7 files changed, 290 insertions, 183 deletions

diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index 53066013d..fc74640d4 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -22,7 +22,8 @@ _Describe the bug_
 
 _Steps to reproduce the behavior_
 
-1. Run in bash `LC_ALL=C firejail PROGRAM` (`LC_ALL=C` to get a consistent output in English that can be understood by everybody)
+1. Run in bash `LC_ALL=C firejail PROGRAM` (`LC_ALL=C` to get a consistent
+   output in English that can be understood by everybody)
 2. Click on '....'
 3. Scroll down to '....'
 4. See error `ERROR`
@@ -37,7 +38,8 @@ _What actually happened_
 
 ### Behavior without a profile
 
-_What changed calling `LC_ALL=C firejail --noprofile /path/to/program` in a terminal?_
+_What changed calling `LC_ALL=C firejail --noprofile /path/to/program` in a
+terminal?_
 
 ### Additional context
 
@@ -47,7 +49,8 @@ _Any other detail that may help to understand/debug the problem_
 
 - Linux distribution and version (e.g. "Ubuntu 20.04" or "Arch Linux")
 - Firejail version (`firejail --version`).
-- If you use a development version of firejail, also the commit from which it was compiled (`git rev-parse HEAD`).
+- If you use a development version of firejail, also the commit from which it
+  was compiled (`git rev-parse HEAD`).
 
 ### Checklist
 
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
index a723cdbde..ce1b70e39 100644
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -4,6 +4,7 @@ about: Suggest an idea for this project
 title: ''
 labels: ''
 assignees: ''
+
 ---
 
 ### Is your feature request related to a problem? Please describe.
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 3c256dd87..4a7998e87 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,17 +1,21 @@
-If your PR isn't about profiles or you have no idea how to do one of these, skip the following and go ahead with this PR.
+If your PR isn't about profiles or you have no idea how to do one of these,
+skip the following and go ahead with this PR.
 
-If you submit a PR for new profiles or changing profiles, please do the following:
- - The ordering of options follow the rules described in [/usr/share/doc/firejail/profile.template](https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template).
-   > Hint: The profile-template is very new. If you install firejail with your package manager, it may be missing. In order to follow the latest rules, it is recommended to use the template from the repository.
- - Order the arguments of options alphabetically. You can easily do this with [sort.py](https://github.com/netblue30/firejail/tree/master/contrib/sort.py).
- The path to it depends on your distro:
+If you submit a PR for new profiles or changing profiles, please do the
+following:
 
-   | Distro | Path |
-   | ------ | ---- |
-   | Arch/Fedora | `/usr/lib64/firejail/sort.py` |
-   | Debian/Ubuntu/Mint | `/usr/lib/x86_64-linux-gnu/firejail/sort.py` |
-   | local git clone | `contrib/sort.py` |
+- The ordering of options follow the rules described in
+  [etc/templates/profile.template](../blob/master/etc/templates/profile.template)
+  (/usr/share/doc/firejail/profile.template when installed).
+- Order the arguments of options alphabetically.  You can easily do this with
+  [sort.py](../blob/master/contrib/sort.py).
 
-   Note also that the sort.py script exists only since firejail `0.9.61`.
+  The path to it depends on your distro:
 
-See also [CONTRIBUTING.md](/CONTRIBUTING.md).
+  | Distro | Path |
+  | ------ | ---- |
+  | Arch/Fedora | `/usr/lib64/firejail/sort.py` |
+  | Debian/Ubuntu/Mint | `/usr/lib/x86_64-linux-gnu/firejail/sort.py` |
+  | local git clone | `contrib/sort.py` |
+
+See also [CONTRIBUTING.md](../blob/master/CONTRIBUTING.md).
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 76d3e709b..1ae293264 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,38 +1,58 @@
+# Contributing
+
 Welcome to firejail, and thank you for your interest in contributing!
 
