandbox name: it only contains digits\n");
                                return 1;
                        }
                }
@@ -2197,6 +2192,10 @@ int main(int argc, char **argv, char **envp) {
                                fprintf(stderr, "Error: please provide a hostname for sandbox\n");
                                return 1;
                        }
+                        if (invalid_name(cfg.hostname)) {
+                                fprintf(stderr, "Error: invalid hostname\n");
+                                return 1;
+                        }
                }
                else if (strcmp(argv[i], "--nogroups") == 0)
                        arg_nogroups = 1;
diff --git a/src/firejail/mountinfo.c b/src/firejail/mountinfo.c
index 56c0bda30..c9be158da 100644
--- a/src/firejail/mountinfo.c
+++ b/src/firejail/mountinfo.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c
index aab03c796..b4deda562 100644
--- a/src/firejail/netfilter.c
+++ b/src/firejail/netfilter.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/netns.c b/src/firejail/netns.c
index c72c009ae..2a4624695 100644
--- a/src/firejail/netns.c
+++ b/src/firejail/netns.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2020-2022 Firejail Authors
+ * Copyright (C) 2020-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/network.c b/src/firejail/network.c
index e631745fb..5163035fa 100644
--- a/src/firejail/network.c
+++ b/src/firejail/network.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c
index 46ddf269e..78697b010 100644
--- a/src/firejail/network_main.c
+++ b/src/firejail/network_main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c
index f5e287e32..3997d8f86 100644
--- a/src/firejail/no_sandbox.c
+++ b/src/firejail/no_sandbox.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/oom.c b/src/firejail/oom.c
index f5f4b978e..f4df3538c 100644
--- a/src/firejail/oom.c
+++ b/src/firejail/oom.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/output.c b/src/firejail/output.c
index f9df9f3d4..57679901f 100644
--- a/src/firejail/output.c
+++ b/src/firejail/output.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/paths.c b/src/firejail/paths.c
index 6d62c9004..6bc6230f0 100644
--- a/src/firejail/paths.c
+++ b/src/firejail/paths.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c
index 44f82681a..6055ec95b 100644
--- a/src/firejail/preproc.c
+++ b/src/firejail/preproc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/process.c b/src/firejail/process.c
index fa6b1394d..7faa2221a 100644
--- a/src/firejail/process.c
+++ b/src/firejail/process.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index d01999ec5..202bcf4da 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -1235,6 +1235,11 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                return 0;
        }
+        if (strcmp(ptr, "keep-shell-rc") == 0) {
+                arg_keep_shell_rc = 1;
+                return 0;
+        }
        // writable-var
        if (strcmp(ptr, "writable-var") == 0) {
                arg_writable_var = 1;
diff --git a/src/firejail/protocol.c b/src/firejail/protocol.c
index 37782b756..91d63b505 100644
--- a/src/firejail/protocol.c
+++ b/src/firejail/protocol.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c
index 320668bf9..ce20e1098 100644
--- a/src/firejail/pulseaudio.c
+++ b/src/firejail/pulseaudio.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c
index 447d7b663..b95c9a96b 100644
--- a/src/firejail/restrict_users.c
+++ b/src/firejail/restrict_users.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/restricted_shell.c b/src/firejail/restricted_shell.c
index c1340cae1..a22e63ab3 100644
--- a/src/firejail/restricted_shell.c
+++ b/src/firejail/restricted_shell.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/rlimit.c b/src/firejail/rlimit.c
index b10d2c528..d583cbefa 100644
--- a/src/firejail/rlimit.c
+++ b/src/firejail/rlimit.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/run_files.c b/src/firejail/run_files.c
index 212a69bc3..a20085294 100644
--- a/src/firejail/run_files.c
+++ b/src/firejail/run_files.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/run_symlink.c b/src/firejail/run_symlink.c
index e2847aea6..dc247280b 100644
--- a/src/firejail/run_symlink.c
+++ b/src/firejail/run_symlink.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index ec3bc250e..c4dc0ca78 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c
index a37943940..11ea5b036 100644
--- a/src/firejail/sbox.c
+++ b/src/firejail/sbox.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c
index 84748da77..15a707d3f 100644
--- a/src/firejail/seccomp.c
+++ b/src/firejail/seccomp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/selinux.c b/src/firejail/selinux.c
index 0348cef4b..c96896497 100644
--- a/src/firejail/selinux.c
+++ b/src/firejail/selinux.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2020-2022 Firejail and systemd authors
+ * Copyright (C) 2020-2023 Firejail and systemd authors
 *
 * This file is part of firejail project, from systemd selinux-util.c
 *
diff --git a/src/firejail/shutdown.c b/src/firejail/shutdown.c
index fb1ddef73..67b605acd 100644
--- a/src/firejail/shutdown.c
+++ b/src/firejail/shutdown.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index bf4550dd8..2e10fb959 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -129,6 +129,7 @@ static char *usage_str =
        "    --keep-config-pulse - disable automatic ~/.config/pulse init.\n"
        "    --keep-dev-shm - /dev/shm directory is untouched (even with --private-dev).\n"
        "    --keep-fd - inherit open file descriptors to sandbox.\n"
+        "    --keep-shell-rc - do not copy shell rc files from /etc/skel\n"
        "    --keep-var-tmp - /var/tmp directory is untouched.\n"
        "    --list - list all sandboxes.\n"
 #ifdef HAVE_FILE_TRANSFER
diff --git a/src/firejail/util.c b/src/firejail/util.c
index b35225620..846c27321 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -1448,6 +1448,29 @@ static int has_link(const char *dir) {
        return 0;
 }
+// allow strict ASCII letters and numbers; names with only numbers are rejected; spaces are rejected
+int invalid_name(const char *name) {
+        const char *c = name;
+        int only_numbers = 1;
+        while (*c) {
+                if (!isalnum(*c))
+                        return 1;
+                if (!isdigit(*c))
+                        only_numbers = 0;
+                ++c;
+        }
+        if (only_numbers)
+                return 1;
+        // restrict name to 64 chars max
+        if (strlen(name) > 64)
+                return 1;
+        return 0;
+}
 void check_homedir(const char *dir) {
        assert(dir);
        if (dir[0] != '/') {
diff --git a/src/firejail/x11.c b/src/firejail/x11.c
index f173b6672..2eaa9bde5 100644
--- a/src/firejail/x11.c
+++ b/src/firejail/x11.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/apparmor.c b/src/firemon/apparmor.c
index 7103ab7af..462853f02 100644
--- a/src/firemon/apparmor.c
+++ b/src/firemon/apparmor.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/arp.c b/src/firemon/arp.c
index 1a01da016..863d551f8 100644
--- a/src/firemon/arp.c
+++ b/src/firemon/arp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/caps.c b/src/firemon/caps.c
index 045cd1968..5a73cc37e 100644
--- a/src/firemon/caps.c
+++ b/src/firemon/caps.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/cpu.c b/src/firemon/cpu.c
index 31e4eb7fd..b5e824933 100644
--- a/src/firemon/cpu.c
+++ b/src/firemon/cpu.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c
index 4ee319a7e..01167e555 100644
--- a/src/firemon/firemon.c
+++ b/src/firemon/firemon.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/firemon.h b/src/firemon/firemon.h
index d12091217..dae071e89 100644
--- a/src/firemon/firemon.h
+++ b/src/firemon/firemon.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/interface.c b/src/firemon/interface.c
index f57616ed7..a8e78133b 100644
--- a/src/firemon/interface.c
+++ b/src/firemon/interface.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/list.c b/src/firemon/list.c
index d066c7a5f..d068e653c 100644
--- a/src/firemon/list.c
+++ b/src/firemon/list.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/netstats.c b/src/firemon/netstats.c
index 156efe67d..6bf013d9d 100644
--- a/src/firemon/netstats.c
+++ b/src/firemon/netstats.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c
index 4edbaab07..ff4fdda56 100644
--- a/src/firemon/procevent.c
+++ b/src/firemon/procevent.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/route.c b/src/firemon/route.c
index 86f4d85ae..a8415616e 100644
--- a/src/firemon/route.c
+++ b/src/firemon/route.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/seccomp.c b/src/firemon/seccomp.c
index ba0017eff..865ed138e 100644
--- a/src/firemon/seccomp.c
+++ b/src/firemon/seccomp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/top.c b/src/firemon/top.c
index 56f171f5b..c127e2f56 100644
--- a/src/firemon/top.c
+++ b/src/firemon/top.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/tree.c b/src/firemon/tree.c
index 7ad413772..85e8d591a 100644
--- a/src/firemon/tree.c
+++ b/src/firemon/tree.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/usage.c b/src/firemon/usage.c
index a1b6098ef..169ec9163 100644
--- a/src/firemon/usage.c
+++ b/src/firemon/usage.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/x11.c b/src/firemon/x11.c
index 16ee0a2d6..01a26bb8a 100644
--- a/src/firemon/x11.c
+++ b/src/firemon/x11.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fldd/main.c b/src/fldd/main.c
index 898e0f36a..390f7a1bc 100644
--- a/src/fldd/main.c
+++ b/src/fldd/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnet/arp.c b/src/fnet/arp.c
index ed110c271..1e90dafa3 100644
--- a/src/fnet/arp.c
+++ b/src/fnet/arp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnet/fnet.h b/src/fnet/fnet.h
index 41db5aa1b..c9d40ec1d 100644
--- a/src/fnet/fnet.h
+++ b/src/fnet/fnet.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnet/interface.c b/src/fnet/interface.c
index 072dbf381..aa0981269 100644
--- a/src/fnet/interface.c
+++ b/src/fnet/interface.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnet/main.c b/src/fnet/main.c
index d39fcfc84..1c48622a0 100644
--- a/src/fnet/main.c
+++ b/src/fnet/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnet/veth.c b/src/fnet/veth.c
index bd6e33583..2a23c6bd4 100644
--- a/src/fnet/veth.c
+++ b/src/fnet/veth.c
@@ -26,7 +26,7 @@
 *
 */
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnetfilter/main.c b/src/fnetfilter/main.c
index a89e12933..978d145b3 100644
--- a/src/fnetfilter/main.c
+++ b/src/fnetfilter/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnettrace-dns/fnettrace_dns.h b/src/fnettrace-dns/fnettrace_dns.h
index db2e1a668..6d8a3c211 100644
--- a/src/fnettrace-dns/fnettrace_dns.h
+++ b/src/fnettrace-dns/fnettrace_dns.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnettrace-dns/main.c b/src/fnettrace-dns/main.c
index 48bf14710..60738147d 100644
--- a/src/fnettrace-dns/main.c
+++ b/src/fnettrace-dns/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnettrace-icmp/fnettrace_icmp.h b/src/fnettrace-icmp/fnettrace_icmp.h
index 790a3ce7f..f535106e1 100644
--- a/src/fnettrace-icmp/fnettrace_icmp.h
+++ b/src/fnettrace-icmp/fnettrace_icmp.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnettrace-icmp/main.c b/src/fnettrace-icmp/main.c
index bb857c922..714917547 100644
--- a/src/fnettrace-icmp/main.c
+++ b/src/fnettrace-icmp/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnettrace-sni/fnettrace_sni.h b/src/fnettrace-sni/fnettrace_sni.h
index 790a3ce7f..f535106e1 100644
--- a/src/fnettrace-sni/fnettrace_sni.h
+++ b/src/fnettrace-sni/fnettrace_sni.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnettrace-sni/main.c b/src/fnettrace-sni/main.c
index d0f75dac9..b8490b4f7 100644
--- a/src/fnettrace-sni/main.c
+++ b/src/fnettrace-sni/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnettrace/fnettrace.h b/src/fnettrace/fnettrace.h
index b30a9f10d..d3bc6439e 100644
--- a/src/fnettrace/fnettrace.h
+++ b/src/fnettrace/fnettrace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnettrace/hostnames.c b/src/fnettrace/hostnames.c
index 71ce672b5..4f5641dfb 100644
--- a/src/fnettrace/hostnames.c
+++ b/src/fnettrace/hostnames.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnettrace/main.c b/src/fnettrace/main.c
index f57aa6c87..2f421562e 100644
--- a/src/fnettrace/main.c
+++ b/src/fnettrace/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnettrace/radix.c b/src/fnettrace/radix.c
index c9493717d..97e890bec 100644
--- a/src/fnettrace/radix.c
+++ b/src/fnettrace/radix.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnettrace/radix.h b/src/fnettrace/radix.h
index c22c5c547..85a75d0d7 100644
--- a/src/fnettrace/radix.h
+++ b/src/fnettrace/radix.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnettrace/static-ip-map b/src/fnettrace/static-ip-map
index e310354af..935872b6d 100644
--- a/src/fnettrace/static-ip-map
+++ b/src/fnettrace/static-ip-map
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 #
 # This file is part of firejail project
 #
diff --git a/src/fnettrace/tail.c b/src/fnettrace/tail.c
index a910788d6..3b1b274f8 100644
--- a/src/fnettrace/tail.c
+++ b/src/fnettrace/tail.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fsec-optimize/fsec_optimize.h b/src/fsec-optimize/fsec_optimize.h
index 2a77f69aa..f26f26907 100644
--- a/src/fsec-optimize/fsec_optimize.h
+++ b/src/fsec-optimize/fsec_optimize.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fsec-optimize/main.c b/src/fsec-optimize/main.c
index ec3420e16..0a9b7c9b9 100644
--- a/src/fsec-optimize/main.c
+++ b/src/fsec-optimize/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fsec-optimize/optimizer.c b/src/fsec-optimize/optimizer.c
index 20333a8a8..c9b82b1a2 100644
--- a/src/fsec-optimize/optimizer.c
+++ b/src/fsec-optimize/optimizer.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fsec-print/fsec_print.h b/src/fsec-print/fsec_print.h
index a754e2295..48cdcac7d 100644
--- a/src/fsec-print/fsec_print.h
+++ b/src/fsec-print/fsec_print.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fsec-print/main.c b/src/fsec-print/main.c
index 039377999..de93f260e 100644
--- a/src/fsec-print/main.c
+++ b/src/fsec-print/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fsec-print/print.c b/src/fsec-print/print.c
index f6af20f04..2f3b6f935 100644
--- a/src/fsec-print/print.c
+++ b/src/fsec-print/print.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fseccomp/fseccomp.h b/src/fseccomp/fseccomp.h
index 5911b5156..df971d2d9 100644
--- a/src/fseccomp/fseccomp.h
+++ b/src/fseccomp/fseccomp.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fseccomp/main.c b/src/fseccomp/main.c
index 01d7dd8cf..1edbad764 100644
--- a/src/fseccomp/main.c
+++ b/src/fseccomp/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fseccomp/namespaces.c b/src/fseccomp/namespaces.c
index 8254b54ef..ffc1dfe4c 100644
--- a/src/fseccomp/namespaces.c
+++ b/src/fseccomp/namespaces.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fseccomp/protocol.c b/src/fseccomp/protocol.c
index ea5cd5bd4..7c1c99df1 100644
--- a/src/fseccomp/protocol.c
+++ b/src/fseccomp/protocol.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fseccomp/seccomp.c b/src/fseccomp/seccomp.c
index 49b789755..9941b9ccd 100644
--- a/src/fseccomp/seccomp.c
+++ b/src/fseccomp/seccomp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fseccomp/seccomp_file.c b/src/fseccomp/seccomp_file.c
index ee18ca74f..9ce2dabb1 100644
--- a/src/fseccomp/seccomp_file.c
+++ b/src/fseccomp/seccomp_file.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fseccomp/seccomp_secondary.c b/src/fseccomp/seccomp_secondary.c
index d4ccd96b2..a90544c81 100644
--- a/src/fseccomp/seccomp_secondary.c
+++ b/src/fseccomp/seccomp_secondary.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fshaper/fshaper.sh b/src/fshaper/fshaper.sh
index a8379612d..451cae644 100755
--- a/src/fshaper/fshaper.sh
+++ b/src/fshaper/fshaper.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 TCFILE=""
diff --git a/src/ftee/ftee.h b/src/ftee/ftee.h
index 458308a4c..d8cb4ae84 100644
--- a/src/ftee/ftee.h
+++ b/src/ftee/ftee.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/ftee/main.c b/src/ftee/main.c
index d408566fa..0a492b41e 100644
--- a/src/ftee/main.c
+++ b/src/ftee/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/include/common.h b/src/include/common.h
index ed6560701..a0ad8c765 100644
--- a/src/include/common.h
+++ b/src/include/common.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -143,6 +143,7 @@ int pid_proc_cmdline_x11_xpra_xephyr(const pid_t pid);
 int pid_hidepid(void);
 char *do_replace_cntrl_chars(char *str, char c);
 char *replace_cntrl_chars(const char *str, char c);
+char *escape_cntrl_chars(const char *str);
 int has_cntrl_chars(const char *str);
 void reject_cntrl_chars(const char *fname);
 void reject_meta_chars(const char *fname, int globbing);
diff --git a/src/include/etc_groups.h b/src/include/etc_groups.h
index 052b737db..0ed5d4e32 100644
--- a/src/include/etc_groups.h
+++ b/src/include/etc_groups.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -20,6 +20,7 @@
 #ifndef ETC_GROUPS_H
 #define ETC_GROUPS_H
+#include <stddef.h>
 #define ETC_MAX 256
@@ -39,6 +40,7 @@ static char *etc_list[ETC_MAX + 1] = { // plus 1 for ending NULL pointer
        "login.defs", // firejail reading UID/GID MIN and MAX at startup
        "nsswitch.conf",
        "passwd",
+        "selinux",
        NULL
 };
@@ -47,6 +49,7 @@ static char *etc_group_games[] = {
        "openal", // 3D sound
        "timidity", // MIDI
        "timidity.cfg",
+        "vulkan", // next generation OpenGL stack
        NULL
 };
@@ -72,7 +75,8 @@ static char *etc_group_sound[] = {
 static char *etc_group_tls_ca[] = {
        "ca-certificates",
        "crypto-policies",
-        "gcrypt",
+        "gcrypt", // GNU crypto library - contains hardware config for various encryption schemes
+                // and random number generators. The file is not installed by Debian.
