635 files changed, 4067 insertions, 2944 deletions
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 71791c000..57ac2e9c4 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,10 +1,10 @@
 If your PR isn't about profiles or you have no idea how to do one of these, skip the following and go ahead with this PR.
-If you make a PR for new profiles or changeing profiles please do the following:
+If you submit a PR for new profiles or changing profiles, please do the following:
- - The ordering of options follow the rules descripted in [/usr/share/doc/firejail/profile.template](https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template).  
+ - The ordering of options follow the rules described in [/usr/share/doc/firejail/profile.template](https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template).  
-   > Hint: The profile-template is very new, if you install firejail with your package-manager, it maybe missing, therefore, and to follow the latest rules, it is recommended to use the template from the repository.
+   > Hint: The profile-template is very new. If you install firejail with your package manager, it may be missing. In order to follow the latest rules, it is recommended to use the template from the repository.
- - Order the arguments of options alphabetical, you can easy do this with the [sort.py](https://github.com/netblue30/firejail/tree/master/contrib/sort.py).  
+ - Order the arguments of options alphabetically. You can easily do this with [sort.py](https://github.com/netblue30/firejail/tree/master/contrib/sort.py).  
 The path to it depends on your distro:
   | Distro | Path |
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index d974d650e..4476963b5 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -7,7 +7,7 @@ name: "CodeQL"
 on:
  push:
-    branches: [master]
+    branches: [ master ]
    paths-ignore:
      - CONTRIBUTING.md
      - README
@@ -17,7 +17,7 @@ on:
      - 'etc/**'
  pull_request:
    # The branches below must be a subset of the branches above
-    branches: [master]
+    branches: [ master ]
    paths-ignore:
      - CONTRIBUTING.md
      - README
@@ -36,24 +36,14 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        # Override automatic language detection by changing the below list
+        language: [ 'cpp', 'python' ]
-        # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
-        language: ['cpp', 'python']
+        # Learn more:
-        # Learn more...
+        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
-        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
    steps:
    - name: Checkout repository
      uses: actions/checkout@v2
-      with:
-        # We must fetch at least the immediate parents so that if this is
-        # a pull request then we can checkout the head.
-        fetch-depth: 2
-    # If this run was triggered by a pull request event, then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
diff --git a/.github/workflows/sort.yml b/.github/workflows/sort.yml
index 3e717f162..f3ded0f22 100644
--- a/.github/workflows/sort.yml
+++ b/.github/workflows/sort.yml
@@ -5,10 +5,12 @@ on:
    branches: [ master ]
    paths:
      - 'etc/**'
+      - 'contrib/sort.py'
  pull_request:
    branches: [ master ]
    paths:
      - 'etc/**'
+      - 'contrib/sort.py'
 jobs:
  profile-sort:
diff --git a/.gitignore b/.gitignore
index 76ce6c7ec..cbb1b2e83 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,6 +22,7 @@ firejail-users.5
 firejail.1
 firemon.1
 firecfg.1
+jailtest.5
 mkdeb.sh
 src/firejail/firejail
 src/firemon/firemon
@@ -38,6 +39,9 @@ src/fcopy/fcopy
 src/fldd/fldd
 src/fbuilder/fbuilder
 src/profstats/profstats
+src/bash_completion/firejail.bash_completion
+src/zsh_completion/_firejail
+src/jailtest/jailtest
 uids.h
 seccomp
 seccomp.debug
diff --git a/Makefile.in b/Makefile.in
index ba2c479e1..f9422fc8b 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -21,13 +21,17 @@ MAN_TARGET = man
 MAN_SRC = src/man
 endif
+COMPLETIONDIRS = src/zsh_completion src/bash_completion
+.PHONY: all
 all: all_items mydirs $(MAN_TARGET) filters
-APPS = src/firecfg/firecfg src/firejail/firejail src/firemon/firemon src/profstats/profstats
+APPS = src/firecfg/firecfg src/firejail/firejail src/firemon/firemon src/profstats/profstats src/jailtest/jailtest
-SBOX_APPS = src/faudit/faudit src/fbuilder/fbuilder src/ftee/ftee
+SBOX_APPS = src/fbuilder/fbuilder src/ftee/ftee
 SBOX_APPS_NON_DUMPABLE = src/fcopy/fcopy src/fldd/fldd src/fnet/fnet src/fnetfilter/fnetfilter
-MYDIRS = src/lib $(MAN_SRC)
+MYDIRS = src/lib $(MAN_SRC) $(COMPLETIONDIRS)
 MYLIBS = src/libpostexecseccomp/libpostexecseccomp.so src/libtrace/libtrace.so src/libtracelog/libtracelog.so
-MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 firejail-users.5
+COMPLETIONS = src/zsh_completion/_firejail src/bash_completion/firejail.bash_completion
+MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 firejail-users.5 jailtest.5
 SBOX_APPS_NON_DUMPABLE += src/fsec-optimize/fsec-optimize src/fsec-print/fsec-print src/fseccomp/fseccomp
 SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx seccomp.mdwx.32
 ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS)
@@ -42,7 +46,6 @@ mydirs: $(MYDIRS)
 $(MYDIRS):
        $(MAKE) -C $@
 $(MANPAGES): src/man
        ./mkman.sh $(VERSION) src/man/$(basename $@).man $@
@@ -70,6 +73,7 @@ seccomp.mdwx: src/fseccomp/fseccomp
 seccomp.mdwx.32: src/fseccomp/fseccomp
        src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32
+.PHONY: clean
 clean:
        for dir in $$(dirname $(ALL_ITEMS)) $(MYDIRS); do \
                $(MAKE) -C $$dir clean; \
@@ -89,6 +93,7 @@ clean:
        rm -f test/sysutils/firejail_t*
        cd test/compile; ./compile.sh --clean; cd ../..
+.PHONY: distclean
 distclean: clean
        for dir in $$(dirname $(ALL_ITEMS)) $(MYDIRS); do \
                $(MAKE) -C $$dir distclean; \
@@ -107,6 +112,8 @@ endif
        install -m 0755 src/firemon/firemon $(DESTDIR)$(bindir)
        # firecfg executable
        install -m 0755 src/firecfg/firecfg $(DESTDIR)$(bindir)
+        # jailtest executable
+        install -m 0755 src/jailtest/jailtest $(DESTDIR)$(bindir)
        # libraries and plugins
        install -m 0755 -d $(DESTDIR)$(libdir)/firejail
        install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS) $(SECCOMP_FILTERS) src/firecfg/firecfg.config
@@ -159,6 +166,9 @@ endif
        install -m 0644 src/bash_completion/firejail.bash_completion $(DESTDIR)$(datarootdir)/bash-completion/completions/firejail
        install -m 0644 src/bash_completion/firemon.bash_completion $(DESTDIR)$(datarootdir)/bash-completion/completions/firemon
        install -m 0644 src/bash_completion/firecfg.bash_completion $(DESTDIR)$(datarootdir)/bash-completion/completions/firecfg
+        # zsh completion
+        install -m 0755 -d $(DESTDIR)$(datarootdir)/zsh/site-functions
+        install -m 0644 src/zsh_completion/_firejail $(DESTDIR)$(datarootdir)/zsh/site-functions/
 install: all
        $(MAKE) realinstall
@@ -172,6 +182,7 @@ uninstall:
        rm -f $(DESTDIR)$(bindir)/firemon
        rm -f $(DESTDIR)$(bindir)/firecfg
        rm -fr $(DESTDIR)$(libdir)/firejail
+        rm -fr $(DESTDIR)$(libdir)/jailtest
        rm -fr $(DESTDIR)$(datarootdir)/doc/firejail
        for man in $(MANPAGES); do \
                rm -f $(DESTDIR)$(mandir)/man5/$$man*; \
@@ -183,7 +194,7 @@ uninstall:
        @echo "If you want to install a different version of firejail, you might also need to run 'rm -fr $(DESTDIR)$(sysconfdir)/firejail', see #2038."
 DISTFILES = "src etc m4 platform contrib configure configure.ac Makefile.in install.sh mkman.sh mketc.sh mkdeb.sh.in COPYING README RELNOTES"
-DISTFILES_TEST = "test/Makefile.in test/apps test/apps-x11 test/apps-x11-xorg test/root test/private-lib test/fnetfilter test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/arguments test/fs test/sysutils test/chroot"
+DISTFILES_TEST = "test/Makefile.in test/apps test/apps-x11 test/apps-x11-xorg test/root test/private-lib test/fnetfilter test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/fs test/sysutils test/chroot"
 dist:
        mv config.status config.status.old
@@ -224,24 +235,23 @@ cppcheck: clean
 scan-build: clean
        NO_EXTRA_CFLAGS="yes" scan-build make
 #
 # make test
 #
-TESTS=profiles private-lib apps apps-x11 apps-x11-xorg sysutils utils environment filters arguments fs fcopy fnetfilter
+TESTS=profiles private-lib apps apps-x11 apps-x11-xorg sysutils utils environment filters fs fcopy fnetfilter
 TEST_TARGETS=$(patsubst %,test-%,$(TESTS))
 $(TEST_TARGETS):
        $(MAKE) -C test $(subst test-,,$@)
-test: test-profiles test-private-lib test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters test-arguments
+test: test-profiles test-private-lib test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters
        echo "TEST COMPLETE"
-test-noprofiles: test-private-lib test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters test-arguments
+test-noprofiles: test-private-lib test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters
        echo "TEST COMPLETE"
-test-github: test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-arguments
+test-github: test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment
        echo "TEST COMPLETE"
 ##########################################
diff --git a/README b/README
index 174b09380..c2736a7b6 100644
--- a/README
+++ b/README
@@ -44,9 +44,10 @@ Committers
 - Fred-Barclay (https://github.com/Fred-Barclay)
 - Kelvin M. Klann (https://github.com/kmk3)
 - Kristóf Marussy (https://github.com/kris7t)
+- Neo00001 (https://github.com/Neo00001)
 - Reiner Herrmann (https://github.com/reinerh - Debian/Ubuntu maintainer)
 - rusty-snake (https://github.com/rusty-snake)
- smithsohu (https://github.com/smitsohu)
+- smitsohu (https://github.com/smitsohu)
 - SkewedZeppelin (https://github.com/SkewedZeppelin)
 - startx2017 (https://github.com/startx2017) - LTS and *bugfixes branches maintainer)
 - Topi Miettinen (https://github.com/topimiettinen)
@@ -76,6 +77,9 @@ Aidan Gauland (https://github.com/aidalgol)
        - whitelist Bohemia Interactive config dir for Steam
 Akhil Hans Maulloo (https://github.com/kouul)
        - xz profile
+Albin Kauffmann (https://github.com/albinou)
+        - Firefox and Chromium profile fixes
+        - info to allow screen sharing in profiles
 Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)
        - src/lib/libnetlink.c extracted from iproute2 software package
 Aleksey Manevich (https://github.com/manevich)
@@ -165,9 +169,12 @@ Barış Ekin Yıldırım (https://github.com/circuitshaker)
        - removing net none from code.profile
 bbhtt (https://github.com/bbhtt)
        - improvements to balsa,fractal,gajim,trojita profiles
-        - improvements to nheko, spectral, feh, links, lynx profiles
+        - improvements to nheko, spectral, feh, links, lynx, smplayer profiles
-        - added alacartem com.github.bleakgrey.tootle, photoflare profiles
+        - added alacarte, com.github.bleakgrey.tootle, photoflare profiles
        - add profiles for MS Edge dev build for Linux and Librewolf
+        - fixes to cheese, authenticator, liferea
+        - add profile for straw-viewer
+        - email clients whitelisting and fixes
 Benjamin Kampmann (https://github.com/ligthyear)
        - Forward exit code from child process
 bitfreak25 (https://github.com/bitfreak25)
@@ -452,6 +459,8 @@ Impyy (https://github.com/Impyy)
        - added mumble profile
 intika (https://github.com/intika)
        - added musixmatch profile
+irandms (https://github.com/irandms)
+        - man firecfg fixes
 irregulator (https://github.com/irregulator)
        - thunderbird profile fixes for debian stretch
 Irvine (https://github.com/Irvinehimself)
@@ -798,7 +807,9 @@ Simon Peter (https://github.com/probonopd)
 sinkuu (https://github.com/sinkuu)
        - blacklisting kwalletd
        - fix symlink invocation for programs placing symlinks in $PATH
-smithsohu (https://github.com/smitsohu)
+Simo Piiroinen (https://github.com/spiiroin)
+        - Jolla/SailfishOS patches
+smitsohu (https://github.com/smitsohu)
        - read-only kde4 services directory
        - enhanced mediathekview profile
        - added tuxguitar profile
@@ -913,6 +924,8 @@ Tom Mellor (https://github.com/kalegrill)
        - mupen64plus profile
 Tomasz Jan Góralczyk (https://github.com/tjg)
        - fixed Steam profile
+Tomi Leppänen (https://github.com/Tomin1)
+        - Jolla/SailfishOS patches
 Topi Miettinen (https://github.com/topimiettinen)
        - improved seccomp printing
        - improve mount handling, fix /run/user handling
@@ -1011,4 +1024,7 @@ Zack Weinberg (https://github.com/zackw)
          with firejail --x11
        - support for xpra-extra-params in firejail.config
-Copyright (C) 2014-2020 Firejail Authors
+zupatisc (https://github.com/zupatisc)
+        - patch-util fix
+Copyright (C) 2014-2021 Firejail Authors
diff --git a/README.md b/README.md
index db088ddf6..175ba70b6 100644
--- a/README.md
+++ b/README.md
@@ -198,7 +198,100 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 Milestone page: https://github.com/netblue30/firejail/milestone/1
 Release discussion: https://github.com/netblue30/firejail/issues/3696
+### jailtest
+`````
+JAILTEST(1)                    JAILTEST man page                   JAILTEST(1)
+NAME
+       jailtest - Simple utility program to test running sandboxes
+SYNOPSIS
+       sudo jailtest [OPTIONS] [directory]
+DESCRIPTION
+       WORK IN PROGRESS!  jailtest attaches itself to all sandboxes started by
+       the user and performs some basic tests on the sandbox filesystem:
+       1. Virtual directories
+              jailtest extracts a list with the main virtual  directories  in‐
+              stalled by the sandbox.  These directories are build by firejail
+              at startup using --private* and --whitelist commands.
+       2. Noexec test
+              jailtest inserts executable programs  in  /home/username,  /tmp,
+              and  /var/tmp  directories and tries to run them form inside the
+              sandbox, thus testing if the directory is executable or not.
+       3. Read access test
+              jailtest creates test files in the directories specified by  the
+              user and tries to read them from inside the sandbox.
+       4. AppArmor test
+       5. Seccomp test
+       The program is started as root using sudo.
+OPTIONS
+       --debug
+              Print debug messages
+       -?, --help
+              Print options end exit.
+       --version
+              Print program version and exit.
+       [directory]
+              One  or  more  directories in user home to test for read access.
+              ~/.ssh and ~/.gnupg are tested by default.
+OUTPUT
+       For each sandbox detected we print the following line:
+            PID:USER:Sandbox Name:Command
+       It is followed by relevant sandbox information, such as the virtual di‐
+       rectories and various warnings.
+EXAMPLE
+       $ sudo jailtest
+       2014:netblue::firejail /usr/bin/gimp
+          Virtual dirs: /tmp, /var/tmp, /dev, /usr/share,
+          Warning: I can run programs in /home/netblue
+       2055:netblue::firejail /usr/bin/ssh -X netblue@x.y.z.net
+          Virtual dirs: /var/tmp, /dev, /usr/share, /run/user/1000,
+          Warning: I can read ~/.ssh
+       2186:netblue:libreoffice:firejail --appimage /opt/LibreOffice-fresh.ap‐
+       pimage
+          Virtual dirs: /tmp, /var/tmp, /dev,
+       26090:netblue::/usr/bin/firejail /opt/firefox/firefox
+          Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /usr/share,
+                        /run/user/1000,
+       26160:netblue:tor:firejail --private=~/tor-browser_en-US ./start-tor
+          Warning: AppArmor not enabled
+          Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /bin,
+                        /usr/share, /run/user/1000,
+          Warning: I can run programs in /home/netblue
+LICENSE
+       This program is free software; you can redistribute it and/or modify it
+       under  the  terms of the GNU General Public License as published by the
+       Free Software Foundation; either version 2 of the License, or (at  your
+       option) any later version.