-# Opening an issue:
-We welcome issues, whether to ask a question, provide information, request a new profile or
-feature, or to report a suspected bug or problem.
+## Opening an issue
+
+We welcome issues, whether to ask a question, provide information, request a
+new profile or feature, or to report a suspected bug or problem.
+
+If you want to request a program profile that we don't already have, please add
+a comment in our dedicated issue:
 
-If you want to request a program profile that we don't already have, please add a comment in
-our [dedicated issue](https://github.com/netblue30/firejail/issues/1139).
+- [Profile requests](https://github.com/netblue30/firejail/issues/1139)
 
 When submitting a bug report, please provide the following information so that
 we can handle the report more easily:
-- firejail version. If you're not sure, open a terminal and type `firejail --version`.
+
+- firejail version.  If you're not sure, open a terminal and type `firejail
+  --version`.
 - Linux distribution (so that we can try to reproduce it, if necessary).
-- If you know that the problem did not exist in an earlier version of firejail, please mention it.
-- If you are reporting that a program does not work with firejail, please also run firejail with
-the `--noprofile` argument.
-For example, if `firejail firefox` does not work, please also run `firejail --noprofile firefox` and
-let us know if it runs correctly or not.
-- You may also try disabling various options provided in `/etc/firejail/<ProgramName.profile>` until you find out which one causes problems. It will significantly help to find solution for your issue.
-
-Please note: if you are running Debian, Ubuntu, Linux Mint, or another related
+- If you know that the problem did not exist in an earlier version of firejail,
+  please mention it.
+- If you are reporting that a program does not work with firejail, please also
+  run firejail with the `--noprofile` argument.  For example, if `firejail
+  firefox` does not work, please also run `firejail --noprofile firefox` and
+  let us know if it runs correctly or not.
+- You may also try disabling various options provided in
+  `/etc/firejail/<ProgramName.profile>` until you find out which one causes
+  problems.  It will significantly help in finding a solution for your issue.
+
+Please note: If you are running Debian, Ubuntu, Linux Mint, or another related
 distribution and you installed firejail from your distro's repositories, please
-ensure that **both** of the following were installed:
-`firejail` and `firejail-profiles`. A common source of issues is that
-firejail-profiles was not installed when installing firejail.
+ensure that **all** of the following packages were installed:
+
+- firejail
+- firejail-profiles
 
-We take security bugs very seriously. If you believe you have found one, please report it by
-emailing us at netblue30@protonmail.com
+A common source of issues is that firejail-profiles was not installed when
+installing firejail.
+
+## Security vulnerabilities
+
+See [SECURITY.md](SECURITY.md).
+
+## Opening a pull request
 
-# Opening an pull request:
 Pull requests with enhancements, bugfixes or new profiles are very welcome.
 
 If you want to write a new profile, the easiest way to do this is to use the
-[profile template](https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template).
-If you have already written a profile, please make sure it follows the rules described in the template.
+profile template:
+
+- [etc/templates/profile.template](etc/templates/profile.template)
+
+If you have already written a profile, please make sure it follows the rules
+described in the template.
 
 If you add a new command, here's the checklist:
 
@@ -41,6 +61,7 @@ If you add a new command, here's the checklist:
 - [ ] Update syntax files (run `make syntax` or just `make`)
 - [ ] Update --help
 
-# Editing the wiki
+## Editing the wiki
 
-You are highly encouraged to add your own tips and tricks to the [wiki](https://github.com/netblue30/firejail/wiki).
+You are highly encouraged to add your own tips and tricks to the
+[wiki](https://github.com/netblue30/firejail/wiki).
diff --git a/README b/README
index 4647a70c4..0d402a854 100644
--- a/README
+++ b/README
@@ -1,13 +1,14 @@
-Firejail is a SUID sandbox program that reduces the risk of security
-breaches by restricting the running environment of untrusted applications
-using Linux namespaces and seccomp-bpf. It includes sandbox profiles for
-Iceweasel/Mozilla Firefox, Chromium, Midori, Opera, Evince, Transmission,
-VLC, Audacious, Clementine, Rhythmbox, Totem, Deluge, qBittorrent.
-DeaDBeeF, Dropbox, Empathy, FileZilla, IceCat, Thunderbird/Icedove,
-Pidgin, Quassel, and XChat.
+Firejail is a SUID sandbox program that reduces the risk of security breaches
+by restricting the running environment of untrusted applications using Linux
+namespaces and seccomp-bpf.
+
+It includes sandbox profiles for many programs, including Iceweasel/Mozilla
+Firefox, Chromium, Midori, Opera, Evince, Transmission, VLC, Audacious,
+Clementine, Rhythmbox, Totem, Deluge, qBittorrent, DeaDBeeF, Dropbox, Empathy,
+FileZilla, IceCat, Thunderbird/Icedove, Pidgin, Quassel, and XChat.
 
