87 files changed, 415 insertions, 316 deletions
diff --git a/.editorconfig b/.editorconfig
new file mode 100644
index 000000000..7d98c1b14
--- /dev/null
+++ b/.editorconfig
@@ -0,0 +1,34 @@
+root = true
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+# Build
+[configure.ac]
+indent_size = 8
+indent_style = tab
+[*{.mk,Makefile}{,.in}]
+indent_size = 8
+indent_style = tab
+# Source code and scripts
+[*.{c,h}{,.in}]
+indent_size = 8
+indent_style = tab
+[*.{awk,exp,sh}{,.in}]
+indent_size = 8
+indent_style = tab
+[*.py{,.in}]
+indent_size = 4
+indent_style = space
+# Misc
+[.gitlab-ci.yml]
+indent_size = 4
+indent_style = space
diff --git a/.gitattributes b/.gitattributes
index 6b329f917..61bf3bfb7 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1 +1,6 @@
+* text=auto eol=lf
+*.AppImage -text
+*.zip -text
 /etc/inc/*.inc linguist-language=text
diff --git a/.github/.editorconfig b/.github/.editorconfig
new file mode 100644
index 000000000..eb5c699c5
--- /dev/null
+++ b/.github/.editorconfig
@@ -0,0 +1,3 @@
+[*.yml]
+indent_size = 2
+indent_style = space
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index c8c6f40bd..53066013d 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -81,7 +81,7 @@ output goes here
 <details>
 <summary>Output of <code>LC_ALL=C firejail --debug /path/to/program</code></summary>
 <p>
-  
 <!-- If the output is too long to embed it into the comment,
     create a secret gist at https://gist.github.com/ and link it here. -->
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 7cb92a938..80945c8ba 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,17 +1,17 @@
 If your PR isn't about profiles or you have no idea how to do one of these, skip the following and go ahead with this PR.
 If you submit a PR for new profiles or changing profiles, please do the following:
- - The ordering of options follow the rules described in [/usr/share/doc/firejail/profile.template](https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template).  
+- The ordering of options follow the rules described in [/usr/share/doc/firejail/profile.template](https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template).
-   > Hint: The profile-template is very new. If you install firejail with your package manager, it may be missing. In order to follow the latest rules, it is recommended to use the template from the repository.
+> Hint: The profile-template is very new. If you install firejail with your package manager, it may be missing. In order to follow the latest rules, it is recommended to use the template from the repository.
- - Order the arguments of options alphabetically. You can easily do this with [sort.py](https://github.com/netblue30/firejail/tree/master/contrib/sort.py).  
+- Order the arguments of options alphabetically. You can easily do this with [sort.py](https://github.com/netblue30/firejail/tree/master/contrib/sort.py).
- The path to it depends on your distro:
+The path to it depends on your distro:
-   | Distro | Path |
+| Distro | Path |
-   | ------ | ---- |
+| ------ | ---- |
-   | Arch/Fedora | `/usr/lib64/firejail/sort.py` |
+| Arch/Fedora | `/usr/lib64/firejail/sort.py` |
-   | Debian/Ubuntu/Mint | `/usr/lib/x86_64-linux-gnu/firejail/sort.py` |
+| Debian/Ubuntu/Mint | `/usr/lib/x86_64-linux-gnu/firejail/sort.py` |
-   | local git clone | `contrib/sort.py` |
+| local git clone | `contrib/sort.py` |
-   Note also that the sort.py script exists only since firejail `0.9.61`.
+Note also that the sort.py script exists only since firejail `0.9.61`.
 See also [CONTRIBUTING.md](/CONTRIBUTING.md).
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 97730e533..76d3e709b 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -9,14 +9,14 @@ our [dedicated issue](https://github.com/netblue30/firejail/issues/1139).
 When submitting a bug report, please provide the following information so that
 we can handle the report more easily:
- - firejail version. If you're not sure, open a terminal and type `firejail --version`.
+- firejail version. If you're not sure, open a terminal and type `firejail --version`.
- - Linux distribution (so that we can try to reproduce it, if necessary).
+- Linux distribution (so that we can try to reproduce it, if necessary).
- - If you know that the problem did not exist in an earlier version of firejail, please mention it.
+- If you know that the problem did not exist in an earlier version of firejail, please mention it.
- - If you are reporting that a program does not work with firejail, please also run firejail with
+- If you are reporting that a program does not work with firejail, please also run firejail with
- the `--noprofile` argument.
+the `--noprofile` argument.
- For example, if `firejail firefox` does not work, please also run `firejail --noprofile firefox` and
+For example, if `firejail firefox` does not work, please also run `firejail --noprofile firefox` and
- let us know if it runs correctly or not.
+let us know if it runs correctly or not.
- - You may also try disabling various options provided in `/etc/firejail/<ProgramName.profile>` until you find out which one causes problems. It will significantly help to find solution for your issue.
+- You may also try disabling various options provided in `/etc/firejail/<ProgramName.profile>` until you find out which one causes problems. It will significantly help to find solution for your issue.
 Please note: if you are running Debian, Ubuntu, Linux Mint, or another related
 distribution and you installed firejail from your distro's repositories, please
@@ -36,10 +36,10 @@ If you have already written a profile, please make sure it follows the rules des
 If you add a new command, here's the checklist:
- - [ ] Update manpages: firejail(1) and firejail-profile(5)
+- [ ] Update manpages: firejail(1) and firejail-profile(5)
- - [ ] Update shell completions
+- [ ] Update shell completions
- - [ ] Update syntax files (run `make syntax` or just `make`)
+- [ ] Update syntax files (run `make syntax` or just `make`)
- - [ ] Update --help
+- [ ] Update --help
 # Editing the wiki
diff --git a/README b/README
index c4a684366..dcdb3ecf6 100644
--- a/README
+++ b/README
@@ -1080,7 +1080,7 @@ SYN-cook (https://github.com/SYN-cook)
 startx2017 (https://github.com/startx2017)
        - syscall list update
        - updated default seccomp filters - added bpf, clock_settime, personality, process_vm_writev, query_module,
-                      settimeofday, stime, umount, userfaultfd, ustat, vm86, and vm86old
+          settimeofday, stime, umount, userfaultfd, ustat, vm86, and vm86old
        - enable/disable join support in /etc/firejail/firejail.config
        - firecfg fix: create ~/.local/share/applications directory if it doesn't exist
        - firejail.config cleanup
diff --git a/README.md b/README.md
index 0f6ca9b08..22e2fa291 100644
--- a/README.md
+++ b/README.md
@@ -268,5 +268,3 @@ Stats:
    dbus-system filter          12
 ```
diff --git a/contrib/gdb-firejail.sh b/contrib/gdb-firejail.sh
index b00cc65bc..032b031f0 100755
--- a/contrib/gdb-firejail.sh
+++ b/contrib/gdb-firejail.sh
@@ -13,11 +13,11 @@ set -x
 # setuid firejail process from the absolute beginning.
 if [ -z "${1##*/firejail}" ]; then
-    FIREJAIL=$1
+        FIREJAIL=$1
 else
-    # First argument is not named firejail, then add default unless environment
+        # First argument is not named firejail, then add default unless environment
-    # variable already set.
+        # variable already set.
-    set -- ${FIREJAIL:=$(command -v firejail)} "$@"
+        set -- ${FIREJAIL:=$(command -v firejail)} "$@"
 fi
 bash -c "kill -STOP \$\$; exec \"\$0\" \"\$@\"" "$@" &
diff --git a/contrib/syntax/.editorconfig b/contrib/syntax/.editorconfig
new file mode 100644
index 000000000..385bf17d5
--- /dev/null
+++ b/contrib/syntax/.editorconfig
@@ -0,0 +1,7 @@
+[*.lang{,.in}]
+indent_size = 2
+indent_style = space
+[*.vim{,.in}]
+indent_size = 2
+indent_style = space
diff --git a/contrib/syscalls.sh b/contrib/syscalls.sh
index 2c5bdf5ec..aece84e72 100755
--- a/contrib/syscalls.sh
+++ b/contrib/syscalls.sh
@@ -8,22 +8,22 @@ SYSCALLS_OUTPUT_FILE="$(pwd)/syscalls.txt"
 if [ $# -eq 0 ]
 then
-  echo
+        echo
-  echo "   *** No program specified!!! ***"
+        echo "   *** No program specified!!! ***"
-  echo
+        echo
-  echo -e "Make this file executable and execute it as:\\n"
+        echo -e "Make this file executable and execute it as:\\n"
-  echo -e "\\e[96m   syscalls.sh /full/path/to/program\\n"
+        echo -e "\\e[96m   syscalls.sh /full/path/to/program\\n"
-  echo -e "\\e[39mif you saved this script in a directory in your PATH (e.g., in ${HOME}/bin), otherwise as:\\n"
+        echo -e "\\e[39mif you saved this script in a directory in your PATH (e.g., in ${HOME}/bin), otherwise as:\\n"
-  echo -e "\\e[96m   ./syscalls.sh /full/path/to/program\\n"
+        echo -e "\\e[96m   ./syscalls.sh /full/path/to/program\\n"
-  echo -e "\\e[39mUse the full path to the respective program to avoid executing it sandboxed with Firejail\\n(if a Firejail profile for it already exits and 'sudo firecfg' was executed earlier)\\nin order to determine the necessary system calls."