        "pki",
        "ssl",
        NULL
@@ -80,14 +84,17 @@ static char *etc_group_tls_ca[] = {
 // @x11
 static char *etc_group_x11[] = {
+        "ati", // 3D
        "dconf",
        "drirc",
        "gtk-2.0",
        "gtk-3.0",
        "kde4rc",
        "kde5rc",
-        "nvidia",
+        "machine-id", // QT dbus lib is crashing without it!
+        "nvidia", // 3D
        "pango", // text rendering/internationalization
+        "Trolltech.conf", // old QT config file
        "X11",
        "xdg",
        NULL
diff --git a/src/include/euid_common.h b/src/include/euid_common.h
index f40cbb9de..0c7e9d24e 100644
--- a/src/include/euid_common.h
+++ b/src/include/euid_common.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/include/firejail_user.h b/src/include/firejail_user.h
index 6cf895db8..9198ce216 100644
--- a/src/include/firejail_user.h
+++ b/src/include/firejail_user.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/include/gcov_wrapper.h b/src/include/gcov_wrapper.h
index f714a9b20..b56b4e736 100644
--- a/src/include/gcov_wrapper.h
+++ b/src/include/gcov_wrapper.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/include/ldd_utils.h b/src/include/ldd_utils.h
index e9dac1171..00151afab 100644
--- a/src/include/ldd_utils.h
+++ b/src/include/ldd_utils.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/include/pid.h b/src/include/pid.h
index d2f912b2a..80aa9f240 100644
--- a/src/include/pid.h
+++ b/src/include/pid.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/include/rundefs.h b/src/include/rundefs.h
index b3ad564ac..af42b0984 100644
--- a/src/include/rundefs.h
+++ b/src/include/rundefs.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/include/seccomp.h b/src/include/seccomp.h
index 503bf54ac..ef3fe6c3a 100644
--- a/src/include/seccomp.h
+++ b/src/include/seccomp.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/include/syscall.h b/src/include/syscall.h
index 68be16a04..c9fa0c68f 100644
--- a/src/include/syscall.h
+++ b/src/include/syscall.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/jailcheck/access.c b/src/jailcheck/access.c
index 3e99b0b52..08c3a51a1 100644
--- a/src/jailcheck/access.c
+++ b/src/jailcheck/access.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/jailcheck/apparmor.c b/src/jailcheck/apparmor.c
index 521ce047e..9b6b72fb7 100644
--- a/src/jailcheck/apparmor.c
+++ b/src/jailcheck/apparmor.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/jailcheck/jailcheck.h b/src/jailcheck/jailcheck.h
index 2d25ee8ce..f6bee9436 100644
--- a/src/jailcheck/jailcheck.h
+++ b/src/jailcheck/jailcheck.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/jailcheck/main.c b/src/jailcheck/main.c
index 04fc3a6af..8e0aaa860 100644
--- a/src/jailcheck/main.c
+++ b/src/jailcheck/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/jailcheck/network.c b/src/jailcheck/network.c
index 8f70c6ff0..961a66105 100644
--- a/src/jailcheck/network.c
+++ b/src/jailcheck/network.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/jailcheck/noexec.c b/src/jailcheck/noexec.c
index 4cf5dabde..a78272591 100644
--- a/src/jailcheck/noexec.c
+++ b/src/jailcheck/noexec.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/jailcheck/seccomp.c b/src/jailcheck/seccomp.c
index ac8064f0b..6cc13c5e7 100644
--- a/src/jailcheck/seccomp.c
+++ b/src/jailcheck/seccomp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/jailcheck/sysfiles.c b/src/jailcheck/sysfiles.c
index 0df95d496..f8094c5be 100644
--- a/src/jailcheck/sysfiles.c
+++ b/src/jailcheck/sysfiles.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/jailcheck/utils.c b/src/jailcheck/utils.c
index 65431e2e1..8460c1bf7 100644
--- a/src/jailcheck/utils.c
+++ b/src/jailcheck/utils.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/jailcheck/virtual.c b/src/jailcheck/virtual.c
index 93172d65c..9cc714529 100644
--- a/src/jailcheck/virtual.c
+++ b/src/jailcheck/virtual.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/lib/common.c b/src/lib/common.c
index 111366782..eee19c731 100644
--- a/src/lib/common.c
+++ b/src/lib/common.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -404,6 +404,64 @@ char *replace_cntrl_chars(const char *str, char c) {
        return rv;
 }
+// Replaces each control character in str with an escape sequence, such as by
+// replacing '\n' (0x0a) with "\\n" (0x5c6e).
+char *escape_cntrl_chars(const char *str) {
+        if (str == NULL)
+                return NULL;
+        unsigned int cntrl_chars = 0;
+        const char *c = str;
+        while (*c) {
+                switch (*c++) {
+                case '\b':
+                case '\a':
+                case '\e':
+                case '\f':
+                case '\n':
+                case '\r':
+                case '\t':
+                case '\v':
+                case '\"':
+                case '\'':
+                case '\?':
+                case '\\':
+                        ++cntrl_chars;
+                default:
+                        break;
+                }
+        }
+        char *ptr, *rv = malloc(strlen(str) + cntrl_chars + 1);
+        if (!rv)
+                errExit("malloc");
+        ptr = rv;
+        c = str;
+        while (*c) {
+                if (iscntrl(*c)) {
+                        *ptr++ = '\\';
+                        switch (*c) {
+                        case '\b': *ptr++ = 'b'; break;
+                        case '\a': *ptr++ = 'a'; break;
+                        case '\e': *ptr++ = 'e'; break;
+                        case '\f': *ptr++ = 'f'; break;
+                        case '\n': *ptr++ = 'n'; break;
+                        case '\r': *ptr++ = 'r'; break;
+                        case '\t': *ptr++ = 't'; break;
+                        case '\v': *ptr++ = 'v'; break;
+                        case '\"': *ptr++ = '\"'; break;
+                        case '\'': *ptr++ = '\''; break;
+                        case '\?': *ptr++ = '?'; break;
+                        case '\\': *ptr++ = '\\'; break;
+                        }
+                } else {
+                        *ptr++ = *c;
+                }
+                c++;
+        }
+        *ptr = '\0';
+        return rv;
+}
 int has_cntrl_chars(const char *str) {
        assert(str);
diff --git a/src/lib/errno.c b/src/lib/errno.c
index 99b028e27..8103dec3b 100644
--- a/src/lib/errno.c
+++ b/src/lib/errno.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/lib/firejail_user.c b/src/lib/firejail_user.c
index bf338ee43..dc6361422 100644
--- a/src/lib/firejail_user.c
+++ b/src/lib/firejail_user.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/lib/ldd_utils.c b/src/lib/ldd_utils.c
index a50b759c3..39a548887 100644
--- a/src/lib/ldd_utils.c
+++ b/src/lib/ldd_utils.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/lib/pid.c b/src/lib/pid.c
index 5e9b20c94..e76f66910 100644
--- a/src/lib/pid.c
+++ b/src/lib/pid.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -197,6 +197,12 @@ static void print_elem(unsigned index, int nowrap) {
        char *user = pid_get_user_name(uid);
        char *user_allocated = user;
+        char *cmd_escaped = escape_cntrl_chars(cmd);
+        if (cmd_escaped) {
+                free(cmd);
+                cmd = cmd_escaped;
+        }
        // extract sandbox name - pid == index
        char *sandbox_name = "";
        char *sandbox_name_allocated = NULL;
@@ -224,7 +230,7 @@ static void print_elem(unsigned index, int nowrap) {
        }
        free(fname);
-        if (user ==NULL)
+        if (user == NULL)
                user = "";
        if (cmd) {
                if (col < 4 || nowrap)
diff --git a/src/lib/syscall.c b/src/lib/syscall.c
index 29cf6318f..ca7c61c8e 100644
--- a/src/lib/syscall.c
+++ b/src/lib/syscall.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/libpostexecseccomp/libpostexecseccomp.c b/src/libpostexecseccomp/libpostexecseccomp.c
index c8f1fb3fb..3a9ef9855 100644
--- a/src/libpostexecseccomp/libpostexecseccomp.c
+++ b/src/libpostexecseccomp/libpostexecseccomp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/libtrace/libtrace.c b/src/libtrace/libtrace.c
index aa37bb758..97e36e5c9 100644
--- a/src/libtrace/libtrace.c
+++ b/src/libtrace/libtrace.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/libtracelog/libtracelog.c b/src/libtracelog/libtracelog.c
index fc2eba638..0cb13d2a8 100644
--- a/src/libtracelog/libtracelog.c
+++ b/src/libtracelog/libtracelog.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 5b16179ac..3fa07d1ee 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -288,6 +288,9 @@ pulse servers or non-standard socket paths.
 \fBkeep-dev-shm
 /dev/shm directory is untouched (even with private-dev).
 .TP
+\fBkeep-shell-rc
+Do not copy shell rc files (such as ~/.bashrc and ~/.zshrc) from /etc/skel.
+.TP
 \fBkeep-var-tmp
 /var/tmp directory is untouched.
 .TP
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 1b051ab57..6068c9ff4 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1224,6 +1224,14 @@ Example:
 $ firejail --keep-fd=3,4,5
 .TP
+\fB\-\-keep-shell-rc
+By default, when using a private home directory, firejail copies files from the
+system's user home template (/etc/skel) into it, which overrides attempts to
+whitelist the original files (such as ~/.bashrc and ~/.zshrc).
+This option disables this feature, and enables the user to whitelist the
+original files.
+.TP
 \fB\-\-keep-var-tmp
 /var/tmp directory is untouched.