 Firejail also expands the restricted shell facility found in bash by adding
-Linux namespace support. It supports sandboxing specific users upon login.
+Linux namespace support.  It supports sandboxing specific users upon login.
 
 Download: https://sourceforge.net/projects/firejail/files/
 Build and install: ./configure && make && sudo make install
@@ -17,30 +18,33 @@ Backup Video Channel: https://www.bitchute.com/profile/JSBsA1aoQVfW/
 Development: https://github.com/netblue30/firejail
 License: GPL v2
 
-Please report all security vulnerabilities at netblue30@protonmail.com
+Please report all security vulnerabilities to:
+
+* <netblue30@protonmail.com>
 
-Compile and install mainline version from GitHub:
+Compile and install the mainline version from GitHub:
 
-$ git clone https://github.com/netblue30/firejail.git
-$ cd firejail
-$ ./configure && make && sudo make install-strip
+    git clone https://github.com/netblue30/firejail.git
+    cd firejail
+    ./configure && make && sudo make install-strip
 
-On Debian/Ubuntu you will need to install git and gcc compiler. AppArmor
-development libraries and pkg-config are required when using --enable-apparmor
+On Debian/Ubuntu you will need to install git and gcc.  AppArmor development
+libraries and pkg-config are required when using the --enable-apparmor
 ./configure option:
 
-$ sudo apt-get install git build-essential libapparmor-dev pkg-config gawk
+    sudo apt-get install git build-essential libapparmor-dev pkg-config gawk
 
 For --selinux option, add libselinux1-dev (libselinux-devel for Fedora).
 
-We build our release firejail.tar.xz and firejail.deb packages using the following command:
-$ make distclean && ./configure && make deb
+We build our release firejail.tar.xz and firejail.deb packages using the
+following commands:
 
+    make distclean && ./configure && make deb
 
 Maintainer:
 - netblue30 (netblue30@protonmail.com)
 
-Committers
+Committers:
 - chiraag-nataraj (https://github.com/chiraag-nataraj)
 - crass (https://github.com/crass)
 - ChrysoliteAzalea (https://github.com/ChrysoliteAzalea)
@@ -55,15 +59,16 @@ Committers
 - rusty-snake (https://github.com/rusty-snake)
 - smitsohu (https://github.com/smitsohu)
 - SkewedZeppelin (https://github.com/SkewedZeppelin)
-- startx2017 (https://github.com/startx2017) - LTS and *bugfixes branches maintainer)
+- startx2017 (https://github.com/startx2017) - LTS and *bugfixes branches
+  maintainer)
 - Topi Miettinen (https://github.com/topimiettinen)
 - veloute (https://github.com/veloute)
 - Vincent43 (https://github.com/Vincent43)
 - netblue30 (netblue30@protonmail.com)
 
+---
 
-
-Firejail Authors (alphabetical order)
+Firejail Authors (alphabetical order):
 