+        echo -e "\\e[39mUse the full path to the respective program to avoid executing it sandboxed with Firejail\\n(if a Firejail profile for it already exits and 'sudo firecfg' was executed earlier)\\nin order to determine the necessary system calls."
-  echo
+        echo
-  exit 0
+        exit 0
 else
-  strace -cfo "$STRACE_OUTPUT_FILE" "$@" && awk '{print $NF}' "$STRACE_OUTPUT_FILE" | sed '/syscall\|-\|total/d' | sort -u | awk -vORS=, '{ print $1 }' | sed 's/,$/\n/' > "$SYSCALLS_OUTPUT_FILE"
+        strace -cfo "$STRACE_OUTPUT_FILE" "$@" && awk '{print $NF}' "$STRACE_OUTPUT_FILE" | sed '/syscall\|-\|total/d' | sort -u | awk -vORS=, '{ print $1 }' | sed 's/,$/\n/' > "$SYSCALLS_OUTPUT_FILE"
-  echo
+        echo
-  echo -e "\e[39mThese are the sorted syscalls:\n\e[93m"
+        echo -e "\e[39mThese are the sorted syscalls:\n\e[93m"
-  cat "$SYSCALLS_OUTPUT_FILE"
+        cat "$SYSCALLS_OUTPUT_FILE"
-  echo
+        echo
-  echo -e "\e[39mThe sorted syscalls were saved to:\n\e[96m$SYSCALLS_OUTPUT_FILE\n\e[39m"
+        echo -e "\e[39mThe sorted syscalls were saved to:\n\e[96m$SYSCALLS_OUTPUT_FILE\n\e[39m"
-  exit 0
+        exit 0
 fi
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 3333dd0fa..3eb6c03d5 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -1078,6 +1078,7 @@ blacklist ${HOME}/.ostrichriders
 blacklist ${HOME}/.paradoxinteractive
 blacklist ${HOME}/.paradoxlauncher
 blacklist ${HOME}/.parallelrealities/blobwars
+blacklist ${HOME}/.parsec
 blacklist ${HOME}/.pcsxr
 blacklist ${HOME}/.penguin-command
 blacklist ${HOME}/.pine-crash
diff --git a/etc/profile-a-l/bibtex.profile b/etc/profile-a-l/bibtex.profile
index e868dcbab..5f12d61f1 100644
--- a/etc/profile-a-l/bibtex.profile
+++ b/etc/profile-a-l/bibtex.profile
@@ -9,4 +9,3 @@ private-bin bibtex
 # Redirect
 include latex-common.profile
diff --git a/etc/profile-a-l/latex.profile b/etc/profile-a-l/latex.profile
index 2230dd570..f6e625d35 100644
--- a/etc/profile-a-l/latex.profile
+++ b/etc/profile-a-l/latex.profile
@@ -9,4 +9,3 @@ private-bin latex
 # Redirect
 include latex-common.profile
diff --git a/etc/profile-m-z/parsecd.profile b/etc/profile-m-z/parsecd.profile
new file mode 100644
index 000000000..249d475cf
--- /dev/null
+++ b/etc/profile-m-z/parsecd.profile
@@ -0,0 +1,57 @@
+# Firejail profile for Parsec
+# Description: Remote desktop application focused on gaming and other 3D applications
+# This file is overwritten after every install/update
+# Persistent local customizations
+include parsecd.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.parsec
+ignore noexec ${HOME}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.parsec
+whitelist ${HOME}/.parsec
+whitelist /usr/share/parsec
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-var-common.inc
+# Due to the nature of parsec, the following directives will not work:
+# - no3d
+# - novideo
+# - nosound
+# - noinput (it does remote passthrough stuff for gamepads)
+# - private-dev (because of the above)
+apparmor
+caps.drop all
+nodvd
+nogroups
+nonewprivs
+notv
+nou2f
+noroot
+# Will fail to start with mty_evdev_create: 'udev_monitor_new_from_netlink' failed without netlink
+protocol unix,inet,inet6,netlink
+seccomp !tgkill
+seccomp.block-secondary
+# Will not start with zenity missing
+private-bin parsecd,zenity
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute
+restrict-namespaces
diff --git a/etc/profile-m-z/pdflatex.profile b/etc/profile-m-z/pdflatex.profile
index caf980d4d..ddf6d0990 100644
--- a/etc/profile-m-z/pdflatex.profile
+++ b/etc/profile-m-z/pdflatex.profile
@@ -9,4 +9,3 @@ private-bin pdflatex
 # Redirect
 include latex-common.profile
diff --git a/etc/profile-m-z/presentations18.profile b/etc/profile-m-z/presentations18.profile
index 65d684c40..ac844d1af 100644
--- a/etc/profile-m-z/presentations18.profile
+++ b/etc/profile-m-z/presentations18.profile
@@ -8,4 +8,3 @@ include globals.local
 # Redirect
 include softmaker-common.profile
diff --git a/etc/profile-m-z/rpcs3.profile b/etc/profile-m-z/rpcs3.profile
index 186e31b46..405ab818d 100644
--- a/etc/profile-m-z/rpcs3.profile
+++ b/etc/profile-m-z/rpcs3.profile
@@ -2,7 +2,7 @@
 # Description: RPCS3 emulator
 # This file is overwritten after every install/update
 # Persistent local customizations
-include rpcs3.local 
+include rpcs3.local
 # Persistent global definitions
 include globals.local
diff --git a/etc/profile-m-z/tex.profile b/etc/profile-m-z/tex.profile
index f56c3038e..c850cf5c3 100644
--- a/etc/profile-m-z/tex.profile
+++ b/etc/profile-m-z/tex.profile
@@ -9,4 +9,3 @@ private-bin tex
 # Redirect
 include latex-common.profile
diff --git a/etc/profile-m-z/textmaker18.profile b/etc/profile-m-z/textmaker18.profile
index e5a4b6454..8284df791 100644
--- a/etc/profile-m-z/textmaker18.profile
+++ b/etc/profile-m-z/textmaker18.profile
@@ -8,4 +8,3 @@ include globals.local
 # Redirect
 include softmaker-common.profile
diff --git a/etc/profile-m-z/textmaker18free.profile b/etc/profile-m-z/textmaker18free.profile
index 0e918bf0a..ad945ca55 100644
--- a/etc/profile-m-z/textmaker18free.profile
+++ b/etc/profile-m-z/textmaker18free.profile
@@ -8,4 +8,3 @@ include globals.local
 # Redirect
 include softmaker-common.profile
diff --git a/platform/rpm/.editorconfig b/platform/rpm/.editorconfig
new file mode 100644
index 000000000..964dd36dd
--- /dev/null
+++ b/platform/rpm/.editorconfig
@@ -0,0 +1,3 @@
+[*.sh{,.in}]
+indent_size = 4
+indent_style = space
diff --git a/platform/rpm/mkrpm.sh b/platform/rpm/mkrpm.sh
index 34104c7b2..d32ccd360 100755
--- a/platform/rpm/mkrpm.sh
+++ b/platform/rpm/mkrpm.sh
@@ -31,7 +31,7 @@ fi
 tmpdir=$(mktemp -d)
 mkdir -p ${tmpdir}/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
 function cleanup {
-  rm -rf ${tmpdir}
+    rm -rf ${tmpdir}
 }
 trap cleanup EXIT
diff --git a/src/bash_completion/.editorconfig b/src/bash_completion/.editorconfig
new file mode 100644
index 000000000..298a13b5e
--- /dev/null
+++ b/src/bash_completion/.editorconfig
@@ -0,0 +1,3 @@
+[*.bash_completion{,.in}]
+indent_size = 4
+indent_style = space
diff --git a/src/etc-cleanup/main.c b/src/etc-cleanup/main.c
index a51043e66..6c7bea6d6 100644
--- a/src/etc-cleanup/main.c
+++ b/src/etc-cleanup/main.c
@@ -231,8 +231,8 @@ int main(int argc, char **argv) {
        int i;
        for (i = 1; i < argc; i++) {
                if (strcmp(argv[i], "-h") == 0 ||
-                     strcmp(argv[i], "-?") == 0 ||
+                    strcmp(argv[i], "-?") == 0 ||
-                     strcmp(argv[i], "--help") == 0) {
+                    strcmp(argv[i], "--help") == 0) {
                        usage();
                        return 0;
                }
@@ -252,4 +252,4 @@ int main(int argc, char **argv) {
                process_file(argv[i]);
        return 0;
-}
-\ No newline at end of file
+}
diff --git a/src/fbuilder/build_home.c b/src/fbuilder/build_home.c
index 6d96b69cc..15c54911b 100644
--- a/src/fbuilder/build_home.c
+++ b/src/fbuilder/build_home.c
@@ -110,7 +110,7 @@ void process_home(const char *fname, char *home, int home_len) {
                    strcmp(toadd, ".cache") == 0) {
                        if (dir)
                                free(dir);
-                        continue;
+                        continue;
                }
                // clean .cache entries
diff --git a/src/fbuilder/filedb.c b/src/fbuilder/filedb.c
index 4089f3806..5a3b389ae 100644
--- a/src/fbuilder/filedb.c
+++ b/src/fbuilder/filedb.c
@@ -38,8 +38,8 @@ FileDB *filedb_find(FileDB *head, const char *fname) {
                if (strlen(fname) > ptr->len &&
                    fname[ptr->len] == '/' &&
                    strncmp(ptr->fname, fname, ptr->len) == 0) {
-                        found = 1;
+                        found = 1;
-                        break;
+                        break;
                }
                ptr = ptr->next;
diff --git a/src/fbuilder/main.c b/src/fbuilder/main.c
index ebb273f12..7fdf9af68 100644
--- a/src/fbuilder/main.c
+++ b/src/fbuilder/main.c
@@ -32,7 +32,7 @@ int main(int argc, char **argv) {
 system("cat /proc/self/status");
 int i;
 for (i = 0; i < argc; i++)
-        printf("*%s* ", argv[i]);
+        printf("*%s* ", argv[i]);
 printf("\n");
 }
 #endif
diff --git a/src/fcopy/main.c b/src/fcopy/main.c
index f1deabf2e..ce2efb295 100644