+       Homepage: https://firejail.wordpress.com
+SEE ALSO
+       firejail(1),  firemon(1), firecfg(1), firejail-profile(5), firejail-lo‐
+       gin(5), firejail-users(5),
+0.9.65                             Feb 2021                        JAILTEST(1)
+`````
 ### Profile Statistics
@@ -210,31 +303,33 @@ $ ./profstats *.profile
 Warning: multiple caps in transmission-daemon.profile
 Stats:
-    profiles                    1064
+    profiles                    1077
-    include local profile       1064   (include profile-name.local)
+    include local profile       1077   (include profile-name.local)
-    include globals             1064   (include globals.local)
+    include globals             1077   (include globals.local)
-    blacklist ~/.ssh            959   (include disable-common.inc)
+    blacklist ~/.ssh            971   (include disable-common.inc)
-    seccomp                     975
+    seccomp                     988
-    capabilities                1063
+    capabilities                1076
-    noexec                      944   (include disable-exec.inc)
+    noexec                      960   (include disable-exec.inc)
-    memory-deny-write-execute   229
+    memory-deny-write-execute   231
-    apparmor                    605
+    apparmor                    621
-    private-bin                 564
+    private-bin                 571
-    private-dev                 932
+    private-dev                 949
-    private-etc                 462
+    private-etc                 470
-    private-tmp                 823
+    private-tmp                 835
-    whitelist home directory    502
+    whitelist home directory    508
-    whitelist var               744   (include whitelist-var-common.inc)
+    whitelist var               758   (include whitelist-var-common.inc)
-    whitelist run/user          461   (include whitelist-runuser-common.inc
+    whitelist run/user          539   (include whitelist-runuser-common.inc
                                        or blacklist ${RUNUSER})
-    whitelist usr/share         451   (include whitelist-usr-share-common.inc
+    whitelist usr/share         526   (include whitelist-usr-share-common.inc
-    net none                    345
+    net none                    354
-    dbus-user none              564
+    dbus-user none              573
-    dbus-user filter            85
+    dbus-user filter            86
-    dbus-system none            696
+    dbus-system none            706
    dbus-system filter          7
 ```
 ### New profiles:
-vmware-view, display-im6.q16
+vmware-view, display-im6.q16, ipcalc, ipcalc-ng, ebook-convert, ebook-edit, ebook-meta, ebook-polish, lzop,
+avidemux, calligragemini, vmware-player, vmware-workstation, gget, com.github.phase1geo.minder, nextcloud-desktop,
+pcsxr, PPSSPPSDL, openmw, openmw-launcher, jami-gnome, PCSX2
diff --git a/RELNOTES b/RELNOTES
index f7eb80c89..3b74ebd5a 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,6 +1,22 @@
 firejail (0.9.65) baseline; urgency=low
  * filtering environment variables
-  * new profiles: vmware-view, display-im6.q16
+  * zsh completion
+  * command line: --mkdir, --mkfile
+  * --protocol now accumulates
+  * Jolla/SailfishOS patches
+  * private-lib rework
+  * jailtest utility for testing running sandboxes
+  * removed --audit options, relpaced by jailtest
+  * capabilities list update
+  * faccessat2 syscall support
+  * compile time: --enable-force-nonewprivs
+  * compile time: --disable-output
+  * compile time: --enable-lts
+  * new profiles: vmware-view, display-im6.q16, ipcalc, ipcalc-ng
+  * ebook-convert, ebook-edit, ebook-meta, ebook-polish, lzop,
+  * avidemux, calligragemini, vmware-player, vmware-workstation
+  * gget, com.github.phase1geo.minder, nextcloud-desktop, pcsxr
+  * PPSSPPSDL, openmw, openmw-launcher, jami-gnome, PCSX2
 -- netblue30 <netblue30@yahoo.com>  Tue, 9 Feb 2021 09:00:00 -0500
 firejail (0.9.64.4) baseline; urgency=low
diff --git a/configure b/configure
index 2c00dedaf..e5e0dcc0d 100755
--- a/configure
+++ b/configure
@@ -627,7 +627,8 @@ LIBOBJS
 EGREP
 GREP
 CPP
-HAVE_SELINUX
+HAVE_LTS
+HAVE_FORCE_NONEWPRIVS
 HAVE_CONTRIB_INSTALL
 HAVE_GCOV
 BUSYBOX_WORKAROUND
@@ -645,10 +646,12 @@ HAVE_FIRETUNNEL
 HAVE_GAWK
 HAVE_MAN
 HAVE_USERTMPFS
+HAVE_OUTPUT
 HAVE_OVERLAYFS
 HAVE_DBUSPROXY
 EXTRA_LDFLAGS
 EXTRA_CFLAGS
+HAVE_SELINUX
 HAVE_APPARMOR
 AA_LIBS
 AA_CFLAGS
@@ -710,7 +713,9 @@ ac_user_opts='
 enable_option_checking
 enable_analyzer
 enable_apparmor
+enable_selinux
 enable_dbusproxy
+enable_output
 enable_usertmpfs
 enable_man
 enable_firetunnel
@@ -727,7 +732,8 @@ enable_fatal_warnings
 enable_busybox_workaround
 enable_gcov
 enable_contrib_install
-enable_selinux
+enable_force_nonewprivs
+enable_lts
 '
      ac_precious_vars='build_alias
 host_alias
@@ -1365,7 +1371,9 @@ Optional Features:
  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
  --enable-analyzer       enable GCC 10 static analyzer
  --enable-apparmor       enable apparmor
+  --enable-selinux        SELinux labeling support
  --disable-dbusproxy     disable dbus proxy
+  --disable-output        disable --output logging
  --disable-usertmpfs     disable tmpfs as regular user
  --disable-man           disable man pages
  --disable-firetunnel    disable firetunnel
@@ -1385,7 +1393,9 @@ Optional Features:
  --enable-gcov           Gcov instrumentation
  --enable-contrib-install
                          install contrib scripts
-  --enable-selinux        SELinux labeling support
+  --enable-force-nonewprivs
+                          enable force nonewprivs
+  --enable-lts            enable long-term support software version (LTS)
 Some influential environment variables:
  CC          C compiler command
@@ -3511,6 +3521,20 @@ fi
 fi
+HAVE_SELINUX=""
+# Check whether --enable-selinux was given.
+if test "${enable_selinux+set}" = set; then :
+  enableval=$enable_selinux;
+fi
+if test "x$enable_selinux" = "xyes"; then :
+        HAVE_SELINUX="-DHAVE_SELINUX"
+        EXTRA_LDFLAGS+=" -lselinux "
+fi
@@ -3539,6 +3563,19 @@ HAVE_OVERLAYFS=""
 #       AC_SUBST(HAVE_OVERLAYFS)
 #])
+HAVE_OUTPUT=""
+# Check whether --enable-output was given.
+if test "${enable_output+set}" = set; then :
+  enableval=$enable_output;
+fi
+if test "x$enable_output" != "xno"; then :
+        HAVE_OUTPUT="-DHAVE_OUTPUT"
+fi
 HAVE_USERTMPFS=""
 # Check whether --enable-usertmpfs was given.
 if test "${enable_usertmpfs+set}" = set; then :
@@ -3792,20 +3829,80 @@ else
 fi
-HAVE_SELINUX=""
+HAVE_FORCE_NONEWPRIVS=""
-# Check whether --enable-selinux was given.
+# Check whether --enable-force-nonewprivs was given.
-if test "${enable_selinux+set}" = set; then :
+if test "${enable_force_nonewprivs+set}" = set; then :
-  enableval=$enable_selinux;
+  enableval=$enable_force_nonewprivs;
 fi
-if test "x$enable_selinux" = "xyes"; then :
+if test "x$enable_force_nonewprivs" = "xyes"; then :
-        HAVE_SELINUX="-DHAVE_SELINUX"
+        HAVE_FORCE_NONEWPRIVS="-DHAVE_FORCE_NONEWPRIVS"
-        EXTRA_LDFLAGS+=" -lselinux "
 fi
+HAVE_LTS=""
+# Check whether --enable-lts was given.
+if test "${enable_lts+set}" = set; then :
+  enableval=$enable_lts;
+fi
+if test "x$enable_lts" = "xyes"; then :
+        HAVE_LTS="-DHAVE_LTS"
+        HAVE_DBUSPROXY=""
+        HAVE_OVERLAYFS=""
+        HAVE_OUTPUT=""
+        HAVE_USERTMPFS=""
+        HAVE_MAN="-DHAVE_MAN"
+        HAVE_FIRETUNNEL=""
+        HAVE_PRIVATEHOME=""
+        HAVE_CHROOT=""
+        HAVE_GLOBALCFG=""
+        HAVE_USERNS=""
+        HAVE_X11=""
+        HAVE_FILE_TRANSFER=""
+        HAVE_SUID="yes"
+        BUSYBOX_WORKAROUND="no"
+        HAVE_CONTRIB_INSTALL="no",
+fi
 # checking pthread library
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lpthread" >&5
 $as_echo_n "checking for main in -lpthread... " >&6; }
@@ -4269,7 +4366,7 @@ fi
 ac_config_files="$ac_config_files mkdeb.sh"
-ac_config_files="$ac_config_files Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile src/profstats/Makefile src/man/Makefile test/Makefile"
+ac_config_files="$ac_config_files Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile src/ftee/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile src/profstats/Makefile src/man/Makefile src/zsh_completion/Makefile src/bash_completion/Makefile test/Makefile src/jailtest/Makefile"
 cat >confcache <<\_ACEOF
 # This file is a shell script that caches the results of configure
@@ -4993,14 +5090,16 @@ do
    "src/fbuilder/Makefile") CONFIG_FILES="$CONFIG_FILES src/fbuilder/Makefile" ;;
    "src/fsec-print/Makefile") CONFIG_FILES="$CONFIG_FILES src/fsec-print/Makefile" ;;
    "src/ftee/Makefile") CONFIG_FILES="$CONFIG_FILES src/ftee/Makefile" ;;
-    "src/faudit/Makefile") CONFIG_FILES="$CONFIG_FILES src/faudit/Makefile" ;;
    "src/fseccomp/Makefile") CONFIG_FILES="$CONFIG_FILES src/fseccomp/Makefile" ;;
    "src/fldd/Makefile") CONFIG_FILES="$CONFIG_FILES src/fldd/Makefile" ;;
    "src/libpostexecseccomp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libpostexecseccomp/Makefile" ;;
    "src/fsec-optimize/Makefile") CONFIG_FILES="$CONFIG_FILES src/fsec-optimize/Makefile" ;;
    "src/profstats/Makefile") CONFIG_FILES="$CONFIG_FILES src/profstats/Makefile" ;;
    "src/man/Makefile") CONFIG_FILES="$CONFIG_FILES src/man/Makefile" ;;
+    "src/zsh_completion/Makefile") CONFIG_FILES="$CONFIG_FILES src/zsh_completion/Makefile" ;;
+    "src/bash_completion/Makefile") CONFIG_FILES="$CONFIG_FILES src/bash_completion/Makefile" ;;
    "test/Makefile") CONFIG_FILES="$CONFIG_FILES test/Makefile" ;;
+    "src/jailtest/Makefile") CONFIG_FILES="$CONFIG_FILES src/jailtest/Makefile" ;;
  *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
  esac
@@ -5466,6 +5565,7 @@ echo "Configuration options:"
 echo "   prefix: $prefix"
 echo "   sysconfdir: $sysconfdir"
 echo "   apparmor: $HAVE_APPARMOR"
+echo "   SELinux labeling support: $HAVE_SELINUX"
 echo "   global config: $HAVE_GLOBALCFG"
 echo "   chroot: $HAVE_CHROOT"
 echo "   network: $HAVE_NETWORK"
@@ -5477,6 +5577,7 @@ echo "   file transfer support: $HAVE_FILE_TRANSFER"
 echo "   overlayfs support: $HAVE_OVERLAYFS"
 echo "   DBUS proxy support: $HAVE_DBUSPROXY"
 echo "   allow tmpfs as regular user: $HAVE_USERTMPFS"
+echo "   enable --ouput logging: $HAVE_OUTPUT"
 echo "   Manpage support: $HAVE_MAN"
 echo "   firetunnel support: $HAVE_FIRETUNNEL"
 echo "   busybox workaround: $BUSYBOX_WORKAROUND"
@@ -5486,6 +5587,20 @@ echo "   EXTRA_CFLAGS: $EXTRA_CFLAGS"
 echo "   fatal warnings: $HAVE_FATAL_WARNINGS"
 echo "   Gcov instrumentation: $HAVE_GCOV"
 echo "   Install contrib scripts: $HAVE_CONTRIB_INSTALL"
-echo "   SELinux labeling support: $HAVE_SELINUX"
 echo "   Install as a SUID executable: $HAVE_SUID"
+echo "   LTS: $HAVE_LTS"
+echo "   Always enforce filters: $HAVE_FORCE_NONEWPRIVS"
 echo
+if test "$HAVE_LTS" = -DHAVE_LTS; then
+        echo
+        echo
+        echo "*********************************************************"
+        echo "*    Warning: Long-term support (LTS) was enabled!      *"
+        echo "*    Most compile-time options have bean rewritten!     *"
+        echo "*********************************************************"
+        echo
+        echo
+fi
diff --git a/configure.ac b/configure.ac
index f5e3347ea..e8bd6fb80 100644
--- a/configure.ac
+++ b/configure.ac
@@ -54,6 +54,15 @@ AS_IF([test "x$enable_apparmor" = "xyes"], [
        AC_SUBST(HAVE_APPARMOR)
 ])
+HAVE_SELINUX=""
+AC_ARG_ENABLE([selinux],
+    AS_HELP_STRING([--enable-selinux], [SELinux labeling support]))
+AS_IF([test "x$enable_selinux" = "xyes"], [
+        HAVE_SELINUX="-DHAVE_SELINUX"
+        EXTRA_LDFLAGS+=" -lselinux "
+        AC_SUBST(HAVE_SELINUX)
+])
 AC_SUBST([EXTRA_CFLAGS])
 AC_SUBST([EXTRA_LDFLAGS])
@@ -77,6 +86,14 @@ AC_SUBST(HAVE_OVERLAYFS)
 #       AC_SUBST(HAVE_OVERLAYFS)
 #])
+HAVE_OUTPUT=""
+AC_ARG_ENABLE([output],
+    AS_HELP_STRING([--disable-output], [disable --output logging]))
+AS_IF([test "x$enable_output" != "xno"], [
+        HAVE_OUTPUT="-DHAVE_OUTPUT"
+        AC_SUBST(HAVE_OUTPUT)
+])
 HAVE_USERTMPFS=""
 AC_ARG_ENABLE([usertmpfs],
    AS_HELP_STRING([--disable-usertmpfs], [disable tmpfs as regular user]))
@@ -211,15 +228,70 @@ AS_IF([test "x$enable_contrib_install" = "xno"],
 )
 AC_SUBST(HAVE_CONTRIB_INSTALL)
-HAVE_SELINUX=""
+HAVE_FORCE_NONEWPRIVS=""
-AC_ARG_ENABLE([selinux],
+AC_ARG_ENABLE([force-nonewprivs],
-    AS_HELP_STRING([--enable-selinux], [SELinux labeling support]))
+    AS_HELP_STRING([--enable-force-nonewprivs], [enable force nonewprivs]))
-AS_IF([test "x$enable_selinux" = "xyes"], [
+AS_IF([test "x$enable_force_nonewprivs" = "xyes"], [
-        HAVE_SELINUX="-DHAVE_SELINUX"
+        HAVE_FORCE_NONEWPRIVS="-DHAVE_FORCE_NONEWPRIVS"
-        EXTRA_LDFLAGS+=" -lselinux "
+        AC_SUBST(HAVE_FORCE_NONEWPRIVS)
-        AC_SUBST(HAVE_SELINUX)
+])
+HAVE_LTS=""
+AC_ARG_ENABLE([lts],
+    AS_HELP_STRING([--enable-lts], [enable long-term support software version (LTS)]))
+AS_IF([test "x$enable_lts" = "xyes"], [
+        HAVE_LTS="-DHAVE_LTS"
+        AC_SUBST(HAVE_LTS)
+        HAVE_DBUSPROXY=""
+        AC_SUBST(HAVE_DBUSPROXY)
+        HAVE_OVERLAYFS=""
+        AC_SUBST(HAVE_OVERLAYFS)
+        HAVE_OUTPUT=""
+        AC_SUBST(HAVE_OUTPUT)
+        HAVE_USERTMPFS=""
+        AC_SUBST(HAVE_USERTMPFS)
+        HAVE_MAN="-DHAVE_MAN"
+        AC_SUBST(HAVE_MAN)
+        HAVE_FIRETUNNEL=""
+        AC_SUBST(HAVE_FIRETUNNEL)
+        HAVE_PRIVATEHOME=""
+        AC_SUBST(HAVE_PRIVATE_HOME)
+        HAVE_CHROOT=""
+        AC_SUBST(HAVE_CHROOT)
+        HAVE_GLOBALCFG=""
+        AC_SUBST(HAVE_GLOBALCFG)
+        HAVE_USERNS=""
+        AC_SUBST(HAVE_USERNS)
+        HAVE_X11=""
+        AC_SUBST(HAVE_X11)
+        HAVE_FILE_TRANSFER=""
+        AC_SUBST(HAVE_FILE_TRANSFER)
+        HAVE_SUID="yes"
+        AC_SUBST(HAVE_SUID)
+        BUSYBOX_WORKAROUND="no"
+        AC_SUBST(BUSYBOX_WORKAROUND)
+        HAVE_CONTRIB_INSTALL="no",
+        AC_SUBST(HAVE_CONTRIB_INSTALL)
 ])
 # checking pthread library
 AC_CHECK_LIB([pthread], [main], [], AC_MSG_ERROR([*** POSIX thread support not installed ***]))
 AC_CHECK_HEADER(pthread.h,,AC_MSG_ERROR([*** POSIX thread support not installed ***]))
@@ -233,14 +305,16 @@ fi
 AC_CONFIG_FILES([mkdeb.sh], [chmod +x mkdeb.sh])
 AC_OUTPUT(Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile \
 src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile \
-src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile \
+src/ftee/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile \
-src/profstats/Makefile src/man/Makefile test/Makefile)
+src/profstats/Makefile src/man/Makefile src/zsh_completion/Makefile src/bash_completion/Makefile test/Makefile \
+src/jailtest/Makefile)
 echo
 echo "Configuration options:"
 echo "   prefix: $prefix"
 echo "   sysconfdir: $sysconfdir"
 echo "   apparmor: $HAVE_APPARMOR"
+echo "   SELinux labeling support: $HAVE_SELINUX"
 echo "   global config: $HAVE_GLOBALCFG"
 echo "   chroot: $HAVE_CHROOT"
 echo "   network: $HAVE_NETWORK"
@@ -252,6 +326,7 @@ echo "   file transfer support: $HAVE_FILE_TRANSFER"
 echo "   overlayfs support: $HAVE_OVERLAYFS"
 echo "   DBUS proxy support: $HAVE_DBUSPROXY"
 echo "   allow tmpfs as regular user: $HAVE_USERTMPFS"
+echo "   enable --ouput logging: $HAVE_OUTPUT"
 echo "   Manpage support: $HAVE_MAN"
 echo "   firetunnel support: $HAVE_FIRETUNNEL"
 echo "   busybox workaround: $BUSYBOX_WORKAROUND"
@@ -261,6 +336,20 @@ echo "   EXTRA_CFLAGS: $EXTRA_CFLAGS"
 echo "   fatal warnings: $HAVE_FATAL_WARNINGS"
 echo "   Gcov instrumentation: $HAVE_GCOV"
 echo "   Install contrib scripts: $HAVE_CONTRIB_INSTALL"
-echo "   SELinux labeling support: $HAVE_SELINUX"
 echo "   Install as a SUID executable: $HAVE_SUID"
+echo "   LTS: $HAVE_LTS"
+echo "   Always enforce filters: $HAVE_FORCE_NONEWPRIVS"
 echo
+if test "$HAVE_LTS" = -DHAVE_LTS; then
+        echo
+        echo
+        echo "*********************************************************"
+        echo "*    Warning: Long-term support (LTS) was enabled!      *"
+        echo "*    Most compile-time options have bean rewritten!     *"
+        echo "*********************************************************"
+        echo
+        echo
+fi
diff --git a/contrib/firejail-welcome.sh b/contrib/firejail-welcome.sh
index 2943983e5..6eebc67c5 100755
--- a/contrib/firejail-welcome.sh
+++ b/contrib/firejail-welcome.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2020 Firejail Authors
+# Copyright (C) 2020-2021 Firejail Authors
 # License GPL v2
 if ! command -v zenity >/dev/null; then
diff --git a/contrib/fj-mkdeb.py b/contrib/fj-mkdeb.py
index 487df4c83..b4a947535 100755
--- a/contrib/fj-mkdeb.py
+++ b/contrib/fj-mkdeb.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 # This script automates the workaround for https://github.com/netblue30/firejail/issues/772
diff --git a/contrib/fjclip.py b/contrib/fjclip.py
index 66038430d..3e99d71e9 100755
--- a/contrib/fjclip.py
+++ b/contrib/fjclip.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 import sys
diff --git a/contrib/fjdisplay.py b/contrib/fjdisplay.py
index f1880283b..294bde997 100755
--- a/contrib/fjdisplay.py
+++ b/contrib/fjdisplay.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 import re
diff --git a/contrib/fjresize.py b/contrib/fjresize.py
index 6ab963c58..d656f5c91 100755
--- a/contrib/fjresize.py
+++ b/contrib/fjresize.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 import sys
diff --git a/contrib/gdb-firejail.sh b/contrib/gdb-firejail.sh
index 7a351c065..941fc45ef 100755
--- a/contrib/gdb-firejail.sh
+++ b/contrib/gdb-firejail.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set -x
diff --git a/contrib/jail_prober.py b/contrib/jail_prober.py
index 67e851282..9205d9b3e 100755
--- a/contrib/jail_prober.py
+++ b/contrib/jail_prober.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 """
 Figure out which profile options may be causing a particular program to break
diff --git a/contrib/sort.py b/contrib/sort.py
index 54b2cbaa6..9e5062c3c 100755
--- a/contrib/sort.py
+++ b/contrib/sort.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 """
 Sort the items of multi-item options in profiles, the following options are supported:
@@ -80,7 +80,7 @@ def fix_profile(filename):
        lines = profile.read().split("\n")
        was_fixed = False
        fixed_profile = []
-        for line in lines:
+        for lineno, line in enumerate(lines):
            if line[:12] in ("private-bin ", "private-etc ", "private-lib "):
                fixed_line = f"{line[:12]}{sort_alphabetical(line[12:])}"
            elif line[:13] in ("seccomp.drop ", "seccomp.keep "):
@@ -95,6 +95,10 @@ def fix_profile(filename):
                fixed_line = line
            if fixed_line != line:
                was_fixed = True
+                print(
+                    f"{filename}:{lineno + 1}:-{line}\n"
+                    f"{filename}:{lineno + 1}:+{fixed_line}"
+                )
            fixed_profile.append(fixed_line)
        if was_fixed:
            profile.seek(0)
@@ -108,6 +112,7 @@ def fix_profile(filename):
 def main(args):
    exit_code = 0
+    print(f"sort.py: checking {len(args)} {'profiles' if len(args) != 1 else 'profile'}...")
