24 files changed, 20 insertions, 946 deletions
diff --git a/Makefile.in b/Makefile.in
index 8fd301879..7067bea22 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,6 +1,6 @@
 all: apps man filters
 MYLIBS = src/lib
-APPS = src/firejail src/firemon src/fsec-print src/fsec-optimize src/firecfg src/fnetfilter src/libtrace src/libtracelog src/ftee src/fnet src/fseccomp src/fcopy src/libpostexecseccomp
+APPS = src/firejail src/firemon src/fsec-print src/fsec-optimize src/firecfg src/fnetfilter src/libtrace src/libtracelog src/ftee src/fnet src/fseccomp src/libpostexecseccomp
 MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 firejail-users.5
 SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx
@@ -95,7 +95,6 @@ endif
        install -c -m 0644 src/firecfg/firecfg.config $(DESTDIR)/$(libdir)/firejail/.
        install -c -m 0755 src/fnet/fnet $(DESTDIR)/$(libdir)/firejail/.
        install -c -m 0755 src/fnetfilter/fnetfilter $(DESTDIR)/$(libdir)/firejail/.
-        install -c -m 0755 src/fcopy/fcopy $(DESTDIR)/$(libdir)/firejail/.
 ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP)
        install -c -m 0755 src/fsec-print/fsec-print $(DESTDIR)/$(libdir)/firejail/.
        install -c -m 0755 src/fsec-optimize/fsec-optimize $(DESTDIR)/$(libdir)/firejail/.
@@ -160,7 +159,6 @@ install-strip: all
        strip src/fseccomp/fseccomp
        strip src/fsec-print/fsec-print
        strip src/fsec-optimize/fsec-optimize
-        strip src/fcopy/fcopy
        $(MAKE) realinstall
 uninstall:
@@ -178,7 +176,7 @@ uninstall:
        rm -f $(DESTDIR)/$(datarootdir)/bash-completion/completions/firecfg
 DISTFILES = "src etc platform configure configure.ac dummy.c Makefile.in install.sh mkman.sh mketc.sh mkdeb.sh COPYING README RELNOTES"
-DISTFILES_TEST = "test/apps test/root test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/arguments test/fs test/sysutils"
+DISTFILES_TEST = "test/apps test/root test/environment test/profiles test/utils test/compile test/filters test/network test/arguments test/fs test/sysutils"
 dist:
        mv config.status config.status.old
@@ -249,16 +247,13 @@ test-arguments:
 test-fs:
        cd test/fs; ./fs.sh | grep TESTING
-test-fcopy:
-        cd test/fcopy; ./fcopy.sh | grep TESTING
 test-fnetfilter:
        cd test/fnetfilter; ./fnetfilter.sh | grep TESTING
-test: test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-filters test-arguments
+test: test-profiles test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-filters test-arguments
        echo "TEST COMPLETE"
-test-travis: test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-filters test-arguments
+test-travis: test-profiles test-fnetfilter test-fs test-utils test-sysutils test-environment test-filters test-arguments
        echo "TEST COMPLETE"
 ##########################################
diff --git a/configure b/configure
index d70004819..6836ffbca 100755
--- a/configure
+++ b/configure
@@ -3837,7 +3837,7 @@ if test "$prefix" = /usr; then
        sysconfdir="/etc"
 fi
-ac_config_files="$ac_config_files Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fsec-print/Makefile src/ftee/Makefile src/fseccomp/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile"
+ac_config_files="$ac_config_files Makefile src/common.mk src/lib/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fsec-print/Makefile src/ftee/Makefile src/fseccomp/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile"
 cat >confcache <<\_ACEOF
 # This file is a shell script that caches the results of configure
@@ -4549,7 +4549,6 @@ do
    "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
    "src/common.mk") CONFIG_FILES="$CONFIG_FILES src/common.mk" ;;
    "src/lib/Makefile") CONFIG_FILES="$CONFIG_FILES src/lib/Makefile" ;;
-    "src/fcopy/Makefile") CONFIG_FILES="$CONFIG_FILES src/fcopy/Makefile" ;;
    "src/fnet/Makefile") CONFIG_FILES="$CONFIG_FILES src/fnet/Makefile" ;;
    "src/firejail/Makefile") CONFIG_FILES="$CONFIG_FILES src/firejail/Makefile" ;;
    "src/fnetfilter/Makefile") CONFIG_FILES="$CONFIG_FILES src/fnetfilter/Makefile" ;;
diff --git a/configure.ac b/configure.ac
index 41b7292c2..124b3526d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -189,7 +189,7 @@ if test "$prefix" = /usr; then
        sysconfdir="/etc"
 fi
-AC_OUTPUT(Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile \
+AC_OUTPUT(Makefile src/common.mk src/lib/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile \
 src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fsec-print/Makefile \
 src/ftee/Makefile src/fseccomp/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile)
diff --git a/linecnt.sh b/linecnt.sh
index 8716222f8..4048077e8 100755