--- a/src/fcopy/main.c
+++ b/src/fcopy/main.c
@@ -92,7 +92,7 @@ static void selinux_relabel_path(const char *path, const char *inside_path) {
                        printf("Cannot relabel %s: %s\n", path, strerror(errno));
        }
        freecon(fcon);
- close:
+close:
        close(fd);
 #else
        (void) path;
@@ -236,7 +236,7 @@ void copy_link(const char *target, const char *linkpath, mode_t mode, uid_t uid,
        // if the link is already there, don't create it
        struct stat s;
        if (lstat(linkpath, &s) == 0)
-               return;
+                return;
        char *rp = proc_pid_to_self(target);
        if (rp) {
diff --git a/src/fids/config b/src/fids/config
index c18c97260..7828622e8 100644
--- a/src/fids/config
+++ b/src/fids/config
@@ -13,4 +13,3 @@
 /home/netblue/Desktop/*.desktop
 /home/netblue/.ssh
 /home/netblue/.gnupg
diff --git a/src/fids/db.c b/src/fids/db.c
index 6a21a4e14..7cad11cca 100644
--- a/src/fids/db.c
+++ b/src/fids/db.c
@@ -155,4 +155,3 @@ errexit:
        fprintf(stderr, "Error fids: database corrupted\n");
        exit(1);
 }
diff --git a/src/fids/db_exclude.c b/src/fids/db_exclude.c
index 18a05209a..aedb95e4f 100644
--- a/src/fids/db_exclude.c
+++ b/src/fids/db_exclude.c
@@ -53,4 +53,3 @@ int db_exclude_check(const char *fname) {
        return 0;
 }
diff --git a/src/firecfg/util.c b/src/firecfg/util.c
index dc24d4e68..4185b52dd 100644
--- a/src/firecfg/util.c
+++ b/src/firecfg/util.c
@@ -30,8 +30,8 @@ static int find(const char *program, const char *directory) {
        struct stat s;
        if (stat(fname, &s) == 0) {
-                if (arg_debug)
+                if (arg_debug)
-                        printf("found %s in directory %s\n", program, directory);
+                        printf("found %s in directory %s\n", program, directory);
                retval = 1;
        }
@@ -44,8 +44,8 @@ static int find(const char *program, const char *directory) {
 int which(const char *program) {
        // check some well-known paths
        if (find(program, "/bin") || find(program, "/usr/bin") ||
-             find(program, "/sbin") || find(program, "/usr/sbin") ||
+            find(program, "/sbin") || find(program, "/usr/sbin") ||
-             find(program, "/usr/games"))
+            find(program, "/usr/games"))
                return 1;
        // check environment
diff --git a/src/firejail/appimage_size.c b/src/firejail/appimage_size.c
index 6bb530d12..60c4c0364 100644
--- a/src/firejail/appimage_size.c
+++ b/src/firejail/appimage_size.c
@@ -17,8 +17,9 @@
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 /*
-    This code borrows heavily from src/libappimage_shared/elf.c in libappimage
+ * This code borrows heavily from src/libappimage_shared/elf.c in libappimage
 */
 /*
 Compile with:
@@ -144,7 +145,7 @@ long unsigned int appimage2_size(int fd) {
                return 0;
        if ((ehdr.e_ident[EI_DATA] != ELFDATA2LSB) &&
-             (ehdr.e_ident[EI_DATA] != ELFDATA2MSB))
+            (ehdr.e_ident[EI_DATA] != ELFDATA2MSB))
                return 0;
        if(ehdr.e_ident[EI_CLASS] == ELFCLASS32) {
diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c
index fef7eb724..132ac94ba 100644
--- a/src/firejail/chroot.c
+++ b/src/firejail/chroot.c
@@ -280,7 +280,7 @@ void fs_chroot(const char *rootdir) {
        //              fs_dev_shm();
        fs_var_lock();
        if (!arg_keep_var_tmp)
-                fs_var_tmp();
+                fs_var_tmp();
        if (!arg_writable_var_log)
                fs_var_log();
diff --git a/src/firejail/cpu.c b/src/firejail/cpu.c
index ada76bc76..804d51caa 100644
--- a/src/firejail/cpu.c
+++ b/src/firejail/cpu.c
@@ -103,17 +103,17 @@ void set_cpu_affinity(void) {
        if (sched_setaffinity(0, sizeof(mask), &mask) == -1)
                fwarning("cannot set cpu affinity\n");
-                // verify cpu affinity
+                // verify cpu affinity
        cpu_set_t mask2;
        CPU_ZERO(&mask2);
        if (sched_getaffinity(0, sizeof(mask2), &mask2) == -1)
                fwarning("cannot verify cpu affinity\n");
-                else if (arg_debug) {
+                else if (arg_debug) {
-                        if (CPU_EQUAL(&mask, &mask2))
+                        if (CPU_EQUAL(&mask, &mask2))
-                                printf("CPU affinity set\n");
+                                printf("CPU affinity set\n");
                else
-                                printf("CPU affinity not set\n");
+                                printf("CPU affinity not set\n");
-                }
+                }
 }
 static void print_cpu(ProcessHandle process) {
diff --git a/src/firejail/dbus.c b/src/firejail/dbus.c
index a41071305..b2f9fe2d2 100644
--- a/src/firejail/dbus.c
+++ b/src/firejail/dbus.c
@@ -263,7 +263,7 @@ static char *find_user_socket_by_format(char *format) {
        if (!S_ISSOCK(s.st_mode))
                goto fail;
        return dbus_user_socket;
- fail:
+fail:
        free(dbus_user_socket);
        return NULL;
 }
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 30c1b441c..824164c8a 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -266,7 +266,7 @@ static inline int any_ip6_dhcp(void) {
 }
 static inline int any_dhcp(void) {
-  return any_ip_dhcp() || any_ip6_dhcp();
+        return any_ip_dhcp() || any_ip6_dhcp();
 }
 extern int arg_private;         // mount private /home
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index d7a2edc3b..182f26e53 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -123,8 +123,8 @@ static void disable_file(OPERATION op, const char *filename) {
        if (op == BLACKLIST_FILE || op == BLACKLIST_NOLOG) {
                // some distros put all executables under /usr/bin and make /bin a symbolic link
                if ((strcmp(fname, "/bin") == 0 || strcmp(fname, "/usr/bin") == 0) &&
-                      is_link(filename) &&
+                    is_link(filename) &&
-                      S_ISDIR(s.st_mode)) {
+                    S_ISDIR(s.st_mode)) {
                        fwarning("%s directory link was not blacklisted\n", filename);
                }
                else {
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
index 6c4d4c0c6..3b7369ea8 100644
--- a/src/firejail/fs_etc.c
+++ b/src/firejail/fs_etc.c
@@ -402,4 +402,3 @@ void fs_private_dir_list(const char *private_dir, const char *private_run_dir, c
        fs_private_dir_mount(private_dir, private_run_dir);
        fmessage("Private %s installed in %0.2f ms\n", private_dir, timetrace_end());
 }
diff --git a/src/firejail/ls.c b/src/firejail/ls.c
index f2782de35..ea85fabfd 100644
--- a/src/firejail/ls.c
+++ b/src/firejail/ls.c
@@ -178,7 +178,7 @@ static void print_directory(const char *path) {
        n = scandir(path, &namelist, 0, alphasort);
        if (n < 0)
-                        errExit("scandir");
+                errExit("scandir");
        else {
                for (i = 0; i < n; i++)
                        print_file_or_dir(path, namelist[i]->d_name);
diff --git a/src/firejail/macros.c b/src/firejail/macros.c
index 27bb4227a..af7d02c2a 100644
--- a/src/firejail/macros.c
+++ b/src/firejail/macros.c
@@ -38,19 +38,19 @@ Macro macro[] = {
        },
        {
-                "${MUSIC}",
+                "${MUSIC}",
                "XDG_MUSIC_DIR=\"$HOME/",
                {"Music", "Музыка", "Musique", "Musica", "Música", "Musik"}
        },
        {
-                "${VIDEOS}",
+                "${VIDEOS}",
                "XDG_VIDEOS_DIR=\"$HOME/",
                {"Videos", "Видео", "Vidéos", "Video", "Vídeos"}
        },
        {
-                "${PICTURES}",
+                "${PICTURES}",
                "XDG_PICTURES_DIR=\"$HOME/",
                {"Pictures", "Изображения", "Photos", "Immagini", "Imágenes", "Imagens", "Bilder"}
        },
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 7a9d3d00d..ac84f00c9 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -47,12 +47,12 @@
 #endif
 #ifdef __ia64__
-/* clone(2) has a different interface on ia64, as it needs to know
+/* clone(2) has a different interface on ia64, as it needs to know the size of
-   the size of the stack */
+ * the stack */
 int __clone2(int (*fn)(void *),
             void *child_stack_base, size_t stack_size,
             int flags, void *arg, ...