    for filename in args:
        try:
            if exit_code not in (1, 101):
@@ -120,8 +125,8 @@ def main(args):
        except PermissionError:
            print(f"[ Error ] Can't read/write `{filename}'")
            exit_code = 1
-        except:
+        except Exception as err:
-            print(f"[ Error ] An error occurred while processing `{filename}'")
+            print(f"[ Error ] An error occurred while processing `{filename}': {err}")
            exit_code = 1
    return exit_code
diff --git a/contrib/syscalls.sh b/contrib/syscalls.sh
index b990ac23c..728ff5a78 100755
--- a/contrib/syscalls.sh
+++ b/contrib/syscalls.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 STRACE_OUTPUT_FILE="$(pwd)/strace_output.txt"
diff --git a/contrib/update_deb.sh b/contrib/update_deb.sh
index 1fceca788..4c715aaf7 100755
--- a/contrib/update_deb.sh
+++ b/contrib/update_deb.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 # Purpose: Fetch, compile, and install firejail from GitHub source. For
diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default
index ec87f1d2d..80d527e41 100644
--- a/etc/apparmor/firejail-default
+++ b/etc/apparmor/firejail-default
@@ -126,40 +126,14 @@ signal (receive),
 # We let Firejail deal with capabilities, but ensure that
 # some AppArmor related capabilities will not be available.
 ##########
-capability chown,
+# The list of recognized capabilities varies from one apparmor version to another.
-capability dac_override,
+# For example on Debian 10 (apparmor 2.13.2) checkpoint_restore, perfmon, bpf are not available
-capability dac_read_search,
+# We allow all caps by default and remove the  ones we don't like:
-capability fowner,
+capability,
-capability fsetid,
+deny capability audit_write,
-capability kill,
+deny capability audit_control,
-capability setgid,
+deny capability mac_override,
-capability setuid,
+deny capability mac_admin,
-capability setpcap,
-capability linux_immutable,
-capability net_bind_service,
-capability net_broadcast,
-capability net_admin,
-capability net_raw,
-capability ipc_lock,
-capability ipc_owner,
-capability sys_module,
-capability sys_rawio,
-capability sys_chroot,
-capability sys_ptrace,
-capability sys_pacct,
-capability sys_admin,
-capability sys_boot,
-capability sys_nice,
-capability sys_resource,
-capability sys_time,
-capability sys_tty_config,
-capability mknod,
-capability lease,
-#capability audit_write,
-#capability audit_control,
-capability setfcap,
-#capability mac_override,
-#capability mac_admin,
 # Site-specific additions and overrides. See local/README for details.
 #include <local/firejail-default>
diff --git a/etc/apparmor/firejail-local b/etc/apparmor/firejail-local
index f086653f8..893a1ce46 100644
--- a/etc/apparmor/firejail-local
+++ b/etc/apparmor/firejail-local
@@ -1,2 +1,5 @@
 # Site-specific additions and overrides for 'firejail-default'.
 # For more details, please see /etc/apparmor.d/local/README.
+# Uncomment to opt-in to apparmor for torbrowser-launcher
+#owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/** ix,
diff --git a/etc/inc/chromium-common-hardened.inc b/etc/inc/chromium-common-hardened.inc
deleted file mode 100644
index f33ce3115..000000000
--- a/etc/inc/chromium-common-hardened.inc
+++ /dev/null
@@ -1,5 +0,0 @@
-caps.drop all
-nonewprivs
-noroot
-protocol unix,inet,inet6,netlink
-seccomp !chroot
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index d724e3b52..52534a9e9 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -442,6 +442,7 @@ blacklist ${PATH}/mount
 blacklist ${PATH}/mount.ecryptfs_private
 blacklist ${PATH}/nc
 blacklist ${PATH}/ncat
+blacklist ${PATH}/nmap
 blacklist ${PATH}/newgidmap
 blacklist ${PATH}/newgrp
 blacklist ${PATH}/newuidmap
@@ -452,6 +453,7 @@ blacklist ${PATH}/sg
 blacklist ${PATH}/strace
 blacklist ${PATH}/su
 blacklist ${PATH}/sudo
+blacklist ${PATH}/tcpdump
 blacklist ${PATH}/umount
 blacklist ${PATH}/unix_chkpwd
 blacklist ${PATH}/xev
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 05f82170d..9dffa750a 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -5,6 +5,7 @@ include disable-programs.local
 blacklist ${HOME}/Arduino
 blacklist ${HOME}/i2p
 blacklist ${HOME}/Monero/wallets
+blacklist ${HOME}/Nextcloud
 blacklist ${HOME}/Nextcloud/Notes
 blacklist ${HOME}/SoftMaker
 blacklist ${HOME}/Standard Notes Backups
@@ -117,8 +118,10 @@ blacklist ${HOME}/.config/MusE
 blacklist ${HOME}/.config/MuseScore
 blacklist ${HOME}/.config/MusicBrainz
 blacklist ${HOME}/.config/Nathan Osman
+blacklist ${HOME}/.config/Nextcloud
 blacklist ${HOME}/.config/Nylas Mail
 blacklist ${HOME}/.config/PacmanLogViewer
+blacklist ${HOME}/.config/PawelStolowski
 blacklist ${HOME}/.config/PBE
 blacklist ${HOME}/.config/Philipp Schmieder
 blacklist ${HOME}/.config/QGIS
@@ -164,6 +167,7 @@ blacklist ${HOME}/.config/aweather
 blacklist ${HOME}/.config/backintime
 blacklist ${HOME}/.config/baloofilerc
 blacklist ${HOME}/.config/baloorc
+blacklist ${HOME}/.config/bcompare
 blacklist ${HOME}/.config/blender
 blacklist ${HOME}/.config/bless
 blacklist ${HOME}/.config/bnox
@@ -265,6 +269,7 @@ blacklist ${HOME}/.config/inkscape
 blacklist ${HOME}/.config/inox
 blacklist ${HOME}/.config/iridium
 blacklist ${HOME}/.config/itch
+blacklist ${HOME}/.config/jami
 blacklist ${HOME}/.config/jd-gui.cfg
 blacklist ${HOME}/.config/k3brc
 blacklist ${HOME}/.config/kaffeinerc
@@ -304,12 +309,12 @@ blacklist ${HOME}/.config/lugaru
 blacklist ${HOME}/.config/lutris
 blacklist ${HOME}/.config/lximage-qt
 blacklist ${HOME}/.config/mailtransports
-blacklist ${HOME}/.local/share/man
 blacklist ${HOME}/.config/mana
 blacklist ${HOME}/.config/mate-calc
 blacklist ${HOME}/.config/mate/eom
 blacklist ${HOME}/.config/mate/mate-dictionary
 blacklist ${HOME}/.config/matrix-mirage
+blacklist ${HOME}/.config/mcomix
 blacklist ${HOME}/.config/meld
 blacklist ${HOME}/.config/meteo-qt
 blacklist ${HOME}/.config/menulibre.cfg
@@ -333,6 +338,7 @@ blacklist ${HOME}/.config/nemo
 blacklist ${HOME}/.config/neomutt
 blacklist ${HOME}/.config/netsurf
 blacklist ${HOME}/.config/newsbeuter
+blacklist ${HOME}/.config/newsboat
 blacklist ${HOME}/.config/newsflash
 blacklist ${HOME}/.config/nheko
 blacklist ${HOME}/.config/NitroShare
@@ -344,6 +350,7 @@ blacklist ${HOME}/.config/okularrc
 blacklist ${HOME}/.config/onboard
 blacklist ${HOME}/.config/onionshare
 blacklist ${HOME}/.config/onlyoffice
+blacklist ${HOME}/.config/openmw
 blacklist ${HOME}/.config/opera
 blacklist ${HOME}/.config/opera-beta
 blacklist ${HOME}/.config/orage
@@ -356,6 +363,7 @@ blacklist ${HOME}/.config/pavucontrol.ini
 blacklist ${HOME}/.config/pcmanfm
 blacklist ${HOME}/.config/pdfmod
 blacklist ${HOME}/.config/Pinta
+blacklist ${HOME}/.config/pipe-viewer
 blacklist ${HOME}/.config/pitivi
 blacklist ${HOME}/.config/pix
 blacklist ${HOME}/.config/pluma
@@ -436,6 +444,7 @@ blacklist ${HOME}/.config/yandex-browser
 blacklist ${HOME}/.config/yandex-browser-beta
 blacklist ${HOME}/.config/yelp
 blacklist ${HOME}/.config/youtube-dl
+blacklist ${HOME}/.config/youtube-dlg
 blacklist ${HOME}/.config/youtubemusic-nativefier-040164
 blacklist ${HOME}/.config/youtube-music-desktop-app
 blacklist ${HOME}/.config/youtube-viewer
@@ -582,7 +591,9 @@ blacklist ${HOME}/.local/share/JetBrains
 blacklist ${HOME}/.local/share/Kingsoft
 blacklist ${HOME}/.local/share/Mendeley Ltd.
 blacklist ${HOME}/.local/share/Mumble
+blacklist ${HOME}/.local/share/Nextcloud
 blacklist ${HOME}/.local/share/PBE
+blacklist ${HOME}/.local/share/PawelStolowski
 blacklist ${HOME}/.local/share/Psi
 blacklist ${HOME}/.local/share/QGIS
 blacklist ${HOME}/.local/share/QMediathekView
@@ -658,6 +669,7 @@ blacklist ${HOME}/.local/share/gradio
 blacklist ${HOME}/.local/share/gwenview
 blacklist ${HOME}/.local/share/i2p
 blacklist ${HOME}/.local/share/IntoTheBreach
+blacklist ${HOME}/.local/share/jami
 blacklist ${HOME}/.local/share/kaffeine
 blacklist ${HOME}/.local/share/kalgebra
 blacklist ${HOME}/.local/share/kate
@@ -683,11 +695,14 @@ blacklist ${HOME}/.local/share/lollypop
 blacklist ${HOME}/.local/share/love
 blacklist ${HOME}/.local/share/lugaru
 blacklist ${HOME}/.local/share/lutris
+blacklist ${HOME}/.local/share/man
 blacklist ${HOME}/.local/share/mana
 blacklist ${HOME}/.local/share/maps-places.json
 blacklist ${HOME}/.local/share/matrix-mirage
+blacklist ${HOME}/.local/share/mcomix
 blacklist ${HOME}/.local/share/meld
 blacklist ${HOME}/.local/share/midori
+blacklist ${HOME}/.local/share/minder
 blacklist ${HOME}/.local/share/mirage
 blacklist ${HOME}/.local/share/multimc
 blacklist ${HOME}/.local/share/multimc5
@@ -698,11 +713,14 @@ blacklist ${HOME}/.local/share/nautilus-python
 blacklist ${HOME}/.local/share/nemo
 blacklist ${HOME}/.local/share/nemo-python
 blacklist ${HOME}/.local/share/news-flash
+blacklist ${HOME}/.local/share/newsbeuter
+blacklist ${HOME}/.local/share/newsboat
 blacklist ${HOME}/.local/share/nomacs
 blacklist ${HOME}/.local/share/notes
 blacklist ${HOME}/.local/share/ocenaudio
 blacklist ${HOME}/.local/share/okular
 blacklist ${HOME}/.local/share/onlyoffice
+blacklist ${HOME}/.local/share/openmw
 blacklist ${HOME}/.local/share/orage
 blacklist ${HOME}/.local/share/org.kde.gwenview
 blacklist ${HOME}/.local/share/Paradox Interactive
@@ -786,6 +804,7 @@ blacklist ${HOME}/.opera-beta
 blacklist ${HOME}/.ostrichriders
 blacklist ${HOME}/.paradoxinteractive
 blacklist ${HOME}/.parallelrealities/blobwars
+blacklist ${HOME}/.pcsxr
 blacklist ${HOME}/.penguin-command
 blacklist ${HOME}/.pingus
 blacklist ${HOME}/.pioneer
@@ -888,6 +907,7 @@ blacklist ${HOME}/.cache/INRIA
 blacklist ${HOME}/.cache/MusicBrainz
 blacklist ${HOME}/.cache/NewsFlashGTK
 blacklist ${HOME}/.cache/Otter
+blacklist ${HOME}/.cache/PawelStolowski
 blacklist ${HOME}/.cache/Psi
 blacklist ${HOME}/.cache/QuiteRss
 blacklist ${HOME}/.cache/Quotient/quaternion
@@ -996,6 +1016,7 @@ blacklist ${HOME}/.cache/org.gnome.Maps
 blacklist ${HOME}/.cache/pdfmod
 blacklist ${HOME}/.cache/peek
 blacklist ${HOME}/.cache/pip
+blacklist ${HOME}/.cache/pipe-viewer
 blacklist ${HOME}/.cache/plasmashell
 blacklist ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite*
 blacklist ${HOME}/.cache/psi
diff --git a/etc/inc/feh-network.inc b/etc/inc/feh-network.inc
deleted file mode 100644
index e94e7205c..000000000
--- a/etc/inc/feh-network.inc
+++ /dev/null
@@ -1,4 +0,0 @@
-ignore net none
-netfilter
-protocol unix,inet,inet6
-private-etc ca-certificates,crypto-policies,hosts,pki,resolv.conf,ssl
diff --git a/etc/profile-a-l/7z.profile b/etc/profile-a-l/7z.profile
index b2294c070..0d31255ad 100644
--- a/etc/profile-a-l/7z.profile
+++ b/etc/profile-a-l/7z.profile
@@ -7,8 +7,8 @@ include 7z.local
 # Persistent global definitions
 include globals.local
-# Included in archiver-common.inc
+# Included in archiver-common.profile
 ignore include disable-shell.inc
 # Redirect
-include archiver-common.inc
+include archiver-common.profile
diff --git a/etc/profile-a-l/android-studio.profile b/etc/profile-a-l/android-studio.profile
index 2cdd3a90c..5a21744cf 100644
--- a/etc/profile-a-l/android-studio.profile
+++ b/etc/profile-a-l/android-studio.profile
@@ -5,6 +5,7 @@ include android-studio.local
 # Persistent global definitions
 include globals.local
+noblacklist ${HOME}/.config/Google
 noblacklist ${HOME}/.AndroidStudio*
 noblacklist ${HOME}/.android
 noblacklist ${HOME}/.jack-server
diff --git a/etc/profile-a-l/ar.profile b/etc/profile-a-l/ar.profile
index f99934e66..5a20a8181 100644
--- a/etc/profile-a-l/ar.profile
+++ b/etc/profile-a-l/ar.profile
@@ -8,4 +8,4 @@ include ar.local
 include globals.local
 # Redirect
-include archiver-common.inc
+include archiver-common.profile
diff --git a/etc/inc/archiver-common.inc b/etc/profile-a-l/archiver-common.profile
index 74b0b6ef6..74b0b6ef6 100644
--- a/etc/inc/archiver-common.inc
+++ b/etc/profile-a-l/archiver-common.profile
diff --git a/etc/profile-a-l/atool.profile b/etc/profile-a-l/atool.profile
index 6e0ecb012..e377de2c8 100644
--- a/etc/profile-a-l/atool.profile
+++ b/etc/profile-a-l/atool.profile
@@ -17,4 +17,4 @@ private-etc alternatives,group,login.defs,passwd
 private-tmp
 # Redirect
-include archiver-common.inc
+include archiver-common.profile
diff --git a/etc/profile-a-l/atril.profile b/etc/profile-a-l/atril.profile
index adca38cb5..2b032e977 100644
--- a/etc/profile-a-l/atril.profile
+++ b/etc/profile-a-l/atril.profile
@@ -40,7 +40,7 @@ seccomp
 shell none
 tracelog
-private-bin atril,atril-previewer,atril-thumbnailer
+private-bin 7z,7za,7zr,atril,atril-previewer,atril-thumbnailer,sh,tar,unrar,unzip,zipnote
 private-dev
 private-etc alternatives,fonts,ld.so.cache
 # atril uses webkit gtk to display epub files
diff --git a/etc/profile-a-l/bcompare.profile b/etc/profile-a-l/bcompare.profile
new file mode 100644
index 000000000..178e2dc9f
--- /dev/null
+++ b/etc/profile-a-l/bcompare.profile
@@ -0,0 +1,62 @@
+# Firejail profile for Beyond Compare by Scooter Software
+# Description: directory and file compare utility
+# Disables the network, which only impacts checking for updates.