--- a/linecnt.sh
+++ b/linecnt.sh
@@ -7,7 +7,6 @@ gcov_init() {
        /usr/lib/firejail/fnet --help > /dev/null
        /usr/lib/firejail/fseccomp --help > /dev/null
        /usr/lib/firejail/ftee --help > /dev/null
-        /usr/lib/firejail/fcopy --help > /dev/null
        firecfg --help > /dev/null
        /usr/lib/firejail/fnetfilter --help > /dev/null
@@ -20,6 +19,6 @@ gcov_init() {
 rm -fr gcov-dir
 gcov_init
 lcov -q --capture -d src/firejail -d src/firemon \
-        -d  src/fcopy -d  src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp \
+        -d  src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp \
        -d src/fnet -d src/ftee -d src/lib -d src/firecfg --output-file gcov-file
 genhtml -q gcov-file --output-directory gcov-dir
diff --git a/src/fcopy/Makefile.in b/src/fcopy/Makefile.in
deleted file mode 100644
index c9e7d87ab..000000000
--- a/src/fcopy/Makefile.in
+++ /dev/null
@@ -1,14 +0,0 @@
-all: fcopy
-include ../common.mk
-%.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h
-        $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@
-fcopy: $(OBJS)
-        $(CC)  $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS)
-clean:; rm -f *.o fcopy *.gcov *.gcda *.gcno
-distclean: clean
-        rm -fr Makefile
diff --git a/src/fcopy/main.c b/src/fcopy/main.c
deleted file mode 100644
index e93cd1cb8..000000000
--- a/src/fcopy/main.c
+++ /dev/null
@@ -1,405 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-#include "../include/common.h"
-#include <fcntl.h>
-#include <ftw.h>
-#include <errno.h>
-#include <pwd.h>
-int arg_quiet = 0;
-static int arg_follow_link = 0;
-#define COPY_LIMIT (500 * 1024 *1024)
-static int size_limit_reached = 0;
-static unsigned file_cnt = 0;
-static unsigned size_cnt = 0;
-static char *outpath = NULL;
-static char *inpath = NULL;
-// modified version of the function from util.c
-static void copy_file(const char *srcname, const char *destname, mode_t mode, uid_t uid, gid_t gid) {
-        assert(srcname);
-        assert(destname);
-        mode &= 07777;
-        // don't copy the file if it is already there
-        struct stat s;
-        if (stat(destname, &s) == 0)
-                return;
-        // open source
-        int src = open(srcname, O_RDONLY);
-        if (src < 0) {
-                if (!arg_quiet)
-                        fprintf(stderr, "Warning fcopy: cannot open %s, file not copied\n", srcname);
-                return;
-        }
-        // open destination
-        int dst = open(destname, O_CREAT|O_WRONLY|O_TRUNC, 0755);
-        if (dst < 0) {
-                if (!arg_quiet)
-                        fprintf(stderr, "Warning fcopy: cannot open %s, file not copied\n", destname);
-                close(src);
-                return;
-        }
-        // copy
-        ssize_t len;
-        static const int BUFLEN = 1024;
-        unsigned char buf[BUFLEN];
-        while ((len = read(src, buf, BUFLEN)) > 0) {
-                int done = 0;
-                while (done != len) {
-                        int rv = write(dst, buf + done, len - done);
-                        if (rv == -1)
-                                goto errexit;
-                        done += rv;
-                }
-        }
-        fflush(0);
-        if (fchown(dst, uid, gid) == -1)
-                goto errexit;
-        if (fchmod(dst, mode) == -1)
-                goto errexit;
-        close(src);
-        close(dst);
-        return;
-errexit:
-        close(src);
-        close(dst);
-        unlink(destname);
-        if (!arg_quiet)
-                fprintf(stderr, "Warning fcopy: cannot copy %s\n", destname);
-}
-// modified version of the function in firejail/util.c
-static void mkdir_attr(const char *fname, mode_t mode, uid_t uid, gid_t gid) {
-        assert(fname);
-        mode &= 07777;
-        if (mkdir(fname, mode) == -1 ||
-        chmod(fname, mode) == -1) {
-                fprintf(stderr, "Error fcopy: failed to create %s directory\n", fname);
-                errExit("mkdir/chmod");
-        }
-        if (chown(fname, uid, gid)) {
-                if (!arg_quiet)
-                        fprintf(stderr, "Warning fcopy: failed to change ownership of %s\n", fname);
-        }
-}
-void copy_link(const char *target, const char *linkpath, mode_t mode, uid_t uid, gid_t gid) {
-        (void) mode;
-        (void) uid;
-        (void) gid;
-        // if the link is already there, don't create it
-        struct stat s;
-        if (stat(linkpath, &s) == 0)
-               return;
-        char *rp = realpath(target, NULL);
-        if (rp) {
-                if (symlink(rp, linkpath) == -1) {
-                        free(rp);