 .br
diff --git a/src/man/preproc.awk b/src/man/preproc.awk
index d3a2b71c9..57424b3aa 100755
--- a/src/man/preproc.awk
+++ b/src/man/preproc.awk
@@ -1,6 +1,6 @@
 #!/usr/bin/gawk -E
-# Copyright (c) 2019-2022 rusty-snake
+# Copyright (c) 2019-2023 rusty-snake
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
diff --git a/src/profstats/main.c b/src/profstats/main.c
index 310319c69..90a5f405d 100644
--- a/src/profstats/main.c
+++ b/src/profstats/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/tools/check-caps.sh b/src/tools/check-caps.sh
index 62c3b9066..b2cdd08e0 100755
--- a/src/tools/check-caps.sh
+++ b/src/tools/check-caps.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 if [ $# -eq 0 ]
diff --git a/src/tools/extract_caps.c b/src/tools/extract_caps.c
index 5e5b3cdc6..fd3cb236d 100644
--- a/src/tools/extract_caps.c
+++ b/src/tools/extract_caps.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/tools/extract_errnos.sh b/src/tools/extract_errnos.sh
index bb430b3e1..c134db8f6 100755
--- a/src/tools/extract_errnos.sh
+++ b/src/tools/extract_errnos.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 echo -e "#include <errno.h>\n#include <attr/xattr.h>" | \
diff --git a/src/tools/extract_seccomp.c b/src/tools/extract_seccomp.c
index 6b644796b..0482dfd88 100644
--- a/src/tools/extract_seccomp.c
+++ b/src/tools/extract_seccomp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/tools/extract_syscalls.c b/src/tools/extract_syscalls.c
index f77a84123..20f100572 100644
--- a/src/tools/extract_syscalls.c
+++ b/src/tools/extract_syscalls.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/tools/mkcoverit.sh b/src/tools/mkcoverit.sh
index c7a57cd21..a82bf4fbc 100755
--- a/src/tools/mkcoverit.sh
+++ b/src/tools/mkcoverit.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 # unpack firejail archive
diff --git a/src/tools/testuid.c b/src/tools/testuid.c
index 1bc617522..86eae4ba3 100644
--- a/src/tools/testuid.c
+++ b/src/tools/testuid.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/tools/ttytest.c b/src/tools/ttytest.c
index 9e40d289a..3dcb5a06b 100644
--- a/src/tools/ttytest.c
+++ b/src/tools/ttytest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/tools/unixsocket.c b/src/tools/unixsocket.c
index bd638269d..304c5d34d 100644
--- a/src/tools/unixsocket.c
+++ b/src/tools/unixsocket.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/zsh_completion/_firejail.in b/src/zsh_completion/_firejail.in
index 2b67c2a00..37ce7055b 100644
--- a/src/zsh_completion/_firejail.in
+++ b/src/zsh_completion/_firejail.in
@@ -104,6 +104,7 @@ _firejail_args=(
    '--keep-config-pulse[disable automatic ~/.config/pulse init]'
    '--keep-dev-shm[/dev/shm directory is untouched (even with --private-dev)]'
    '--keep-fd[inherit open file descriptors to sandbox]: :'
+    '--keep-shell-rc[do not copy shell rc files from /etc/skel]'
    '--keep-var-tmp[/var/tmp directory is untouched]'
    '--machine-id[spoof /etc/machine-id with a random id]'
    '--memory-deny-write-execute[seccomp filter to block attempts to create memory mappings that are both writable and executable]'
diff --git a/test/appimage/appimage-args.exp b/test/appimage/appimage-args.exp
index e1fb8567a..c10007603 100755
--- a/test/appimage/appimage-args.exp
+++ b/test/appimage/appimage-args.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/appimage/appimage-trace.exp b/test/appimage/appimage-trace.exp
index d1530349e..f98826138 100755
--- a/test/appimage/appimage-trace.exp
+++ b/test/appimage/appimage-trace.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/appimage/appimage-v1.exp b/test/appimage/appimage-v1.exp
index 2fcccfd5b..72dfdea42 100755
--- a/test/appimage/appimage-v1.exp
+++ b/test/appimage/appimage-v1.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/appimage/appimage-v2.exp b/test/appimage/appimage-v2.exp
index d289165d9..0f865d94b 100755
--- a/test/appimage/appimage-v2.exp
+++ b/test/appimage/appimage-v2.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/appimage/appimage.sh b/test/appimage/appimage.sh
index c2bdad012..0c50434ac 100755
--- a/test/appimage/appimage.sh
+++ b/test/appimage/appimage.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/appimage/filename.exp b/test/appimage/filename.exp
index 711eae8d2..9d9127fb5 100755
--- a/test/appimage/filename.exp
+++ b/test/appimage/filename.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11-xorg/apps-x11-xorg.sh b/test/apps-x11-xorg/apps-x11-xorg.sh
index 9dcee7aff..44f3fd677 100755
--- a/test/apps-x11-xorg/apps-x11-xorg.sh
+++ b/test/apps-x11-xorg/apps-x11-xorg.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/apps-x11-xorg/firefox.exp b/test/apps-x11-xorg/firefox.exp
index 4a85b593b..7f7269c61 100755
--- a/test/apps-x11-xorg/firefox.exp
+++ b/test/apps-x11-xorg/firefox.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11-xorg/thunderbird.exp b/test/apps-x11-xorg/thunderbird.exp
index a06303fc5..491c13825 100755
--- a/test/apps-x11-xorg/thunderbird.exp
+++ b/test/apps-x11-xorg/thunderbird.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11-xorg/transmission-gtk.exp b/test/apps-x11-xorg/transmission-gtk.exp
index 3e497f9e0..558468bd5 100755
--- a/test/apps-x11-xorg/transmission-gtk.exp
+++ b/test/apps-x11-xorg/transmission-gtk.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11-xorg/transmission-qt.exp b/test/apps-x11-xorg/transmission-qt.exp
index 0642d3d32..f76c260d5 100755
--- a/test/apps-x11-xorg/transmission-qt.exp
+++ b/test/apps-x11-xorg/transmission-qt.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11/apps-x11.sh b/test/apps-x11/apps-x11.sh
index b2722eed3..81916685a 100755
--- a/test/apps-x11/apps-x11.sh
+++ b/test/apps-x11/apps-x11.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/apps-x11/chromium.exp b/test/apps-x11/chromium.exp
index 059fd0ad7..b654dc5d4 100755
--- a/test/apps-x11/chromium.exp
+++ b/test/apps-x11/chromium.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11/firefox.exp b/test/apps-x11/firefox.exp
index ac177211d..fe6d036d1 100755
--- a/test/apps-x11/firefox.exp
+++ b/test/apps-x11/firefox.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11/thunderbird.exp b/test/apps-x11/thunderbird.exp
index 391dc52e3..aa697a7c1 100755
--- a/test/apps-x11/thunderbird.exp
+++ b/test/apps-x11/thunderbird.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11/transmission-gtk.exp b/test/apps-x11/transmission-gtk.exp
index 21bc4a8bc..32c88250c 100755
--- a/test/apps-x11/transmission-gtk.exp
+++ b/test/apps-x11/transmission-gtk.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11/x11-none.exp b/test/apps-x11/x11-none.exp
index e6ff12f27..3a2fcca7c 100755
--- a/test/apps-x11/x11-none.exp
+++ b/test/apps-x11/x11-none.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11/x11-xephyr.exp b/test/apps-x11/x11-xephyr.exp
index f0090d713..5f9212d80 100755
--- a/test/apps-x11/x11-xephyr.exp
+++ b/test/apps-x11/x11-xephyr.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11/xterm-xephyr.exp b/test/apps-x11/xterm-xephyr.exp
index 3db6cf793..af69dd003 100755
--- a/test/apps-x11/xterm-xephyr.exp
+++ b/test/apps-x11/xterm-xephyr.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11/xterm-xorg.exp b/test/apps-x11/xterm-xorg.exp
index 409b39f40..b0c501b00 100755
--- a/test/apps-x11/xterm-xorg.exp
+++ b/test/apps-x11/xterm-xorg.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11/xterm-xpra.exp b/test/apps-x11/xterm-xpra.exp
index 4acf780ac..80cc6a618 100755
--- a/test/apps-x11/xterm-xpra.exp
+++ b/test/apps-x11/xterm-xpra.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/apps.sh b/test/apps/apps.sh
index 0ef01bf2e..fc053a30d 100755
--- a/test/apps/apps.sh
+++ b/test/apps/apps.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/apps/chromium.exp b/test/apps/chromium.exp
index 4e036dee9..aef1a93f4 100755
--- a/test/apps/chromium.exp
+++ b/test/apps/chromium.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/deluge.exp b/test/apps/deluge.exp
index 5df35fce4..21b1b7d4c 100755
--- a/test/apps/deluge.exp
+++ b/test/apps/deluge.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/fbreader.exp b/test/apps/fbreader.exp
index ebb21bcf2..7bcefda13 100755
--- a/test/apps/fbreader.exp
+++ b/test/apps/fbreader.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/filezilla.exp b/test/apps/filezilla.exp
index 397904860..34fe257eb 100755
--- a/test/apps/filezilla.exp
+++ b/test/apps/filezilla.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/firefox.exp b/test/apps/firefox.exp
index f09c76b5d..29e03028a 100755
--- a/test/apps/firefox.exp
+++ b/test/apps/firefox.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/gnome-mplayer.exp b/test/apps/gnome-mplayer.exp
index 4d7ccff81..6491a5343 100755
--- a/test/apps/gnome-mplayer.exp
+++ b/test/apps/gnome-mplayer.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/gthumb.exp b/test/apps/gthumb.exp
index 0da1572b2..585d8d7d7 100755
--- a/test/apps/gthumb.exp
+++ b/test/apps/gthumb.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/hexchat.exp b/test/apps/hexchat.exp
index 8ed823dd5..0429dbec5 100755
--- a/test/apps/hexchat.exp
+++ b/test/apps/hexchat.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/kcalc.exp b/test/apps/kcalc.exp
index d7251eec1..4d00d3cc4 100755
--- a/test/apps/kcalc.exp
+++ b/test/apps/kcalc.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/ktorrent.exp b/test/apps/ktorrent.exp
index efa3f1d08..58f875077 100755
--- a/test/apps/ktorrent.exp
+++ b/test/apps/ktorrent.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/midori.exp b/test/apps/midori.exp
index 431b43f8d..3ab67e7d0 100755
--- a/test/apps/midori.exp
+++ b/test/apps/midori.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/opera.exp b/test/apps/opera.exp
index b0d1f3b9d..665c5b672 100755
--- a/test/apps/opera.exp
+++ b/test/apps/opera.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/qbittorrent.exp b/test/apps/qbittorrent.exp
index 842e47986..0d482c1d8 100755
--- a/test/apps/qbittorrent.exp
+++ b/test/apps/qbittorrent.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/thunderbird.exp b/test/apps/thunderbird.exp
index 2b93835b6..632df93b0 100755
--- a/test/apps/thunderbird.exp
+++ b/test/apps/thunderbird.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/transmission-qt.exp b/test/apps/transmission-qt.exp
index 90b0ef4ac..212423035 100755
--- a/test/apps/transmission-qt.exp
+++ b/test/apps/transmission-qt.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/uget-gtk.exp b/test/apps/uget-gtk.exp
index 21b859ee2..96c9c598b 100755
--- a/test/apps/uget-gtk.exp
+++ b/test/apps/uget-gtk.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/vlc.exp b/test/apps/vlc.exp
index a0aed9cc9..671758077 100755
--- a/test/apps/vlc.exp
+++ b/test/apps/vlc.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/wine.exp b/test/apps/wine.exp
index e2a08089f..4536c353c 100755
--- a/test/apps/wine.exp
+++ b/test/apps/wine.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/xchat.exp b/test/apps/xchat.exp
index ca17f44e4..add6fbb91 100755
--- a/test/apps/xchat.exp
+++ b/test/apps/xchat.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/chroot/chroot.sh b/test/chroot/chroot.sh
index f5ccf3549..840f162cc 100755
--- a/test/chroot/chroot.sh
+++ b/test/chroot/chroot.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/chroot/configure b/test/chroot/configure
index 3f3555193..a817f6566 100755
--- a/test/chroot/configure
+++ b/test/chroot/configure
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 # build a very small chroot
diff --git a/test/chroot/fs_chroot.exp b/test/chroot/fs_chroot.exp
index c379e389c..545de0c66 100755
--- a/test/chroot/fs_chroot.exp
+++ b/test/chroot/fs_chroot.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/chroot/unchroot-as-root.exp b/test/chroot/unchroot-as-root.exp
index f67590768..eccb400c0 100755
--- a/test/chroot/unchroot-as-root.exp
+++ b/test/chroot/unchroot-as-root.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/chroot/unchroot.c b/test/chroot/unchroot.c
index 5d006e318..408e4eedf 100644
--- a/test/chroot/unchroot.c
+++ b/test/chroot/unchroot.c
@@ -1,5 +1,5 @@
 // This file is part of Firejail project
-// Copyright (C) 2014-2022 Firejail Authors
+// Copyright (C) 2014-2023 Firejail Authors
 // License GPL v2
 // simple unchroot example from http://linux-vserver.org/Secure_chroot_Barrier
diff --git a/test/compile/compile.sh b/test/compile/compile.sh
index 0285c8935..da6e43a5a 100755
--- a/test/compile/compile.sh
+++ b/test/compile/compile.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 # not currently covered
diff --git a/test/environment/allow-debuggers.exp b/test/environment/allow-debuggers.exp
index f972b5788..00cb9fc53 100755
--- a/test/environment/allow-debuggers.exp
+++ b/test/environment/allow-debuggers.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/deterministic-exit-code.exp b/test/environment/deterministic-exit-code.exp
index 9f5be2c3d..bc177ee7e 100755
--- a/test/environment/deterministic-exit-code.exp
+++ b/test/environment/deterministic-exit-code.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 4
diff --git a/test/environment/deterministic-shutdown.exp b/test/environment/deterministic-shutdown.exp
index be4e9c42e..2fa454795 100755
--- a/test/environment/deterministic-shutdown.exp
+++ b/test/environment/deterministic-shutdown.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/dns.exp b/test/environment/dns.exp
index 2c00cfa1c..373d50999 100755
--- a/test/environment/dns.exp
+++ b/test/environment/dns.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/doubledash.exp b/test/environment/doubledash.exp
index dd2725426..4ea23a8f6 100755
--- a/test/environment/doubledash.exp
+++ b/test/environment/doubledash.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/env.exp b/test/environment/env.exp
index 9394f2066..343b42f75 100755
--- a/test/environment/env.exp
+++ b/test/environment/env.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/environment.sh b/test/environment/environment.sh
index c88c91741..0250836df 100755
--- a/test/environment/environment.sh
+++ b/test/environment/environment.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/environment/extract_command.exp b/test/environment/extract_command.exp
index 45ff1f291..0e6b2aa0a 100755
--- a/test/environment/extract_command.exp
+++ b/test/environment/extract_command.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/firejail-in-firejail.exp b/test/environment/firejail-in-firejail.exp
index 4a60d5611..1229ec982 100755
--- a/test/environment/firejail-in-firejail.exp
+++ b/test/environment/firejail-in-firejail.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/hostfile.exp b/test/environment/hostfile.exp
index ccc8d049e..f909b2827 100755
--- a/test/environment/hostfile.exp
+++ b/test/environment/hostfile.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