+# This file is overwritten after every install/update
+# Persistent local customizations
+include bcompare.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/bcompare
+# In case the user decides to include disable-programs.inc, still allow
+# KDE's Gwenview to view images via right click -> Open With -> Associated Application
+noblacklist ${HOME}/.config/gwenviewrc
+# Uncomment the next line (or put it into your bcompare.local) if you don't need to compare files in disable-common.inc
+#include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+# Uncomment the next line (or put it into your bcompare.local) if you don't need to compare files in disable-programs.inc
+#include disable-programs.inc
+# Uncommenting this breaks launch
+# include disable-shell.inc
+include disable-write-mnt.inc
+# Don't disable ${DOCUMENTS}, ${MUSIC}, ${PICTURES}, ${VIDEOS}
+# include disable-xdg.inc
+# include whitelist-common.inc
+# include whitelist-runuser-common.inc
+# include whitelist-usr-share-common.inc
+# include whitelist-var-common.inc
+apparmor
+caps.drop all
+# Uncommenting might break Pulse Audio
+#machine-id
+net none
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+# Allow applications launched on sound files to play them
+#nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+private-cache
+private-dev
+# see /usr/share/doc/firejail/profile.template for more common private-etc paths.
+# private-etc alternatives,fonts,machine-id
+# Necessary because of the `include disable-exec.inc` line. Prevents error "Error fstat: fs.c:504 fs_remount_simple: Transport endpoint is not connected ... cannot sync with peer: unexpected EOF Peer [...] unexpectedly exited with status 1"
+private-tmp
+dbus-user none
+dbus-system none
diff --git a/etc/profile-a-l/bsdtar.profile b/etc/profile-a-l/bsdtar.profile
index fb4f643c8..d731a6a6e 100644
--- a/etc/profile-a-l/bsdtar.profile
+++ b/etc/profile-a-l/bsdtar.profile
@@ -9,4 +9,4 @@ include globals.local
 private-etc alternatives,group,localtime,passwd
 # Redirect
-include archiver-common.inc
+include archiver-common.profile
diff --git a/etc/profile-a-l/chromium-browser-privacy.profile b/etc/profile-a-l/chromium-browser-privacy.profile
index 09eaa2d12..0283a6934 100644
--- a/etc/profile-a-l/chromium-browser-privacy.profile
+++ b/etc/profile-a-l/chromium-browser-privacy.profile
@@ -11,7 +11,7 @@ mkdir ${HOME}/.config/ungoogled-chromium
 whitelist ${HOME}/.cache/ungoogled-chromium
 whitelist ${HOME}/.config/ungoogled-chromium
-# private-bin basename,bash,chromium-browser-privacy,dirname,mkdir,readlink,sed,touch,which,xdg-settings
+# private-bin basename,bash,cat,chromium-browser-privacy,dirname,mkdir,readlink,sed,touch,which,xdg-settings
 # Redirect
 include chromium.profile
diff --git a/etc/profile-a-l/chromium-common-hardened.profile b/etc/profile-a-l/chromium-common-hardened.profile
new file mode 100644
index 000000000..d756eec50
--- /dev/null
+++ b/etc/profile-a-l/chromium-common-hardened.profile
@@ -0,0 +1,9 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include chromium-common-hardened.local
+caps.drop all
+nonewprivs
+noroot
+protocol unix,inet,inet6,netlink
+seccomp !chroot
diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile
index 1afb2c6e1..b81b1cb36 100644
--- a/etc/profile-a-l/chromium-common.profile
+++ b/etc/profile-a-l/chromium-common.profile
@@ -32,7 +32,7 @@ include whitelist-var-common.inc
 # Uncomment the next line (or add it to your chromium-common.local)
 # if your kernel allows unprivileged userns clone.
-#include chromium-common-hardened.inc
+#include chromium-common-hardened.profile
 # Uncomment or put in your chromium-common.local to allow screen sharing under
 # wayland.
diff --git a/etc/profile-a-l/com.github.phase1geo.minder.profile b/etc/profile-a-l/com.github.phase1geo.minder.profile
new file mode 100644
index 000000000..8be06a4b3
--- /dev/null
+++ b/etc/profile-a-l/com.github.phase1geo.minder.profile
@@ -0,0 +1,61 @@
+# Firejail profile for com.github.phase1geo.minder
+# Description: Mind-mapping application
+# This file is overwritten after every install/update
+# Persistent local customizations
+include com.github.phase1geo.minder.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.local/share/minder
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.local/share/minder
+whitelist ${HOME}/.local/share/minder
+whitelist ${DOCUMENTS}
+whitelist ${DOWNLOADS}
+whitelist ${PICTURES}
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+net none
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+disable-mnt
+private-bin com.github.phase1geo.minder
+private-cache
+private-dev
+private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,X11,xdg
+private-tmp
+dbus-user filter
+dbus-user.own com.github.phase1geo.minder
+dbus-user.talk ca.desrt.dconf
+dbus-system none
diff --git a/etc/profile-a-l/cpio.profile b/etc/profile-a-l/cpio.profile
index 0e0299655..bdc4f21a6 100644
--- a/etc/profile-a-l/cpio.profile
+++ b/etc/profile-a-l/cpio.profile
@@ -11,4 +11,4 @@ noblacklist /sbin
 noblacklist /usr/sbin
 # Redirect
-include archiver-common.inc
+include archiver-common.profile
diff --git a/etc/profile-a-l/dolphin-emu.profile b/etc/profile-a-l/dolphin-emu.profile
index 13d830b55..fc920a065 100644
--- a/etc/profile-a-l/dolphin-emu.profile
+++ b/etc/profile-a-l/dolphin-emu.profile
@@ -18,6 +18,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-write-mnt.inc
 include disable-xdg.inc
 mkdir ${HOME}/.cache/dolphin-emu
diff --git a/etc/profile-a-l/dosbox.profile b/etc/profile-a-l/dosbox.profile
index 11b9a4f42..b9ef5d49d 100644
--- a/etc/profile-a-l/dosbox.profile
+++ b/etc/profile-a-l/dosbox.profile
@@ -11,14 +11,17 @@ noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
+apparmor
 caps.drop all
 netfilter
 nodvd
@@ -36,3 +39,6 @@ tracelog
 private-bin dosbox
 private-dev
 private-tmp
+dbus-user none
+dbus-system none
diff --git a/etc/profile-a-l/ebook-convert.profile b/etc/profile-a-l/ebook-convert.profile
new file mode 100644
index 000000000..988ba90fc
--- /dev/null
+++ b/etc/profile-a-l/ebook-convert.profile
@@ -0,0 +1,11 @@
+# Firejail profile alias for calibre
+# This file is overwritten after every install/update
+# Persistent local customizations
+include ebook-convert.local
+net none
+dbus-user none
+dbus-system none
+# Redirect
+include calibre.profile
diff --git a/etc/profile-a-l/ebook-edit.profile b/etc/profile-a-l/ebook-edit.profile
new file mode 100644
index 000000000..3b5fee0a8
--- /dev/null
+++ b/etc/profile-a-l/ebook-edit.profile
@@ -0,0 +1,11 @@
+# Firejail profile alias for calibre
+# This file is overwritten after every install/update
+# Persistent local customizations
+include ebook-edit.local
+net none
+dbus-user none
+dbus-system none
+# Redirect
+include calibre.profile
diff --git a/etc/profile-a-l/ebook-meta.profile b/etc/profile-a-l/ebook-meta.profile
new file mode 100644
index 000000000..594a8e241
--- /dev/null
+++ b/etc/profile-a-l/ebook-meta.profile
@@ -0,0 +1,11 @@
+# Firejail profile alias for calibre
+# This file is overwritten after every install/update
+# Persistent local customizations
+include ebook-meta.local
+net none
+dbus-user none
+dbus-system none
+# Redirect
+include calibre.profile
diff --git a/etc/profile-a-l/ebook-polish.profile b/etc/profile-a-l/ebook-polish.profile
new file mode 100644
index 000000000..ad94e32a2
--- /dev/null
+++ b/etc/profile-a-l/ebook-polish.profile
@@ -0,0 +1,11 @@
+# Firejail profile alias for calibre
+# This file is overwritten after every install/update
+# Persistent local customizations
+include ebook-polish.local
+net none
+dbus-user none
+dbus-system none
+# Redirect
+include calibre.profile
diff --git a/etc/profile-a-l/electron.profile b/etc/profile-a-l/electron.profile
index d3be07c9d..691616393 100644
--- a/etc/profile-a-l/electron.profile
+++ b/etc/profile-a-l/electron.profile
@@ -20,7 +20,7 @@ include whitelist-var-common.inc
 # Uncomment the next line (or add it to your chromium-common.local)
 # if your kernel allows unprivileged userns clone.
-#include chromium-common-hardened.inc
+#include chromium-common-hardened.profile
 apparmor
 caps.keep sys_admin,sys_chroot
diff --git a/etc/profile-a-l/engrampa.profile b/etc/profile-a-l/engrampa.profile
index 6c0892c56..7ec611293 100644
--- a/etc/profile-a-l/engrampa.profile
+++ b/etc/profile-a-l/engrampa.profile
@@ -36,7 +36,6 @@ tracelog
 private-dev
 # private-tmp
-dbus-user none
+dbus-user filter
+dbus-user.talk ca.desrt.dconf
 dbus-system none
-memory-deny-write-execute
diff --git a/etc/profile-a-l/feh-network.profile b/etc/profile-a-l/feh-network.profile
new file mode 100644
index 000000000..f35facd64
--- /dev/null
+++ b/etc/profile-a-l/feh-network.profile
@@ -0,0 +1,8 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include feh-network.local
+ignore net none
+netfilter
+protocol unix,inet,inet6
+private-etc ca-certificates,crypto-policies,hosts,pki,resolv.conf,ssl
diff --git a/etc/profile-a-l/feh.profile b/etc/profile-a-l/feh.profile
index 8ac7755de..6d6287f7f 100644
--- a/etc/profile-a-l/feh.profile
+++ b/etc/profile-a-l/feh.profile
@@ -18,7 +18,7 @@ include disable-shell.inc
 # This profile disables network access
 # In order to enable network access,
 # uncomment the following or put it in your feh.local:
-# include feh-network.inc
+# include feh-network.profile
 caps.drop all
 net none
diff --git a/etc/inc/firefox-common-addons.inc b/etc/profile-a-l/firefox-common-addons.profile
index ca7731442..4da087f7f 100644
--- a/etc/inc/firefox-common-addons.inc
+++ b/etc/profile-a-l/firefox-common-addons.profile
@@ -3,11 +3,15 @@
 include firefox-common-addons.local
 ignore include whitelist-runuser-common.inc
+ignore private-cache
+noblacklist ${HOME}/.cache/youtube-dl
 noblacklist ${HOME}/.config/kgetrc
+noblacklist ${HOME}/.config/mpv
 noblacklist ${HOME}/.config/okularpartrc
 noblacklist ${HOME}/.config/okularrc
 noblacklist ${HOME}/.config/qpdfview
+noblacklist ${HOME}/.config/youtube-dl
 noblacklist ${HOME}/.kde/share/apps/kget
 noblacklist ${HOME}/.kde/share/apps/okular
 noblacklist ${HOME}/.kde/share/config/kgetrc
@@ -22,15 +26,19 @@ noblacklist ${HOME}/.local/share/kget
 noblacklist ${HOME}/.local/share/kxmlgui5/okular
 noblacklist ${HOME}/.local/share/okular
 noblacklist ${HOME}/.local/share/qpdfview
+noblacklist ${HOME}/.netrc
 whitelist ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs
 whitelist ${HOME}/.config/gnome-mplayer
 whitelist ${HOME}/.config/kgetrc
+whitelist ${HOME}/.config/mpv
 whitelist ${HOME}/.config/okularpartrc
 whitelist ${HOME}/.config/okularrc
 whitelist ${HOME}/.config/pipelight-silverlight5.1
 whitelist ${HOME}/.config/pipelight-widevine
 whitelist ${HOME}/.config/qpdfview
+whitelist ${HOME}/.config/youtube-dl
 whitelist ${HOME}/.kde/share/apps/kget
 whitelist ${HOME}/.kde/share/apps/okular
 whitelist ${HOME}/.kde/share/config/kgetrc
@@ -48,6 +56,7 @@ whitelist ${HOME}/.local/share/kxmlgui5/okular
 whitelist ${HOME}/.local/share/okular
 whitelist ${HOME}/.local/share/qpdfview
 whitelist ${HOME}/.local/share/tridactyl
+whitelist ${HOME}/.netrc
 whitelist ${HOME}/.pentadactyl
 whitelist ${HOME}/.pentadactylrc
 whitelist ${HOME}/.tridactylrc
@@ -57,6 +66,9 @@ whitelist ${HOME}/.wine-pipelight
 whitelist ${HOME}/.wine-pipelight64
 whitelist ${HOME}/.zotero
 whitelist ${HOME}/dwhelper
+whitelist /usr/share/lua
+whitelist /usr/share/lua*
+whitelist /usr/share/vulkan
 # GNOME Shell integration (chrome-gnome-shell) needs dbus and python
 noblacklist ${HOME}/.local/share/gnome-shell
@@ -75,17 +87,5 @@ include allow-python3.inc
 # ff2mpv
 #ignore noexec ${HOME}
-#noblacklist ${HOME}/.config/mpv
-#noblacklist ${HOME}/.config/youtube-dl
-#noblacklist ${HOME}/.netrc
 #include allow-lua.inc
-#include allow-python3.inc
-#mkdir ${HOME}/.config/mpv
-#mkdir ${HOME}/.config/youtube-dl
-#whitelist ${HOME}/.config/mpv
-#whitelist ${HOME}/.config/youtube-dl
-#whitelist ${HOME}/.netrc
-#whitelist /usr/share/lua
-#whitelist /usr/share/lua*
-#whitelist /usr/share/vulkan
 #private-bin env,mpv,python3*,waf,youtube-dl
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile
index fe0a27828..a955722c8 100644
--- a/etc/profile-a-l/firefox-common.profile
+++ b/etc/profile-a-l/firefox-common.profile
@@ -10,7 +10,7 @@ include firefox-common.local
 ?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
 # Uncomment the following line (or put it in your firefox-common.local) to allow access to common programs/addons/plugins.
-#include firefox-common-addons.inc
+#include firefox-common-addons.profile
 noblacklist ${HOME}/.pki
 noblacklist ${HOME}/.local/share/pki
diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile
new file mode 100644
index 000000000..828d638ed
--- /dev/null
+++ b/etc/profile-a-l/gget.profile
@@ -0,0 +1,59 @@
+# Firejail profile for gget
+# Description: a cli. to get things. from git repos
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include gget.local
+# Persistent global definitions
+include globals.local
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+whitelist ${DOWNLOADS}
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol inet,inet6
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+disable-mnt
+private-bin gget
+private-cache
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl
+private-lib
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute
diff --git a/etc/profile-a-l/ghostwriter.profile b/etc/profile-a-l/ghostwriter.profile
index d56d6714e..820d5e694 100644
--- a/etc/profile-a-l/ghostwriter.profile
+++ b/etc/profile-a-l/ghostwriter.profile
@@ -55,5 +55,5 @@ private-dev
 private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,firejail,fonts,gconf,groups,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,texlive,Trolltech.conf,X11,xdg
 private-tmp
-dbus-user none
+dbus-user filter
 dbus-system none
diff --git a/etc/profile-a-l/gzip.profile b/etc/profile-a-l/gzip.profile
index 035c6459c..b261c16f4 100644
--- a/etc/profile-a-l/gzip.profile
+++ b/etc/profile-a-l/gzip.profile
@@ -12,4 +12,4 @@ include globals.local
 noblacklist /var/lib/pacman
 # Redirect
-include archiver-common.inc
+include archiver-common.profile
diff --git a/etc/profile-a-l/ipcalc-ng.profile b/etc/profile-a-l/ipcalc-ng.profile
new file mode 100644
index 000000000..3ad0f3a4f
--- /dev/null
+++ b/etc/profile-a-l/ipcalc-ng.profile
@@ -0,0 +1,11 @@
+# Firejail profile ipcalc-ng
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include ipcalc-ng.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+# Redirect
+include ipcalc.profile
diff --git a/etc/profile-a-l/ipcalc.profile b/etc/profile-a-l/ipcalc.profile
new file mode 100644
index 000000000..4b97b83b7
--- /dev/null
+++ b/etc/profile-a-l/ipcalc.profile
@@ -0,0 +1,62 @@
+# Firejail profile for ipcalc
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include ipcalc.local
+# Persistent global definitions
+include globals.local
+# Allow perl (blacklisted by disable-interpreters.inc)
+include allow-perl.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+# include disable-shell.inc
+include disable-write-mnt.inc
+include disable-xdg.inc
+# include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+# machine-id
+net none
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+# protocol unix
+seccomp
+shell none
+# tracelog
+disable-mnt
+private
+private-bin bash,ipcalc,ipcalc-ng,perl,sh
+# private-cache
+private-dev
+# empty etc directory
+private-etc none
+private-lib
+private-opt none
+private-tmp
+dbus-user none
+dbus-system none
+# memory-deny-write-execute
+# read-only ${HOME}
diff --git a/etc/profile-a-l/jami-gnome.profile b/etc/profile-a-l/jami-gnome.profile
new file mode 100644
index 000000000..226bb0008
--- /dev/null
+++ b/etc/profile-a-l/jami-gnome.profile
@@ -0,0 +1,42 @@
+# Firejail profile for jami-gnome
+# Description: An encrypted peer-to-peer messenger
+# This file is overwritten after every install/update
+# Persistent local customizations
+include jami-gnome.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/jami
+noblacklist ${HOME}/.local/share/jami
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+#include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+mkdir ${HOME}/.config/jami
+mkdir ${HOME}/.local/share/jami
+whitelist ${HOME}/.config/jami
+whitelist ${HOME}/.local/share/jami
+include whitelist-common.inc
+include whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+disable-mnt
+private-dev
+private-tmp
+env QT_QPA_PLATFORM=xcb
diff --git a/etc/profile-a-l/jitsi-meet-desktop.profile b/etc/profile-a-l/jitsi-meet-desktop.profile
index e5beb741a..edb7ed840 100644
--- a/etc/profile-a-l/jitsi-meet-desktop.profile
+++ b/etc/profile-a-l/jitsi-meet-desktop.profile
@@ -20,7 +20,7 @@ nowhitelist ${DOWNLOADS}
 mkdir ${HOME}/.config/Jitsi Meet
 whitelist ${HOME}/.config/Jitsi Meet
-private-bin bash,jitsi-meet-desktop
+private-bin bash,electron,electron[0-9],electron[0-9][0-9],jitsi-meet-desktop,sh