-                        goto errout;
-                }
-                free(rp);
-        }
-        else
-                goto errout;
-        return;
-errout:
-        if (!arg_quiet)
-                fprintf(stderr, "Warning fcopy: cannot create symbolic link %s\n", target);
-}
-static int first = 1;
-static int fs_copydir(const char *infname, const struct stat *st, int ftype, struct FTW *sftw) {
-        (void) st;
-        (void) sftw;
-        assert(infname);
-        assert(*infname != '\0');
-        assert(outpath);
-        assert(*outpath != '\0');
-        assert(inpath);
-        // check size limit
-        if (size_limit_reached)
-                return 0;
-        char *outfname;
-        if (asprintf(&outfname, "%s%s", outpath, infname + strlen(inpath)) == -1)
-                errExit("asprintf");
-        // don't copy it if we already have the file
-        struct stat s;
-        if (stat(outfname, &s) == 0) {
-                if (first)
-                        first = 0;
-                else if (!arg_quiet)
-                        fprintf(stderr, "Warning fcopy: skipping %s, file already present\n", infname);
-                free(outfname);
-                return 0;
-        }
-        // extract mode and ownership
-        if (stat(infname, &s) != 0) {
-                if (!arg_quiet)
-                        fprintf(stderr, "Warning fcopy: skipping %s, cannot find inode\n", infname);
-                free(outfname);
-                return 0;
-        }
-        uid_t uid = s.st_uid;
-        gid_t gid = s.st_gid;
-        mode_t mode = s.st_mode;
-        // recalculate size
-        if ((s.st_size + size_cnt) > COPY_LIMIT) {
-                fprintf(stderr, "Error fcopy: size limit of %dMB reached\n", (COPY_LIMIT / 1024) / 1024);
-                size_limit_reached = 1;
-                free(outfname);
-                return 0;
-        }
-        file_cnt++;
-        size_cnt += s.st_size;
-        if(ftype == FTW_F) {
-                copy_file(infname, outfname, mode, uid, gid);
-        }
-        else if (ftype == FTW_D) {
-                mkdir_attr(outfname, mode, uid, gid);
-        }
-        else if (ftype == FTW_SL) {
-                copy_link(infname, outfname, mode, uid, gid);
-        }
-        return(0);
-}
-static char *check(const char *src) {
-        struct stat s;
-        char *rsrc = realpath(src, NULL);
-        if (!rsrc || stat(rsrc, &s) == -1)
-                goto errexit;
-        // on systems with systemd-resolved installed /etc/resolve.conf is a symlink to
-        //    /run/systemd/resolve/resolv.conf; this file is owned by systemd-resolve user
-        // checking gid will fail for files with a larger group such as /usr/bin/mutt_dotlock
-        uid_t user = getuid();
-        if (user == 0 && strncmp(rsrc, "/run/systemd/resolve/", 21) == 0) {
-                // check user systemd-resolve
-                struct passwd *p = getpwnam("systemd-resolve");
-                if (!p)
-                        goto errexit;
-                if (s.st_uid != user && s.st_uid != p->pw_uid)
-                        goto errexit;
-        }
-        else {
-                if (s.st_uid != user)
-                        goto errexit;
-        }
-        // dir, link, regular file
-        if (S_ISDIR(s.st_mode) || S_ISREG(s.st_mode) || S_ISLNK(s.st_mode))
-                return rsrc;                      // normal exit from the function
-errexit:
-        fprintf(stderr, "Error fcopy: invalid file %s\n", src);
-        exit(1);
-}
-static void duplicate_dir(const char *src, const char *dest, struct stat *s) {
-        (void) s;
-        char *rsrc = check(src);
-        char *rdest = check(dest);
-        inpath = rsrc;
-        outpath = rdest;
-        // walk
-        if(nftw(rsrc, fs_copydir, 1, FTW_PHYS) != 0) {
-                fprintf(stderr, "Error: unable to copy file\n");
-                exit(1);
-        }
-        free(rsrc);
-        free(rdest);
-}
-static void duplicate_file(const char *src, const char *dest, struct stat *s) {
-        char *rsrc = check(src);
-        char *rdest = check(dest);
-        uid_t uid = s->st_uid;
-        gid_t gid = s->st_gid;
-        mode_t mode = s->st_mode;
-        // build destination file name
-        char *name;
-        char *ptr = (arg_follow_link)? strrchr(src, '/'): strrchr(rsrc, '/');
-        ptr++;
-        if (asprintf(&name, "%s/%s", rdest, ptr) == -1)
-                errExit("asprintf");
-        // copy
-        copy_file(rsrc, name, mode, uid, gid);
-        free(name);
-        free(rsrc);
-        free(rdest);
-}
-static void duplicate_link(const char *src, const char *dest, struct stat *s) {