-              /* pid_t *ptid, struct user_desc *tls, pid_t *ctid */ );
+             /* pid_t *ptid, struct user_desc *tls, pid_t *ctid */ );
 #endif
 uid_t firejail_uid = 0;
@@ -106,7 +106,7 @@ char *arg_netfilter6_file = NULL;		// netfilter6 file
 char *arg_netns = NULL;                 // "ip netns"-created network namespace to use
 int arg_doubledash = 0;                 // double dash
 int arg_private_dev = 0;                        // private dev directory
-int arg_keep_dev_shm = 0;                       // preserve /dev/shm
+int arg_keep_dev_shm = 0;                       // preserve /dev/shm
 int arg_private_etc = 0;                        // private etc directory
 int arg_private_opt = 0;                        // private opt directory
 int arg_private_srv = 0;                        // private srv directory
@@ -129,7 +129,7 @@ int arg_writable_etc = 0;			// writable etc
 int arg_keep_config_pulse = 0;                  // disable automatic ~/.config/pulse init
 int arg_keep_shell_rc = 0;                      // do not copy shell configuration from /etc/skel
 int arg_writable_var = 0;                       // writable var
-int arg_keep_var_tmp = 0;                       // don't overwrite /var/tmp
+int arg_keep_var_tmp = 0;                       // don't overwrite /var/tmp
 int arg_writable_run_user = 0;                  // writable /run/user
 int arg_writable_var_log = 0;           // writable /var/log
 int arg_appimage = 0;                           // appimage
@@ -141,7 +141,7 @@ int arg_x11_block = 0;				// block X11
 int arg_x11_xorg = 0;                           // use X11 security extension
 int arg_allusers = 0;                           // all user home directories visible
 int arg_machineid = 0;                          // spoof /etc/machine-id
-int arg_allow_private_blacklist = 0;            // blacklist things in private directories
+int arg_allow_private_blacklist = 0;            // blacklist things in private directories
 int arg_disable_mnt = 0;                        // disable /mnt and /media
 int arg_noprofile = 0; // use default.profile if none other found/specified
 int arg_memory_deny_write_execute = 0;          // block writable and executable memory
@@ -150,7 +150,7 @@ int arg_nodvd = 0; // --nodvd
 int arg_nou2f = 0; // --nou2f
 int arg_noinput = 0; // --noinput
 int arg_deterministic_exit_code = 0;    // always exit with first child's exit status
-int arg_deterministic_shutdown = 0;     // shut down the sandbox if first child dies
+int arg_deterministic_shutdown = 0;     // shut down the sandbox if first child dies
 int arg_keep_fd_all = 0;                // inherit all file descriptors to sandbox
 DbusPolicy arg_dbus_user = DBUS_POLICY_ALLOW;   // --dbus-user
 DbusPolicy arg_dbus_system = DBUS_POLICY_ALLOW; // --dbus-system
@@ -768,11 +768,11 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                                exit(1);
                        }
                        char *path = argv[i + 1];
-                         invalid_filename(path, 0); // no globbing
+                        invalid_filename(path, 0); // no globbing
-                         if (strstr(path, "..")) {
+                        if (strstr(path, "..")) {
-                                fprintf(stderr, "Error: invalid file name %s\n", path);
+                                fprintf(stderr, "Error: invalid file name %s\n", path);
-                                exit(1);
+                                exit(1);
-                         }
+                        }
                        // get file
                        pid_t pid = require_pid(argv[i] + 6);
@@ -796,17 +796,17 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                                exit(1);
                        }
                        char *path1 = argv[i + 1];
-                         invalid_filename(path1, 0); // no globbing
+                        invalid_filename(path1, 0); // no globbing
-                         if (strstr(path1, "..")) {
+                        if (strstr(path1, "..")) {
-                                fprintf(stderr, "Error: invalid file name %s\n", path1);
+                                fprintf(stderr, "Error: invalid file name %s\n", path1);
-                                exit(1);
+                                exit(1);
-                         }
+                        }
                        char *path2 = argv[i + 2];
-                         invalid_filename(path2, 0); // no globbing
+                        invalid_filename(path2, 0); // no globbing
-                         if (strstr(path2, "..")) {
+                        if (strstr(path2, "..")) {
-                                fprintf(stderr, "Error: invalid file name %s\n", path2);
+                                fprintf(stderr, "Error: invalid file name %s\n", path2);
-                                exit(1);
+                                exit(1);
-                         }
+                        }
                        // get file
                        pid_t pid = require_pid(argv[i] + 6);
@@ -830,15 +830,15 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                                exit(1);
                        }
                        char *path = argv[i + 1];
-                         invalid_filename(path, 0); // no globbing
+                        invalid_filename(path, 0); // no globbing
-                         if (strstr(path, "..")) {
+                        if (strstr(path, "..")) {
-                                fprintf(stderr, "Error: invalid file name %s\n", path);
+                                fprintf(stderr, "Error: invalid file name %s\n", path);
-                                exit(1);
+                                exit(1);
-                         }
+                        }
                        // list directory contents
                        if (!arg_debug)
-                                 arg_quiet = 1;
+                                arg_quiet = 1;
                        pid_t pid = require_pid(argv[i] + 5);
                        sandboxfs(SANDBOX_FS_LS, pid, path, NULL);
                        exit(0);
@@ -867,7 +867,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                        // write file contents to stdout
                        if (!arg_debug)
-                                 arg_quiet = 1;
+                                arg_quiet = 1;
                        pid_t pid = require_pid(argv[i] + 6);
                        sandboxfs(SANDBOX_FS_CAT, pid, path, NULL);
                        exit(0);
@@ -894,8 +894,8 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
        }
        else if (strncmp(argv[i], "--join-or-start=", 16) == 0) {
-                // NOTE: this is first part of option handler,
+                // Note: This is the first part of the option handler; the
-                //               sandbox name is set in other part
+                // sandbox name is set in the other part
                if (checkcfg(CFG_JOIN) || getuid() == 0) {
                        logargs(argc, argv);
@@ -1050,11 +1050,11 @@ static int check_postexec(const char *list) {
 //*******************************************
 int main(int argc, char **argv, char **envp) {
        int i;
-        int prog_index = -1;                      // index in argv where the program command starts
+        int prog_index = -1;            // index in argv where the program command starts
        int lockfd_network = -1;
        int lockfd_directory = -1;
-        int custom_profile = 0; // custom profile loaded
+        int custom_profile = 0;         // custom profile loaded
-        int arg_caps_cmdline = 0;       // caps requested on command line (used to break out of --chroot)
+        int arg_caps_cmdline = 0;       // caps requested on command line (used to break out of --chroot)
        char **ptr;
@@ -1080,7 +1080,8 @@ int main(int argc, char **argv, char **envp) {
        // sanity check for arguments
        for (i = 0; i < argc; i++) {
                if (strlen(argv[i]) >= MAX_ARG_LEN) {