 private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg
 # Redirect
diff --git a/etc/profile-a-l/kdiff3.profile b/etc/profile-a-l/kdiff3.profile
index 41840e3b0..5786a4687 100644
--- a/etc/profile-a-l/kdiff3.profile
+++ b/etc/profile-a-l/kdiff3.profile
@@ -10,7 +10,11 @@ noblacklist ${HOME}/.config/kdiff3fileitemactionrc
 noblacklist ${HOME}/.config/kdiff3rc
 # Uncomment the next line (or put it into your kdiff3.local) if you don't need to compare files in disable-common.inc.
+# by default we deny access only to .ssh and .gnupg
 #include disable-common.inc
+blacklist ${HOME}/.ssh
+blacklist ${HOME}/.gnupg
 include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
diff --git a/etc/profile-a-l/lzop.profile b/etc/profile-a-l/lzop.profile
new file mode 100644
index 000000000..f3175c590
--- /dev/null
+++ b/etc/profile-a-l/lzop.profile
@@ -0,0 +1,12 @@
+# Firejail profile for lzop
+# Description: File compressor using lzo lib
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include lzop.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+# Redirect
+include cpio.profile
diff --git a/etc/profile-m-z/PCSX2.profile b/etc/profile-m-z/PCSX2.profile
new file mode 100644
index 000000000..b2687ba3c
--- /dev/null
+++ b/etc/profile-m-z/PCSX2.profile
@@ -0,0 +1,57 @@
+# Firejail profile for PCSX2
+# Description: A PlayStation 2 emulator
+# This file is overwritten after every install/update
+# Persistent local customizations
+include PCSX2.local
+# Persistent global definitions
+include globals.local
+# Note: you must whitelist your games folder in a PCSX2.local
+noblacklist ${HOME}/.config/PCSX2
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-write-mnt.inc
+include disable-xdg.inc
+mkdir ${HOME}/.config/PCSX2
+whitelist ${HOME}/.config/PCSX2
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+net none
+netfilter
+# Uncomment the following line if not loading games from disc
+#nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,netlink
+#seccomp - breaks loading with no logs
+shell none
+#tracelog - 32/64 bit incompatibility
+private-bin PCSX2
+private-cache
+# uncomment the following line if you do not need controller support
+#private-dev
+private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg
+private-opt none
+private-tmp
+dbus-user none
+dbus-system none
diff --git a/etc/profile-m-z/PPSSPPSDL.profile b/etc/profile-m-z/PPSSPPSDL.profile
new file mode 100644
index 000000000..deb00a436
--- /dev/null
+++ b/etc/profile-m-z/PPSSPPSDL.profile
@@ -0,0 +1,9 @@
+# Firejail profile for PPSSPPSDL
+# This file is overwritten after every install/update
+# Persistent local customizations
+include PPSSPPSDL.local
+# added by included profile
+#include globals.local
+# Redirect
+include ppsspp.profile
diff --git a/etc/profile-m-z/man.profile b/etc/profile-m-z/man.profile
index 6f74e6da3..965750bf0 100644
--- a/etc/profile-m-z/man.profile
+++ b/etc/profile-m-z/man.profile
@@ -29,6 +29,7 @@ whitelist /usr/share/locale
 whitelist /usr/share/man
 whitelist /var/cache/man
 include whitelist-common.inc
+include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
@@ -53,10 +54,10 @@ tracelog
 x11 none
 disable-mnt
-private-bin apropos,bash,cat,catman,col,gpreconv,groff,grotty,gunzip,gzip,less,man,most,nroff,preconv,sed,sh,tbl,tr,troff,whatis,which,xtotroff,zcat,zsoelim
+#private-bin apropos,bash,cat,catman,col,gpreconv,groff,grotty,gunzip,gzip,less,man,most,nroff,preconv,sed,sh,tbl,tr,troff,whatis,which,xtotroff,zcat,zsoelim
 private-cache
 private-dev
-private-etc alternatives,fonts,locale,locale.alias,locale.conf,man_db.conf,manpath.config,selinux,sysless,xdg
+private-etc alternatives,fonts,groff,locale,locale.alias,locale.conf,man_db.conf,manpath.config,selinux,sysless,xdg
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/marker.profile b/etc/profile-m-z/marker.profile
index 55865fe72..70e5c72cf 100644
--- a/etc/profile-m-z/marker.profile
+++ b/etc/profile-m-z/marker.profile
@@ -12,6 +12,9 @@ include globals.local
 #private-etc ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf
 noblacklist ${HOME}/.cache/marker
+noblacklist ${DOCUMENTS}
+include allow-python3.inc
 include disable-common.inc
 include disable-devel.inc
@@ -47,7 +50,7 @@ seccomp.block-secondary
 shell none
 tracelog
-private-bin marker
+private-bin marker,python3*
 private-cache
 private-dev
 private-etc alternatives,dconfgtk-3.0,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,pango,X11
diff --git a/etc/profile-m-z/mate-color-select.profile b/etc/profile-m-z/mate-color-select.profile
index b6dc643d4..d30965922 100644
--- a/etc/profile-m-z/mate-color-select.profile
+++ b/etc/profile-m-z/mate-color-select.profile
@@ -15,6 +15,7 @@ include disable-shell.inc
 include whitelist-common.inc
+apparmor
 caps.drop all
 netfilter
 no3d
diff --git a/etc/profile-m-z/newsbeuter.profile b/etc/profile-m-z/newsbeuter.profile
index 85581a2f0..6efb19502 100644
--- a/etc/profile-m-z/newsbeuter.profile
+++ b/etc/profile-m-z/newsbeuter.profile
@@ -7,13 +7,23 @@ include newsbeuter.local
 # added by included profile
 #include globals.local
-noblacklist ${HOME}/.config/newsbeuter
+ignore include newsboat.local
-noblacklist ${HOME}/.newsbeuter
+ignore mkdir ${HOME}/.config/newsboat
+ignore mkdir ${HOME}/.local/share/newsboat
+ignore mkdir ${HOME}/.newsboat
+blacklist ${PATH}/newsboat
+blacklist ${HOME}/.config/newsboat
+blacklist ${HOME}/.local/share/newsboat
+blacklist ${HOME}/.newsboat
+nowhitelist ${HOME}/.config/newsboat
+nowhitelist ${HOME}/.local/share/newsboat
+nowhitelist ${HOME}/.newsboat
 mkdir ${HOME}/.config/newsbeuter
+mkdir ${HOME}/.local/share/newsbeuter
 mkdir ${HOME}/.newsbeuter
-whitelist ${HOME}/.config/newsbeuter
-whitelist ${HOME}/.newsbeuter
 private-bin newsbeuter
diff --git a/etc/profile-m-z/newsboat.profile b/etc/profile-m-z/newsboat.profile
index 85b780ced..23c2de43c 100644
--- a/etc/profile-m-z/newsboat.profile
+++ b/etc/profile-m-z/newsboat.profile
@@ -6,6 +6,11 @@ include newsboat.local
 # Persistent global definitions
 include globals.local
+noblacklist ${HOME}/.config/newsbeuter
+noblacklist ${HOME}/.config/newsboat
+noblacklist ${HOME}/.local/share/newsbeuter
+noblacklist ${HOME}/.local/share/newsboat
+noblacklist ${HOME}/.newsbeuter
 noblacklist ${HOME}/.newsboat
 include disable-common.inc
@@ -16,7 +21,14 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+mkdir ${HOME}/.config/newsboat
+mkdir ${HOME}/.local/share/newsboat
 mkdir ${HOME}/.newsboat
+whitelist ${HOME}/.config/newsbeuter
+whitelist ${HOME}/.config/newsboat
+whitelist ${HOME}/.local/share/newsbeuter
+whitelist ${HOME}/.local/share/newsboat
+whitelist ${HOME}/.newsbeuter
 whitelist ${HOME}/.newsboat
 include whitelist-common.inc
 include whitelist-runuser-common.inc
@@ -38,7 +50,7 @@ seccomp
 shell none
 disable-mnt
-private-bin gzip,lynx,newsboat,sh
+private-bin gzip,lynx,newsboat,sh,w3m
 private-cache
 private-dev
 private-etc alternatives,ca-certificates,crypto-policies,lynx.cfg,lynx.lss,pki,resolv.conf,ssl,terminfo
diff --git a/etc/profile-m-z/nextcloud-desktop.profile b/etc/profile-m-z/nextcloud-desktop.profile
new file mode 100644
index 000000000..e74f9c03f
--- /dev/null
+++ b/etc/profile-m-z/nextcloud-desktop.profile
@@ -0,0 +1,10 @@
+# Firejail profile alias for nextcloud
+# This file is overwritten after every install/update
+# Persistent local customizations
+include nextcloud-desktop.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+# Redirect
+include nextcloud.profile
diff --git a/etc/profile-m-z/nextcloud.profile b/etc/profile-m-z/nextcloud.profile
new file mode 100644
index 000000000..4e7c902d9
--- /dev/null
+++ b/etc/profile-m-z/nextcloud.profile
@@ -0,0 +1,71 @@
+# Firejail profile for nextcloud
+# Description: Nextcloud desktop synchronization client
+# This file is overwritten after every install/update
+# Persistent local customizations
+include nextcloud.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/Nextcloud
+noblacklist ${HOME}/.config/Nextcloud
+noblacklist ${HOME}/.local/share/Nextcloud
+# Uncomment or put in your nextcloud.local to allow sync with more directories.
+#noblacklist ${DOCUMENTS}
+#noblacklist ${MUSIC}
+#noblacklist ${PICTURES}
+#noblacklist ${VIDEOS}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/Nextcloud
+mkdir ${HOME}/.config/Nextcloud
+mkdir ${HOME}/.local/share/Nextcloud
+whitelist ${HOME}/Nextcloud
+whitelist ${HOME}/.config/Nextcloud
+whitelist ${HOME}/.local/share/Nextcloud
+# Uncomment or put in your nextcloud.local to allow sync with more directories.
+#whitelist ${DOCUMENTS}
+#whitelist ${MUSIC}
+#whitelist ${PICTURES}
+#whitelist ${VIDEOS}
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+disable-mnt
+private-bin nextcloud,nextcloud-desktop
+private-cache
+private-etc alternatives,ca-certificates,crypto-policies,drirc,fonts,gcrypt,host.conf,hosts,ld.so.cache,machine-id,Nextcloud,nsswitch.conf,os-release,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg
+private-dev
+private-tmp
+dbus-user filter
+dbus-user.talk org.freedesktop.secrets
+dbus-system none
diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile
index c12fc9a78..202905631 100644
--- a/etc/profile-m-z/nodejs-common.profile
+++ b/etc/profile-m-z/nodejs-common.profile
@@ -1,5 +1,5 @@
 # Firejail profile for Node.js
-# Description: Common profile for npm/yarn
+# Description: Asynchronous event-driven JavaScript runtime
 # This file is overwritten after every install/update
 # Persistent local customizations
 include nodejs-common.local
@@ -45,7 +45,9 @@ shell none
 disable-mnt
 private-dev
+# May need to add `passwd` to `private-etc` below to enable debugging with some IDEs
 private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,mime.types,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl,xdg
+# May need to be commented out in order to enable debugging with some IDEs
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/openmw-launcher.profile b/etc/profile-m-z/openmw-launcher.profile
new file mode 100644
index 000000000..c9cc144e4
--- /dev/null
+++ b/etc/profile-m-z/openmw-launcher.profile
@@ -0,0 +1,7 @@
+# Firejail profile for openmw-launcher
+# This file is overwritten after every install/update
+# Persistent local customizations
+include openmw-launcher.local
+# Redirect
+include openmw.profile
diff --git a/etc/profile-m-z/openmw.profile b/etc/profile-m-z/openmw.profile
new file mode 100644
index 000000000..270d64c1e
--- /dev/null
+++ b/etc/profile-m-z/openmw.profile
@@ -0,0 +1,61 @@
+# Firejail profile for openmw
+# Description: Open source engine re-implementation for Morrowind
+# This file is overwritten after every install/update
+# Persistent local customizations
+include openmw.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/openmw
+noblacklist ${HOME}/.local/share/openmw
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-write-mnt.inc
+include disable-xdg.inc
+mkdir ${HOME}/.config/openmw
+mkdir ${HOME}/.local/share/openmw
+whitelist ${HOME}/.config/openmw
+# Copy Morrowind data files into the following directory or load it from /mnt
+# or whitelist it in a openmw.local
+whitelist ${HOME}/.local/share/openmw
+whitelist /usr/share/openmw
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+net none
+netfilter
+# Uncomment the following line if installing from disc
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,netlink
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+private-bin bsatool,esmtool,niftest,openmw,openmw-cs,openmw-essimporter,openmw-iniimporter,openmw-launcher,openmw-wizard
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,bumblebee,drirc,fonts,glvnd,group,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nvidia,openmw,pango,passwd,pulse,Trolltech.conf,X11,xdg
+private-opt none
+private-tmp
+dbus-user none
+dbus-system none
diff --git a/etc/profile-m-z/patch.profile b/etc/profile-m-z/patch.profile
index 46a84372c..b034efde9 100644
--- a/etc/profile-m-z/patch.profile
+++ b/etc/profile-m-z/patch.profile
@@ -43,7 +43,7 @@ x11 none
 private-bin patch,red
 private-dev
-private-lib libfakeroot
+private-lib libdl.so.*,libfakeroot
 dbus-user none
 dbus-system none
diff --git a/etc/profile-m-z/pcsxr.profile b/etc/profile-m-z/pcsxr.profile
new file mode 100644
index 000000000..c25c4ae66
--- /dev/null
+++ b/etc/profile-m-z/pcsxr.profile
@@ -0,0 +1,57 @@
+# Firejail profile for pcsxr
+# Description: A PlayStation emulator
+# This file is overwritten after every install/update
+# Persistent local customizations
+include pcsxr.local
+# Persistent global definitions
+include globals.local
+# Note: you must whitelist your games folder in a pcsxr.local
+noblacklist ${HOME}/.pcsxr
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-write-mnt.inc
+include disable-xdg.inc
+mkdir ${HOME}/.pcsxr
+whitelist ${HOME}/.pcsxr
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+net none
+netfilter
+# Uncomment the following line if not loading games from disc
+#nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,netlink
+seccomp
+shell none
+tracelog
+private-bin pcsxr
+private-cache
+# uncomment the following line if you do not need controller support
+#private-dev
+private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg
+private-opt none
+private-tmp
+dbus-user none
+dbus-system none
diff --git a/etc/profile-m-z/ppsspp.profile b/etc/profile-m-z/ppsspp.profile
index c71553bcd..263d99c83 100644
--- a/etc/profile-m-z/ppsspp.profile
+++ b/etc/profile-m-z/ppsspp.profile
@@ -1,13 +1,14 @@
 # Firejail profile for ppsspp
-# Description: A PSP emulator written in C++
+# Description: A PSP emulator
 # This file is overwritten after every install/update
 # Persistent local customizations
 include ppsspp.local
 # Persistent global definitions
 include globals.local
+# Note: you must whitelist your games folder in a ppsspp.local
 noblacklist ${HOME}/.config/ppsspp
-noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
@@ -15,8 +16,15 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-write-mnt.inc
 include disable-xdg.inc
+mkdir ${HOME}/.config/ppsspp
+whitelist ${HOME}/.config/ppsspp
+whitelist /usr/share/ppsspp
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 caps.drop all
@@ -27,11 +35,13 @@ nogroups
 nonewprivs
 noroot
 notv
+nou2f
 novideo
 protocol unix,netlink
 seccomp
 shell none
+private-bin ppsspp,PPSSPP,PPSSPPQt,PPSSPPSDL
 # uncomment the following line if you do not need controller support
 #private-dev
 private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl
diff --git a/etc/profile-m-z/rtv-addons.profile b/etc/profile-m-z/rtv-addons.profile
new file mode 100644
index 000000000..c9da0b628
--- /dev/null
+++ b/etc/profile-m-z/rtv-addons.profile
@@ -0,0 +1,23 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include rtv-addons.local
+# You can configure rtv to open different type of links
+# in external applications. Configuration here:
+# https://github.com/michael-lazar/rtv#viewing-media-links
+# This include is meant to facilitate that configuration
+# with the use of a .local file.