-        char *rsrc = check(src);                  // we drop the result and use the original name
-        char *rdest = check(dest);
-        uid_t uid = s->st_uid;
-        gid_t gid = s->st_gid;
-        mode_t mode = s->st_mode;
-        // build destination file name
-        char *name;
-        //     char *ptr = strrchr(rsrc, '/');
-        char *ptr = strrchr(src, '/');
-        ptr++;
-        if (asprintf(&name, "%s/%s", rdest, ptr) == -1)
-                errExit("asprintf");
-        // copy
-        copy_link(rsrc, name, mode, uid, gid);
-        free(name);
-        free(rsrc);
-        free(rdest);
-}
-static void usage(void) {
-        fputs("Usage: fcopy [--follow-link] src dest\n"
-                "\n"
-                "Copy SRC to DEST/SRC. SRC may be a file, directory, or symbolic link.\n"
-                "If SRC is a directory it is copied recursively.  If it is a symlink,\n"
-                "the link itself is duplicated, unless --follow-link is given,\n"
-                "in which case the destination of the link is copied.\n"
-                "DEST must already exist and must be a directory.\n", stderr);
-}
-int main(int argc, char **argv) {
-#if 0
-        {
-                //system("cat /proc/self/status");
-                int i;
-                for (i = 0; i < argc; i++)
-                        printf("*%s* ", argv[i]);
-                printf("\n");
-        }
-#endif
-        char *quiet = getenv("FIREJAIL_QUIET");
-        if (quiet && strcmp(quiet, "yes") == 0)
-                arg_quiet = 1;
-        char *src;
-        char *dest;
-        if (argc == 3) {
-                src = argv[1];
-                dest = argv[2];
-                arg_follow_link = 0;
-        }
-        else if (argc == 4 && !strcmp(argv[1], "--follow-link")) {
-                src = argv[2];
-                dest = argv[3];
-                arg_follow_link = 1;
-        }
-        else {
-                fprintf(stderr, "Error: arguments missing\n");
-                usage();
-                exit(1);
-        }
-        // trim trailing chars
-        if (src[strlen(src) - 1] == '/')
-                src[strlen(src) - 1] = '\0';
-        if (dest[strlen(dest) - 1] == '/')
-                dest[strlen(dest) - 1] = '\0';
-        // check the two files; remove ending /
-        int len = strlen(src);
-        if (src[len - 1] == '/')
-                src[len - 1] = '\0';
-        if (strcspn(src, "\\*&!?\"'<>%^(){}[];,") != (size_t)len) {
-                fprintf(stderr, "Error fcopy: invalid source file name %s\n", src);
-                exit(1);
-        }
-        len = strlen(dest);
-        if (dest[len - 1] == '/')
-                dest[len - 1] = '\0';
-        if (strcspn(dest, "\\*&!?\"'<>%^(){}[];,~") != (size_t)len) {
-                fprintf(stderr, "Error fcopy: invalid dest file name %s\n", dest);
-                exit(1);
-        }
-        // the destination should be a directory;
-        struct stat s;
-        if (stat(dest, &s) == -1) {
-                fprintf(stderr, "Error fcopy: dest dir %s: %s\n", dest, strerror(errno));
-                exit(1);
-        }
-        if (!S_ISDIR(s.st_mode)) {
-                fprintf(stderr, "Error fcopy: dest %s is not a directory\n", dest);
-                exit(1);
-        }
-        // copy files
-        if ((arg_follow_link ? stat : lstat)(src, &s) == -1) {
-                fprintf(stderr, "Error fcopy: src %s: %s\n", src, strerror(errno));
-                exit(1);
-        }
-        if (S_ISDIR(s.st_mode))
-                duplicate_dir(src, dest, &s);
-        else if (S_ISREG(s.st_mode))
-                duplicate_file(src, dest, &s);
-        else if (S_ISLNK(s.st_mode))
-                duplicate_link(src, dest, &s);
-        else {
-                fprintf(stderr, "Error fcopy: src %s is an unsupported type of file\n", src);
-                exit(1);
-        }
-        return 0;
-}
diff --git a/src/fgit/fgit-install.sh b/src/fgit/fgit-install.sh
deleted file mode 100755
index 1f710c688..000000000
--- a/src/fgit/fgit-install.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/sh
-# Purpose: Fetch, compile, and install firejail from GitHub source. Package-manager agnostic.
-#
-set -e          # exit immediately if one of the commands fails
-cd /tmp         # by the time we start this, we should have a tmpfs mounted on top of /tmp
-git clone --depth=1 https://www.github.com/netblue30/firejail.git
-cd firejail
-./configure --enable-git-install
-make
-sudo make install-strip
-echo "**********************************************************************"
-echo "Mainline git Firejail version was installed in /usr/local."