 0x7969 (https://github.com/0x7969)
         - fix wire-desktop.profile
@@ -313,7 +318,8 @@ curiosityseeker (https://github.com/curiosityseeker - new)
         - updated keypassxc profile
         - added syscalls.sh, which determine the necessary syscalls for a program
         - fixed conky profile
-        - thunderbird.profile: harden and enable the rules necessary to make Firefox open links
+        - thunderbird.profile: harden and enable the rules necessary to make
+          Firefox open links
 da2x (https://github.com/da2x)
         - matched RPM license tag
 Daan Bakker (https://github.com/dbakker)
@@ -358,7 +364,8 @@ Disconnect3d (https://github.com/disconnect3d)
 dm9pZCAq (https://github.com/dm9pZCAq)
         - fix for compilation under musl
 dmfreemon (https://github.com/dmfreemon)
-        - add sandbox name or name of private directory to the window title when xpra is used
+        - add sandbox name or name of private directory to the window title
+          when xpra is used
         - handle malloc() failures; use gnu_basename() instead of basenaem()
 Dmitriy Chestnykh (https://github.com/chestnykh)
         - add ability to disable user profiles at compile time
@@ -1030,7 +1037,8 @@ soredake (https://github.com/soredake)
         - add localtime to private-etc to make qtox show correct time
         - fixes for the keepassxc 2.2.5 version
 SkewedZeppelin (https://github.com/SkewedZeppelin)
-        - added Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5 profiles
+        - added Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI,
+          Lollypop, MultiMC5 profiles
         - added PDFSam, Pithos, and Xonotic profiles
         - disabled Go, Rust, and OpenSSL in disable-devel.conf
         - added dino profile
@@ -1048,7 +1056,8 @@ SkewedZeppelin (https://github.com/SkewedZeppelin)
         - added IntelliJ IDEA and Android Studio profiles
         - added arm profile
         - lots of profile improvements/tightening
-        - added apktool, baobab, dex2jar, gitg, hashcat, obs, picard, remmina, sdat2img,
+        - added apktool, baobab, dex2jar, gitg, hashcat, obs, picard, remmina,
+          sdat2img,
         soundconverter, sqlitebrowser, and truecraft profiles
         - added gnome-twitch profile
         - Unified all 341 profiles
@@ -1085,10 +1094,12 @@ SYN-cook (https://github.com/SYN-cook)
         - gnome-calculator changes
 startx2017 (https://github.com/startx2017)
         - syscall list update
-        - updated default seccomp filters - added bpf, clock_settime, personality, process_vm_writev, query_module,
-          settimeofday, stime, umount, userfaultfd, ustat, vm86, and vm86old
+        - updated default seccomp filters - added bpf, clock_settime,
+          personality, process_vm_writev, query_module, settimeofday, stime,
+          umount, userfaultfd, ustat, vm86, and vm86old
         - enable/disable join support in /etc/firejail/firejail.config
-        - firecfg fix: create ~/.local/share/applications directory if it doesn't exist
+        - firecfg fix: create ~/.local/share/applications directory if it
+          doesn't exist
         - firejail.config cleanup
         - --quiet fixes
         - bugfixes branches maintainer
@@ -1250,10 +1261,9 @@ Zack Weinberg (https://github.com/zackw)
         - wait_for_other function rewrite
         - Xvfb X11 server support
         - Xvfb and Xephyr profiles, modified Xpra profile
-        - support for sandboxing Xpra, Xvfb and Xephyr in independent sandboxes when started
-          with firejail --x11
+        - support for sandboxing Xpra, Xvfb and Xephyr in independent sandboxes
+          when started with firejail --x11
         - support for xpra-extra-params in firejail.config
-
 zupatisc (https://github.com/zupatisc)
         - patch-util fix
 
diff --git a/README.md b/README.md
index 22e2fa291..09a3276e6 100644
--- a/README.md
+++ b/README.md
@@ -1,79 +1,91 @@
 # Firejail
-[![Build Status](https://gitlab.com/Firejail/firejail_ci/badges/master/pipeline.svg)](https://gitlab.com/Firejail/firejail_ci/pipelines/)
-[![CodeQL](https://github.com/netblue30/firejail/workflows/CodeQL/badge.svg)](https://github.com/netblue30/firejail/actions?query=workflow%3ACodeQL)
-[![Build CI](https://github.com/netblue30/firejail/workflows/Build%20CI/badge.svg)](https://github.com/netblue30/firejail/actions?query=workflow%3A%22Build+CI%22)
-[![Packaging status](https://repology.org/badge/tiny-repos/firejail.svg)](https://repology.org/project/firejail/versions)
-
-Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting
-the running environment of untrusted applications using Linux namespaces, seccomp-bpf
-and Linux capabilities. It allows a process and all its descendants to have their own private
-view of the globally shared kernel resources, such as the network stack, process table, mount table.
-Firejail can work in a SELinux or AppArmor environment, and it is integrated with Linux Control Groups.
-
-Written in C with virtually no dependencies, the software runs on any Linux computer with a 3.x kernel
-version or newer. It can sandbox any type of processes: servers, graphical applications, and even
-user login sessions. The software includes sandbox profiles for a number of more common Linux programs,
+
+[![Build CI (GitLab)](https://gitlab.com/Firejail/firejail_ci/badges/master/pipeline.svg)](https://gitlab.com/Firejail/firejail_ci/pipelines)
+[![Build CI (GitHub)](https://github.com/netblue30/firejail/workflows/Build%20CI/badge.svg)](https://github.com/netblue30/firejail/actions?query=workflow%3A%22Build+CI%22)
+[![CodeQL CI](https://github.com/netblue30/firejail/workflows/CodeQL/badge.svg)](https://github.com/netblue30/firejail/actions?query=workflow%3ACodeQL)
+[![Packaging status (Repology)](https://repology.org/badge/tiny-repos/firejail.svg)](https://repology.org/project/firejail/versions)
+
+Firejail is a SUID sandbox program that reduces the risk of security breaches
+by restricting the running environment of untrusted applications using Linux
+namespaces, seccomp-bpf and Linux capabilities.  It allows a process and all
+its descendants to have their own private view of the globally shared kernel
+resources, such as the network stack, process table, mount table.  Firejail can
+work in a SELinux or AppArmor environment, and it is integrated with Linux
+Control Groups.
+
+Written in C with virtually no dependencies, the software runs on any Linux
+computer with a 3.x kernel version or newer.  It can sandbox any type of
+processes: servers, graphical applications, and even user login sessions.  The
+software includes sandbox profiles for a number of more common Linux programs,
 such as Mozilla Firefox, Chromium, VLC, Transmission etc.
 