diff --git a/test/environment/ibus.exp b/test/environment/ibus.exp
index e9dd290a1..ebdfbb14c 100755
--- a/test/environment/ibus.exp
+++ b/test/environment/ibus.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/keep-fd-bad.exp b/test/environment/keep-fd-bad.exp
index e8b411ea0..1a4e89cf9 100755
--- a/test/environment/keep-fd-bad.exp
+++ b/test/environment/keep-fd-bad.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/keep-fd.exp b/test/environment/keep-fd.exp
index 440cbd860..c144046ca 100755
--- a/test/environment/keep-fd.exp
+++ b/test/environment/keep-fd.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/machineid.exp b/test/environment/machineid.exp
index 2392dc9d6..acee1ccbe 100755
--- a/test/environment/machineid.exp
+++ b/test/environment/machineid.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
diff --git a/test/environment/nice.exp b/test/environment/nice.exp
index f3b3f083f..7cc8619ae 100755
--- a/test/environment/nice.exp
+++ b/test/environment/nice.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/output.exp b/test/environment/output.exp
index 2b9594b61..ec66a0196 100755
--- a/test/environment/output.exp
+++ b/test/environment/output.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/output.sh b/test/environment/output.sh
index ba06f9184..b8f27ad65 100755
--- a/test/environment/output.sh
+++ b/test/environment/output.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 i="0"
diff --git a/test/environment/quiet.exp b/test/environment/quiet.exp
index b1b3b0173..6dd552845 100755
--- a/test/environment/quiet.exp
+++ b/test/environment/quiet.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 4
diff --git a/test/environment/rlimit-bad-profile.exp b/test/environment/rlimit-bad-profile.exp
index 627cc860f..f2e9bebcf 100755
--- a/test/environment/rlimit-bad-profile.exp
+++ b/test/environment/rlimit-bad-profile.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/rlimit-bad.exp b/test/environment/rlimit-bad.exp
index 24df1874c..47c004716 100755
--- a/test/environment/rlimit-bad.exp
+++ b/test/environment/rlimit-bad.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/rlimit-join.exp b/test/environment/rlimit-join.exp
index 9e7161241..c71dad27e 100755
--- a/test/environment/rlimit-join.exp
+++ b/test/environment/rlimit-join.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
@@ -8,7 +8,7 @@ cd /home
 spawn $env(SHELL)
 match_max 100000
-send --  "firejail --noprofile --name=\"rlimit testing\"\r"
+send --  "firejail --noprofile --name=\"rlimittesting\"\r"
 expect {
        timeout {puts "TESTING ERROR 0\n";exit}
        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
@@ -16,7 +16,7 @@ expect {
 sleep 1
 spawn $env(SHELL)
-send --  "firejail --rlimit-nofile=1234 --join=\"rlimit testing\"\r"
+send --  "firejail --rlimit-nofile=1234 --join=\"rlimittesting\"\r"
 expect {
        timeout {puts "TESTING ERROR 1\n";exit}
        "Switching to pid"
diff --git a/test/environment/rlimit-profile.exp b/test/environment/rlimit-profile.exp
index 762f70ba9..f7d486603 100755
--- a/test/environment/rlimit-profile.exp
+++ b/test/environment/rlimit-profile.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/rlimit.exp b/test/environment/rlimit.exp
index acc87277b..180010c4f 100755
--- a/test/environment/rlimit.exp
+++ b/test/environment/rlimit.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/sound.exp b/test/environment/sound.exp
index 7ee1c74d7..5582d1bbe 100755
--- a/test/environment/sound.exp
+++ b/test/environment/sound.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
diff --git a/test/environment/timeout.exp b/test/environment/timeout.exp
index b38881c81..23853deb1 100755
--- a/test/environment/timeout.exp
+++ b/test/environment/timeout.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/umask.exp b/test/environment/umask.exp
index 46bd80a92..3c1365693 100755
--- a/test/environment/umask.exp
+++ b/test/environment/umask.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fcopy/cmdline.exp b/test/fcopy/cmdline.exp
index 91f18c332..2cd5b2d89 100755
--- a/test/fcopy/cmdline.exp
+++ b/test/fcopy/cmdline.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fcopy/dircopy.exp b/test/fcopy/dircopy.exp
index a779f80cd..6c3501597 100755
--- a/test/fcopy/dircopy.exp
+++ b/test/fcopy/dircopy.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
diff --git a/test/fcopy/fcopy.sh b/test/fcopy/fcopy.sh
index 72b87d14c..f842cdc4a 100755
--- a/test/fcopy/fcopy.sh
+++ b/test/fcopy/fcopy.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/fcopy/filecopy.exp b/test/fcopy/filecopy.exp
index 155c1ce31..3c15efaf1 100755
--- a/test/fcopy/filecopy.exp
+++ b/test/fcopy/filecopy.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
diff --git a/test/fcopy/linkcopy.exp b/test/fcopy/linkcopy.exp
index 7c085e552..8bcb2d25a 100755
--- a/test/fcopy/linkcopy.exp
+++ b/test/fcopy/linkcopy.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
diff --git a/test/features/1.1.exp b/test/features/1.1.exp
index 916a610a6..34159f114 100755
--- a/test/features/1.1.exp
+++ b/test/features/1.1.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # disable /boot
diff --git a/test/features/1.10.exp b/test/features/1.10.exp
index 53279f71e..6744ce826 100755
--- a/test/features/1.10.exp
+++ b/test/features/1.10.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # disable /selinux
diff --git a/test/features/1.2.exp b/test/features/1.2.exp
index 3043f0104..56750670d 100755
--- a/test/features/1.2.exp
+++ b/test/features/1.2.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # new /proc
diff --git a/test/features/1.4.exp b/test/features/1.4.exp
index b7e8246a2..f5db0c450 100755
--- a/test/features/1.4.exp
+++ b/test/features/1.4.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # mask other users
diff --git a/test/features/1.5.exp b/test/features/1.5.exp
index cce8f490f..68709fcad 100755
--- a/test/features/1.5.exp
+++ b/test/features/1.5.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # PID namespace
diff --git a/test/features/1.6.exp b/test/features/1.6.exp
index 81da44c64..0d0f08817 100755
--- a/test/features/1.6.exp
+++ b/test/features/1.6.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # new /var/log
diff --git a/test/features/1.7.exp b/test/features/1.7.exp
index a84b723de..b3264970d 100755
--- a/test/features/1.7.exp
+++ b/test/features/1.7.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # new /var/tmp
diff --git a/test/features/1.8.exp b/test/features/1.8.exp
index 5f7b0cdbc..028077b6f 100755
--- a/test/features/1.8.exp
+++ b/test/features/1.8.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # disable /etc/firejail and ~/.config/firejail
diff --git a/test/features/2.1.exp b/test/features/2.1.exp
index b56cbc135..8f7ddce2c 100755
--- a/test/features/2.1.exp
+++ b/test/features/2.1.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # hostname
diff --git a/test/features/2.2.exp b/test/features/2.2.exp
index 378bd529a..94bd6f4db 100755
--- a/test/features/2.2.exp
+++ b/test/features/2.2.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # DNS
diff --git a/test/features/2.3.exp b/test/features/2.3.exp
index 5a188ccc3..1e27a7632 100755
--- a/test/features/2.3.exp
+++ b/test/features/2.3.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # mac-vlan
diff --git a/test/features/2.4.exp b/test/features/2.4.exp
index 15159c9b7..ed52f4bad 100755
--- a/test/features/2.4.exp
+++ b/test/features/2.4.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # bridge
diff --git a/test/features/2.5.exp b/test/features/2.5.exp
index 2995d34f7..ad462e440 100755
--- a/test/features/2.5.exp
+++ b/test/features/2.5.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # interface
diff --git a/test/features/2.6.exp b/test/features/2.6.exp
index e8cd780ee..7fdb69052 100755
--- a/test/features/2.6.exp
+++ b/test/features/2.6.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # default gateway
diff --git a/test/features/3.1.exp b/test/features/3.1.exp
index 95d1d609b..fb144b857 100755
--- a/test/features/3.1.exp
+++ b/test/features/3.1.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # private
diff --git a/test/features/3.10.exp b/test/features/3.10.exp
index 5d4414f40..728ad91f5 100755
--- a/test/features/3.10.exp
+++ b/test/features/3.10.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # whitelist tmp
diff --git a/test/features/3.11.exp b/test/features/3.11.exp
index 8287f9dbf..9e59b05e7 100755
--- a/test/features/3.11.exp
+++ b/test/features/3.11.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # mkdir
diff --git a/test/features/3.2.exp b/test/features/3.2.exp
index 9af0513ea..1fdb74a42 100755
--- a/test/features/3.2.exp
+++ b/test/features/3.2.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # read-only
diff --git a/test/features/3.3.exp b/test/features/3.3.exp
index 71b6f70db..8c931dcf1 100755
--- a/test/features/3.3.exp
+++ b/test/features/3.3.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # blacklist
diff --git a/test/features/3.4.exp b/test/features/3.4.exp
index d3f894da2..813c2d86a 100755
--- a/test/features/3.4.exp
+++ b/test/features/3.4.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # whitelist home
diff --git a/test/features/3.5.exp b/test/features/3.5.exp
index c19680d41..93bbfe054 100755
--- a/test/features/3.5.exp
+++ b/test/features/3.5.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # private-dev
diff --git a/test/features/3.6.exp b/test/features/3.6.exp
index 31978e764..5dcbdd483 100755
--- a/test/features/3.6.exp
+++ b/test/features/3.6.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # private-etc
diff --git a/test/features/3.7.exp b/test/features/3.7.exp
index 4a0cb0d79..f7f5fa67f 100755
--- a/test/features/3.7.exp
+++ b/test/features/3.7.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # private-tmp
diff --git a/test/features/3.8.exp b/test/features/3.8.exp
index 0a53599a9..23adab634 100755
--- a/test/features/3.8.exp
+++ b/test/features/3.8.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # private-bin
diff --git a/test/features/3.9.exp b/test/features/3.9.exp
index 7d843e7cc..cfc588bf1 100755
--- a/test/features/3.9.exp
+++ b/test/features/3.9.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # whitelist dev
diff --git a/test/features/test.sh b/test/features/test.sh
index 44677aaa7..b3e29bc28 100755
--- a/test/features/test.sh
+++ b/test/features/test.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 export LC_ALL=C
diff --git a/test/filters/apparmor.exp b/test/filters/apparmor.exp
index 0797a1db3..a8f73c797 100755
--- a/test/filters/apparmor.exp
+++ b/test/filters/apparmor.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/caps-join.exp b/test/filters/caps-join.exp
index 921d6b695..1830143fb 100755
--- a/test/filters/caps-join.exp
+++ b/test/filters/caps-join.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/caps-print.exp b/test/filters/caps-print.exp
index f4f2fc7ca..b403f9ffe 100755
--- a/test/filters/caps-print.exp
+++ b/test/filters/caps-print.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/caps.exp b/test/filters/caps.exp
index 29437beea..dbd63efda 100755
--- a/test/filters/caps.exp
+++ b/test/filters/caps.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/debug.exp b/test/filters/debug.exp
index 769c03273..daf1fe2f2 100755
--- a/test/filters/debug.exp
+++ b/test/filters/debug.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/filters.sh b/test/filters/filters.sh
index c313b80ed..1d145ac4b 100755
--- a/test/filters/filters.sh
+++ b/test/filters/filters.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/filters/fseccomp.exp b/test/filters/fseccomp.exp
index ff0179a1c..7f22b7247 100755
--- a/test/filters/fseccomp.exp
+++ b/test/filters/fseccomp.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/memwrexe-32.exp b/test/filters/memwrexe-32.exp
index 211052514..966ade4f2 100755
--- a/test/filters/memwrexe-32.exp
+++ b/test/filters/memwrexe-32.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/memwrexe.c b/test/filters/memwrexe.c
index 042c31086..548320df9 100644
--- a/test/filters/memwrexe.c
+++ b/test/filters/memwrexe.c
@@ -1,5 +1,5 @@
 // This file is part of Firejail project
-// Copyright (C) 2014-2022 Firejail Authors
+// Copyright (C) 2014-2023 Firejail Authors
 // License GPL v2
 #include <stdio.h>
diff --git a/test/filters/memwrexe.exp b/test/filters/memwrexe.exp
index 950acbf50..e51b3372e 100755
--- a/test/filters/memwrexe.exp
+++ b/test/filters/memwrexe.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/namespaces-32.exp b/test/filters/namespaces-32.exp
index b643a28d3..3b618bd01 100755
--- a/test/filters/namespaces-32.exp
+++ b/test/filters/namespaces-32.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/namespaces.exp b/test/filters/namespaces.exp
index cfa92f0ba..96e4a774a 100755
--- a/test/filters/namespaces.exp
+++ b/test/filters/namespaces.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/noroot.exp b/test/filters/noroot.exp
index 942aedbcb..8a8842cd9 100755
--- a/test/filters/noroot.exp
+++ b/test/filters/noroot.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/protocol.exp b/test/filters/protocol.exp
index 96ac8d586..5320dde6f 100755
--- a/test/filters/protocol.exp
+++ b/test/filters/protocol.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-bad-empty.exp b/test/filters/seccomp-bad-empty.exp
index 484dc32a9..293750cf9 100755
--- a/test/filters/seccomp-bad-empty.exp
+++ b/test/filters/seccomp-bad-empty.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-chmod-profile.exp b/test/filters/seccomp-chmod-profile.exp
index ac16015cd..2939cf7aa 100755
--- a/test/filters/seccomp-chmod-profile.exp
+++ b/test/filters/seccomp-chmod-profile.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-chmod.exp b/test/filters/seccomp-chmod.exp
index 913ea18a7..6e6436f97 100755
--- a/test/filters/seccomp-chmod.exp
+++ b/test/filters/seccomp-chmod.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-chown.exp b/test/filters/seccomp-chown.exp
index be6c13e2d..f1324678e 100755
--- a/test/filters/seccomp-chown.exp
+++ b/test/filters/seccomp-chown.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-debug-32.exp b/test/filters/seccomp-debug-32.exp
index 71d653c1f..f129e26b8 100755
--- a/test/filters/seccomp-debug-32.exp
+++ b/test/filters/seccomp-debug-32.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-debug.exp b/test/filters/seccomp-debug.exp
index b4a9e158d..dc6befcfe 100755
--- a/test/filters/seccomp-debug.exp
+++ b/test/filters/seccomp-debug.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-empty.exp b/test/filters/seccomp-empty.exp
index 7a5597727..247cabcd4 100755
--- a/test/filters/seccomp-empty.exp
+++ b/test/filters/seccomp-empty.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-errno.exp b/test/filters/seccomp-errno.exp
index f5e9ff402..46c691a36 100755
--- a/test/filters/seccomp-errno.exp