-echo "If you want to remove it, run"
-echo
-echo "           firejail --git-uninstall"
-echo
-echo "**********************************************************************"
-cd ..
-rm -rf firejail
diff --git a/src/fgit/fgit-uninstall.sh b/src/fgit/fgit-uninstall.sh
deleted file mode 100644
index bc7cc9563..000000000
--- a/src/fgit/fgit-uninstall.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/sh
-# Purpose: Fetch, compile, and install firejail from GitHub source. Package-manager agnostic.
-#
-set -e          # exit immediately if one of the commands fails
-cd /tmp         # by the time we start this, we should have a tmpfs mounted on top of /tmp
-git clone --depth=1 https://www.github.com/netblue30/firejail.git
-cd firejail
-./configure --enable-git-install
-sudo make uninstall
-echo "**********************************************************************"
-echo "Firejail mainline git version uninstalled from /usr/local"
-echo
-echo "**********************************************************************"
-cd ..
-rm -rf firejail
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 04e057e28..891e73eda 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1212,6 +1212,7 @@ int main(int argc, char **argv) {
                        arg_trace = 1;
                else if (strcmp(argv[i], "--tracelog") == 0)
                        arg_tracelog = 1;
+#ifndef LTS
                else if (strncmp(argv[i], "--rlimit-cpu=", 13) == 0) {
                        check_unsigned(argv[i] + 13, "Error: invalid rlimit");
                        sscanf(argv[i] + 13, "%llu", &cfg.rlimit_cpu);
@@ -1242,6 +1243,7 @@ int main(int argc, char **argv) {
                        sscanf(argv[i] + 12, "%llu", &cfg.rlimit_as);
                        arg_rlimit_as = 1;
                }
+#endif
                else if (strncmp(argv[i], "--ipc-namespace", 15) == 0)
                        arg_ipc = 1;
                else if (strncmp(argv[i], "--cpu=", 6) == 0)
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 057e3582f..ab27c29a8 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -1077,6 +1077,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                return 0;
        }
+#ifndef LTS
        // rlimit
        if (strncmp(ptr, "rlimit", 6) == 0) {
                if (strncmp(ptr, "rlimit-nofile ", 14) == 0) {
@@ -1116,6 +1117,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                return 0;
        }
+#endif
        if (strncmp(ptr, "timeout ", 8) == 0) {
                cfg.timeout = extract_timeout(ptr +8);
@@ -1186,13 +1188,14 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                ptr += 6;
        }
        else {
-                if (lineno == 0)
+                if (lineno == 0) {
                        fprintf(stderr, "Error: \"%s\" as a command line option is invalid\n", ptr);
-                else if (fname != NULL)
+                        exit(1);
-                        fprintf(stderr, "Error: line %d in %s is invalid\n", lineno, fname);
+                }
-                else
+                else {
-                        fprintf(stderr, "Error: line %d in the custom profile is invalid\n", lineno);
+                        fwarning("\"%s\" is not supported in LTS build\n", ptr);
-                exit(1);
+                        return 0;
+                }
        }
        // some characters just don't belong in filenames
diff --git a/src/firejail/rlimit.c b/src/firejail/rlimit.c
deleted file mode 100644
index e9d459ac2..000000000
--- a/src/firejail/rlimit.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "firejail.h"
-#include <sys/time.h>
-#include <sys/resource.h>
-void set_rlimits(void) {
-        // resource limits
-        struct rlimit rl;
-        if (arg_rlimit_cpu) {
-                rl.rlim_cur = (rlim_t) cfg.rlimit_cpu;
-                rl.rlim_max = (rlim_t) cfg.rlimit_cpu;
-#ifdef HAVE_GCOV
-                __gcov_dump();
-#endif
-                if (setrlimit(RLIMIT_CPU, &rl) == -1)
-                        errExit("setrlimit");
-                if (arg_debug)
-                        printf("Config rlimit: max cpu time %llu\n", cfg.rlimit_cpu);
-        }
-        if (arg_rlimit_nofile) {
-                rl.rlim_cur = (rlim_t) cfg.rlimit_nofile;
-                rl.rlim_max = (rlim_t) cfg.rlimit_nofile;
-#ifdef HAVE_GCOV        // gcov-instrumented programs might crash at this point
-                __gcov_dump();
-#endif
-                if (setrlimit(RLIMIT_NOFILE, &rl) == -1)
-                        errExit("setrlimit");
-                if (arg_debug)
-                        printf("Config rlimit: number of open file descriptors %llu\n", cfg.rlimit_nofile);
-        }
-        if (arg_rlimit_nproc) {
-                rl.rlim_cur = (rlim_t) cfg.rlimit_nproc;
-                rl.rlim_max = (rlim_t) cfg.rlimit_nproc;