-                        fprintf(stderr, "Error: too long arguments: argv[%d] len (%zu) >= MAX_ARG_LEN (%d)\n", i, strlen(argv[i]), MAX_ARG_LEN);
+                        fprintf(stderr, "Error: too long argument: argv[%d] len (%zu) >= MAX_ARG_LEN (%d): %s\n",
+                                i, strlen(argv[i]), MAX_ARG_LEN, argv[i]);
                        exit(1);
                }
        }
@@ -1983,7 +1984,7 @@ int main(int argc, char **argv, char **envp) {
                        arg_writable_var = 1;
                }
                else if (strcmp(argv[i], "--keep-var-tmp") == 0) {
-                        arg_keep_var_tmp = 1;
+                        arg_keep_var_tmp = 1;
                }
                else if (strcmp(argv[i], "--writable-run-user") == 0) {
                        arg_writable_run_user = 1;
@@ -2818,8 +2819,9 @@ int main(int argc, char **argv, char **envp) {
                }
 #endif
                else if (strncmp(argv[i], "--join-or-start=", 16) == 0) {
-                        // NOTE: this is second part of option handler,
+                        // Note: This is the second part of the option handler;
-                        //               atempt to find and join sandbox is done in other one
+                        // the attempt to find and join the sandbox is done in
+                        // the other one
                        // set sandbox name and start normally
                        cfg.name = argv[i] + 16;
diff --git a/src/firejail/network.c b/src/firejail/network.c
index 5163035fa..c1adf87cc 100644
--- a/src/firejail/network.c
+++ b/src/firejail/network.c
@@ -265,7 +265,7 @@ int net_get_mac(const char *ifname, unsigned char mac[6]) {
        int sock;
        if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0)
-                errExit("socket");
+                errExit("socket");
        memset(&ifr, 0, sizeof(ifr));
        strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c
index 3997d8f86..22ee9dc3c 100644
--- a/src/firejail/no_sandbox.c
+++ b/src/firejail/no_sandbox.c
@@ -29,10 +29,10 @@
 int is_container(const char *str) {
        assert(str);
        if (strcmp(str, "lxc") == 0 ||
-             strcmp(str, "docker") == 0 ||
+            strcmp(str, "docker") == 0 ||
-             strcmp(str, "lxc-libvirt") == 0 ||
+            strcmp(str, "lxc-libvirt") == 0 ||
-             strcmp(str, "systemd-nspawn") == 0 ||
+            strcmp(str, "systemd-nspawn") == 0 ||
-             strcmp(str, "rkt") == 0)
+            strcmp(str, "rkt") == 0)
                return 1;
        return 0;
 }
diff --git a/src/firejail/oom.c b/src/firejail/oom.c
index f4df3538c..482fc0ad0 100644
--- a/src/firejail/oom.c
+++ b/src/firejail/oom.c
@@ -84,4 +84,3 @@ void oom_set(const char *oom_string) {
        if (waitpid(child, &status, 0) == -1 )
                errExit("waitpid");
 }
diff --git a/src/firejail/restricted_shell.c b/src/firejail/restricted_shell.c
index a22e63ab3..79e0bd9df 100644
--- a/src/firejail/restricted_shell.c
+++ b/src/firejail/restricted_shell.c
@@ -84,16 +84,16 @@ int restricted_shell(const char *user) {
                // user name globbing
                if (fnmatch(usr, user, 0) == 0) {
-                        // process program arguments
+                        // process program arguments
-                        fullargv[0] = "firejail";
+                        fullargv[0] = "firejail";
-                        int i;
+                        int i;
-                        ptr = args;
+                        ptr = args;
-                        for (i = 1; i < MAX_ARGS; i++) {
+                        for (i = 1; i < MAX_ARGS; i++) {
-                                // skip blanks
+                                // skip blanks
-                                while (*ptr == ' ' || *ptr == '\t')
+                                while (*ptr == ' ' || *ptr == '\t')
-                                        ptr++;
+                                        ptr++;
-                                fullargv[i] = ptr;
+                                fullargv[i] = ptr;
 #ifdef DEBUG_RESTRICTED_SHELL
                                {EUID_ROOT();
                                FILE *fp = fopen("/firelog", "ae");
@@ -104,23 +104,23 @@ int restricted_shell(const char *user) {
                                EUID_USER();}
 #endif
-                                if (*ptr != '\0') {
+                                if (*ptr != '\0') {
-                                        // go to the end of the word
+                                        // go to the end of the word
-                                        while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0')
+                                        while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0')
-                                                ptr++;
+                                                ptr++;
-                                        *ptr ='\0';
+                                        *ptr ='\0';
-                                        fullargv[i] = strdup(fullargv[i]);
+                                        fullargv[i] = strdup(fullargv[i]);
-                                        if (fullargv[i] == NULL)
+                                        if (fullargv[i] == NULL)
-                                                errExit("strdup");
+                                                errExit("strdup");
-                                        ptr++;
+                                        ptr++;
-                                        while (*ptr == ' ' || *ptr == '\t')
+                                        while (*ptr == ' ' || *ptr == '\t')
-                                                ptr++;
+                                                ptr++;
-                                        if (*ptr != '\0')
+                                        if (*ptr != '\0')
-                                                continue;
+                                                continue;
-                                }
+                                }
-                                fullargv[i] = strdup(fullargv[i]);
+                                fullargv[i] = strdup(fullargv[i]);
                                fclose(fp);
-                                return i + 1;
+                                return i + 1;
                        }
                        fprintf(stderr, "Error: too many program arguments in users.conf line %d\n", lineno);
                        exit(1);
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index c4dc0ca78..a4109cc17 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -274,7 +274,7 @@ static void sandbox_if_up(Bridge *br) {
        }
        if (br->ip6sandbox)
-                 net_if_ip6(dev, br->ip6sandbox);
+                net_if_ip6(dev, br->ip6sandbox);
 }
 static void chk_chroot(void) {
@@ -650,12 +650,12 @@ int sandbox(void* sandbox_arg) {
        if (arg_debug)
                printf("Initializing child process\n");
-        // close each end of the unused pipes
+        // close each end of the unused pipes
-        close(parent_to_child_fds[1]);
+        close(parent_to_child_fds[1]);
-        close(child_to_parent_fds[0]);
+        close(child_to_parent_fds[0]);
-        // wait for parent to do base setup
+        // wait for parent to do base setup
-        wait_for_other(parent_to_child_fds[0]);
+        wait_for_other(parent_to_child_fds[0]);
        if (arg_debug && child_pid == 1)
                printf("PID namespace installed\n");
@@ -1259,13 +1259,13 @@ int sandbox(void* sandbox_arg) {
        }
        // notify parent that new user namespace has been created so a proper
-        // UID/GID map can be setup
+        // UID/GID map can be setup
-        notify_other(child_to_parent_fds[1]);
+        notify_other(child_to_parent_fds[1]);
-        close(child_to_parent_fds[1]);
+        close(child_to_parent_fds[1]);
-        // wait for parent to finish setting up a proper UID/GID map
+        // wait for parent to finish setting up a proper UID/GID map
-        wait_for_other(parent_to_child_fds[0]);