+ignore nosound
+ignore private-bin
+ignore dbus-user none
+noblacklist ${HOME}/.config/mpv
+noblacklist ${HOME}/.mailcap
+noblacklist ${HOME}/.netrc
+noblacklist ${HOME}/.w3m
+whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs
+whitelist ${HOME}/.config/mpv
+whitelist ${HOME}/.mailcap
+whitelist ${HOME}/.netrc
+whitelist ${HOME}/.w3m
diff --git a/etc/profile-m-z/rtv.profile b/etc/profile-m-z/rtv.profile
index 14740e05f..6f971b96b 100644
--- a/etc/profile-m-z/rtv.profile
+++ b/etc/profile-m-z/rtv.profile
@@ -16,6 +16,11 @@ noblacklist ${HOME}/.local/share/rtv
 include allow-python2.inc
 include allow-python3.inc
+# You can configure rtv to open different type of links
+# in external applications. Configuration here:
+# https://github.com/michael-lazar/rtv#viewing-media-links
+# Uncomment or put in rtv.local for external application support
+#include rtv-addons.profile
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
diff --git a/etc/profile-m-z/signal-desktop.profile b/etc/profile-m-z/signal-desktop.profile
index 666a37def..ebd3168b3 100644
--- a/etc/profile-m-z/signal-desktop.profile
+++ b/etc/profile-m-z/signal-desktop.profile
@@ -6,7 +6,6 @@ include signal-desktop.local
 include globals.local
 # Disabled until someone reported positive feedback
-ignore include-xdg.inc
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 ignore private-cache
diff --git a/etc/profile-m-z/skypeforlinux.profile b/etc/profile-m-z/skypeforlinux.profile
index b39763981..ed04eda8e 100644
--- a/etc/profile-m-z/skypeforlinux.profile
+++ b/etc/profile-m-z/skypeforlinux.profile
@@ -18,6 +18,7 @@ ignore dbus-user none
 ignore dbus-system none
 # breaks Skype
+ignore apparmor
 ignore noexec /tmp
 noblacklist ${HOME}/.config/skypeforlinux
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile
index 641c3a79d..7bc731333 100644
--- a/etc/profile-m-z/ssh.profile
+++ b/etc/profile-m-z/ssh.profile
@@ -24,6 +24,7 @@ whitelist ${RUNUSER}/keyring/ssh
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
+apparmor
 caps.drop all
 ipc-namespace
 netfilter
diff --git a/etc/profile-m-z/start-tor-browser.profile b/etc/profile-m-z/start-tor-browser.profile
index b62b19101..17ceedee7 100644
--- a/etc/profile-m-z/start-tor-browser.profile
+++ b/etc/profile-m-z/start-tor-browser.profile
@@ -3,40 +3,8 @@
 # Persistent local customizations
 include start-tor-browser.local
 # Persistent global definitions
-include globals.local
+# added by included profile
+#include globals.local
-ignore noexec ${HOME}
+# Redirect
+include start-tor-browser.desktop.profile
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-include disable-xdg.inc
-include whitelist-var-common.inc
-caps.drop all
-netfilter
-nodvd
-nogroups
-nonewprivs
-noroot
-notv
-nou2f
-novideo
-protocol unix,inet,inet6
-seccomp !chroot
-shell none
-# tracelog may cause issues, see github issue #1930
-#tracelog
-disable-mnt
-private-bin bash,cat,cp,cut,dirname,env,getconf,gpg,grep,gxmessage,id,kdialog,ln,mkdir,pwd,readlink,realpath,rm,sed,sh,tail,test,update-desktop-database,xmessage,zenity
-private-dev
-private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl
-private-tmp
-dbus-user none
-dbus-system none
diff --git a/etc/profile-m-z/tar.profile b/etc/profile-m-z/tar.profile
index 9d7a23d43..0d3a900e9 100644
--- a/etc/profile-m-z/tar.profile
+++ b/etc/profile-m-z/tar.profile
@@ -7,7 +7,7 @@ include tar.local
 # Persistent global definitions
 include globals.local
-# Included in archiver-common.inc
+# Included in archiver-common.profile
 ignore include disable-shell.inc
 # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop
@@ -20,4 +20,4 @@ private-etc alternatives,group,localtime,login.defs,passwd
 writable-var
 # Redirect
-include archiver-common.inc
+include archiver-common.profile
diff --git a/etc/profile-m-z/tcpdump.profile b/etc/profile-m-z/tcpdump.profile
index 7984702f3..6f863d7a1 100644
--- a/etc/profile-m-z/tcpdump.profile
+++ b/etc/profile-m-z/tcpdump.profile
@@ -8,6 +8,7 @@ include globals.local
 noblacklist /sbin
 noblacklist /usr/sbin
+noblacklist ${PATH}/tcpdump
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/telegram.profile b/etc/profile-m-z/telegram.profile
index fce7dc461..38d291324 100644
--- a/etc/profile-m-z/telegram.profile
+++ b/etc/profile-m-z/telegram.profile
@@ -36,10 +36,20 @@ noroot
 notv
 protocol unix,inet,inet6,netlink
 seccomp
+seccomp.block-secondary
 shell none
+tracelog
 disable-mnt
+#private-bin telegram,Telegram,telegram-desktop
 private-cache
 private-dev
 private-etc alsa,alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,machine-id,os-release,passwd,pki,pulse,resolv.conf,ssl,xdg
 private-tmp
+dbus-user filter
+dbus-user.talk org.freedesktop.Notifications
+dbus-user.talk org.kde.StatusNotifierWatcher
+dbus-user.talk org.gnome.Mutter.IdleMonitor
+dbus-user.talk org.freedesktop.ScreenSaver
+dbus-system none
diff --git a/etc/profile-m-z/torbrowser-launcher.profile b/etc/profile-m-z/torbrowser-launcher.profile
index 6bcc51f4d..5cb5caf8d 100644
--- a/etc/profile-m-z/torbrowser-launcher.profile
+++ b/etc/profile-m-z/torbrowser-launcher.profile
@@ -15,6 +15,9 @@ noblacklist ${HOME}/.local/share/torbrowser
 include allow-python2.inc
 include allow-python3.inc
+blacklist /opt
+blacklist /srv
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -28,9 +31,16 @@ mkdir ${HOME}/.local/share/torbrowser
 whitelist ${DOWNLOADS}
 whitelist ${HOME}/.config/torbrowser
 whitelist ${HOME}/.local/share/torbrowser
+whitelist /usr/share/torbrowser-launcher
 include whitelist-common.inc
 include whitelist-var-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+# Uncomment the line below or put 'apparmor' in your torbrowser-launcher.local.
+# IMPORTANT: the relevant rule in /etc/apparmor.d/local/firejail-default will need
+# to be uncommented too for this to work as expected.
+#apparmor
 caps.drop all
 netfilter
 nodvd
diff --git a/etc/profile-m-z/transmission-daemon.profile b/etc/profile-m-z/transmission-daemon.profile
index 8dbbfcc62..348d3cb80 100644
--- a/etc/profile-m-z/transmission-daemon.profile
+++ b/etc/profile-m-z/transmission-daemon.profile
@@ -14,7 +14,7 @@ whitelist ${HOME}/.config/transmission-daemon
 whitelist /var/lib/transmission
 caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
-protocol unix,inet,inet6,packet
+protocol packet
 private-bin transmission-daemon
 private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl
diff --git a/etc/profile-m-z/unrar.profile b/etc/profile-m-z/unrar.profile
index 65f1a425a..9d3d9b40e 100644
--- a/etc/profile-m-z/unrar.profile
+++ b/etc/profile-m-z/unrar.profile
@@ -12,4 +12,4 @@ private-etc alternatives,group,localtime,passwd
 private-tmp
 # Redirect
-include archiver-common.inc
+include archiver-common.profile
diff --git a/etc/profile-m-z/unzip.profile b/etc/profile-m-z/unzip.profile
index c94416b87..0231e3dba 100644
--- a/etc/profile-m-z/unzip.profile
+++ b/etc/profile-m-z/unzip.profile
@@ -13,4 +13,4 @@ noblacklist ${HOME}/.local/share/gnome-shell
 private-etc alternatives,group,localtime,passwd
 # Redirect
-include archiver-common.inc
+include archiver-common.profile
diff --git a/etc/profile-m-z/virtualbox.profile b/etc/profile-m-z/virtualbox.profile
index 7a49ad88a..64d787bfb 100644
--- a/etc/profile-m-z/virtualbox.profile
+++ b/etc/profile-m-z/virtualbox.profile
@@ -34,6 +34,7 @@ include whitelist-var-common.inc
 # For host-only network sys_admin is needed. See https://github.com/netblue30/firejail/issues/2868#issuecomment-518647630
+apparmor
 caps.keep net_raw,sys_nice
 netfilter
 nodvd
@@ -43,8 +44,10 @@ shell none
 tracelog
 #disable-mnt
+#private-bin basename,bash,env,gawk,grep,ps,readlink,sh,virtualbox,VirtualBox,VBox*,vbox*,whoami
 private-cache
 private-etc alsa,asound.conf,ca-certificates,conf.d,crypto-policies,dconf,fonts,hostname,hosts,ld.so.cache,localtime,machine-id,pki,pulse,resolv.conf,ssl
+private-tmp
 dbus-user none
 dbus-system none
diff --git a/etc/profile-m-z/vmware-player.profile b/etc/profile-m-z/vmware-player.profile
new file mode 100644
index 000000000..582a0f693
--- /dev/null
+++ b/etc/profile-m-z/vmware-player.profile
@@ -0,0 +1,8 @@
+# Firejail profile for vmware-player
+# Description: The industry standard for running multiple operating systems as virtual machines on a single Linux PC.
+# This file is overwritten after every install/update
+# Persistent local customizations
+include vmware-player.local
+# Redirect
+include vmware.profile
diff --git a/etc/profile-m-z/vmware-workstation.profile b/etc/profile-m-z/vmware-workstation.profile
new file mode 100644
index 000000000..6290b57f4
--- /dev/null
+++ b/etc/profile-m-z/vmware-workstation.profile
@@ -0,0 +1,8 @@
+# Firejail profile for vmware-workstation
+# Description: The industry standard for running multiple operating systems as virtual machines on a single Linux PC.
+# This file is overwritten after every install/update
+# Persistent local customizations
+include vmware-workstation.local
+# Redirect
+include vmware.profile
diff --git a/etc/profile-m-z/xzdec.profile b/etc/profile-m-z/xzdec.profile
index c5e8d1631..79f71f2fd 100644
--- a/etc/profile-m-z/xzdec.profile
+++ b/etc/profile-m-z/xzdec.profile
@@ -8,4 +8,4 @@ include xzdec.local
 include globals.local
 # Redirect
-include archiver-common.inc
+include archiver-common.profile
diff --git a/etc/profile-m-z/youtube-dl-gui.profile b/etc/profile-m-z/youtube-dl-gui.profile
new file mode 100644
index 000000000..c072d6267
--- /dev/null
+++ b/etc/profile-m-z/youtube-dl-gui.profile
@@ -0,0 +1,56 @@
+# Firejail profile for youtube-dl-gui
+# Description: A cross platform front-end GUI of the popular youtube-dl media downloader
+include youtube-dl-gui.local
+# This file is overwritten after every install/update
+include globals.local
+#These are blacklisted by disable-interpreters.inc
+include allow-python2.inc
+include allow-python3.inc
+noblacklist ${HOME}/.config/youtube-dlg
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.config/youtube-dlg
+whitelist ${HOME}/.config/youtube-dlg
+whitelist ${DOWNLOADS}
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+disable-mnt
+private-bin atomicparsley,ffmpeg,ffprobe,python*,youtube-dl-gui
+private-cache
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,locale,locale.conf,passwd,pki,resolv.conf,ssl
+private-tmp
+dbus-user none
+dbus-system none
diff --git a/etc/profile-m-z/zstd.profile b/etc/profile-m-z/zstd.profile
index 07a75f97f..faeb5c5c5 100644
--- a/etc/profile-m-z/zstd.profile
+++ b/etc/profile-m-z/zstd.profile
@@ -8,4 +8,4 @@ include zstd.local
 include globals.local
 # Redirect
-include archiver-common.inc
+include archiver-common.profile
diff --git a/etc/templates/profile.template b/etc/templates/profile.template
index 9e9fc3fe9..065245a63 100644
--- a/etc/templates/profile.template
+++ b/etc/templates/profile.template
@@ -1,17 +1,17 @@
 # Firejail profile for PROGRAM_NAME
-# Description: DESCRIPTION
+# Description: DESCRIPTION OF THE PROGRAM
 # This file is overwritten after every install/update
 # --- CUT HERE ---
-# This is a generic template to help you with creation of profiles
+# This is a generic template to help you create profiles.
-# for new programs. PRs welcome at https://github.com/netblue30/firejail/.
+# PRs welcome at https://github.com/netblue30/firejail/.
 #
 # Rules to follow:
 #  - lines with one # are often used in profiles
 #  - lines with two ## are only needed in special situations
 #  - make the profile as restrictive as possible while still keeping the program useful
-#    (e. g. a program that is unable to save user's work is considered bad practice)
+#    (e.g. a program that is unable to save user's work is considered bad practice)
-#  - dedicate some time (based on the complexity of the application) to profile testing before raising
+#  - dedicate ample time (based on the complexity of the application) to profile testing before
-#    a pull request
+#    submitting a pull request
 #  - keep the sections structure, use a single empty line as separator
 #  - entries within sections are alphabetically sorted
 #  - consider putting binary into src/firecfg/firecfg.config (keep list sorted) but beware
@@ -42,7 +42,7 @@
 #  ${DOCUMENTS}
 #  ${DOWNLOADS}
 #  ${HOME} (user's home)
-#  ${PATH} (contents of PATH envvar)
+#  ${PATH} (contents of PATH env var)
 #  ${MUSIC}
 #  ${RUNUSER} (/run/user/UID)
 #  ${VIDEOS}
@@ -81,12 +81,11 @@ include globals.local
 #      `ls -aR`
 #noblacklist PATH
-# Allow python (blacklisted by disable-interpreters.inc)
+# Allows files commonly used by IDEs
-#include allow-python2.inc
+#include allow-common-devel.inc
-#include allow-python3.inc
-# Allow perl (blacklisted by disable-interpreters.inc)
+# Allow gjs (blacklisted by disable-interpreters.inc)
-#include allow-perl.inc
+#include allow-gjs.inc
 # Allow java (blacklisted by disable-devel.inc)
 #include allow-java.inc
@@ -94,14 +93,15 @@ include globals.local
 # Allow lua (blacklisted by disable-interpreters.inc)
 #include allow-lua.inc
-# Allow ruby (blacklisted by disable-interpreters.inc)
+# Allow perl (blacklisted by disable-interpreters.inc)
-#include allow-ruby.inc
+#include allow-perl.inc
-# Allow gjs (blacklisted by disable-interpreters.inc)
+# Allow python (blacklisted by disable-interpreters.inc)
-#include allow-gjs.inc
+#include allow-python2.inc
+#include allow-python3.inc
-# Allows files commonly used by IDEs
+# Allow ruby (blacklisted by disable-interpreters.inc)
-#include allow-common-devel.inc
+#include allow-ruby.inc
 # Allow ssh (blacklisted by disable-common.inc)
 #include allow-ssh.inc
@@ -117,10 +117,10 @@ include globals.local
 #include disable-xdg.inc
 # This section often mirrors noblacklist section above. The idea is
-# that if a user feels too restricted (he's unable to save files into
+# that if a user feels too restricted (e.g. unable to save files into
-# home directory for instance) he/she may disable whitelist (nowhitelist)
+# home directory) they may disable whitelist (nowhitelist)
 # in PROFILE.local but still be protected by BLACKLISTS section
-# (further explanation at https://github.com/netblue30/firejail/issues/1569)
+# (explanation at https://github.com/netblue30/firejail/issues/1569)
 #mkdir PATH
 ##mkfile PATH
 #whitelist PATH
@@ -136,7 +136,7 @@ include globals.local
 ##hostname NAME
 # CLI only
 ##ipc-namespace
-# breaks sound and sometime dbus related functions
+# breaks audio and sometimes dbus related functions
 #machine-id
 # 'net none' or 'netfilter'
 #net none
@@ -155,13 +155,13 @@ include globals.local
 #  - unix is usually needed
 #  - inet,inet6 only if internet access is required (see 'net none'/'netfilter' above)
 #  - netlink is rarely needed
-#  - packet almost never
+#  - packet and bluetooth almost never
-#protocol unix,inet,inet6,netlink,packet
+#protocol unix,inet,inet6,netlink,packet,bluetooth
 #seccomp
 ##seccomp !chroot
 ##seccomp.drop SYSCALLS (see syscalls.txt)
 #seccomp.block-secondary
-##seccomp-error-action log (Only for debugging seccomp issues)
+##seccomp-error-action log (only for debugging seccomp issues)
 #shell none
 #tracelog
 # Prefer 'x11 none' instead of 'blacklist /tmp/.X11-unix' if 'net none' is set
@@ -176,16 +176,16 @@ include globals.local
 #private-etc FILES
 # private-etc templates (see also #1734, #2093)
 #  Common: alternatives,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,xdg
-#    Extra: magic,magic.mgc,passwd,group
+#    Extra: group,magic,magic.mgc,passwd
-#  Networking: ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf,hosts,host.conf,hostname,protocols,services,rpc
+#  3D: bumblebee,drirc,glvnd,nvidia
-#    Extra: proxychains.conf,gai.conf
+#  Audio: alsa,asound.conf,machine-id,pulse
-#  Sound: alsa,asound.conf,pulse,machine-id
+#  D-Bus: dbus-1,machine-id
 #  GUI: fonts,pango,X11
 #  GTK: dconf,gconf,gtk-2.0,gtk-3.0
-#  Qt: Trolltech.conf
 #  KDE: kde4rc,kde5rc
-#  3D: drirc,glvnd,bumblebee,nvidia
+#  Networking: ca-certificates,crypto-policies,host.conf,hostname,hosts,nsswitch.conf,pki,protocols,resolv.conf,services,rpc,ssl
-#  D-Bus: dbus-1,machine-id
+#    Extra: gai.conf,proxychains.conf
+#  Qt: Trolltech.conf
 ##private-lib LIBS
 ##private-opt NAME
 #private-tmp
@@ -194,15 +194,16 @@ include globals.local
 ##writable-var
 ##writable-var-log
-# Since 0.9.63 also a more granular regulation of dbus is supported.
+# Since 0.9.63 also a more granular control of dbus is supported.
-# To get the dbus-addresses to which an application needs access to.
+# To get the dbus-addresses an application needs access to you can
-# You can look at flatpak if the application is also distriputed via flatpak:
+# check with flatpak (when the application is distriputed that way):
 #    flatpak remote-info --show-metadata flathub <APP-ID>
 # Notes:
 #  - flatpak implicitly allows an app to own <APP-ID> on the session bus
-#  - In order to make dconf work (if it is used by the app) you need to allow
+#  - Some features like native notifications are implemented as portal too.
-#    'ca.desrt.dconf' even if it is not allowed by flatpak.
+#  - In order to make dconf work (when used by the app) you need to allow
-# Notes and Policiy about addresses can be found at
+#    'ca.desrt.dconf' even when not allowed by flatpak.
