4 files changed, 31 insertions, 22 deletions

diff --git a/README b/README
index bd32034a3..45d021008 100644
--- a/README
+++ b/README
@@ -80,6 +80,25 @@ Fred-Barclay (https://github.com/Fred-Barclay)
         - evince profile enhancement
         - tightened Spotify profile
         - added xiphos and Tor Browser Bundle profiles
+valoq (https://github.com/valoq)
+        - lots of profile fixes
+        - added support for /srv in --whitelist feature
+        - Eye of GNOME, Evolution, display (imagemagik) and Wire profiles
+        - blacklist suid binaries in disable-common.inc
+        - fix man pages
+        - added keypass2, qemu profiles
+        - added amarok, ark, atool, bleachbit, brasero, dolphin, dragon, elinks, enchant, exiftool profiles
+        - added file-roller, gedit, gjs,gnome-books, gnome-documents, gnome-maps, gnome-music profiles
+        - added gnome-photos, gnome-weather, goobox, gpa, gpg, gpg-agent, highlight profiles
+        - added img2txt, k3b, kate, lynx, mediainfo, nautilus, odt2txt, pdftotext, simple-scan profiles
+        - added skanlite, ssh-agent, transmission-cli, tracker, transmission-show, w3m, xfburn, xpra profiles
+Vasya Novikov (https://github.com/vn971)
+        - Wesnoth profile
+        - Hedegewars profile
+        - manpage fixes
+        - fixed firecfg clean/clear issue
+        - found the ugliest bug so far
+        - seccomp debug description in man page
 curiosity-seeker (https://github.com/curiosity-seeker)
         - tightening unbound and dnscrypt-proxy profiles
         - dnsmasq profile
@@ -95,15 +114,6 @@ BogDan Vatra (https://github.com/bog-dan-ro)
         - zoom profile
 Impyy (https://github.com/Impyy)
         - added mumble profile
-valoq (https://github.com/valoq)
-        - LibreOffice profile fixes
-        - cherrytree profile fixes
-        - added support for /srv in --whitelist feature
-        - Eye of GNOME, Evolution, display (imagemagik) and Wire profiles
-        - blacklist suid binaries in disable-common.inc
-        - fix man pages
-        - various profile improvements
-        - added keypass2, qemu profiles
 Vadim A. Misbakh-Soloviov (https://github.com/msva)
         - profile fixes
 Rafael Cavalcanti (https://github.com/rccavalcanti)
@@ -196,12 +206,6 @@ avoidr (https://github.com/avoidr)
         - various other fixes
 Ruan (https://github.com/ruany)
         - fixed hexchat profile
-Vasya Novikov (https://github.com/vn971)
-        - Wesnoth profile
-        - Hedegewars profile
-        - manpage fixes
-        - fixed firecfg clean/clear issue
-        - found the ugliest bug so far
 Matthew Gyurgyik (https://github.com/pyther)
         - rpm spec and several fixes
 Joan Figueras (https://github.com/figue)
diff --git a/etc/default.profile b/etc/default.profile
index 487e80c64..603321316 100644
--- a/etc/default.profile
+++ b/etc/default.profile
@@ -7,13 +7,16 @@ include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
 netfilter
-nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
-shell none
 
+#
+# depending on you usage, you can enable some of the commands below: 
+#
+# nogroups
+# shell none
 # private-bin program
 # private-etc none
 # private-dev
diff --git a/etc/mupdf.profile b/etc/mupdf.profile
index 7116fa1a6..7f9261d8b 100644
--- a/etc/mupdf.profile
+++ b/etc/mupdf.profile
@@ -16,9 +16,6 @@ net none
 shell none
 tracelog
 
-#seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,mremap,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev
-
-private-bin mupdf,sh,tempfile,rm
 private-tmp
 private-dev
 private-etc fonts
@@ -26,3 +23,8 @@ private-etc fonts
 # mupdf will never write anything
 read-only ${HOME}
 
+#
+# Experimental:
+#
+#seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,mremap,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev
+# private-bin mupdf,sh,tempfile,rm
diff --git a/src/fseccomp/main.c b/src/fseccomp/main.c
index 471e0b193..2f85a786b 100644
--- a/src/fseccomp/main.c
+++ b/src/fseccomp/main.c
@@ -38,7 +38,7 @@ static void usage(void) {
 }
 
 int main(int argc, char **argv) {
-//#if 0
+#if 0
 {
 //system("cat /proc/self/status");
 int i;
@@ -46,7 +46,7 @@ for (i = 0; i < argc; i++)
         printf("*%s* ", argv[i]);
 printf("\n");
 }       
-//#endif
+#endif
         if (argc < 2) {
                 usage();
                 return 1;