+++ b/test/filters/seccomp-errno.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-join.exp b/test/filters/seccomp-join.exp
index 1e62e75e7..305b12bd3 100755
--- a/test/filters/seccomp-join.exp
+++ b/test/filters/seccomp-join.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-numeric.exp b/test/filters/seccomp-numeric.exp
index fa1d8ada9..7203dc7f7 100755
--- a/test/filters/seccomp-numeric.exp
+++ b/test/filters/seccomp-numeric.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-postexec.exp b/test/filters/seccomp-postexec.exp
index 1d4166067..9a86651d6 100755
--- a/test/filters/seccomp-postexec.exp
+++ b/test/filters/seccomp-postexec.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-ptrace.exp b/test/filters/seccomp-ptrace.exp
index 9bde7355f..b65f8670e 100755
--- a/test/filters/seccomp-ptrace.exp
+++ b/test/filters/seccomp-ptrace.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-run-files.exp b/test/filters/seccomp-run-files.exp
index 959eb743e..16bfa9066 100755
--- a/test/filters/seccomp-run-files.exp
+++ b/test/filters/seccomp-run-files.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-su.exp b/test/filters/seccomp-su.exp
index d204a4295..c4dd25ed6 100755
--- a/test/filters/seccomp-su.exp
+++ b/test/filters/seccomp-su.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fnetfilter/cmdline.exp b/test/fnetfilter/cmdline.exp
index 514d3f890..fe24dfbd6 100755
--- a/test/fnetfilter/cmdline.exp
+++ b/test/fnetfilter/cmdline.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fnetfilter/copy.exp b/test/fnetfilter/copy.exp
index b03b3e19b..29d5cdb93 100755
--- a/test/fnetfilter/copy.exp
+++ b/test/fnetfilter/copy.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fnetfilter/default.exp b/test/fnetfilter/default.exp
index 545837cc1..19327a60b 100755
--- a/test/fnetfilter/default.exp
+++ b/test/fnetfilter/default.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fnetfilter/fnetfilter.sh b/test/fnetfilter/fnetfilter.sh
index 52f921232..4e08b45b5 100755
--- a/test/fnetfilter/fnetfilter.sh
+++ b/test/fnetfilter/fnetfilter.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/fnetfilter/template.exp b/test/fnetfilter/template.exp
index 2c5dba920..94b23c644 100755
--- a/test/fnetfilter/template.exp
+++ b/test/fnetfilter/template.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/fs.sh b/test/fs/fs.sh
index 4b85d3006..a4fab6bc4 100755
--- a/test/fs/fs.sh
+++ b/test/fs/fs.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
@@ -80,12 +80,6 @@ rm -fr ~/_firejail_test_dir1
 rm -f ~/_firejail_test_link1
 rm -f ~/_firejail_test_link2
-echo "TESTING: private-etc (test/fs/private-etc.exp)"
-./private-etc.exp
-#echo "TESTING: empty private-etc (test/fs/private-etc-empty.exp)"
-#./private-etc-empty.exp
 echo "TESTING: private-bin (test/fs/private-bin.exp)"
 ./private-bin.exp
diff --git a/test/fs/fs_dev_shm.exp b/test/fs/fs_dev_shm.exp
index 5d57a8975..4d8c63577 100755
--- a/test/fs/fs_dev_shm.exp
+++ b/test/fs/fs_dev_shm.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/fs_var_lock.exp b/test/fs/fs_var_lock.exp
index ce3eb836e..58554f737 100755
--- a/test/fs/fs_var_lock.exp
+++ b/test/fs/fs_var_lock.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/fs_var_tmp.exp b/test/fs/fs_var_tmp.exp
index 8c2da085f..eac724d77 100755
--- a/test/fs/fs_var_tmp.exp
+++ b/test/fs/fs_var_tmp.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/fscheck-bindnoroot.exp b/test/fs/fscheck-bindnoroot.exp
index 6142a270a..f169f0f5e 100755
--- a/test/fs/fscheck-bindnoroot.exp
+++ b/test/fs/fscheck-bindnoroot.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/fscheck-private.exp b/test/fs/fscheck-private.exp
index 0b3f41115..c4d1bccf7 100755
--- a/test/fs/fscheck-private.exp
+++ b/test/fs/fscheck-private.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/fscheck-readonly.exp b/test/fs/fscheck-readonly.exp
index 6c58f41da..a04e3185f 100755
--- a/test/fs/fscheck-readonly.exp
+++ b/test/fs/fscheck-readonly.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/fscheck-tmpfs.exp b/test/fs/fscheck-tmpfs.exp
index 223bb63ba..96d7458e8 100755
--- a/test/fs/fscheck-tmpfs.exp
+++ b/test/fs/fscheck-tmpfs.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/invalid_filename.exp b/test/fs/invalid_filename.exp
index 3d4904d8f..3519059c6 100755
--- a/test/fs/invalid_filename.exp
+++ b/test/fs/invalid_filename.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/kmsg.exp b/test/fs/kmsg.exp
index e7d765bff..3f952a4d4 100755
--- a/test/fs/kmsg.exp
+++ b/test/fs/kmsg.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/macro.exp b/test/fs/macro.exp
index c01123f41..8a0d8932d 100755
--- a/test/fs/macro.exp
+++ b/test/fs/macro.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/mkdir.exp b/test/fs/mkdir.exp
index b9e8d5ce4..6494c8f0a 100755
--- a/test/fs/mkdir.exp
+++ b/test/fs/mkdir.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 3
diff --git a/test/fs/mkdir_mkfile.exp b/test/fs/mkdir_mkfile.exp
index c1dce58ea..e77fc8a82 100755
--- a/test/fs/mkdir_mkfile.exp
+++ b/test/fs/mkdir_mkfile.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/noblacklist-blacklist-noexec.exp b/test/fs/noblacklist-blacklist-noexec.exp
index 3bc5e7c79..33a927dd0 100755
--- a/test/fs/noblacklist-blacklist-noexec.exp
+++ b/test/fs/noblacklist-blacklist-noexec.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/noblacklist-blacklist-readonly.exp b/test/fs/noblacklist-blacklist-readonly.exp
index b5d3ef045..46341306c 100755
--- a/test/fs/noblacklist-blacklist-readonly.exp
+++ b/test/fs/noblacklist-blacklist-readonly.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/option_bind_user.exp b/test/fs/option_bind_user.exp
index c58c23d8c..aac23497e 100755
--- a/test/fs/option_bind_user.exp
+++ b/test/fs/option_bind_user.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/option_blacklist.exp b/test/fs/option_blacklist.exp
index 9e1533435..cecf79f2e 100755
--- a/test/fs/option_blacklist.exp
+++ b/test/fs/option_blacklist.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/option_blacklist_file.exp b/test/fs/option_blacklist_file.exp
index 9b4d3ed83..0ab61fea5 100755
--- a/test/fs/option_blacklist_file.exp
+++ b/test/fs/option_blacklist_file.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/option_blacklist_glob.exp b/test/fs/option_blacklist_glob.exp
index 83b123a4b..5dff6e8a0 100755
--- a/test/fs/option_blacklist_glob.exp
+++ b/test/fs/option_blacklist_glob.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/private-bin.exp b/test/fs/private-bin.exp
index e4b36e114..8d02ec0ed 100755
--- a/test/fs/private-bin.exp
+++ b/test/fs/private-bin.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/private-cache.exp b/test/fs/private-cache.exp
index 2764c5608..375b37577 100755
--- a/test/fs/private-cache.exp
+++ b/test/fs/private-cache.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/private-cwd.exp b/test/fs/private-cwd.exp
index 77374e086..85dfe7e73 100755
--- a/test/fs/private-cwd.exp
+++ b/test/fs/private-cwd.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/private-etc-empty.exp b/test/fs/private-etc-empty.exp
deleted file mode 100755
index 6878a642c..000000000
--- a/test/fs/private-etc-empty.exp
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
-# License GPL v2
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send -- "firejail --private-etc=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 1
-send -- "ls -l /etc | wc -l\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "0" {puts "Debian\n"}
-        "1" {puts "Arch\n"}
-}
-send -- "exit\r"
-sleep 1
-send -- "firejail --profile=private-etc-empty.profile\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 1
-send -- "ls -l /etc | wc -l\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "0" {puts "Debian\n"}
-        "1" {puts "Arch\n"}
-}
-after 100
-puts "\nall done\n"
diff --git a/test/fs/private-etc-empty.profile b/test/fs/private-etc-empty.profile
deleted file mode 100644
index 38aa8cd68..000000000
--- a/test/fs/private-etc-empty.profile
+++ /dev/null
@@ -1 +0,0 @@
-private-etc blablabla
diff --git a/test/fs/private-home-dir.exp b/test/fs/private-home-dir.exp
index e46d2b113..6b13c9d16 100755
--- a/test/fs/private-home-dir.exp
+++ b/test/fs/private-home-dir.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/private-home.exp b/test/fs/private-home.exp
index 99456a211..a180bf1a8 100755
--- a/test/fs/private-home.exp
+++ b/test/fs/private-home.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/private-homedir.exp b/test/fs/private-homedir.exp
index 0b4348514..3a134aed9 100755
--- a/test/fs/private-homedir.exp
+++ b/test/fs/private-homedir.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/private-whitelist.exp b/test/fs/private-whitelist.exp
index 48add880c..eaad5700d 100755
--- a/test/fs/private-whitelist.exp
+++ b/test/fs/private-whitelist.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/private.exp b/test/fs/private.exp
index ff8e0c66e..29ba5b53b 100755
--- a/test/fs/private.exp
+++ b/test/fs/private.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/read-write.exp b/test/fs/read-write.exp
index f0ef0842c..01c729597 100755
--- a/test/fs/read-write.exp
+++ b/test/fs/read-write.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/sys_fs.exp b/test/fs/sys_fs.exp
index ce1fb04de..cbd5ecdb4 100755
--- a/test/fs/sys_fs.exp
+++ b/test/fs/sys_fs.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/tab.exp b/test/fs/tab.exp
index cc9e11ed5..1488d91fb 100755
--- a/test/fs/tab.exp
+++ b/test/fs/tab.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/whitelist-dev.exp b/test/fs/whitelist-dev.exp
index fb91c4678..6236a8060 100755
--- a/test/fs/whitelist-dev.exp
+++ b/test/fs/whitelist-dev.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/whitelist-double.exp b/test/fs/whitelist-double.exp
index b3b48f2cd..36b0ba7d9 100755
--- a/test/fs/whitelist-double.exp
+++ b/test/fs/whitelist-double.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/whitelist-empty.exp b/test/fs/whitelist-empty.exp
index fc860f219..c26423f1d 100755
--- a/test/fs/whitelist-empty.exp
+++ b/test/fs/whitelist-empty.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 30
diff --git a/test/fs/whitelist-noexec.exp b/test/fs/whitelist-noexec.exp
index ba3ca4d92..3f0314e9e 100755
--- a/test/fs/whitelist-noexec.exp
+++ b/test/fs/whitelist-noexec.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/whitelist-readonly.exp b/test/fs/whitelist-readonly.exp
index 676131ade..e87e21a97 100755
--- a/test/fs/whitelist-readonly.exp
+++ b/test/fs/whitelist-readonly.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/whitelist-whitespace.exp b/test/fs/whitelist-whitespace.exp
index 885b90f2a..2133fe33b 100755
--- a/test/fs/whitelist-whitespace.exp
+++ b/test/fs/whitelist-whitespace.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/whitelist.exp b/test/fs/whitelist.exp
index f35744a9c..f44844d8a 100755
--- a/test/fs/whitelist.exp
+++ b/test/fs/whitelist.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/4bridges_arp.exp b/test/network/4bridges_arp.exp
index b7138851a..ca326320a 100755
--- a/test/network/4bridges_arp.exp
+++ b/test/network/4bridges_arp.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/4bridges_ip.exp b/test/network/4bridges_ip.exp
index 60e9d3bab..135b1121c 100755
--- a/test/network/4bridges_ip.exp
+++ b/test/network/4bridges_ip.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/bandwidth.exp b/test/network/bandwidth.exp
index 1a27bc0bf..ef68165b7 100755
--- a/test/network/bandwidth.exp
+++ b/test/network/bandwidth.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/configure b/test/network/configure
index 2b7b257bc..1a39dd5ad 100755
--- a/test/network/configure
+++ b/test/network/configure
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 brctl addbr br0
diff --git a/test/network/dns-print.exp b/test/network/dns-print.exp
index fd19b79ed..769d5431c 100755
--- a/test/network/dns-print.exp
+++ b/test/network/dns-print.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/firemon-arp.exp b/test/network/firemon-arp.exp
index 0e98b9f36..858c4a729 100755
--- a/test/network/firemon-arp.exp
+++ b/test/network/firemon-arp.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/firemon-interfaces.exp b/test/network/firemon-interfaces.exp
index 8eb9f4d87..47e540cc5 100755
--- a/test/network/firemon-interfaces.exp
+++ b/test/network/firemon-interfaces.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/firemon-route.exp b/test/network/firemon-route.exp
index 4eea5c14c..707217eea 100755
--- a/test/network/firemon-route.exp
+++ b/test/network/firemon-route.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/hostname.exp b/test/network/hostname.exp
index 12266a170..42af84847 100755
--- a/test/network/hostname.exp
+++ b/test/network/hostname.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/interface.exp b/test/network/interface.exp
index 7c3e39fea..2bcc6e88b 100755
--- a/test/network/interface.exp
+++ b/test/network/interface.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 #
 # interface
diff --git a/test/network/ip6.exp b/test/network/ip6.exp
index 665081db7..1f6581ae4 100755
--- a/test/network/ip6.exp
+++ b/test/network/ip6.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/iprange.exp b/test/network/iprange.exp
index d45ecaa40..a4e5560c1 100755
--- a/test/network/iprange.exp
+++ b/test/network/iprange.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_arp.exp b/test/network/net_arp.exp
index dee4ac1c1..f3e1f6e25 100755
--- a/test/network/net_arp.exp
+++ b/test/network/net_arp.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_badip.exp b/test/network/net_badip.exp
index b3fde5dc1..3a45496c7 100755
--- a/test/network/net_badip.exp
+++ b/test/network/net_badip.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_defaultgw.exp b/test/network/net_defaultgw.exp
index 6a5a0b64e..ee1ac9882 100755
--- a/test/network/net_defaultgw.exp
+++ b/test/network/net_defaultgw.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_defaultgw2.exp b/test/network/net_defaultgw2.exp
index 5d18571b6..30c945718 100755
--- a/test/network/net_defaultgw2.exp
+++ b/test/network/net_defaultgw2.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_defaultgw3.exp b/test/network/net_defaultgw3.exp
index 708c37a47..aa9bac156 100755
--- a/test/network/net_defaultgw3.exp
+++ b/test/network/net_defaultgw3.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_ip.exp b/test/network/net_ip.exp
index bdac67155..48d8a75fb 100755
--- a/test/network/net_ip.exp
+++ b/test/network/net_ip.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_local.exp b/test/network/net_local.exp
index 6d02de089..117b94212 100755
--- a/test/network/net_local.exp
+++ b/test/network/net_local.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_mac.exp b/test/network/net_mac.exp
index 3bd871a06..086efd02c 100755
--- a/test/network/net_mac.exp