-The sandbox is lightweight, the overhead is low. There are no complicated configuration files to edit,
-no socket connections open, no daemons running in the background. All security features are
-implemented directly in Linux kernel and available on any Linux computer.
+The sandbox is lightweight, the overhead is low.  There are no complicated
+configuration files to edit, no socket connections open, no daemons running in
+the background.  All security features are implemented directly in Linux kernel
+and available on any Linux computer.
+
+## Videos
 
-<table><tr>
+<table>
+<tr>
 
 <td>
 <a href="https://odysee.com/@netblue30:9/firefox:c" target="_blank">
 <img src="https://thumbs.odycdn.com/acf4b1c66737feb97640fb1d28a7daa6.png"
-alt="Advanced Browser Security" width="240" height="142" border="10" /><br/>Advanced Browser Security</a>
+alt="Advanced Browser Security" width="240" height="142" border="10" />
+<br/>Advanced Browser Security
+</a>
 </td>
 
 <td>
 <a href="https://odysee.com/@netblue30:9/nonet:7" target="_blank">
 <img src="https://thumbs.odycdn.com/5be2964201c31689ee8f78cb9f35e89a.png"
-alt="How To Disable Network Access" width="240" height="142" border="10" /><br/>How To Disable Network Access</a>
+alt="How To Disable Network Access" width="240" height="142" border="10" />
+<br/>How To Disable Network Access
+</a>
 </td>
 
 <td>
 <a href="https://odysee.com/@netblue30:9/divested:2" target="_blank">
 <img src="https://thumbs.odycdn.com/f30ece33a6547af9ae48244f4ba73028.png"
-alt="Deep Dive" width="240" height="142" border="10" /><br/>Deep Dive</a>
+alt="Deep Dive" width="240" height="142" border="10" />
+<br/>Deep Dive
+</a>
 </td>
 
-</tr></table>
-
-Project webpage: https://firejail.wordpress.com/
-
-IRC: https://web.libera.chat/#firejail
-
-Download and Installation: https://firejail.wordpress.com/download-2/
-
-Features: https://firejail.wordpress.com/features-3/
+</tr>
+</table>
 
-Documentation: https://firejail.wordpress.com/documentation-2/
+## Links
 
-FAQ: https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions
-
-Wiki: https://github.com/netblue30/firejail/wiki
-
-GitLab-CI status: https://gitlab.com/Firejail/firejail_ci/pipelines/
-
-Video Channel: https://odysee.com/@netblue30:9?order=new
-
-Backup Video Channel: https://www.bitchute.com/profile/JSBsA1aoQVfW/
+* Project webpage: <https://firejail.wordpress.com/>
+* IRC: <https://web.libera.chat/#firejail>
+* Download and Installation: <https://firejail.wordpress.com/download-2/>
+* Features: <https://firejail.wordpress.com/features-3/>
+* Documentation: <https://firejail.wordpress.com/documentation-2/>
+* FAQ: <https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions>
+* Wiki: <https://github.com/netblue30/firejail/wiki>
+* GitHub Actions: <https://github.com/netblue30/firejail/actions>
+* GitLab CI: <https://gitlab.com/Firejail/firejail_ci/pipelines>
+* Video Channel: <https://odysee.com/@netblue30:9?order=new>
+* Backup Video Channel: <https://www.bitchute.com/profile/JSBsA1aoQVfW/>
 
 ## Security vulnerabilities
 
-We take security bugs very seriously. If you believe you have found one, please report it by emailing us at netblue30@protonmail.com
+See [SECURITY.md](SECURITY.md).
 