+        wait_for_other(parent_to_child_fds[0]);
-        close(parent_to_child_fds[0]);
+        close(parent_to_child_fds[0]);
        // somehow, the new user namespace resets capabilities;
        // we need to do them again
diff --git a/src/firejail/selinux.c b/src/firejail/selinux.c
index 5beda294d..08f3b3122 100644
--- a/src/firejail/selinux.c
+++ b/src/firejail/selinux.c
@@ -78,7 +78,7 @@ void selinux_relabel_path(const char *path, const char *inside_path)
        }
        freecon(fcon);
- close:
+close:
        close(fd);
 #else
        (void) path;
diff --git a/src/firejail/util.c b/src/firejail/util.c
index 846c27321..bafcd69ec 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -1101,7 +1101,7 @@ void mkdir_attr(const char *fname, mode_t mode, uid_t uid, gid_t gid) {
        if (mkdir(fname, mode) == -1 ||
            chmod(fname, mode) == -1 ||
            chown(fname, uid, gid)) {
-                fprintf(stderr, "Error: failed to create %s directory\n", fname);
+                fprintf(stderr, "Error: failed to create %s directory\n", fname);
                errExit("mkdir/chmod");
        }
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c
index ff4fdda56..77739c1f3 100644
--- a/src/firemon/procevent.c
+++ b/src/firemon/procevent.c
@@ -309,7 +309,7 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my
 #endif
                                        if (proc_ev->event_data.fork.child_pid !=
                                            proc_ev->event_data.fork.child_tgid)
-                                                continue; // this is a thread, not a process
+                                                continue; // this is a thread, not a process
                                        pid = proc_ev->event_data.fork.parent_tgid;
 #ifdef DEBUG_PRCTL
        printf("%s: %d, event fork, pid %d\n", __FUNCTION__, __LINE__, pid);
diff --git a/src/firemon/top.c b/src/firemon/top.c
index c127e2f56..c70bc9424 100644
--- a/src/firemon/top.c
+++ b/src/firemon/top.c
@@ -166,7 +166,8 @@ static char *print_top(unsigned index, unsigned parent, unsigned *utime, unsigne
                snprintf(prcs_str, 10, "%d", *cnt);
                if (asprintf(&rv, "%-7.7s %-9.9s %-8.8s %-8.8s %-5.5s %-4.4s %-9.9s %s",
-                                 pidstr, ptruser, rss, shared, cpu_str, prcs_str, uptime_str, ptrcmd) == -1)
+                             pidstr, ptruser, rss, shared, cpu_str, prcs_str,
+                             uptime_str, ptrcmd) == -1)
                        errExit("asprintf");
                if (cmd)
diff --git a/src/fldd/main.c b/src/fldd/main.c
index 390f7a1bc..4b645b1b3 100644
--- a/src/fldd/main.c
+++ b/src/fldd/main.c
@@ -193,9 +193,9 @@ static void parse_elf(const char *exe) {
        }
        goto close;
- error_close:
+error_close:
        perror("copy libs");
- close:
+close:
        if (base)
                munmap(base, s.st_size);
@@ -295,7 +295,7 @@ int main(int argc, char **argv) {
 //system("cat /proc/self/status");
 int i;
 for (i = 0; i < argc; i++)
-        printf("*%s* ", argv[i]);
+        printf("*%s* ", argv[i]);
 printf("\n");
 }
 #endif
diff --git a/src/fnet/fnet.h b/src/fnet/fnet.h
index c9d40ec1d..f9b09d7ea 100644
--- a/src/fnet/fnet.h
+++ b/src/fnet/fnet.h
@@ -1,4 +1,4 @@
- /*
+/*
 * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
diff --git a/src/fnet/interface.c b/src/fnet/interface.c
index aa0981269..ca7c744ed 100644
--- a/src/fnet/interface.c
+++ b/src/fnet/interface.c
@@ -1,4 +1,4 @@
- /*
+/*
 * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
@@ -57,7 +57,7 @@ void net_bridge_add_interface(const char *bridge, const char *dev) {
        int sock;
        if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0)
-                errExit("socket");
+                errExit("socket");
        memset(&ifr, 0, sizeof(ifr));
        strncpy(ifr.ifr_name, bridge, IFNAMSIZ - 1);
@@ -237,7 +237,7 @@ int net_get_mac(const char *ifname, unsigned char mac[6]) {
        int sock;
        if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0)
-                errExit("socket");
+                errExit("socket");
        memset(&ifr, 0, sizeof(ifr));
        strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
@@ -291,7 +291,7 @@ int net_if_mac(const char *ifname, const unsigned char mac[6]) {
        int sock;
        if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0)
-                errExit("socket");
+                errExit("socket");
        memset(&ifr, 0, sizeof(ifr));
        strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
diff --git a/src/fnet/main.c b/src/fnet/main.c
index 1c48622a0..96c4f1478 100644
--- a/src/fnet/main.c
+++ b/src/fnet/main.c
@@ -1,4 +1,4 @@
- /*
+/*
 * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
@@ -47,7 +47,7 @@ static void usage(void) {
        printf("\tfnet config mac addr\n");
        printf("\tfnet config ipv6 dev ip\n");
        printf("\tfnet ifup dev\n");
-  printf("\tfnet waitll dev\n");
+        printf("\tfnet waitll dev\n");
 }
 int main(int argc, char **argv) {
@@ -144,9 +144,9 @@ printf("\n");
        else if (argc == 5 && strcmp(argv[1], "config") == 0 && strcmp(argv[2], "ipv6") == 0) {
                net_if_ip6(argv[3], argv[4]);
        }
-  else if (argc == 3 && strcmp(argv[1], "waitll") == 0) {
+        else if (argc == 3 && strcmp(argv[1], "waitll") == 0) {
-    net_if_waitll(argv[2]);
+                net_if_waitll(argv[2]);
-  }
+        }
        else {
                fprintf(stderr, "Error fnet: invalid arguments\n");
                return 1;
diff --git a/src/fnet/veth.c b/src/fnet/veth.c
index 2a23c6bd4..2111cfa56 100644
--- a/src/fnet/veth.c
+++ b/src/fnet/veth.c
@@ -24,8 +24,8 @@
 *
 * Authors:     Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
 *
- */
+*/
- /*
+/*
 * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
diff --git a/src/fnetfilter/main.c b/src/fnetfilter/main.c
index 978d145b3..8c0f6c297 100644
--- a/src/fnetfilter/main.c
+++ b/src/fnetfilter/main.c
@@ -1,4 +1,4 @@
- /*
+/*
 * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
diff --git a/src/fnettrace-dns/fnettrace_dns.h b/src/fnettrace-dns/fnettrace_dns.h
index 6d8a3c211..b8f69e9d7 100644
--- a/src/fnettrace-dns/fnettrace_dns.h
+++ b/src/fnettrace-dns/fnettrace_dns.h
@@ -31,4 +31,4 @@
 #include <fcntl.h>
 #include <sys/mman.h>
-#endif
-\ No newline at end of file
+#endif
diff --git a/src/fnettrace-dns/main.c b/src/fnettrace-dns/main.c
index 60738147d..64feec5fe 100644
--- a/src/fnettrace-dns/main.c
+++ b/src/fnettrace-dns/main.c
@@ -124,7 +124,7 @@ static void print_date(void) {
 static void run_trace(void) {
        // grab all Ethernet packets and use a custom BPF filter to get only UDP from source port 53
-        int s = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
+        int s = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
        if (s < 0)
                errExit("socket");
        custom_bpf(s);
diff --git a/src/fnettrace-icmp/fnettrace_icmp.h b/src/fnettrace-icmp/fnettrace_icmp.h
index f535106e1..04c449ff2 100644
--- a/src/fnettrace-icmp/fnettrace_icmp.h
+++ b/src/fnettrace-icmp/fnettrace_icmp.h
@@ -31,4 +31,4 @@
 #include <fcntl.h>
 #include <sys/mman.h>
-#endif
-\ No newline at end of file
+#endif
diff --git a/src/fnettrace-sni/fnettrace_sni.h b/src/fnettrace-sni/fnettrace_sni.h
index f535106e1..04c449ff2 100644
--- a/src/fnettrace-sni/fnettrace_sni.h
+++ b/src/fnettrace-sni/fnettrace_sni.h
@@ -31,4 +31,4 @@
 #include <fcntl.h>
 #include <sys/mman.h>
-#endif
-\ No newline at end of file
+#endif
diff --git a/src/fnettrace/fnettrace.h b/src/fnettrace/fnettrace.h
index d3bc6439e..629b8ce5b 100644
--- a/src/fnettrace/fnettrace.h
+++ b/src/fnettrace/fnettrace.h
@@ -70,4 +70,4 @@ char* retrieve_hostname(uint32_t ip);
 // tail.c
 void tail(const char *logfile);
-#endif
-\ No newline at end of file
+#endif
diff --git a/src/fnettrace/hostnames.c b/src/fnettrace/hostnames.c
index 4f5641dfb..878a67123 100644
--- a/src/fnettrace/hostnames.c
+++ b/src/fnettrace/hostnames.c
@@ -121,4 +121,3 @@ errexit:
        fprintf(stderr, "Error: invalid line %d in file %s\n", line, fname);
        exit(1);