+++ b/test/network/net_mac.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_macvlan2.exp b/test/network/net_macvlan2.exp
index abc6641bf..0fcea53dd 100755
--- a/test/network/net_macvlan2.exp
+++ b/test/network/net_macvlan2.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_mtu.exp b/test/network/net_mtu.exp
index 81c89e147..b87db1296 100755
--- a/test/network/net_mtu.exp
+++ b/test/network/net_mtu.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_netfilter.exp b/test/network/net_netfilter.exp
index eef4a145f..97170a1b9 100755
--- a/test/network/net_netfilter.exp
+++ b/test/network/net_netfilter.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_noip.exp b/test/network/net_noip.exp
index 11d12c3d3..7da2e85ef 100755
--- a/test/network/net_noip.exp
+++ b/test/network/net_noip.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_noip2.exp b/test/network/net_noip2.exp
index 09607d4b5..a0828a0e7 100755
--- a/test/network/net_noip2.exp
+++ b/test/network/net_noip2.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_none.exp b/test/network/net_none.exp
index 32d7532ce..aa071862e 100755
--- a/test/network/net_none.exp
+++ b/test/network/net_none.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_profile.exp b/test/network/net_profile.exp
index 3d6f8fdbb..d9ce166fd 100755
--- a/test/network/net_profile.exp
+++ b/test/network/net_profile.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_scan.exp b/test/network/net_scan.exp
index 42dd74df0..8d3e95f29 100755
--- a/test/network/net_scan.exp
+++ b/test/network/net_scan.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_unconfigured.exp b/test/network/net_unconfigured.exp
index 92d7a33eb..7a9f05236 100755
--- a/test/network/net_unconfigured.exp
+++ b/test/network/net_unconfigured.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_veth.exp b/test/network/net_veth.exp
index 781cc194c..c8c0c47e1 100755
--- a/test/network/net_veth.exp
+++ b/test/network/net_veth.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/netfilter-template.exp b/test/network/netfilter-template.exp
index ba09aaea7..0a3386965 100755
--- a/test/network/netfilter-template.exp
+++ b/test/network/netfilter-template.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/netns.exp b/test/network/netns.exp
index 034f4736e..048dbfa93 100755
--- a/test/network/netns.exp
+++ b/test/network/netns.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/netstats.exp b/test/network/netstats.exp
index e06e6769d..a41acac68 100755
--- a/test/network/netstats.exp
+++ b/test/network/netstats.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/network.sh b/test/network/network.sh
index 1f676ff50..0cb92f2e3 100755
--- a/test/network/network.sh
+++ b/test/network/network.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/network/tcpserver.c b/test/network/tcpserver.c
index d2c0a6e5d..639fbf868 100644
--- a/test/network/tcpserver.c
+++ b/test/network/tcpserver.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2022 Firejail Authors
+ * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/test/network/veth-name.exp b/test/network/veth-name.exp
index 1c9f23c54..14ab27850 100755
--- a/test/network/veth-name.exp
+++ b/test/network/veth-name.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/overlay/firefox-x11-xorg.exp b/test/overlay/firefox-x11-xorg.exp
index 691e58437..5457b512a 100755
--- a/test/overlay/firefox-x11-xorg.exp
+++ b/test/overlay/firefox-x11-xorg.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/overlay/firefox-x11.exp b/test/overlay/firefox-x11.exp
index 96c6796bb..66b3d9d8e 100755
--- a/test/overlay/firefox-x11.exp
+++ b/test/overlay/firefox-x11.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/overlay/firefox.exp b/test/overlay/firefox.exp
index eb7276f99..295a03f52 100755
--- a/test/overlay/firefox.exp
+++ b/test/overlay/firefox.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/overlay/fs-named.exp b/test/overlay/fs-named.exp
index 25762337b..9e606183f 100755
--- a/test/overlay/fs-named.exp
+++ b/test/overlay/fs-named.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/overlay/fs-tmpfs.exp b/test/overlay/fs-tmpfs.exp
index 442a0fffa..8c8ebcb16 100755
--- a/test/overlay/fs-tmpfs.exp
+++ b/test/overlay/fs-tmpfs.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/overlay/fs.exp b/test/overlay/fs.exp
index 21de942ec..e078e604c 100755
--- a/test/overlay/fs.exp
+++ b/test/overlay/fs.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/overlay/overlay.sh b/test/overlay/overlay.sh
index a0519d1ad..2015942d9 100755
--- a/test/overlay/overlay.sh
+++ b/test/overlay/overlay.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/private-etc/etc-cleanup.exp b/test/private-etc/etc-cleanup.exp
new file mode 100755
index 000000000..0c1218829
--- /dev/null
+++ b/test/private-etc/etc-cleanup.exp
@@ -0,0 +1,33 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2023 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "/usr/lib/firejail/etc-cleanup p1.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "old: private-etc passwd,group,resolv.conf,X11"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "new: private-etc @x11"
+}
+after 500
+send -- "/usr/lib/firejail/etc-cleanup p3.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "old: private-etc @tls-ca,os-release,@x11,mime.types,mailcap"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "new: private-etc @tls-ca,@x11,mailcap,mime.types,os-release"
+}
+after 500
+puts "\nall done\n"
diff --git a/test/private-etc/groups.exp b/test/private-etc/groups.exp
new file mode 100755
index 000000000..822845d11
--- /dev/null
+++ b/test/private-etc/groups.exp
@@ -0,0 +1,132 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2023 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --private-etc ls -l /etc\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Private /etc installed in"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "cron" {puts "TESTING ERROR 2\n"; exit}
+        "shadow" {puts "TESTING ERROR 3\n"; exit}
+        "ssl" {puts "TESTING ERROR 4\n"; exit}
+        "ld.so.cache"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "cron" {puts "TESTING ERROR 2\n"; exit}
+        "shadow" {puts "TESTING ERROR 3\n"; exit}
+        "ssl" {puts "TESTING ERROR 4\n"; exit}
+        "nsswitch.conf"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "cron" {puts "TESTING ERROR 2\n"; exit}
+        "shadow" {puts "TESTING ERROR 3\n"; exit}
+        "ssl" {puts "TESTING ERROR 4\n"; exit}
+        "resolv.conf"
+}
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "cron" {puts "TESTING ERROR 2\n"; exit}
+        "shadow" {puts "TESTING ERROR 3\n"; exit}
+        "xdg" {puts "TESTING ERROR 4\n"; exit}
+        "Parent is shutting down"
+}
+after 500
+send -- "firejail --private-etc=@tls-ca ls -l /etc\r"
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "Private /etc installed in"
+}
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        "cron" {puts "TESTING ERROR 12\n"; exit}
+        "shadow" {puts "TESTING ERROR 13\n"; exit}
+        "ca-certificates"
+}
+expect {
+        timeout {puts "TESTING ERROR 14\n";exit}
+        "cron" {puts "TESTING ERROR 12\n"; exit}
+        "shadow" {puts "TESTING ERROR 13\n"; exit}
+        "nsswitch.conf"
+}
+expect {
+        timeout {puts "TESTING ERROR 15\n";exit}
+        "cron" {puts "TESTING ERROR 12\n"; exit}
+        "shadow" {puts "TESTING ERROR 13\n"; exit}
+        "resolv.conf"
+}
+expect {
+        timeout {puts "TESTING ERROR 16\n";exit}
+        "cron" {puts "TESTING ERROR 12\n"; exit}
+        "shadow" {puts "TESTING ERROR 13\n"; exit}
+        "ssl"
+}
+after 500
+send -- "firejail --private-etc --nosound ls -l /etc\r"
+expect {
+        timeout {puts "TESTING ERROR 20\n";exit}
+        "Private /etc installed in"
+}
+expect {
+        timeout {puts "TESTING ERROR 21\n";exit}
+        "cron" {puts "TESTING ERROR 22\n"; exit}
+        "shadow" {puts "TESTING ERROR 23\n"; exit}
+        "machine-id" {puts "TESTING ERROR 24\n"; exit}
+        "nsswitch.conf"
+}
+expect {
+        timeout {puts "TESTING ERROR 25\n";exit}
+        "Parent is shutting down"
+}
+after 500
+send -- "firejail --private-etc --net=none ls -l /etc\r"
+expect {
+        timeout {puts "TESTING ERROR 30\n";exit}
+        "Private /etc installed in"
+}
+expect {
+        timeout {puts "TESTING ERROR 31\n";exit}
+        "cron" {puts "TESTING ERROR 32\n"; exit}
+        "shadow" {puts "TESTING ERROR 33\n"; exit}
+        "nsswitch.conf"
+}
+expect {
+        timeout {puts "TESTING ERROR 34\n";exit}
+        "resolv.conf" {puts "TESTING ERROR 35\n"; exit}
+        "Parent is shutting down"
+}
+after 500
+send -- "firejail --private-etc=@x11 ls -l /etc\r"
+expect {
+        timeout {puts "TESTING ERROR 40\n";exit}
+        "Private /etc installed in"
+}
+expect {
+        timeout {puts "TESTING ERROR 41\n";exit}
+        "cron" {puts "TESTING ERROR 42\n"; exit}
+        "shadow" {puts "TESTING ERROR 43\n"; exit}
+        "nsswitch.conf"
+}
+expect {
+        timeout {puts "TESTING ERROR 44\n";exit}
+        "xdg"
+}
+after 100
+puts "\nall done\n"
diff --git a/test/private-etc/p1.profile b/test/private-etc/p1.profile
new file mode 100644
index 000000000..8929dace1
--- /dev/null
+++ b/test/private-etc/p1.profile
@@ -0,0 +1 @@
+private-etc passwd,group,resolv.conf,X11
diff --git a/test/private-etc/p2.profile b/test/private-etc/p2.profile
new file mode 100644
index 000000000..7193428b9
--- /dev/null
+++ b/test/private-etc/p2.profile
@@ -0,0 +1 @@
+private-etc @x11
diff --git a/test/private-etc/p3.profile b/test/private-etc/p3.profile
new file mode 100644
index 000000000..64e4025d0
--- /dev/null
+++ b/test/private-etc/p3.profile
@@ -0,0 +1 @@
+private-etc @tls-ca,os-release,@x11,mime.types,mailcap
diff --git a/test/fs/private-etc.exp b/test/private-etc/private-etc.exp
index f51fc5221..2e3c06dc1 100755
--- a/test/fs/private-etc.exp
+++ b/test/private-etc/private-etc.exp
@@ -1,13 +1,12 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
 spawn $env(SHELL)
 match_max 100000
-# directory with ~
 send -- "firejail --private-etc=passwd,group,resolv.conf,X11\r"
 expect {
        timeout {puts "TESTING ERROR 1\n";exit}
diff --git a/test/private-etc/private-etc.sh b/test/private-etc/private-etc.sh
new file mode 100755
index 000000000..8488611b9
--- /dev/null
+++ b/test/private-etc/private-etc.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+# This file is part of Firejail project
+# Copyright (C) 2014-2023 Firejail Authors
+# License GPL v2
+export MALLOC_CHECK_=3
+export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
+export LC_ALL=C
+echo "TESTING: private-etc (test/private-etc/private-etc.exp)"
+./private-etc.exp
+echo "TESTING: profile (test/private-etc/profile.exp)"
+./private-etc.exp
+echo "TESTING: groups (test/private-etc/groups.exp)"
+./groups.exp
+echo "TESTING: etc-cleanup (test/private-etc/etc-cleanup.exp)"
+./etc-cleanup.exp
diff --git a/test/private-etc/profile.exp b/test/private-etc/profile.exp
new file mode 100755
index 000000000..7920b0c05
--- /dev/null
+++ b/test/private-etc/profile.exp
@@ -0,0 +1,90 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2023 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --profile=p1.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+sleep 1
+send -- "LC_ALL=C ls -al /etc\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "X11"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "group"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "passwd"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "resolv.conf"
+}
+send -- "file /etc/shadow\r"
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "No such file or directory"
+}
+after 100
+send -- "exit\r"
+sleep 1
+send -- "firejail --profile=p2.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+sleep 1
+send -- "LC_ALL=C ls -al /etc\r"
+expect {
+        timeout {puts "TESTING ERROR 13\n";exit}
+        "X11"
+}
+expect {
+        timeout {puts "TESTING ERROR 14\n";exit}
+        "group"
+}
+expect {
+        timeout {puts "TESTING ERROR 15\n";exit}
+        "passwd"
+}
+expect {
+        timeout {puts "TESTING ERROR 16\n";exit}
+        "resolv.conf"
+}
+send -- "file /etc/shadow\r"
+expect {
+        timeout {puts "TESTING ERROR 17\n";exit}
+        "No such file or directory"
+}
+after 100
+send -- "exit\r"
+sleep 1
+after 100
+puts "\nall done\n"
diff --git a/test/private-lib/atril.exp b/test/private-lib/atril.exp
index cad118c0a..7f59e32ec 100755
--- a/test/private-lib/atril.exp
+++ b/test/private-lib/atril.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/dig.exp b/test/private-lib/dig.exp
index fd40cd48c..dbe16c68a 100755
--- a/test/private-lib/dig.exp
+++ b/test/private-lib/dig.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/eog.exp b/test/private-lib/eog.exp
index c4bfc0aa7..bcab65df3 100755
--- a/test/private-lib/eog.exp
+++ b/test/private-lib/eog.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/eom.exp b/test/private-lib/eom.exp
index a7709b0ec..b6b410e41 100755
--- a/test/private-lib/eom.exp
+++ b/test/private-lib/eom.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/evince.exp b/test/private-lib/evince.exp
index 8f54ee345..689934d33 100755
--- a/test/private-lib/evince.exp
+++ b/test/private-lib/evince.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/galculator.exp b/test/private-lib/galculator.exp
index 4cf6b6a73..8be64f391 100755
--- a/test/private-lib/galculator.exp
+++ b/test/private-lib/galculator.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/gedit.exp b/test/private-lib/gedit.exp
index 838ffad21..30d3988f1 100755
--- a/test/private-lib/gedit.exp
+++ b/test/private-lib/gedit.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/gnome-calculator.exp b/test/private-lib/gnome-calculator.exp
index 37e6b86cb..20f91d03e 100755
--- a/test/private-lib/gnome-calculator.exp
+++ b/test/private-lib/gnome-calculator.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/gnome-logs.exp b/test/private-lib/gnome-logs.exp
index 3f0cc3544..d6dce771f 100755
--- a/test/private-lib/gnome-logs.exp
+++ b/test/private-lib/gnome-logs.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/gnome-nettool.exp b/test/private-lib/gnome-nettool.exp
index 3a08fe3df..a71db729b 100755
--- a/test/private-lib/gnome-nettool.exp
+++ b/test/private-lib/gnome-nettool.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/gnome-system-log.exp b/test/private-lib/gnome-system-log.exp
index 5ab819a89..886cd0e87 100755
--- a/test/private-lib/gnome-system-log.exp
+++ b/test/private-lib/gnome-system-log.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/gpicview.exp b/test/private-lib/gpicview.exp
index ea0964787..6a1467ca4 100755
--- a/test/private-lib/gpicview.exp
+++ b/test/private-lib/gpicview.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/leafpad.exp b/test/private-lib/leafpad.exp