+# Notes and policies about addresses can be found at
 # <https://github.com/netblue30/firejail/wiki/Restrict-D-Bus>
 #dbus-user filter
 #dbus-user.own com.github.netblue30.firejail
@@ -211,7 +212,7 @@ include globals.local
 #dbus-system none
 ##env VAR=VALUE
+##join-or-start NAME
 #memory-deny-write-execute
 ##noexec PATH
 ##read-only ${HOME}
-##join-or-start NAME
diff --git a/gcov.sh b/gcov.sh
index ea403bf5a..65f06a4d4 100755
--- a/gcov.sh
+++ b/gcov.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 gcov_init() {
diff --git a/install.sh b/install.sh
index 2fa61cc0a..e26cea7b0 100755
--- a/install.sh
+++ b/install.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 echo "installing..."
diff --git a/linecnt.sh b/linecnt.sh
index 1bf834015..ccce2da82 100755
--- a/linecnt.sh
+++ b/linecnt.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 gcov_init() {
diff --git a/mkasc.sh b/mkasc.sh
index 32f874bd6..31c3f4ffd 100755
--- a/mkasc.sh
+++ b/mkasc.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 echo "Calculating SHA256 for all files in /transfer - firejail version $1"
diff --git a/mkdeb.sh.in b/mkdeb.sh.in
index 5b68175fd..e45acf8eb 100755
--- a/mkdeb.sh.in
+++ b/mkdeb.sh.in
@@ -1,6 +1,6 @@
 #!/bin/sh
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 # based on http://tldp.org/HOWTO/html_single/Debian-Binary-Package-Building-HOWTO/
diff --git a/mketc.sh b/mketc.sh
index 8102f58b8..0aa313b17 100755
--- a/mketc.sh
+++ b/mketc.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 sed -i -e '
diff --git a/mkman.sh b/mkman.sh
index 6ca96d331..8767972d1 100755
--- a/mkman.sh
+++ b/mkman.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set -e
diff --git a/mkuid.sh b/mkuid.sh
index 96d6fa401..0264628cc 100755
--- a/mkuid.sh
+++ b/mkuid.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 echo "extracting UID_MIN and GID_MIN"
diff --git a/platform/debian/copyright b/platform/debian/copyright
index c0f98104d..d4bdb1283 100644
--- a/platform/debian/copyright
+++ b/platform/debian/copyright
@@ -7,7 +7,7 @@ This is the Debian/Ubuntu prepackaged version of firejail.
    and networking stack isolation, and it runs on any recent Linux system. It
    includes a sandbox profile for Mozilla Firefox.
-    Copyright (C) 2014-2020 Firejail Authors (see README file for more details)
+    Copyright (C) 2014-2021 Firejail Authors (see README file for more details)
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/platform/rpm/firejail.spec b/platform/rpm/firejail.spec
index da91f5a4f..85df1b4eb 100644
--- a/platform/rpm/firejail.spec
+++ b/platform/rpm/firejail.spec
@@ -35,10 +35,12 @@ rm -rf %{buildroot}
 %attr(4755, -, -) %{_bindir}/__NAME__
 %{_bindir}/firecfg
 %{_bindir}/firemon
+%{_bindir}/jailtest
 %{_libdir}/__NAME__
 %{_datarootdir}/bash-completion/completions/__NAME__
 %{_datarootdir}/bash-completion/completions/firecfg
 %{_datarootdir}/bash-completion/completions/firemon
+%{_datarootdir}/zsh/site-functions/_firejail
 %{_docdir}/__NAME__
 %{_mandir}/man1/__NAME__.1.gz
 %{_mandir}/man1/firecfg.1.gz
@@ -46,4 +48,5 @@ rm -rf %{buildroot}
 %{_mandir}/man5/__NAME__-login.5.gz
 %{_mandir}/man5/__NAME__-profile.5.gz
 %{_mandir}/man5/__NAME__-users.5.gz
+%{_mandir}/man5/jailtest.5.gz
 %config(noreplace) %{_sysconfdir}/__NAME__
diff --git a/platform/rpm/mkrpm.sh b/platform/rpm/mkrpm.sh
index c9b90dbe3..b8470dd71 100755
--- a/platform/rpm/mkrpm.sh
+++ b/platform/rpm/mkrpm.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # Usage: ./platform/rpm/mkrpm.sh firejail <version> "<config options>"
diff --git a/src/bash_completion/Makefile.in b/src/bash_completion/Makefile.in
new file mode 100644
index 000000000..f7db9e6b4
--- /dev/null
+++ b/src/bash_completion/Makefile.in
@@ -0,0 +1,17 @@
+.PHONY: all
+all: firejail.bash_completion
+include ../common.mk
+firejail.bash_completion: firejail.bash_completion.in
+        gawk -f ../man/preproc.awk -- $(MANFLAGS) < $< > $@.tmp
+        sed "s|_SYSCONFDIR_|$(sysconfdir)|" < $@.tmp > $@
+        rm $@.tmp
+.PHONY: clean
+clean:
+        rm -fr firejail.bash_completion
+.PHONY: distclean
+distclean: clean
+        rm -fr Makefile
diff --git a/src/bash_completion/firejail.bash_completion b/src/bash_completion/firejail.bash_completion.in
index 0a1b34d7d..f68edf380 100644
--- a/src/bash_completion/firejail.bash_completion
+++ b/src/bash_completion/firejail.bash_completion.in
@@ -9,6 +9,17 @@ __interfaces(){
    cut -f 1 -d ':' /proc/net/dev | tail -n +3 | grep -v lo | xargs
 }
+_profiles() {
+    if [[ -d "$1" ]] ; then
+        ls -1 $1/*.profile 2>/dev/null | sed -E 's;^.*\/;;g'
+    fi
+}
+_all_profiles() {
+    local sys_profiles=$(_profiles _SYSCONFDIR_/firejail)
+    local user_profiles=$(_profiles $HOME/.config/firejail)
+    COMPREPLY=($(compgen -W "${sys_profiles} ${user_profiles}" -- "$cur"))
+}
 _firejail()
 {
@@ -20,7 +31,7 @@ _firejail()
            return 0
            ;;
        --profile)
-            _filedir
+            _all_profiles
            return 0
            ;;
        --hosts-file)
@@ -79,10 +90,6 @@ _firejail()
            _filedir
            return 0
            ;;
-        --audit)
-            _filedir
-            return 0
-            ;;
         --net)
                comps=$(__interfaces)
            COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
diff --git a/src/common.mk.in b/src/common.mk.in
index b8a13cd1b..a3df4abb6 100644
--- a/src/common.mk.in
+++ b/src/common.mk.in
@@ -25,6 +25,9 @@ HAVE_GCOV=@HAVE_GCOV@
 HAVE_SELINUX=@HAVE_SELINUX@
 HAVE_DBUSPROXY=@HAVE_DBUSPROXY@
 HAVE_USERTMPFS=@HAVE_USERTMPFS@
+HAVE_OUTPUT=@HAVE_OUTPUT@
+HAVE_LTS=@HAVE_LTS@
+HAVE_FORCE_NONEWPRIVS=@HAVE_FORCE_NONEWPRIVS@
 H_FILE_LIST       = $(sort $(wildcard *.[h]))
 C_FILE_LIST       = $(sort $(wildcard *.c))
@@ -34,7 +37,7 @@ BINOBJS =  $(foreach file, $(OBJS), $file)
 CFLAGS = @CFLAGS@
 CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV)
 CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"'
-MANFLAGS = $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX)
+MANFLAGS = $(HAVE_LTS) $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX) $(HAVE_FORCE_NONEWPRIVS)
 CFLAGS += $(MANFLAGS)
 CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security
 LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now -lpthread
diff --git a/src/faudit/Makefile.in b/src/faudit/Makefile.in
deleted file mode 100644
index 44c121a4c..000000000
--- a/src/faudit/Makefile.in
+++ /dev/null
@@ -1,14 +0,0 @@
-all: faudit
-include ../common.mk
-%.o : %.c $(H_FILE_LIST)
-        $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@
-faudit: $(OBJS)
-        $(CC)  $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS)
-clean:; rm -fr *.o faudit *.gcov *.gcda *.gcno *.plist
-distclean: clean
-        rm -fr Makefile
diff --git a/src/faudit/caps.c b/src/faudit/caps.c
deleted file mode 100644
index 6687fce5a..000000000
--- a/src/faudit/caps.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (C) 2014-2020 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "faudit.h"
-#include <linux/capability.h>
-#define MAXBUF 4098
-static int extract_caps(uint64_t *val) {
-        FILE *fp = fopen("/proc/self/status", "r");
-        if (!fp)
-                return 1;
-        char buf[MAXBUF];
-        while (fgets(buf, MAXBUF, fp)) {
-                if (strncmp(buf, "CapBnd:\t", 8) == 0) {
-                        char *ptr = buf + 8;
-                        unsigned long long tmp;
-                        sscanf(ptr, "%llx", &tmp);
-                        *val = tmp;
-                        fclose(fp);
-                        return 0;
-                }
-        }
-        fclose(fp);
-        return 1;
-}
-// return 1 if the capability is in the map
-static int check_capability(uint64_t map, int cap) {
-        int i;
-        uint64_t mask = 1ULL;
-        for (i = 0; i < 64; i++, mask <<= 1) {
-                if ((i == cap) && (mask & map))
-                        return 1;
-        }
-        return 0;
-}
-void caps_test(void) {
-        uint64_t caps_val;
-        if (extract_caps(&caps_val)) {
-                printf("SKIP: cannot extract capabilities on this platform.\n");
-                return;
-        }
-        if (caps_val) {
-                printf("BAD: the capability map is %llx, it should be all zero. ", (unsigned long long) caps_val);
-                printf("Use \"firejail --caps.drop=all\" to fix it.\n");
-                if (check_capability(caps_val, CAP_SYS_ADMIN))
-                        printf("UGLY: CAP_SYS_ADMIN is enabled.\n");
-                if (check_capability(caps_val, CAP_SYS_BOOT))
-                        printf("UGLY: CAP_SYS_BOOT is enabled.\n");
-        }
-        else
-                printf("GOOD: all capabilities are disabled.\n");
-}
diff --git a/src/faudit/dbus.c b/src/faudit/dbus.c
deleted file mode 100644
index 2a3c282d7..000000000
--- a/src/faudit/dbus.c
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
- * Copyright (C) 2014-2020 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "faudit.h"
-#include "../include/rundefs.h"
-#include <stdarg.h>
-#include <sys/socket.h>
-#include <sys/un.h>
-// return 0 if the connection is possible
-int check_unix(const char *sockfile) {
-        assert(sockfile);
-        int rv = -1;
-        // open socket
-        int sock = socket(AF_UNIX, SOCK_STREAM, 0);
-        if (sock == -1)
-                return rv;
-        // connect
-        struct sockaddr_un remote;
-        memset(&remote, 0, sizeof(struct sockaddr_un));
-        remote.sun_family = AF_UNIX;
-        strncpy(remote.sun_path, sockfile, sizeof(remote.sun_path) - 1);
-        int len = strlen(remote.sun_path) + sizeof(remote.sun_family);
-        if (*sockfile == '@')
-                remote.sun_path[0] = '\0';
-        if (connect(sock, (struct sockaddr *)&remote, len) == 0)
-                rv = 0;
-        close(sock);
-        return rv;
-}
-static char *test_dbus_env(char *env_var_name) {
-        // check the session bus
-        char *str = getenv(env_var_name);
-        char *found = NULL;
-        if (str) {
-                int rv = 0;
-                char *bus = strdup(str);
-                if (!bus)
-                        errExit("strdup");
-                char *sockfile;
-                if ((sockfile = strstr(bus, "unix:abstract=")) != NULL) {
-                        sockfile += 13;
-                        *sockfile = '@';
-                        char *ptr = strchr(sockfile, ',');
-                        if (ptr)
-                                *ptr = '\0';
-                        rv = check_unix(sockfile);
-                        *sockfile = '@';
-                        if (rv == 0)
-                                printf("MAYBE: D-Bus socket %s is available\n", sockfile);
-                        else if (rv == -1)
-                                printf("GOOD: cannot connect to D-Bus socket %s\n", sockfile);
-                }
-                else if ((sockfile = strstr(bus, "unix:path=")) != NULL) {
-                        sockfile += 10;
-                        char *ptr = strchr(sockfile, ',');
-                        if (ptr)
-                                *ptr = '\0';
-                        rv = check_unix(sockfile);
-                        if (rv == 0) {
-                                if (strcmp(RUN_DBUS_USER_SOCKET, sockfile) == 0 ||
-                                        strcmp(RUN_DBUS_SYSTEM_SOCKET, sockfile) == 0) {
-                                        printf("GOOD: D-Bus filtering is active on %s\n", sockfile);
-                                } else {
-                                        printf("MAYBE: D-Bus socket %s is available\n", sockfile);
-                                }
-                        }
-                        else if (rv == -1)
-                                printf("GOOD: cannot connect to D-Bus socket %s\n", sockfile);
-                        found = strdup(sockfile);
-                        if (!found)
-                                errExit("strdup");
-                }
-                else if (strstr(bus, "tcp:host=") != NULL)
-                        printf("UGLY: %s bus configured for TCP communication.\n", env_var_name);
-                else
-                        printf("GOOD: cannot find a %s D-Bus socket\n", env_var_name);
-                free(bus);
-        }
-        else
-                printf("MAYBE: %s environment variable not configured.\n", env_var_name);
-        return found;
-}
-static void test_default_socket(const char *found, const char *format, ...) {
-        va_list ap;
-        va_start(ap, format);
-        char *sockfile;
-        if (vasprintf(&sockfile, format, ap) == -1)
-                errExit("vasprintf");
-        va_end(ap);
-        if (found != NULL && strcmp(found, sockfile) == 0)
-                goto end;
-        int rv = check_unix(sockfile);
-        if (rv == 0)
-                printf("MAYBE: D-Bus socket %s is available\n", sockfile);
-end:
-        free(sockfile);
-}
-void dbus_test(void) {
-        char *found_user = test_dbus_env("DBUS_SESSION_BUS_ADDRESS");
-        test_default_socket(found_user, "/run/user/%d/bus", (int) getuid());
-        test_default_socket(found_user, "/run/user/%d/dbus/user_bus_socket", (int) getuid());
-        if (found_user != NULL)
-                free(found_user);
-        char *found_system = test_dbus_env("DBUS_SYSTEM_BUS_ADDRESS");
-        test_default_socket(found_system, "/run/dbus/system_bus_socket");
-        if (found_system != NULL)
-                free(found_system);
-}
diff --git a/src/faudit/faudit.h b/src/faudit/faudit.h
deleted file mode 100644
index 20189a0ff..000000000
--- a/src/faudit/faudit.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright (C) 2014-2020 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#ifndef FAUDIT_H
-#define FAUDIT_H
-#define _GNU_SOURCE
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/mount.h>
-#include <assert.h>
-#define errExit(msg)    do { char msgout[500]; snprintf(msgout, 500, "Error %s:%s(%d)", msg, __FUNCTION__, __LINE__); perror(msgout); exit(1);} while (0)
-// main.c
-extern char *prog;
-// pid.c
-void pid_test(void);
-// caps.c
-void caps_test(void);
-// seccomp.c
-void seccomp_test(void);
-// syscall.c
-void syscall_helper(int argc, char **argv);
-void syscall_run(const char *name);
-// files.c
-void files_test(void);
-// network.c
-void network_test(void);
-// dbus.c
-int check_unix(const char *sockfile);
-void dbus_test(void);
-// dev.c
-void dev_test(void);
-// x11.c
-void x11_test(void);
-#endif
diff --git a/src/faudit/files.c b/src/faudit/files.c
deleted file mode 100644
index 6dd3874b9..000000000
--- a/src/faudit/files.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright (C) 2014-2020 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "faudit.h"
-#include <fcntl.h>
-#include <pwd.h>
-static char *username = NULL;
-static char *homedir = NULL;
-static void check_home_file(const char *name) {
-        assert(homedir);
-        char *fname;
-        if (asprintf(&fname, "%s/%s", homedir, name) ==  -1)
-                errExit("asprintf");
-        if (access(fname, R_OK) == 0) {
-                printf("UGLY: I can access files in %s directory. ", fname);
-                printf("Use \"firejail --blacklist=%s\" to block it.\n", fname);
-        }
-        else
-                printf("GOOD: I cannot access files in %s directory.\n", fname);
-        free(fname);
-}
-void files_test(void) {
-        struct passwd *pw = getpwuid(getuid());
-        if (!pw) {
-                fprintf(stderr, "Error: cannot retrieve user account information\n");
-                return;
-        }
-        username = strdup(pw->pw_name);
-        if (!username)
-                errExit("strdup");
-        homedir = strdup(pw->pw_dir);
-        if (!homedir)
-                errExit("strdup");
-        // check access to .ssh directory
-        check_home_file(".ssh");
-        // check access to .gnupg directory
-        check_home_file(".gnupg");
-        // check access to Firefox browser directory
-        check_home_file(".mozilla");
-        // check access to Chromium browser directory
-        check_home_file(".config/chromium");
-        // check access to Debian Icedove directory
-        check_home_file(".icedove");
-        // check access to Thunderbird directory
-        check_home_file(".thunderbird");
-}
diff --git a/src/faudit/main.c b/src/faudit/main.c
deleted file mode 100644
index f6df9772d..000000000
--- a/src/faudit/main.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright (C) 2014-2020 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "faudit.h"
-char *prog;
-int main(int argc, char **argv) {
-        // make test-arguments helper
-        if (getenv("FIREJAIL_TEST_ARGUMENTS")) {
-                printf("Arguments:\n");
-                int i;
-                for (i = 0; i < argc; i++) {
-                        printf("#%s#\n", argv[i]);
-                }
-                return 0;
-        }
-        if (argc != 1) {
-                int i;
-                for (i = 1; i < argc; i++) {
-                        if (strcmp(argv[i], "syscall") == 0) {
-                                syscall_helper(argc, argv);
-                                return 0;
-                        }
-                }
-                return 1;
-        }
-        printf("\n---------------- Firejail Audit: the GOOD, the BAD and the UGLY ----------------\n");
-        // extract program name
-        prog = realpath(argv[0], NULL);
-        if (prog == NULL) {
-                prog = strdup("faudit");
-                if (!prog)
-                        errExit("strdup");
-        }
-        printf("INFO: starting %s.\n", prog);
-        // check pid namespace
-        pid_test();
-        printf("\n");
-        // check seccomp
-        seccomp_test();
-        printf("\n");
-        // check capabilities
-        caps_test();
-        printf("\n");
-        // check some well-known problematic files and directories
-        files_test();
-        printf("\n");
-        // network
-        network_test();
-        printf("\n");
-        // dbus
-        dbus_test();
-        printf("\n");
-        // x11 test
-        x11_test();
-        printf("\n");
-        // /dev test
-        dev_test();
-        printf("\n");
-        free(prog);
-        printf("--------------------------------------------------------------------------------\n");
-        return 0;
-}
diff --git a/src/faudit/network.c b/src/faudit/network.c
deleted file mode 100644
index f28aff554..000000000
--- a/src/faudit/network.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Copyright (C) 2014-2020 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "faudit.h"
-#include <sys/socket.h>
-#include <arpa/inet.h>
-#include <linux/netlink.h>
-#include <linux/rtnetlink.h>
-static void check_ssh(void) {
-        // open socket
-        int sock = socket(AF_INET, SOCK_STREAM, 0);
-        if (sock == -1) {
-                printf("GOOD: SSH server not available on localhost.\n");
-                return;
-        }
-        // connect to localhost
-        struct sockaddr_in server;
-        server.sin_addr.s_addr = inet_addr("127.0.0.1");
-        server.sin_family = AF_INET;
-        server.sin_port = htons(22);