-#ifdef HAVE_GCOV
-                __gcov_dump();
-#endif
-                if (setrlimit(RLIMIT_NPROC, &rl) == -1)
-                        errExit("setrlimit");
-                if (arg_debug)
-                        printf("Config rlimit: number of processes %llu\n", cfg.rlimit_nproc);
-        }
-        if (arg_rlimit_fsize) {
-                rl.rlim_cur = (rlim_t) cfg.rlimit_fsize;
-                rl.rlim_max = (rlim_t) cfg.rlimit_fsize;
-#ifdef HAVE_GCOV
-                __gcov_dump();
-#endif
-                if (setrlimit(RLIMIT_FSIZE, &rl) == -1)
-                        errExit("setrlimit");
-                if (arg_debug)
-                        printf("Config rlimit: maximum file size %llu\n", cfg.rlimit_fsize);
-        }
-        if (arg_rlimit_sigpending) {
-                rl.rlim_cur = (rlim_t) cfg.rlimit_sigpending;
-                rl.rlim_max = (rlim_t) cfg.rlimit_sigpending;
-#ifdef HAVE_GCOV
-                __gcov_dump();
-#endif
-                if (setrlimit(RLIMIT_SIGPENDING, &rl) == -1)
-                        errExit("setrlimit");
-                if (arg_debug)
-                        printf("Config rlimit: maximum number of signals pending %llu\n", cfg.rlimit_sigpending);
-        }
-        if (arg_rlimit_as) {
-                rl.rlim_cur = (rlim_t) cfg.rlimit_as;
-                rl.rlim_max = (rlim_t) cfg.rlimit_as;
-#ifdef HAVE_GCOV
-                __gcov_dump();
-#endif
-                if (setrlimit(RLIMIT_AS, &rl) == -1)
-                        errExit("setrlimit");
-                if (arg_debug)
-                        printf("Config rlimit: maximum virtual memory %llu\n", cfg.rlimit_as);
-        }
-}
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 24daedeaa..2335e9ed2 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -1023,9 +1023,6 @@ int sandbox(void* sandbox_arg) {
        // set capabilities
        set_caps();
-        // set rlimits
-        set_rlimits();
        // set cpu affinity
        if (cfg.cpus) {
                save_cpu(); // save cpu affinity mask to CPU_CFG file
diff --git a/status b/status
index 65cf745d3..19a1133ac 100644
--- a/status
+++ b/status
@@ -2,7 +2,7 @@ Phase 1
 - starting from main as of Jul 27
 - removing chroot, overlayfs, x11, private-bin, private-lib
 - removing private-home, audit, build
- remove private-etc
+- remove private-etc, private-srv, private-opt, rlimit-*
-main: 14739, LTS; 11890
+main: 14739, LTS; 11447
diff --git a/test/fcopy/cmdline.exp b/test/fcopy/cmdline.exp
deleted file mode 100755
index b68a09f99..000000000
--- a/test/fcopy/cmdline.exp
+++ /dev/null
@@ -1,46 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send -- "fcopy\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "arguments missing"
-}
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "Usage:"
-}
-after 100
-send -- "fcopy foo\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "arguments missing"
-}
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "Usage:"
-}
-after 100
-send -- "fcopy f%oo1 foo2\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "invalid source file name"
-}
-after 100
-send -- "fcopy foo1 f,oo2\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "invalid dest file name"
-}
-after 100
-puts "\nall done\n"
diff --git a/test/fcopy/dircopy.exp b/test/fcopy/dircopy.exp
deleted file mode 100755
index bb5a1e45e..000000000
--- a/test/fcopy/dircopy.exp
+++ /dev/null
@@ -1,139 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-#
-# copy directory src to dest
-#
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send -- "rm -fr dest/*\r"
-after 100
-send -- "fcopy src dest\r"
-after 100
-send -- "find dest\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "dest/"
-}
-after 100
-send -- "find dest\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "dest/"
-}
-after 100
-send -- "find dest\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "dest/a"
-}
-after 100
-send -- "find dest\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "dest/a/b"
-}
-after 100
-send -- "find dest\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "dest/a/b/file4"
-}
-after 100
-send -- "find dest\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "dest/a/file3"
-}
-after 100
-send -- "find dest\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "dest/dircopy.exp"
-}
-after 100
-send -- "find dest\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        "dest/file2"
-}
-after 100
-send -- "find dest\r"
-expect {
-        timeout {puts "TESTING ERROR 7\n";exit}
-        "dest/file1"
-}
-after 100
-send -- "ls -al dest\r"
-expect {
-        timeout {puts "TESTING ERROR 8\n";exit}
-        "drwxr-xr-x" { puts "umask 0022\n" }
-        "drwxrwxr-x" { puts "umask 0002\n" }
-}
-expect {
-        timeout {puts "TESTING ERROR 9\n";exit}
-        "a"
-}
-expect {