 ## Installing
 
 ### Debian
 
-Debian stable (bullseye): We recommend to use the [backports](https://packages.debian.org/bullseye-backports/firejail) package.
+Debian stable (bullseye): We recommend to use the
+[backports](https://packages.debian.org/bullseye-backports/firejail) package.
 
 ### Ubuntu
 
-For Ubuntu 18.04+ and derivatives (such as Linux Mint), users are **strongly advised** to use the [PPA](https://launchpad.net/~deki/+archive/ubuntu/firejail).
+For Ubuntu 18.04+ and derivatives (such as Linux Mint), users are **strongly
+advised** to use the
+[PPA](https://launchpad.net/~deki/+archive/ubuntu/firejail).
 
 How to add and install from the PPA:
 
@@ -83,140 +95,186 @@ sudo apt-get update
 sudo apt-get install firejail firejail-profiles
 ```
 
-Reason: The firejail package for Ubuntu 20.04 has been left vulnerable to CVE-2021-26910 for months after a patch for it was posted on Launchpad:
+Reason: The firejail package for Ubuntu 20.04 has been left vulnerable to
+CVE-2021-26910 for months after a patch for it was posted on Launchpad:
 
-* [firejail version in Ubuntu 20.04 LTS is vulnerable to CVE-2021-26910](https://bugs.launchpad.net/ubuntu/+source/firejail/+bug/1916767)
+* [CVE-2021-26910](https://github.com/advisories/GHSA-2q4h-h5jp-942w)
+* [firejail version in Ubuntu 20.04 LTS is vulnerable to
+  CVE-2021-26910](https://bugs.launchpad.net/ubuntu/+source/firejail/+bug/1916767)
 
 See also <https://wiki.ubuntu.com/SecurityTeam/FAQ>:
 
 > What software is supported by the Ubuntu Security team?
 >
 > Ubuntu is currently divided into four components: main, restricted, universe
-> and multiverse. All binary packages in main and restricted are supported by
+> and multiverse.  All binary packages in main and restricted are supported by
 > the Ubuntu Security team for the life of an Ubuntu release, while binary
 > packages in universe and multiverse are supported by the Ubuntu community.
 
-Additionally, the PPA version is likely to be more recent and to contain more profile fixes.
+Additionally, the PPA version is likely to be more recent and to contain more
+profile fixes.
 
 See the following discussions for details:
 
-* [Should I keep using the version of firejail available in my distro repos?](https://github.com/netblue30/firejail/discussions/4666)
-* [How to install the latest version on Ubuntu and derivatives](https://github.com/netblue30/firejail/discussions/4663)
+* [Should I keep using the version of firejail available in my distro
+  repos?](https://github.com/netblue30/firejail/discussions/4666)
+* [How to install the latest version on Ubuntu and
+  derivatives](https://github.com/netblue30/firejail/discussions/4663)
 
 ### Other
 
-Firejail is included in a large number of Linux distributions.
+Firejail is available in multiple Linux distributions:
+
+<details>
+<summary>Repology</summary>
+<p>
+
+[![Packaging status (Repology)](https://repology.org/badge/vertical-allrepos/firejail.svg)](https://repology.org/project/firejail/versions)
 
-You can also install one of the [released packages](http://sourceforge.net/projects/firejail/files/firejail), or clone Firejail’s source code from our Git repository and compile manually:
+</p>
+</details>
 
-`````
-$ git clone https://github.com/netblue30/firejail.git
-$ cd firejail
-$ ./configure && make && sudo make install-strip
-`````
-On Debian/Ubuntu you will need to install git and gcc compiler. AppArmor
-development libraries and pkg-config are required when using `--enable-apparmor`
+Other than the [aforementioned exceptions](#installing), as long as your
+distribution provides a [supported version](SECURITY.md) of firejail, it's
+generally a good idea to install it from the distribution.
+
+The version can be checked with `firejail --version` after installing.
+
+You can also install one of the [released
+packages](https://github.com/netblue30/firejail/releases).
+
+Or clone the source code from our git repository and build manually:
+
+```sh
+git clone https://github.com/netblue30/firejail.git
+cd firejail
+./configure && make && sudo make install-strip
+```
+
+On Debian/Ubuntu you will need to install git and gcc.  AppArmor development
+libraries and pkg-config are required when using the `--enable-apparmor`
 ./configure option:
-`````
-$ sudo apt-get install git build-essential libapparmor-dev pkg-config gawk
-`````
+
+```sh
+sudo apt-get install git build-essential libapparmor-dev pkg-config gawk