 }
diff --git a/src/fnettrace/radix.c b/src/fnettrace/radix.c
index 97e890bec..a1d510a61 100644
--- a/src/fnettrace/radix.c
+++ b/src/fnettrace/radix.c
@@ -152,4 +152,3 @@ char *radix_longest_prefix_match(uint32_t ip) {
        return (rv)? rv->name: NULL;
 }
diff --git a/src/fnettrace/radix.h b/src/fnettrace/radix.h
index 85a75d0d7..d75fe3999 100644
--- a/src/fnettrace/radix.h
+++ b/src/fnettrace/radix.h
@@ -24,4 +24,4 @@ extern int radix_nodes;
 char *radix_longest_prefix_match(uint32_t ip);
 char *radix_add(uint32_t ip, uint32_t mask, char *name);
-#endif
-\ No newline at end of file
+#endif
diff --git a/src/fsec-optimize/main.c b/src/fsec-optimize/main.c
index 0a9b7c9b9..0bc521c0d 100644
--- a/src/fsec-optimize/main.c
+++ b/src/fsec-optimize/main.c
@@ -33,7 +33,7 @@ int main(int argc, char **argv) {
 //system("cat /proc/self/status");
 int i;
 for (i = 0; i < argc; i++)
-        printf("*%s* ", argv[i]);
+        printf("*%s* ", argv[i]);
 printf("\n");
 }
 #endif
diff --git a/src/fsec-print/main.c b/src/fsec-print/main.c
index de93f260e..696c6bc0c 100644
--- a/src/fsec-print/main.c
+++ b/src/fsec-print/main.c
@@ -47,7 +47,7 @@ int main(int argc, char **argv) {
 //system("cat /proc/self/status");
 int i;
 for (i = 0; i < argc; i++)
-        printf("*%s* ", argv[i]);
+        printf("*%s* ", argv[i]);
 printf("\n");
 }
 #endif
diff --git a/src/fseccomp/main.c b/src/fseccomp/main.c
index 1edbad764..57a5a6d67 100644
--- a/src/fseccomp/main.c
+++ b/src/fseccomp/main.c
@@ -58,7 +58,7 @@ int main(int argc, char **argv) {
 //system("cat /proc/self/status");
 int i;
 for (i = 0; i < argc; i++)
-        printf("*%s* ", argv[i]);
+        printf("*%s* ", argv[i]);
 printf("\n");
 }
 #endif
diff --git a/src/fseccomp/namespaces.c b/src/fseccomp/namespaces.c
index ffc1dfe4c..e6c63219f 100644
--- a/src/fseccomp/namespaces.c
+++ b/src/fseccomp/namespaces.c
@@ -202,8 +202,8 @@ void deny_ns_32(const char *fname, const char *list) {
        //       0003: 20 00 00 00000000 ld data.syscall-number
        //       0004: 06 00 00 7fff0000 ret ALLOW
        //
-        if (sizeof(filter))
+        if (sizeof(filter))
-                write_to_file(fd, filter, sizeof(filter));
+                write_to_file(fd, filter, sizeof(filter));
        filter_end_blacklist(fd);
diff --git a/src/include/gcov_wrapper.h b/src/include/gcov_wrapper.h
index b56b4e736..7c8f89d59 100644
--- a/src/include/gcov_wrapper.h
+++ b/src/include/gcov_wrapper.h
@@ -33,8 +33,8 @@
 */
 #if __GNUC__ > 11 || (__GNUC__ == 11 && __GNUC_MINOR__ >= 1)
 static void __gcov_flush(void) {
-       __gcov_dump();
+        __gcov_dump();
-       __gcov_reset();
+        __gcov_reset();
 }
 #endif
 #else
diff --git a/src/include/seccomp.h b/src/include/seccomp.h
index ef3fe6c3a..fc07b75ce 100644
--- a/src/include/seccomp.h
+++ b/src/include/seccomp.h
@@ -194,24 +194,24 @@
 #endif
 #define VALIDATE_ARCHITECTURE \
-     BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \
+        BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \
-     BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_NR, 1, 0), \
+        BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_NR, 1, 0), \
-     BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
+        BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
 #define VALIDATE_ARCHITECTURE_KILL \
-     BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \
+        BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \
-     BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_NR, 1, 0), \
+        BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_NR, 1, 0), \
-     KILL_OR_RETURN_ERRNO
+        KILL_OR_RETURN_ERRNO
 #define VALIDATE_ARCHITECTURE_64 \
-     BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \
+        BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \
-     BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_64, 1, 0), \
+        BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_64, 1, 0), \
-     BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
+        BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
 #define VALIDATE_ARCHITECTURE_32 \
-     BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \
+        BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \
-     BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_32, 1, 0), \
+        BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_32, 1, 0), \
-     BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
+        BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
 #ifndef X32_SYSCALL_BIT
 #define X32_SYSCALL_BIT 0x40000000
diff --git a/src/jailcheck/apparmor.c b/src/jailcheck/apparmor.c
index 9b6b72fb7..658928ed5 100644
--- a/src/jailcheck/apparmor.c
+++ b/src/jailcheck/apparmor.c
@@ -37,4 +37,3 @@ void apparmor_test(pid_t pid) {
        return;
 }
 #endif
diff --git a/src/jailcheck/network.c b/src/jailcheck/network.c
index 961a66105..a4d5eeec1 100644
--- a/src/jailcheck/network.c
+++ b/src/jailcheck/network.c
@@ -52,6 +52,3 @@ void network_test(void) {
        else
                printf("   Networking: disabled\n");
 }
diff --git a/src/jailcheck/noexec.c b/src/jailcheck/noexec.c
index a78272591..bfeff9c7f 100644
--- a/src/jailcheck/noexec.c
+++ b/src/jailcheck/noexec.c
@@ -76,7 +76,7 @@ void noexec_test(const char *path) {
        if (child == 0) { // child
                // drop privileges
-                if (setgid(user_gid) != 0)
+                if (setgid(user_gid) != 0)
                        errExit("setgid");
                if (setuid(user_uid) != 0)
                        errExit("setuid");
diff --git a/src/jailcheck/utils.c b/src/jailcheck/utils.c
index 8460c1bf7..97fe8833b 100644
--- a/src/jailcheck/utils.c
+++ b/src/jailcheck/utils.c
@@ -99,4 +99,3 @@ int find_child(int id) {
        // this happens for processes sandboxed with --join
        return first_child;
 }
diff --git a/src/libtrace/libtrace.c b/src/libtrace/libtrace.c
index 97e36e5c9..25f0cc12e 100644
--- a/src/libtrace/libtrace.c
+++ b/src/libtrace/libtrace.c
@@ -35,11 +35,11 @@
 #include "../include/rundefs.h"
 #define tprintf(fp, args...) \
-    do { \
+        do { \
-        if (!fp)\
+                if (!fp)\
-            init(); \
+                        init(); \
-        fprintf(fp, args); \
+                fprintf(fp, args); \
-    } while(0)
+        } while(0)
 // break recursivity on fopen call
 typedef FILE *(*orig_fopen_t)(const char *pathname, const char *mode);
@@ -515,7 +515,7 @@ int connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) {
        if (!orig_connect)
                orig_connect = (orig_connect_t)dlsym(RTLD_NEXT, "connect");
-        int rv = orig_connect(sockfd, addr, addrlen);
+        int rv = orig_connect(sockfd, addr, addrlen);
        print_sockaddr(sockfd, "connect", addr, rv);
        return rv;
diff --git a/src/profstats/main.c b/src/profstats/main.c
index 90a5f405d..d5e57e7cc 100644
--- a/src/profstats/main.c
+++ b/src/profstats/main.c
@@ -1,4 +1,4 @@
- /*
+/*
 * Copyright (C) 2014-2023 Firejail Authors
 *
 * This file is part of firejail project
@@ -166,7 +166,7 @@ static void process_file(char *fname) {
                else if (strncmp(ptr, "include whitelist-var-common.inc", 32) == 0)
                        cnt_whitelistvar++;
                else if (strncmp(ptr, "include whitelist-runuser-common.inc", 36) == 0 ||
-                        strncmp(ptr, "blacklist ${RUNUSER}", 20) == 0)
+                        strncmp(ptr, "blacklist ${RUNUSER}", 20) == 0)
                        cnt_whitelistrunuser++;
                else if (strncmp(ptr, "include whitelist-common.inc", 28) == 0)
                        cnt_whitelisthome++;
@@ -283,10 +283,10 @@ int main(int argc, char **argv) {
                        arg_dbus_user_none = 1;
                else if (*argv[i] == '-') {
                        fprintf(stderr, "Error: invalid option %s\n", argv[i]);
-                        return 1;
+                        return 1;
-                 }
+                }
-                 else
+                else
-                        break;
+                        break;
        }