-        timeout {puts "TESTING ERROR 10\n";exit}
-        "lrwxrwxrwx"
-}
-expect {
-        timeout {puts "TESTING ERROR 11\n";exit}
-        "dircopy.exp"
-}
-expect {
-        timeout {puts "TESTING ERROR 12\n";exit}
-        "rwxr-xr-x" { puts "umask 0022\n" }
-        "rwxrwxr-x" { puts "umask 0002\n" }
-}
-expect {
-        timeout {puts "TESTING ERROR 13\n";exit}
-        "file1"
-}
-expect {
-        timeout {puts "TESTING ERROR 14\n";exit}
-        "rw-r--r--" { puts "umask 0022\n" }
-        "rw-rw-r--" { puts "umask 0002\n" }
-}
-expect {
-        timeout {puts "TESTING ERROR 15\n";exit}
-        "file2"
-}
-after 100
-send -- "stty -echo\r"
-after 100
-send -- "diff -q src/a/b/file4 dest/a/b/file4; echo done\r"
-expect {
-        timeout {puts "TESTING ERROR 16\n";exit}
-        "differ" {puts "TESTING ERROR 17\n";exit}
-        "done"
-}
-send -- "file dest/dircopy.exp\r"
-expect {
-        timeout {puts "TESTING ERROR 18\n";exit}
-        "symbolic link"
-}
-send -- "rm -fr dest/*\r"
-after 100
-puts "\nall done\n"
diff --git a/test/fcopy/fcopy.sh b/test/fcopy/fcopy.sh
deleted file mode 100755
index b225f9ea0..000000000
--- a/test/fcopy/fcopy.sh
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/bin/bash
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-export MALLOC_CHECK_=3
-export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
-if [ -f /etc/debian_version ]; then
-        libdir=$(dirname "$(dpkg -L firejail | grep fcopy)")
-        export PATH="$PATH:$libdir"
-fi
-export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail"
-mkdir dest
-echo "TESTING: fcopy cmdline (test/fcopy/cmdline.exp)"
-./cmdline.exp
-echo "TESTING: fcopy directory (test/fcopy/dircopy.exp)"
-./dircopy.exp
-echo "TESTING: fcopy file (test/fcopy/filecopy.exp)"
-./filecopy.exp
-echo "TESTING: fcopy link (test/fcopy/linkcopy.exp)"
-./linkcopy.exp
-echo "TESTING: fcopy trailing char (test/copy/trailing.exp)"
-./trailing.exp
-rm -fr dest/*
diff --git a/test/fcopy/filecopy.exp b/test/fcopy/filecopy.exp
deleted file mode 100755
index e5d6fb0bc..000000000
--- a/test/fcopy/filecopy.exp
+++ /dev/null
@@ -1,57 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-#
-# copy directory src to dest
-#
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send -- "rm -fr dest/*\r"
-after 100
-send -- "fcopy dircopy.exp dest\r"
-after 100
-send -- "find dest\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "dest"
-}
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "dest/dircopy.exp"
-}
-after 100
-send -- "ls -al dest\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "rwxr-xr-x" { puts "umask 0022\n" }
-        "rwxrwxr-x" { puts "umask 0002\n" }
-}
-after 100
-send -- "stty -echo\r"
-after 100
-send -- "diff -q dircopy.exp dest/dircopy.exp; echo done\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "differ" {puts "TESTING ERROR 4\n";exit}
-        "done"
-}
-send -- "file dest/dircopy.exp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "ASCII text"
-}
-send -- "rm -fr dest/*\r"
-after 100
-puts "\nall done\n"
diff --git a/test/fcopy/linkcopy.exp b/test/fcopy/linkcopy.exp
deleted file mode 100755
index ab3369bbc..000000000
--- a/test/fcopy/linkcopy.exp
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-#
-# copy directory src to dest
-#
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send -- "rm -fr dest/*\r"
-after 100
-send -- "fcopy src/dircopy.exp dest\r"
-after 100
-send -- "find dest\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "dest/"
-}
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "dest/dircopy.exp"
-}
-after 100
-send -- "ls -al dest\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "lrwxrwxrwx"
-}
-after 100
-send -- "stty -echo\r"
-after 100
-send -- "diff -q dircopy.exp dest/dircopy.exp; echo done\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "differ" {puts "TESTING ERROR 4\n";exit}
-        "done"
-}
-send -- "file dest/dircopy.exp\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "symbolic link"
-}
-send -- "rm -fr dest/*\r"
-after 100
-puts "\nall done\n"
diff --git a/test/fcopy/src/a/b/file4 b/test/fcopy/src/a/b/file4
deleted file mode 100644
index ac318d7ab..000000000
--- a/test/fcopy/src/a/b/file4
+++ /dev/null
@@ -1,11 +0,0 @@
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Etiam interdum at massa non aliquam. Maecenas molestie id orci volutpat porta. Praesent aliquam nunc quis mi tristique, ac feugiat enim rutrum. Nulla vitae metus sodales, pellentesque risus sit amet, volutpat nisl. Curabitur accumsan arcu congue lacus porta laoreet. Nulla facilisi. Integer nec augue id magna gravida tincidunt id vitae lorem. Curabitur facilisis, tellus vel pellentesque pretium, odio dolor efficitur lorem, et tincidunt dui enim cursus lacus. Cras a orci ac magna semper dapibus nec et velit. Nullam aliquam sollicitudin auctor.