+```
+
 For `--selinux` option, add libselinux1-dev (libselinux-devel for Fedora).
 
-Detailed information on using firejail from git is available on the [wiki](https://github.com/netblue30/firejail/wiki/Using-firejail-from-git).
+Detailed information on using firejail from git is available on the
+[wiki](https://github.com/netblue30/firejail/wiki/Using-firejail-from-git).
 
 ## Running the sandbox
 
 To start the sandbox, prefix your command with `firejail`:
 
-`````
-$ firejail firefox            # starting Mozilla Firefox
-$ firejail transmission-gtk   # starting Transmission BitTorrent
-$ firejail vlc                # starting VideoLAN Client
-$ sudo firejail /etc/init.d/nginx start
-`````
-Run `firejail --list` in a terminal to list all active sandboxes. Example:
-`````
+```sh
+firejail firefox            # starting Mozilla Firefox
+firejail transmission-gtk   # starting Transmission BitTorrent
+firejail vlc                # starting VideoLAN Client
+sudo firejail /etc/init.d/nginx start
+```
+
+Run `firejail --list` in a terminal to list all active sandboxes.  Example:
+
+```console
 $ firejail --list
 1617:netblue:/usr/bin/firejail /usr/bin/firefox-esr
 7719:netblue:/usr/bin/firejail /usr/bin/transmission-qt
 7779:netblue:/usr/bin/firejail /usr/bin/galculator
 7874:netblue:/usr/bin/firejail /usr/bin/vlc --started-from-file file:///home/netblue/firejail-whitelist.mp4
 7916:netblue:firejail --list
-`````
+```
 
 ## Desktop integration
 
 Integrate your sandbox into your desktop by running the following two commands:
-`````
-$ firecfg --fix-sound
-$ sudo firecfg
-`````
 
-The first command solves some shared memory/PID namespace bugs in PulseAudio software prior to version 9.
-The second command integrates Firejail into your desktop. You would need to logout and login back to apply
-PulseAudio changes.
+```sh
+firecfg --fix-sound
+sudo firecfg
+```
+
+The first command solves some shared memory/PID namespace bugs in PulseAudio
+software prior to version 9.  The second command integrates Firejail into your
+desktop.  You would need to logout and login back to apply PulseAudio changes.
+
+Start your programs the way you are used to: desktop manager menus, file
+manager, desktop launchers.
 
-Start your programs the way you are used to: desktop manager menus, file manager, desktop launchers.
-The integration applies to any program supported by default by Firejail. There are about 250 default applications
-in current Firejail version, and the number goes up with every new release.
-We keep the application list in [/etc/firejail/firecfg.config](https://github.com/netblue30/firejail/blob/master/src/firecfg/firecfg.config) file.
+The integration applies to any program supported by default by Firejail.  There
+are over 900 default applications in the current Firejail version, and the
+number goes up with every new release.
+
+We keep the application list in
+[src/firecfg/firecfg.config](src/firecfg/firecfg.config)
+(/etc/firejail/firecfg.config when installed).
 
 ## Security profiles
 
-Most Firejail command line options can be passed to the sandbox using profile files.
-You can find the profiles for all supported applications in [/etc/firejail](https://github.com/netblue30/firejail/tree/master/etc) directory.
+Most Firejail command line options can be passed to the sandbox using profile
+files.
+
+You can find the profiles for all supported applications in [etc/](etc/)
+(/etc/firejail/ when installed).
+
+We also keep a list of profile fixes for previous released versions in
+[etc-fixes/](etc-fixes/).
 
-If you keep additional Firejail security profiles in a public repository, please give us a link:
+If you keep additional Firejail security profiles in a public repository,
+please give us a link:
 
-* https://github.com/chiraag-nataraj/firejail-profiles
+* <https://github.com/chiraag-nataraj/firejail-profiles>
+* <https://github.com/triceratops1/fe>
 
-* https://github.com/triceratops1/fe
+Use this issue to request new profiles:
 
-Use this issue to request new profiles: [#1139](https://github.com/netblue30/firejail/issues/1139)
+* [Profile requests](https://github.com/netblue30/firejail/issues/1139)
 
-You can also use this tool to get a list of syscalls needed by a program: [contrib/syscalls.sh](contrib/syscalls.sh).
+You can also use this tool to get a list of syscalls needed by a program:
 