index 9e4dc7fed..4df68f74e 100755
--- a/test/private-lib/leafpad.exp
+++ b/test/private-lib/leafpad.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/mousepad.exp b/test/private-lib/mousepad.exp
index 9c7501473..d0ffce97e 100755
--- a/test/private-lib/mousepad.exp
+++ b/test/private-lib/mousepad.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/pavucontrol.exp b/test/private-lib/pavucontrol.exp
index 3aeda709a..5634b1b1e 100755
--- a/test/private-lib/pavucontrol.exp
+++ b/test/private-lib/pavucontrol.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/pluma.exp b/test/private-lib/pluma.exp
index 64cb16d5a..3f88bfcb7 100755
--- a/test/private-lib/pluma.exp
+++ b/test/private-lib/pluma.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/private-lib.exp b/test/private-lib/private-lib.exp
index 5290def35..54b50561f 100755
--- a/test/private-lib/private-lib.exp
+++ b/test/private-lib/private-lib.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
diff --git a/test/private-lib/private-lib.sh b/test/private-lib/private-lib.sh
index 43c42a098..0ef18b79d 100755
--- a/test/private-lib/private-lib.sh
+++ b/test/private-lib/private-lib.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3g
diff --git a/test/private-lib/transmission-gtk.exp b/test/private-lib/transmission-gtk.exp
index 0f297cc42..4f5b8094c 100755
--- a/test/private-lib/transmission-gtk.exp
+++ b/test/private-lib/transmission-gtk.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/xcalc.exp b/test/private-lib/xcalc.exp
index e9c541684..196d3481a 100755
--- a/test/private-lib/xcalc.exp
+++ b/test/private-lib/xcalc.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/profiles/all-profiles.sh b/test/profiles/all-profiles.sh
index a550afe23..6f814a160 100755
--- a/test/profiles/all-profiles.sh
+++ b/test/profiles/all-profiles.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/profiles/conditional.exp b/test/profiles/conditional.exp
index 40bae3878..189cd6320 100755
--- a/test/profiles/conditional.exp
+++ b/test/profiles/conditional.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/profiles/ignore.exp b/test/profiles/ignore.exp
index df4337e1e..450d271c1 100755
--- a/test/profiles/ignore.exp
+++ b/test/profiles/ignore.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/profiles/profile_appname.exp b/test/profiles/profile_appname.exp
index c178e8e00..deb375f39 100755
--- a/test/profiles/profile_appname.exp
+++ b/test/profiles/profile_appname.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/profiles/profile_comment.exp b/test/profiles/profile_comment.exp
index 73e92d864..56cf9e034 100755
--- a/test/profiles/profile_comment.exp
+++ b/test/profiles/profile_comment.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/profiles/profile_followlnk.exp b/test/profiles/profile_followlnk.exp
index 112acbbc9..39ea8bb43 100755
--- a/test/profiles/profile_followlnk.exp
+++ b/test/profiles/profile_followlnk.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/profiles/profile_noperm.exp b/test/profiles/profile_noperm.exp
index c6a571473..51eb0023f 100755
--- a/test/profiles/profile_noperm.exp
+++ b/test/profiles/profile_noperm.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/profiles/profile_readonly.exp b/test/profiles/profile_readonly.exp
index 4c1bcba89..5cd2c3d3b 100755
--- a/test/profiles/profile_readonly.exp
+++ b/test/profiles/profile_readonly.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/profiles/profile_recursivity.exp b/test/profiles/profile_recursivity.exp
index a3d4843ab..be2c7d4dd 100755
--- a/test/profiles/profile_recursivity.exp
+++ b/test/profiles/profile_recursivity.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/profiles/profile_syntax.exp b/test/profiles/profile_syntax.exp
index 2bce76d83..803b23a8c 100755
--- a/test/profiles/profile_syntax.exp
+++ b/test/profiles/profile_syntax.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/profiles/profile_syntax2.exp b/test/profiles/profile_syntax2.exp
index 2ddaded88..6568fa88c 100755
--- a/test/profiles/profile_syntax2.exp
+++ b/test/profiles/profile_syntax2.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/profiles/profiles.sh b/test/profiles/profiles.sh
index 90c88aaf5..d49f26b92 100755
--- a/test/profiles/profiles.sh
+++ b/test/profiles/profiles.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/profiles/test-profile.exp b/test/profiles/test-profile.exp
index 5f18695a7..085411f36 100755
--- a/test/profiles/test-profile.exp
+++ b/test/profiles/test-profile.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/apache2.exp b/test/root/apache2.exp
index a6b25de2f..369cda40d 100755
--- a/test/root/apache2.exp
+++ b/test/root/apache2.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 5
diff --git a/test/root/checkcfg.exp b/test/root/checkcfg.exp
index 94d9e08fc..d7aea8084 100755
--- a/test/root/checkcfg.exp
+++ b/test/root/checkcfg.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/firecfg.exp b/test/root/firecfg.exp
index 917cea90f..d78631c76 100755
--- a/test/root/firecfg.exp
+++ b/test/root/firecfg.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/firemon-events.exp b/test/root/firemon-events.exp
index 8eab93a2a..8ca222733 100755
--- a/test/root/firemon-events.exp
+++ b/test/root/firemon-events.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/isc-dhcp.exp b/test/root/isc-dhcp.exp
index 20e5ef408..dbafdb9d0 100755
--- a/test/root/isc-dhcp.exp
+++ b/test/root/isc-dhcp.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 5
diff --git a/test/root/join.exp b/test/root/join.exp
index 291ee9115..c488a488a 100755
--- a/test/root/join.exp
+++ b/test/root/join.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/login_nobody.exp b/test/root/login_nobody.exp
index 9c0932196..0c54488bd 100755
--- a/test/root/login_nobody.exp
+++ b/test/root/login_nobody.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/nginx.exp b/test/root/nginx.exp
index 40d8cb51e..cb7367729 100755
--- a/test/root/nginx.exp
+++ b/test/root/nginx.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 5
diff --git a/test/root/option_bind_directory.exp b/test/root/option_bind_directory.exp
index 4fabf0cd8..83ed6b84d 100755
--- a/test/root/option_bind_directory.exp
+++ b/test/root/option_bind_directory.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/option_bind_file.exp b/test/root/option_bind_file.exp
index 6c796a2b0..0807f951a 100755
--- a/test/root/option_bind_file.exp
+++ b/test/root/option_bind_file.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/option_tmpfs.exp b/test/root/option_tmpfs.exp
index 13820afe8..2d9eea8f5 100755
--- a/test/root/option_tmpfs.exp
+++ b/test/root/option_tmpfs.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/private.exp b/test/root/private.exp
index 70d0218fa..8c89e1f31 100755
--- a/test/root/private.exp
+++ b/test/root/private.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/profile_tmpfs.exp b/test/root/profile_tmpfs.exp
index fba63773f..7331225b3 100755
--- a/test/root/profile_tmpfs.exp
+++ b/test/root/profile_tmpfs.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/root.sh b/test/root/root.sh
index a39525b6e..84e430c7f 100755
--- a/test/root/root.sh
+++ b/test/root/root.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 # set a new firejail config file
diff --git a/test/root/seccomp-chmod.exp b/test/root/seccomp-chmod.exp
index ef0453548..d26098524 100755
--- a/test/root/seccomp-chmod.exp
+++ b/test/root/seccomp-chmod.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/seccomp-chown.exp b/test/root/seccomp-chown.exp
index 968a4bc96..e17bbc4bb 100755
--- a/test/root/seccomp-chown.exp
+++ b/test/root/seccomp-chown.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/seccomp-umount.exp b/test/root/seccomp-umount.exp
index b99ec30f7..70a39925d 100755
--- a/test/root/seccomp-umount.exp
+++ b/test/root/seccomp-umount.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/snmpd.exp b/test/root/snmpd.exp
index 510abfbad..63f488342 100755
--- a/test/root/snmpd.exp
+++ b/test/root/snmpd.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 5
diff --git a/test/root/unbound.exp b/test/root/unbound.exp
index 6440304b2..d84c07452 100755
--- a/test/root/unbound.exp
+++ b/test/root/unbound.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 5
diff --git a/test/root/whitelist.exp b/test/root/whitelist.exp
index 2397f6a90..063864e13 100755
--- a/test/root/whitelist.exp
+++ b/test/root/whitelist.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/ssh/login.exp b/test/ssh/login.exp
index 5d6a6216b..0a05b2dd1 100755
--- a/test/ssh/login.exp
+++ b/test/ssh/login.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/ssh/scp.exp b/test/ssh/scp.exp
index 13163564b..a803e7131 100755
--- a/test/ssh/scp.exp
+++ b/test/ssh/scp.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/ssh/sftp.exp b/test/ssh/sftp.exp
index 01c1e7e04..a3299ef26 100755
--- a/test/ssh/sftp.exp
+++ b/test/ssh/sftp.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/ssh/ssh.sh b/test/ssh/ssh.sh
index c0d545a55..d9fedc969 100755
--- a/test/ssh/ssh.sh
+++ b/test/ssh/ssh.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/stress/blacklist.exp b/test/stress/blacklist.exp
index 7d32ad114..3c6801b99 100755
--- a/test/stress/blacklist.exp
+++ b/test/stress/blacklist.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/stress/env.exp b/test/stress/env.exp
index 5411819ec..66e2d8374 100755
--- a/test/stress/env.exp
+++ b/test/stress/env.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/stress/net_macvlan.exp b/test/stress/net_macvlan.exp
index f17067cbb..6471979e9 100755
--- a/test/stress/net_macvlan.exp
+++ b/test/stress/net_macvlan.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/stress/stress.sh b/test/stress/stress.sh
index 2b4d8147d..9db7ac9d3 100755
--- a/test/stress/stress.sh
+++ b/test/stress/stress.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/sysutils/cpio.exp b/test/sysutils/cpio.exp
index e4ab77525..f1ae1f83d 100755
--- a/test/sysutils/cpio.exp
+++ b/test/sysutils/cpio.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/sysutils/curl.exp b/test/sysutils/curl.exp
index 29c9883a4..31f44bf54 100755
--- a/test/sysutils/curl.exp
+++ b/test/sysutils/curl.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/sysutils/dig.exp b/test/sysutils/dig.exp
index bd5ccbb5c..38acabeed 100755
--- a/test/sysutils/dig.exp
+++ b/test/sysutils/dig.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/sysutils/file.exp b/test/sysutils/file.exp
index dcc253dad..b302c8be2 100755
--- a/test/sysutils/file.exp
+++ b/test/sysutils/file.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/sysutils/gzip.exp b/test/sysutils/gzip.exp
index 75b51694c..1588262e2 100755
--- a/test/sysutils/gzip.exp
+++ b/test/sysutils/gzip.exp
@@ -1,26 +1,20 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
 spawn $env(SHELL)
 match_max 100000
-send -- "/bin/gzip -c /usr/bin/firejail > firejail_t1\r"
+send -- "rm index.html*\r"
-sleep 1
+after 500
-send -- "firejail /bin/gzip -c /usr/bin/firejail > firejail_t2\r"
+send -- "firejail gzip -c ../../mkdeb.sh | firejail gunzip -c\r"
-sleep 1
-send -- "diff -s firejail_t1 firejail_t2\r"
 expect {
        timeout {puts "TESTING ERROR 1\n";exit}
-        "firejail_t1 and firejail_t2 are identical"
+        "This file is part of Firejail project"
 }
+after 500
-send -- "rm firejail_t*\r"
-sleep 1
 puts "\nall done\n"
diff --git a/test/sysutils/host.exp b/test/sysutils/host.exp
index 7fe3ddfa4..5c7d3f062 100755
--- a/test/sysutils/host.exp
+++ b/test/sysutils/host.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/sysutils/less.exp b/test/sysutils/less.exp
index 7bbd76942..9e19af83a 100755
--- a/test/sysutils/less.exp
+++ b/test/sysutils/less.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/sysutils/man.exp b/test/sysutils/man.exp
index c569653c6..f4fc5aa2c 100755
--- a/test/sysutils/man.exp
+++ b/test/sysutils/man.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/sysutils/md5sum.exp b/test/sysutils/md5sum.exp
new file mode 100755
index 000000000..24567ee36
--- /dev/null
+++ b/test/sysutils/md5sum.exp
@@ -0,0 +1,21 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2023 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail md5sum ../../COPYING\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "b234ee"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "COPYING"
+}
+after 500
+puts "\nall done\n"
diff --git a/test/sysutils/nslookup.exp b/test/sysutils/nslookup.exp
index 2a99441d9..249cfe565 100755
--- a/test/sysutils/nslookup.exp
+++ b/test/sysutils/nslookup.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/sysutils/ping.exp b/test/sysutils/ping.exp
index dd6073234..dc50af38e 100755
--- a/test/sysutils/ping.exp
+++ b/test/sysutils/ping.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/sysutils/sha512sum.exp b/test/sysutils/sha512sum.exp
new file mode 100755
index 000000000..8c1f81417
--- /dev/null
+++ b/test/sysutils/sha512sum.exp
@@ -0,0 +1,21 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2023 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail sha512sum ../../COPYING\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "aee80b1f"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "COPYING"
+}
+after 500
+puts "\nall done\n"
diff --git a/test/sysutils/strings.exp b/test/sysutils/strings.exp
index 47b75accc..f440a7674 100755
--- a/test/sysutils/strings.exp
+++ b/test/sysutils/strings.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/sysutils/sysutils.sh b/test/sysutils/sysutils.sh
index bab243c4b..34acca07d 100755
--- a/test/sysutils/sysutils.sh
+++ b/test/sysutils/sysutils.sh
@@ -1,12 +1,36 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
 export LC_ALL=C
+if command -v gzip
+then
+        echo "TESTING: gzip"
+        ./gzip.exp
+else
+        echo "TESTING SKIP: md5sum not found"
+fi
+if command -v md5sum
+then
+        echo "TESTING: md5sum"
+        ./md5sum.exp
+else
+        echo "TESTING SKIP: md5sum not found"
+fi
+if command -v sha512sum
+then
+        echo "TESTING: sha512sum"
+        ./sha512sum.exp
+else
+        echo "TESTING SKIP: sha512sum not found"
+fi
 if command -v cpio
 then
        echo "TESTING: cpio"
@@ -127,3 +151,11 @@ else
        echo "TESTING SKIP: strings not found"
 fi
+if command -v whois
+then
+        echo "TESTING: whois"
+        ./whois.exp
+else
+        echo "TESTING SKIP: whois not found"
+fi
diff --git a/test/sysutils/tar.exp b/test/sysutils/tar.exp
index ed68179f9..8f4c9f565 100755
--- a/test/sysutils/tar.exp
+++ b/test/sysutils/tar.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/sysutils/wget.exp b/test/sysutils/wget.exp
index c6d2765c7..7f994ff81 100755
--- a/test/sysutils/wget.exp
+++ b/test/sysutils/wget.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/whois.exp b/test/sysutils/whois.exp
index 29190253c..932a46282 100755
--- a/test/private-lib/whois.exp