        start = i;
diff --git a/src/tools/extract_seccomp.c b/src/tools/extract_seccomp.c
index 0482dfd88..69e20317a 100644
--- a/src/tools/extract_seccomp.c
+++ b/src/tools/extract_seccomp.c
@@ -31,10 +31,13 @@
 #include <linux/filter.h>
 #define MAXBUF 1024
-#define errExit(msg)  { char msgout[256]; \
+#define errExit(msg) \
-                        snprintf(msgout, 256, "Error %d: %s", __LINE__, (msg)); \
+        do { \
-                        perror(msgout); \
+                char msgout[256]; \
-                        exit(1); }
+                snprintf(msgout, 256, "Error %d: %s", __LINE__, (msg)); \
+                perror(msgout); \
+                exit(1); \
+        } while (0);
 // dump all seccomp filters of a process
 // for further analysis with fsec-print
diff --git a/src/zsh_completion/.editorconfig b/src/zsh_completion/.editorconfig
new file mode 100644
index 000000000..15ca952a4
--- /dev/null
+++ b/src/zsh_completion/.editorconfig
@@ -0,0 +1,3 @@
+[_*{,.in}]
+indent_size = 4
+indent_style = space
diff --git a/test/filters/namespaces.c b/test/filters/namespaces.c
index 06dfa4edf..ecf0fdcd1 100644
--- a/test/filters/namespaces.c
+++ b/test/filters/namespaces.c
@@ -15,82 +15,82 @@
 #define STACK_SIZE 1024 * 1024
 static int usage() {
-    fprintf(stderr, "Usage: namespaces <system call>[clone,unshare] <list of namespaces>[cgroup,ipc,mnt,net,pid,time,user,uts]\n");
+        fprintf(stderr, "Usage: namespaces <system call>[clone,unshare] <list of namespaces>[cgroup,ipc,mnt,net,pid,time,user,uts]\n");
-    exit(1);
+        exit(1);
 }
 static void die(const char *msg) {
-    fprintf(stderr, "Error: %s: %s\n", msg, strerror(errno));
+        fprintf(stderr, "Error: %s: %s\n", msg, strerror(errno));
-    exit(1);
+        exit(1);
 }
 static int ns_flags(const char *list) {
-    int flags = 0;
+        int flags = 0;
-    char *dup = strdup(list);
+        char *dup = strdup(list);
-    if (!dup)
+        if (!dup)
-        die("cannot allocate memory");
+                die("cannot allocate memory");
-    char *token = strtok(dup, ",");
+        char *token = strtok(dup, ",");
-    while (token) {
+        while (token) {
-        if (strcmp(token, "cgroup") == 0)
+                if (strcmp(token, "cgroup") == 0)
-            flags |= CLONE_NEWCGROUP;
+                        flags |= CLONE_NEWCGROUP;
-        else if (strcmp(token, "ipc") == 0)
+                else if (strcmp(token, "ipc") == 0)
-            flags |= CLONE_NEWIPC;
+                        flags |= CLONE_NEWIPC;
-        else if (strcmp(token, "net") == 0)
+                else if (strcmp(token, "net") == 0)
-            flags |= CLONE_NEWNET;
+                        flags |= CLONE_NEWNET;
-        else if (strcmp(token, "mnt") == 0)
+                else if (strcmp(token, "mnt") == 0)
-            flags |= CLONE_NEWNS;
+                        flags |= CLONE_NEWNS;
-        else if (strcmp(token, "pid") == 0)
+                else if (strcmp(token, "pid") == 0)
-            flags |= CLONE_NEWPID;
+                        flags |= CLONE_NEWPID;
-        else if (strcmp(token, "time") == 0)
+                else if (strcmp(token, "time") == 0)
-            flags |= CLONE_NEWTIME;
+                        flags |= CLONE_NEWTIME;
-        else if (strcmp(token, "user") == 0)
+                else if (strcmp(token, "user") == 0)
-            flags |= CLONE_NEWUSER;
+                        flags |= CLONE_NEWUSER;
-        else if (strcmp(token, "uts") == 0)
+                else if (strcmp(token, "uts") == 0)
-            flags |= CLONE_NEWUTS;
+                        flags |= CLONE_NEWUTS;
-        else
+                else
-            usage();
+                        usage();
-        token = strtok(NULL, ",");
+                token = strtok(NULL, ",");
-    }
+        }
-    free(dup);
+        free(dup);
-    return flags;
+        return flags;
 }
 static int child(void *arg) {
-    (void) arg;
+        (void) arg;
-    fprintf(stderr, "clone successful\n");
+        fprintf(stderr, "clone successful\n");
-    return 0;
+        return 0;
 }
 int main (int argc, char **argv) {
-    if (argc != 3)
+        if (argc != 3)
-        usage();
+                usage();
-    int flags = ns_flags(argv[2]);
+        int flags = ns_flags(argv[2]);
-    if (getuid() != 0)
+        if (getuid() != 0)
-        flags |= CLONE_NEWUSER;
+                flags |= CLONE_NEWUSER;
-    if (strcmp(argv[1], "clone") == 0) {
+        if (strcmp(argv[1], "clone") == 0) {
-        void *stack = mmap(NULL, STACK_SIZE, PROT_READ | PROT_WRITE,
+                void *stack = mmap(NULL, STACK_SIZE, PROT_READ | PROT_WRITE,
-                    MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+                                   MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
-        if (stack == MAP_FAILED)
+                if (stack == MAP_FAILED)
-            die("mmap");
+                        die("mmap");
-        if (clone(child, stack + STACK_SIZE, flags | SIGCHLD, NULL) < 0)
+                if (clone(child, stack + STACK_SIZE, flags | SIGCHLD, NULL) < 0)
-            die("clone");
+                        die("clone");
-    }
+        }
-    else if (strcmp(argv[1], "unshare") == 0) {
+        else if (strcmp(argv[1], "unshare") == 0) {
-        if (unshare(flags))
+                if (unshare(flags))
-            die("unshare");
+                        die("unshare");
-        fprintf(stderr, "unshare successful\n");
+                fprintf(stderr, "unshare successful\n");
-    }
+        }
-    else
+        else
-        usage();
+                usage();
-    return 0;
+        return 0;
 }
diff --git a/test/fs/private-whitelist.exp b/test/fs/private-whitelist.exp
index eaad5700d..bf95e40dd 100755
--- a/test/fs/private-whitelist.exp
+++ b/test/fs/private-whitelist.exp
@@ -32,9 +32,9 @@ send -- "ls -a ~ | wc -l\r"
 expect {
        timeout {puts "TESTING ERROR 4\n";exit}
        "3" {puts "3\n"}
-        "4" {puts "4\n"}
+        "4" {puts "4\n"}
-        "5" {puts "5\n"}
+        "5" {puts "5\n"}
-        "6" {puts "6\n"}
+        "6" {puts "6\n"}
 }
 sleep 1
diff --git a/test/network/firemon-route.exp b/test/network/firemon-route.exp
index 707217eea..69cccfeae 100755
--- a/test/network/firemon-route.exp
+++ b/test/network/firemon-route.exp
@@ -33,7 +33,7 @@ expect {
        "0.0.0.0/0 via 192.168.1.1, dev eth0, metric 0" {puts "Debian testing\n";}
        "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 1024" {puts "Centos 7 testing\n";}
        "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 0" {puts "OpenSUSE testing\n";}
-            "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 100" {puts "Arch testing\n";}
+        "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 100" {puts "Arch testing\n";}
 }
 expect {
        timeout {puts "TESTING ERROR 4\n";exit}
diff --git a/test/private-etc/private-etc.sh b/test/private-etc/private-etc.sh
index 8488611b9..c46b684af 100755
--- a/test/private-etc/private-etc.sh
+++ b/test/private-etc/private-etc.sh
@@ -18,4 +18,3 @@ echo "TESTING: groups (test/private-etc/groups.exp)"
 echo "TESTING: etc-cleanup (test/private-etc/etc-cleanup.exp)"
 ./etc-cleanup.exp
diff --git a/test/private-lib/private-lib.sh b/test/private-lib/private-lib.sh
index 0ef18b79d..5c67b16c5 100755
--- a/test/private-lib/private-lib.sh
+++ b/test/private-lib/private-lib.sh
@@ -29,4 +29,3 @@ if [[ $(uname -m) == "x86_64" ]]; then
 else
        echo "TESTING SKIP: private-lib test implemented only for x86_64."
 fi
diff --git a/test/profiles/test2.profile b/test/profiles/test2.profile
index 9fbd5219a..9504f5085 100644
--- a/test/profiles/test2.profile
+++ b/test/profiles/test2.profile
@@ -1,6 +1,6 @@
 caps
 seccomp
-  private
+private
-  include test.profile
+include test.profile
-  include test.local
+include test.local
-  include test25.profile
+include test25.profile
diff --git a/test/sysutils/sysutils.sh b/test/sysutils/sysutils.sh
index 231f5afa8..f5567ff02 100755
--- a/test/sysutils/sysutils.sh
+++ b/test/sysutils/sysutils.sh
@@ -150,4 +150,3 @@ then
 else
        echo "TESTING SKIP: whois not found"
 fi