-We also keep a list of profile fixes for previous released versions in [etc-fixes](https://github.com/netblue30/firejail/tree/master/etc-fixes) directory.
+* [contrib/syscalls.sh](contrib/syscalls.sh)
 
 ## Latest released version: 0.9.72
 
 ## Current development version: 0.9.73
 
 ### --keep-shell-rc
-`````
+
+```text
        --keep-shell-rc
               By default, when using a private home directory, firejail copies
               files  from the system's user home template (/etc/skel) into it,
               which overrides attempts to whitelist the original  files  (such
               as  ~/.bashrc and ~/.zshrc).  This option disables this feature,
               and enables the user to whitelist the original files.
-
-`````
+```
 
 ### private-etc rework
-`````
+
+```text
        --private-etc, --private-etc=file,directory,@group
-              The files installed by --private-etc are copies of the  original
-              system  files  from  /etc  directory.   By  default, the command
-              brings in a skeleton of files and directories used by most  con‐
-              sole tools:
+              The files installed by --private-etc are copies of the original
+              system files from /etc directory.  By default, the command
+              brings in a skeleton of files and directories used by most
+              console tools:
 
               $ firejail --private-etc dig debian.org
 
-              For  X11/GTK/QT/Gnome/KDE   programs add @x11 group as a parame‐
-              ter. Example:
+              For X11/GTK/QT/Gnome/KDE  programs add @x11 group as a
+              parameter. Example:
 
               $ firejail --private-etc=@x11,gcrypt,python* gimp
 
-              gcrypt and /etc/python* directories are not part of the  generic
+              gcrypt and /etc/python* directories are not part of the generic
               @x11 group.  File globbing is supported.
 
               For games, add @games group:
 
               $ firejail --private-etc=@games,@x11 warzone2100
 
-              Sound  and  networking  files are included automatically, unless
-              --nosound or --net=none  are  specified.   Files  for  encrypted
+              Sound and networking files are included automatically, unless
+              --nosound or --net=none are specified.  Files for encrypted
               TLS/SSL protocol are in @tls-ca group.
 
               $ firejail --private-etc=@tls-ca,wgetrc wget https://debian.org
@@ -225,22 +283,29 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
               by your program is using strace utility:
 
               $ strace /usr/bin/transmission-qt 2>&1 | grep open | grep etc
+```
+
+We keep the list of groups in
+[src/include/etc_groups.h](src/include/etc_groups.h).
 
-`````
-We keep the list of groups in [src/include/etc_groups.h](https://github.com/netblue30/firejail/blob/master/src/include/etc_groups.h)
-Discussion: https://github.com/netblue30/firejail/discussions/5610
+Discussion:
+
+* [private-etc rework](https://github.com/netblue30/firejail/discussions/5610)
 
 ### Profile Statistics
 
-A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory.
+A small tool to print profile statistics.  Compile and install as usual.  The
+tool is installed in the /usr/lib/firejail directory.
+
 Run it over the profiles in /etc/profiles:
-```
+
+```console
 $ /usr/lib/firejail/profstats /etc/firejail/*.profile
 No include .local found in /etc/firejail/noprofile.profile
 Warning: multiple caps in /etc/firejail/transmission-daemon.profile
 
 Stats:
-     profiles                   1209
+    profiles                    1209
     include local profile       1208   (include profile-name.local)
     include globals             1181   (include globals.local)
     blacklist ~/.ssh            1079   (include disable-common.inc)
@@ -266,5 +331,4 @@ Stats:
     dbus-user filter            141
     dbus-system none            851
     dbus-system filter          12
-
 ```
diff --git a/SECURITY.md b/SECURITY.md
index 734d04ccf..2a9cc7f6f 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -26,4 +26,8 @@
 
 ## Security vulnerabilities
 
-We take security bugs very seriously. If you believe you have found one, please report it by emailing us at netblue30@@protonmail.com
+We take security bugs very seriously.
+
+If you believe you have found one, please report it to:
+
+* <netblue30@protonmail.com>