+++ b/test/sysutils/whois.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
@@ -10,7 +10,8 @@ match_max 100000
 send -- "firejail whois debian.org\r"
 expect {
        timeout {puts "TESTING ERROR 0\n";exit}
-        "Domain Name"
+        "Domain Name" {puts "testing ok\n"}
+        "Connection refused" {puts "TESTING SKIP: connection refused\n"}
 }
 after 100
diff --git a/test/sysutils/xz.exp b/test/sysutils/xz.exp
index 9ee85cde4..bbe05ea19 100755
--- a/test/sysutils/xz.exp
+++ b/test/sysutils/xz.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 60
diff --git a/test/sysutils/xzdec.exp b/test/sysutils/xzdec.exp
index 1b525e3bd..62cc1c225 100755
--- a/test/sysutils/xzdec.exp
+++ b/test/sysutils/xzdec.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/build.exp b/test/utils/build.exp
index a1f1d10fb..3f42a74be 100755
--- a/test/utils/build.exp
+++ b/test/utils/build.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/caps-print.exp b/test/utils/caps-print.exp
index b6ccd05d4..381f27574 100755
--- a/test/utils/caps-print.exp
+++ b/test/utils/caps-print.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/catchsignal-master.sh b/test/utils/catchsignal-master.sh
index 881aac270..dd5fd0c7b 100755
--- a/test/utils/catchsignal-master.sh
+++ b/test/utils/catchsignal-master.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 ./catchsignal.sh &
diff --git a/test/utils/catchsignal.sh b/test/utils/catchsignal.sh
index cef00b2a5..99be6d196 100755
--- a/test/utils/catchsignal.sh
+++ b/test/utils/catchsignal.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 _term() {
diff --git a/test/utils/catchsignal2.sh b/test/utils/catchsignal2.sh
index 21f299430..024f297b3 100755
--- a/test/utils/catchsignal2.sh
+++ b/test/utils/catchsignal2.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 _term() {
diff --git a/test/utils/command.exp b/test/utils/command.exp
index 5e15efc14..87742c40b 100755
--- a/test/utils/command.exp
+++ b/test/utils/command.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/cpu-print.exp b/test/utils/cpu-print.exp
index 3e4d63f2a..6a05e4139 100755
--- a/test/utils/cpu-print.exp
+++ b/test/utils/cpu-print.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/dns-print.exp b/test/utils/dns-print.exp
index c0cf2ff0f..7766e0629 100755
--- a/test/utils/dns-print.exp
+++ b/test/utils/dns-print.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/firemon-caps.exp b/test/utils/firemon-caps.exp
index 02b317341..621447d45 100755
--- a/test/utils/firemon-caps.exp
+++ b/test/utils/firemon-caps.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/firemon-cpu.exp b/test/utils/firemon-cpu.exp
index db5069ede..40ac958ea 100755
--- a/test/utils/firemon-cpu.exp
+++ b/test/utils/firemon-cpu.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/firemon-interface.exp b/test/utils/firemon-interface.exp
index 7e4e5f0ae..fc1ea9ef6 100755
--- a/test/utils/firemon-interface.exp
+++ b/test/utils/firemon-interface.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/firemon-name.exp b/test/utils/firemon-name.exp
index f8161cc81..873814d0f 100755
--- a/test/utils/firemon-name.exp
+++ b/test/utils/firemon-name.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/firemon-seccomp.exp b/test/utils/firemon-seccomp.exp
index 7eb6f9168..9e95366e7 100755
--- a/test/utils/firemon-seccomp.exp
+++ b/test/utils/firemon-seccomp.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/firemon-version.exp b/test/utils/firemon-version.exp
index 81ab2e8b0..ce4d3bed1 100755
--- a/test/utils/firemon-version.exp
+++ b/test/utils/firemon-version.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/fs-print.exp b/test/utils/fs-print.exp
index 536d59dbd..d0d62c82f 100755
--- a/test/utils/fs-print.exp
+++ b/test/utils/fs-print.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/help.exp b/test/utils/help.exp
index 4c5f46e8a..805efd1fd 100755
--- a/test/utils/help.exp
+++ b/test/utils/help.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/join-profile.exp b/test/utils/join-profile.exp
index 565010b82..3c065df24 100755
--- a/test/utils/join-profile.exp
+++ b/test/utils/join-profile.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/join.exp b/test/utils/join.exp
index d7dc0a1f9..ba0bc5838 100755
--- a/test/utils/join.exp
+++ b/test/utils/join.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/join2.exp b/test/utils/join2.exp
deleted file mode 100755
index 5f5a6bfe0..000000000
--- a/test/utils/join2.exp
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
-# License GPL v2
-set timeout 10
-cd /home
-spawn $env(SHELL)
-match_max 100000
-send --  "firejail --name=\"join testing\"\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 2
-spawn $env(SHELL)
-send --  "firejail --join=\"join testing\"\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "Switching to pid"
-}
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 1
-send -- "ps aux\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "/bin/bash"
-}
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "/bin/bash"
-}
-send -- "exit\r"
-after 100
-puts "\nall done\n"
diff --git a/test/utils/join3.exp b/test/utils/join3.exp
deleted file mode 100755
index c771b924b..000000000
--- a/test/utils/join3.exp
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
-# License GPL v2
-set timeout 10
-cd /home
-spawn $env(SHELL)
-match_max 100000
-send --  "firejail --name=join\\ testing\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 2
-spawn $env(SHELL)
-send --  "firejail --join=join\\ testing\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "Switching to pid"
-}
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 1
-send -- "ps aux\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "/bin/bash"
-}
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "/bin/bash"
-}
-send -- "exit\r"
-after 100
-puts "\nall done\n"
diff --git a/test/utils/join4.exp b/test/utils/join4.exp
index cddf7ad18..97e862c58 100755
--- a/test/utils/join4.exp
+++ b/test/utils/join4.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/join5.exp b/test/utils/join5.exp
index c0990ebf1..b42f94530 100755
--- a/test/utils/join5.exp
+++ b/test/utils/join5.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/list.exp b/test/utils/list.exp
index 30344e22a..369e50693 100755
--- a/test/utils/list.exp
+++ b/test/utils/list.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/ls.exp b/test/utils/ls.exp
index 6b6c67ede..3d8399947 100755
--- a/test/utils/ls.exp
+++ b/test/utils/ls.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/man.exp b/test/utils/man.exp
index f62859a8f..ba351981f 100755
--- a/test/utils/man.exp
+++ b/test/utils/man.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/name.exp b/test/utils/name.exp
index cd4465d41..0431dadb1 100755
--- a/test/utils/name.exp
+++ b/test/utils/name.exp
@@ -1,16 +1,45 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
 spawn $env(SHELL)
 match_max 100000
+send -- "firejail --name=12345\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "invalid sandbox name"
+}
+after 100
+send --  "firejail --name=\"join testing\"\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "invalid sandbox name"
+}
+after 100
+send --  "firejail --name=join\\ testing\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "invalid sandbox name"
+}
+after 100
+send -- "firejail --name=asdf,12345\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "invalid sandbox name"
+}
+after 100
 send -- "firejail --name=ftest\r"
 expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
+        timeout {puts "TESTING ERROR 5\n";exit}
        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
 after 100
@@ -18,7 +47,7 @@ after 100
 spawn $env(SHELL)
 send -- "firejail --name=ftest\r"
 expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
+        timeout {puts "TESTING ERROR 6\n";exit}
        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
 after 100
@@ -26,7 +55,7 @@ after 100
 spawn $env(SHELL)
 send -- "firejail --name=ftest\r"
 expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
+        timeout {puts "TESTING ERROR 7\n";exit}
        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
 after 100
@@ -34,7 +63,7 @@ after 100
 spawn $env(SHELL)
 send -- "firejail --name=ftest\r"
 expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
+        timeout {puts "TESTING ERROR 8\n";exit}
        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
 after 100
@@ -42,7 +71,7 @@ after 100
 spawn $env(SHELL)
 send -- "firejail --name=ftest\r"
 expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
+        timeout {puts "TESTING ERROR 9\n";exit}
        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
 after 100
@@ -50,7 +79,7 @@ after 100
 spawn $env(SHELL)
 send -- "firejail --name=ftest\r"
 expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
+        timeout {puts "TESTING ERROR 10\n";exit}
        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
 after 100
@@ -58,7 +87,7 @@ after 100
 spawn $env(SHELL)
 send -- "firejail --name=ftest\r"
 expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
+        timeout {puts "TESTING ERROR 11\n";exit}
        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
 after 100
@@ -66,7 +95,7 @@ after 100
 spawn $env(SHELL)
 send -- "firejail --name=ftest\r"
 expect {
-        timeout {puts "TESTING ERROR 7\n";exit}
+        timeout {puts "TESTING ERROR 12\n";exit}
        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
 after 100
@@ -74,7 +103,7 @@ after 100
 spawn $env(SHELL)
 send -- "firejail --name=ftest\r"
 expect {
-        timeout {puts "TESTING ERROR 8\n";exit}
+        timeout {puts "TESTING ERROR 13\n";exit}
        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
 after 100
@@ -82,7 +111,7 @@ after 100
 spawn $env(SHELL)
 send -- "firejail --name=ftest\r"
 expect {
-        timeout {puts "TESTING ERROR 9\n";exit}
+        timeout {puts "TESTING ERROR 14\n";exit}
        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
 after 100
@@ -90,7 +119,7 @@ after 100
 spawn $env(SHELL)
 send -- "firejail --name=ftest\r"
 expect {
-        timeout {puts "TESTING ERROR 10\n";exit}
+        timeout {puts "TESTING ERROR 15\n";exit}
        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
 after 100
@@ -98,7 +127,7 @@ after 100
 spawn $env(SHELL)
 send -- "firejail --name=ftest\r"
 expect {
-        timeout {puts "TESTING ERROR 11\n";exit}
+        timeout {puts "TESTING ERROR 16\n";exit}
        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
 after 100
@@ -106,51 +135,51 @@ after 100
 spawn $env(SHELL)
 send -- "firejail --list\r"
 expect {
-        timeout {puts "TESTING ERROR 12\n";exit}
+        timeout {puts "TESTING ERROR 17\n";exit}
        ":ftest:"
 }
 expect {
-        timeout {puts "TESTING ERROR 13\n";exit}
+        timeout {puts "TESTING ERROR 18\n";exit}
        ":ftest-"
 }
 expect {
-        timeout {puts "TESTING ERROR 14\n";exit}
+        timeout {puts "TESTING ERROR 19\n";exit}
        ":ftest-"
 }
 expect {
-        timeout {puts "TESTING ERROR 15\n";exit}
+        timeout {puts "TESTING ERROR 20\n";exit}
        ":ftest-"
 }
 expect {
-        timeout {puts "TESTING ERROR 16\n";exit}
+        timeout {puts "TESTING ERROR 21\n";exit}
        ":ftest-"
 }
 expect {
-        timeout {puts "TESTING ERROR 17\n";exit}
+        timeout {puts "TESTING ERROR 22\n";exit}
        ":ftest-"
 }
 expect {
-        timeout {puts "TESTING ERROR 18\n";exit}
+        timeout {puts "TESTING ERROR 23\n";exit}
        ":ftest-"
 }
 expect {
-        timeout {puts "TESTING ERROR 19\n";exit}
+        timeout {puts "TESTING ERROR 24\n";exit}
        ":ftest-"
 }
 expect {
-        timeout {puts "TESTING ERROR 20\n";exit}
+        timeout {puts "TESTING ERROR 25\n";exit}
        ":ftest-"
 }
 expect {
-        timeout {puts "TESTING ERROR 21\n";exit}
+        timeout {puts "TESTING ERROR 26\n";exit}
        ":ftest-"
 }
 expect {
-        timeout {puts "TESTING ERROR 22\n";exit}
+        timeout {puts "TESTING ERROR 27\n";exit}
        ":ftest-"
 }
 expect {
-        timeout {puts "TESTING ERROR 23\n";exit}
+        timeout {puts "TESTING ERROR 28\n";exit}
        ":ftest-"
 }
 sleep 1
diff --git a/test/utils/profile_print.exp b/test/utils/profile_print.exp
index 9b2d65d84..4ec101f07 100755
--- a/test/utils/profile_print.exp
+++ b/test/utils/profile_print.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/protocol-print.exp b/test/utils/protocol-print.exp
index ca74b7fc9..f24afc703 100755
--- a/test/utils/protocol-print.exp
+++ b/test/utils/protocol-print.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/seccomp-print.exp b/test/utils/seccomp-print.exp
index a9525ce2e..a78501582 100755
--- a/test/utils/seccomp-print.exp
+++ b/test/utils/seccomp-print.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/shutdown.exp b/test/utils/shutdown.exp
index 8bd7a6616..514029964 100755
--- a/test/utils/shutdown.exp
+++ b/test/utils/shutdown.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 15
diff --git a/test/utils/shutdown2.exp b/test/utils/shutdown2.exp
index 4dabf6c23..a0a976667 100755
--- a/test/utils/shutdown2.exp
+++ b/test/utils/shutdown2.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/shutdown3.exp b/test/utils/shutdown3.exp
index 8017d753d..89994faec 100755
--- a/test/utils/shutdown3.exp
+++ b/test/utils/shutdown3.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/shutdown4.exp b/test/utils/shutdown4.exp
index 09db3f140..3fbe75c97 100755
--- a/test/utils/shutdown4.exp
+++ b/test/utils/shutdown4.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/top.exp b/test/utils/top.exp
index 402d7c2df..9f4a34640 100755
--- a/test/utils/top.exp
+++ b/test/utils/top.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/trace.exp b/test/utils/trace.exp
index beb59d337..3805955d7 100755
--- a/test/utils/trace.exp
+++ b/test/utils/trace.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 30
diff --git a/test/utils/tree.exp b/test/utils/tree.exp
index 4b1f70bd2..c5047763a 100755
--- a/test/utils/tree.exp
+++ b/test/utils/tree.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/utils.sh b/test/utils/utils.sh
index 647cbfb34..9f04c2625 100755
--- a/test/utils/utils.sh
+++ b/test/utils/utils.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
@@ -85,12 +85,6 @@ echo "TESTING: shutdown4 (test/utils/shutdown4.exp)"
 echo "TESTING: join (test/utils/join.exp)"
 ./join.exp
-echo "TESTING: join2 (test/utils/join2.exp)"
-./join2.exp
-echo "TESTING: join3 (test/utils/join3.exp)"
-./join3.exp
 echo "TESTING: join4 (test/utils/join4.exp)"
 ./join4.exp
diff --git a/test/utils/version.exp b/test/utils/version.exp
index f010809f8..d5cf311d7 100755
--- a/test/utils/version.exp
+++ b/test/utils/version.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
+# Copyright (C) 2014-2023 Firejail Authors
 # License GPL v2
 set timeout 10