-Mauris ac quam vel purus volutpat semper eget a ante. Curabitur arcu nisl, dapibus ac lectus ac, porttitor fermentum metus. Aliquam et sem aliquam magna interdum ultricies at eu orci. Aenean tortor augue, volutpat nec magna nec, rutrum bibendum justo. Vivamus ex quam, auctor ut pellentesque mattis, aliquet a eros. Etiam ac lacus ac ante ullamcorper sollicitudin a quis orci. Suspendisse quis justo ac mauris cursus finibus quis at elit. Vestibulum elementum finibus diam, eget convallis purus aliquet et. Fusce fermentum ornare urna, non ornare nisl tincidunt consectetur. Donec et lacus vitae ex eleifend porttitor id ut odio. Quisque luctus eget lorem et sollicitudin.
-Aliquam libero elit, finibus a nisl a, commodo viverra turpis. Nam pulvinar in est sit amet fermentum. Praesent scelerisque tempus lectus, ac porta elit sodales rutrum. Duis faucibus faucibus urna eget accumsan. Vivamus in turpis ut massa rhoncus pretium nec et lorem. Aenean at tellus eget metus porta ornare. Aliquam erat volutpat. Donec hendrerit a massa vel malesuada. Integer varius sapien et orci viverra pretium. In at velit aliquet, vulputate nisi lobortis, aliquam augue.
-Ut aliquam turpis ut lorem aliquam, in faucibus elit pulvinar. Vivamus viverra tortor ornare, lacinia leo sit amet, auctor arcu. Sed erat leo, pellentesque vel nibh a, malesuada vehicula purus. Vivamus est dolor, aliquet quis facilisis fermentum, varius in dolor. Nunc quis libero feugiat, imperdiet est vitae, mollis risus. Vestibulum elementum mattis lorem vitae gravida. Nullam id tellus interdum, aliquam erat eu, laoreet nunc. Aliquam ut felis vel mauris maximus pellentesque.
-Vestibulum tempus mauris eget ex interdum, vitae vehicula tortor sollicitudin. Pellentesque et dolor cursus dui vulputate laoreet. Morbi eu bibendum quam, at ultrices elit. Vestibulum dictum enim sit amet ultricies imperdiet. Praesent congue magna ac mauris mattis, a iaculis ante aliquet. Vivamus at egestas ex. Suspendisse orci dolor, pharetra at aliquam a, faucibus facilisis leo. Quisque semper lorem eget elit commodo pretium. Aenean posuere augue quis arcu finibus, sit amet fringilla risus congue. Pellentesque rutrum nunc leo, aliquam lobortis lacus molestie nec. Donec convallis congue diam, ullamcorper vestibulum dui varius nec. Praesent pellentesque nisi risus. In aliquam molestie malesuada. Nulla facilisis a risus eu tristique. Morbi molestie et arcu quis efficitur. Curabitur cursus vestibulum luctus.
diff --git a/test/fcopy/src/a/file3 b/test/fcopy/src/a/file3
deleted file mode 100644
index e69de29bb..000000000
--- a/test/fcopy/src/a/file3
+++ /dev/null
diff --git a/test/fcopy/src/dircopy.exp b/test/fcopy/src/dircopy.exp
deleted file mode 120000
index 2acf88f7b..000000000
--- a/test/fcopy/src/dircopy.exp
+++ /dev/null
@@ -1 +0,0 @@
-../dircopy.exp
-\ No newline at end of file
diff --git a/test/fcopy/src/file1 b/test/fcopy/src/file1
deleted file mode 100755
index e69de29bb..000000000
--- a/test/fcopy/src/file1
+++ /dev/null
diff --git a/test/fcopy/src/file2 b/test/fcopy/src/file2
deleted file mode 100644
index e69de29bb..000000000
--- a/test/fcopy/src/file2
+++ /dev/null
diff --git a/test/fcopy/trailing.exp b/test/fcopy/trailing.exp
deleted file mode 100755
index bd51a2b7b..000000000
--- a/test/fcopy/trailing.exp
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
-# License GPL v2
-#
-# copy directory src to dest
-#
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send -- "firejail --private-etc=group,passwd,firejail/ ls /etc/firejail\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Child process initialized"
-}
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "0ad.profile"
-}
-after 100
-puts "\nall done\n"