-        if (connect(sock , (struct sockaddr *)&server , sizeof(server)) < 0)
-                printf("GOOD: SSH server not available on localhost.\n");
-        else {
-                printf("MAYBE: an SSH server is accessible on localhost. ");
-                printf("It could be a good idea to create a new network namespace using \"--net=none\" or \"--net=eth0\".\n");
-        }
-        close(sock);
-}
-static void check_http(void) {
-        // open socket
-        int sock = socket(AF_INET, SOCK_STREAM, 0);
-        if (sock == -1) {
-                printf("GOOD: HTTP server not available on localhost.\n");
-                return;
-        }
-        // connect to localhost
-        struct sockaddr_in server;
-        server.sin_addr.s_addr = inet_addr("127.0.0.1");
-        server.sin_family = AF_INET;
-        server.sin_port = htons(80);
-        if (connect(sock , (struct sockaddr *)&server , sizeof(server)) < 0)
-                printf("GOOD: HTTP server not available on localhost.\n");
-        else {
-                printf("MAYBE: an HTTP server is accessible on localhost. ");
-                printf("It could be a good idea to create a new network namespace using \"--net=none\" or \"--net=eth0\".\n");
-        }
-        close(sock);
-}
-void check_netlink(void) {
-        int sock = socket(AF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, 0);
-        if (sock == -1) {
-                printf("GOOD: I cannot connect to netlink socket. Network utilities such as iproute2 will not work in the sandbox.\n");
-                return;
-        }
-        struct sockaddr_nl local;
-        memset(&local, 0, sizeof(local));
-        local.nl_family = AF_NETLINK;
-        local.nl_groups = 0; //subscriptions;
-        if (bind(sock, (struct sockaddr*)&local, sizeof(local)) < 0) {
-                printf("GOOD: I cannot connect to netlink socket. Network utilities such as iproute2 will not work in the sandbox.\n");
-                close(sock);
-                return;
-        }
-        close(sock);
-        printf("MAYBE: I can connect to netlink socket. Network utilities such as iproute2 will work fine in the sandbox. ");
-        printf("You can use \"--protocol\" to disable the socket.\n");
-}
-void network_test(void) {
-        check_ssh();
-        check_http();
-        check_netlink();
-}
diff --git a/src/faudit/pid.c b/src/faudit/pid.c
deleted file mode 100644
index 0a277ddc2..000000000
--- a/src/faudit/pid.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright (C) 2014-2020 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "faudit.h"
-void pid_test(void) {
-        static char *kern_proc[] = {
-                "kthreadd",
-                "ksoftirqd",
-                "kworker",
-                "rcu_sched",
-                "rcu_bh",
-                NULL    // NULL terminated list
-        };
-        int i;
-        // look at the first 10 processes
-        int not_visible = 1;
-        for (i = 1; i <= 10; i++) {
-                struct stat s;
-                char *fname;
-                if (asprintf(&fname, "/proc/%d/comm", i) == -1)
-                        errExit("asprintf");
-                if (stat(fname, &s) == -1) {
-                        free(fname);
-                        continue;
-                }
-                // open file
-                /* coverity[toctou] */
-                FILE *fp = fopen(fname, "r");
-                if (!fp) {
-                        free(fname);
-                        continue;
-                }
-                // read file
-                char buf[100];
-                if (fgets(buf, 10, fp) == NULL) {
-                        fclose(fp);
-                        free(fname);
-                        continue;
-                }
-                not_visible = 0;
-                // clean /n
-                char *ptr;
-                if ((ptr = strchr(buf, '\n')) != NULL)
-                        *ptr = '\0';
-                // check process name against the kernel list
-                int j = 0;
-                while (kern_proc[j] != NULL) {
-                        if (strncmp(buf, kern_proc[j], strlen(kern_proc[j])) == 0) {
-                                fclose(fp);
-                                free(fname);
-                                printf("BAD: Process %d is not running in a PID namespace. ", getpid());
-                                printf("Are you sure you're running in a sandbox?\n");
-                                return;
-                        }
-                        j++;
-                }
-                fclose(fp);
-                free(fname);
-        }
-        pid_t pid = getpid();
-        if (not_visible && pid > 100)
-                printf("BAD: Process %d is not running in a PID namespace.\n", pid);
-        else
-                printf("GOOD: process %d is running in a PID namespace.\n", pid);
-        // try to guess the type of container/sandbox
-        char *str = getenv("container");
-        if (str)
-                printf("INFO: container/sandbox %s.\n", str);
-        else {
-                str = getenv("SNAP");
-                if (str)
-                        printf("INFO: this is a snap package\n");
-        }
-}
diff --git a/src/faudit/seccomp.c b/src/faudit/seccomp.c
deleted file mode 100644
index ca9d34b84..000000000
--- a/src/faudit/seccomp.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Copyright (C) 2014-2020 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "faudit.h"
-#define MAXBUF 4098
-static int extract_seccomp(int *val) {
-        FILE *fp = fopen("/proc/self/status", "r");
-        if (!fp)
-                return 1;
-        char buf[MAXBUF];
-        while (fgets(buf, MAXBUF, fp)) {
-                if (strncmp(buf, "Seccomp:\t", 9) == 0) {
-                        char *ptr = buf + 9;
-                        int tmp;
-                        sscanf(ptr, "%d", &tmp);
-                        *val = tmp;
-                        fclose(fp);
-                        return 0;
-                }
-        }
-        fclose(fp);
-        return 1;
-}
-void seccomp_test(void) {
-        int seccomp_status;
-        int rv = extract_seccomp(&seccomp_status);
-        if (rv) {
-                printf("INFO: cannot extract seccomp configuration on this platform.\n");
-                return;
-        }
-        if (seccomp_status == 0) {
-                printf("BAD: seccomp disabled. Use \"firejail --seccomp\" to enable it.\n");
-        }
-        else if (seccomp_status == 1)
-                printf("GOOD: seccomp strict mode - only  read, write, _exit, and sigreturn are allowed.\n");
-        else if (seccomp_status == 2) {
-                printf("GOOD: seccomp BPF enabled.\n");
-                printf("checking syscalls: "); fflush(0);
-                printf("mount... "); fflush(0);
-                syscall_run("mount");
-                printf("umount2... "); fflush(0);
-                syscall_run("umount2");
-                printf("ptrace... "); fflush(0);
-                syscall_run("ptrace");
-                printf("swapon... "); fflush(0);
-                syscall_run("swapon");
-                printf("swapoff... "); fflush(0);
-                syscall_run("swapoff");
-                printf("init_module... "); fflush(0);
-                syscall_run("init_module");
-                printf("delete_module... "); fflush(0);
-                syscall_run("delete_module");
-                printf("chroot... "); fflush(0);
-                syscall_run("chroot");
-                printf("pivot_root... "); fflush(0);
-                syscall_run("pivot_root");
-#if defined(__i386__) || defined(__x86_64__)
-                printf("iopl... "); fflush(0);
-                syscall_run("iopl");
-                printf("ioperm... "); fflush(0);
-                syscall_run("ioperm");
-#endif
-                printf("\n");
-        }
-        else
-                fprintf(stderr, "Error: unrecognized seccomp mode\n");
-}
diff --git a/src/faudit/syscall.c b/src/faudit/syscall.c
deleted file mode 100644
index a8aa572a7..000000000
--- a/src/faudit/syscall.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Copyright (C) 2014-2020 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "faudit.h"
-#include <sys/ptrace.h>
-#include <sys/swap.h>
-#if defined(__i386__) || defined(__x86_64__)
-#include <sys/io.h>
-#endif
-#include <sys/wait.h>
-extern int init_module(void *module_image, unsigned long len,
-                       const char *param_values);
-extern int finit_module(int fd, const char *param_values,
-                        int flags);
-extern int delete_module(const char *name, int flags);
-extern int pivot_root(const char *new_root, const char *put_old);
-void syscall_helper(int argc, char **argv) {
-        (void) argc;
-        if (argc < 3)
-                return;
-        if (strcmp(argv[2], "mount") == 0) {
-                int rv = mount(NULL, NULL, NULL, 0, NULL);
-                (void) rv;
-                printf("\nUGLY: mount syscall permitted.\n");
-        }
-        else if (strcmp(argv[2], "umount2") == 0) {
-                umount2(NULL, 0);
-                printf("\nUGLY: umount2 syscall permitted.\n");
-        }
-        else if (strcmp(argv[2], "ptrace") == 0) {
-                ptrace(0, 0, NULL, NULL);
-                printf("\nUGLY: ptrace syscall permitted.\n");
-        }
-        else if (strcmp(argv[2], "swapon") == 0) {
-                swapon(NULL, 0);
-                printf("\nUGLY: swapon syscall permitted.\n");
-        }
-        else if (strcmp(argv[2], "swapoff") == 0) {
-                swapoff(NULL);
-                printf("\nUGLY: swapoff syscall permitted.\n");
-        }
-        else if (strcmp(argv[2], "init_module") == 0) {
-                init_module(NULL, 0, NULL);
-                printf("\nUGLY: init_module syscall permitted.\n");
-        }
-        else if (strcmp(argv[2], "delete_module") == 0) {
-                delete_module(NULL, 0);
-                printf("\nUGLY: delete_module syscall permitted.\n");
-        }
-        else if (strcmp(argv[2], "chroot") == 0) {
-                int rv = chroot("/blablabla-57281292");
-                (void) rv;
-                printf("\nUGLY: chroot syscall permitted.\n");
-        }
-        else if (strcmp(argv[2], "pivot_root") == 0) {
-                pivot_root(NULL, NULL);
-                printf("\nUGLY: pivot_root syscall permitted.\n");
-        }
-#if defined(__i386__) || defined(__x86_64__)
-        else if (strcmp(argv[2], "iopl") == 0) {
-                iopl(0L);
-                printf("\nUGLY: iopl syscall permitted.\n");
-        }
-        else if (strcmp(argv[2], "ioperm") == 0) {
-                ioperm(0, 0, 0);
-                printf("\nUGLY: ioperm syscall permitted.\n");
-        }
-#endif
-        exit(0);
-}
-void syscall_run(const char *name) {
-        assert(prog);
-        pid_t child = fork();
-        if (child < 0)
-                errExit("fork");
-        if (child == 0) {
-                execl(prog, prog, "syscall", name, NULL);
-                perror("execl");
-                _exit(1);
-        }
-        // wait for the child to finish
-        waitpid(child, NULL, 0);
-}
diff --git a/src/faudit/x11.c b/src/faudit/x11.c
deleted file mode 100644
index 5907ca761..000000000
--- a/src/faudit/x11.c
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Copyright (C) 2014-2020 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "faudit.h"
-#include <sys/socket.h>
-#include <dirent.h>
-void x11_test(void) {
-        // check regular display 0 sockets
-        if (check_unix("/tmp/.X11-unix/X0") == 0)
-                printf("MAYBE: X11 socket /tmp/.X11-unix/X0 is available\n");
-        if (check_unix("@/tmp/.X11-unix/X0") == 0)
-                printf("MAYBE: X11 socket @/tmp/.X11-unix/X0 is available\n");
-        // check all unix sockets in /tmp/.X11-unix directory
-        DIR *dir;
-        if (!(dir = opendir("/tmp/.X11-unix"))) {
-                // sleep 2 seconds and try again
-                sleep(2);
-                if (!(dir = opendir("/tmp/.X11-unix"))) {
-                        ;
-                }
-        }
-        if (dir == NULL)
-                printf("GOOD: cannot open /tmp/.X11-unix directory\n");
-        else {
-                struct dirent *entry;
-                while ((entry = readdir(dir)) != NULL) {
-                        if (strcmp(entry->d_name, "X0") == 0)
-                                continue;
-                        if (strcmp(entry->d_name, ".") == 0)
-                                continue;
-                        if (strcmp(entry->d_name, "..") == 0)
-                                continue;
-                        char *name;
-                        if (asprintf(&name, "/tmp/.X11-unix/%s", entry->d_name) == -1)
-                                errExit("asprintf");
-                        if (check_unix(name) == 0)
-                                printf("MAYBE: X11 socket %s is available\n", name);
-                        free(name);
-                }
-                closedir(dir);
-        }
-}
diff --git a/src/fbuilder/Makefile.in b/src/fbuilder/Makefile.in
index 2847ca2cb..6eaee284b 100644
--- a/src/fbuilder/Makefile.in
+++ b/src/fbuilder/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: fbuilder
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 fbuilder: $(OBJS)
        $(CC)  $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS)
+.PHONY: clean
 clean:; rm -fr *.o fbuilder *.gcov *.gcda *.gcno *.plist
+.PHONY: distclean
 distclean: clean
        rm -fr Makefile
diff --git a/src/fbuilder/build_bin.c b/src/fbuilder/build_bin.c
index c6f84dfbc..96bd351f3 100644
--- a/src/fbuilder/build_bin.c
+++ b/src/fbuilder/build_bin.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c
index 0bc4a0ee2..495f71ab8 100644
--- a/src/fbuilder/build_fs.c
+++ b/src/fbuilder/build_fs.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fbuilder/build_home.c b/src/fbuilder/build_home.c
index c0f4a3407..683009b71 100644
--- a/src/fbuilder/build_home.c
+++ b/src/fbuilder/build_home.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c
index 09f41a838..96a83954d 100644
--- a/src/fbuilder/build_profile.c
+++ b/src/fbuilder/build_profile.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fbuilder/build_seccomp.c b/src/fbuilder/build_seccomp.c
index 041d14d0e..dc3cce456 100644
--- a/src/fbuilder/build_seccomp.c
+++ b/src/fbuilder/build_seccomp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fbuilder/fbuilder.h b/src/fbuilder/fbuilder.h
index 5c043ffec..8d3621c02 100644
--- a/src/fbuilder/fbuilder.h
+++ b/src/fbuilder/fbuilder.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fbuilder/filedb.c b/src/fbuilder/filedb.c
index bf4e911dd..6e302a606 100644
--- a/src/fbuilder/filedb.c
+++ b/src/fbuilder/filedb.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fbuilder/main.c b/src/fbuilder/main.c
index 5612c21d5..f4917aefc 100644
--- a/src/fbuilder/main.c
+++ b/src/fbuilder/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fbuilder/utils.c b/src/fbuilder/utils.c
index 2ae829403..52493f470 100644
--- a/src/fbuilder/utils.c
+++ b/src/fbuilder/utils.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fcopy/Makefile.in b/src/fcopy/Makefile.in
index 85f84aa32..e19f5d3b5 100644
--- a/src/fcopy/Makefile.in
+++ b/src/fcopy/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: fcopy
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 fcopy: $(OBJS) ../lib/common.o
        $(CC)  $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o $(LIBS) $(EXTRA_LDFLAGS)
+.PHONY: clean
 clean:; rm -fr *.o fcopy *.gcov *.gcda *.gcno *.plist
+.PHONY: distclean
 distclean: clean
        rm -fr Makefile
diff --git a/src/fcopy/main.c b/src/fcopy/main.c
index e65501d6d..572e9f601 100644
--- a/src/fcopy/main.c
+++ b/src/fcopy/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -51,8 +51,9 @@ static int selinux_enabled = -1;
 #endif
 // copy from firejail/selinux.c
-static void selinux_relabel_path(const char *path, const char *inside_path)
+static void selinux_relabel_path(const char *path, const char *inside_path) {
-{
+        assert(path);
+        assert(inside_path);
 #if HAVE_SELINUX
        char procfs_path[64];
        char *fcon = NULL;
@@ -172,6 +173,51 @@ static void mkdir_attr(const char *fname, mode_t mode, uid_t uid, gid_t gid) {
        }
 }
+static char *proc_pid_to_self(const char *target) {
+        assert(target);
+        char *use_target = 0;
+        char *proc_pid = 0;
+        if (!(use_target = realpath(target, NULL)))
+                goto done;
+        // target is under /proc/<PID>?
+        static const char proc[] = "/proc/";
+        if (strncmp(use_target, proc, sizeof(proc) - 1))
+                goto done;
+        int digit = use_target[sizeof(proc) - 1];
+        if (digit < '1' || digit > '9')
+                goto done;
+        // check where /proc/self points to
+        static const char proc_self[] = "/proc/self";
+        if (!(proc_pid = realpath(proc_self, NULL)))
+                goto done;
+        // redirect /proc/PID/xxx -> /proc/self/XXX
+        size_t pfix = strlen(proc_pid);
+        if (strncmp(use_target, proc_pid, pfix))
+                goto done;
+        if (use_target[pfix] != 0 && use_target[pfix] != '/')
+                goto done;
+        char *tmp;
+        if (asprintf(&tmp, "%s%s", proc_self, use_target + pfix) != -1) {
+                if (arg_debug)
+                        fprintf(stderr, "SYMLINK %s\n  -->   %s\n", use_target, tmp);
+                free(use_target);
+                use_target = tmp;
+        }
+        else
+                errExit("asprintf");
+done:
+        if (proc_pid)
+                free(proc_pid);
+        return use_target;
+}
 void copy_link(const char *target, const char *linkpath, mode_t mode, uid_t uid, gid_t gid) {
        (void) mode;
@@ -183,7 +229,7 @@ void copy_link(const char *target, const char *linkpath, mode_t mode, uid_t uid,
        if (lstat(linkpath, &s) == 0)
               return;
-        char *rp = realpath(target, NULL);
+        char *rp = proc_pid_to_self(target);
        if (rp) {
                if (symlink(rp, linkpath) == -1) {
                        free(rp);
@@ -227,16 +273,14 @@ static int fs_copydir(const char *infname, const struct stat *st, int ftype, str
                        first = 0;
                else if (!arg_quiet)
                        fprintf(stderr, "Warning fcopy: skipping %s, file already present\n", infname);
-                free(outfname);
+                goto out;
-                return 0;
        }
        // extract mode and ownership
        if (stat(infname, &s) != 0) {
                if (!arg_quiet)
                        fprintf(stderr, "Warning fcopy: skipping %s, cannot find inode\n", infname);
-                free(outfname);
+                goto out;
-                return 0;
        }
        uid_t uid = s.st_uid;
        gid_t gid = s.st_gid;
@@ -246,8 +290,7 @@ static int fs_copydir(const char *infname, const struct stat *st, int ftype, str
        if ((s.st_size + size_cnt) > copy_limit) {
                fprintf(stderr, "Error fcopy: size limit of %lu MB reached\n", (copy_limit / 1024) / 1024);
                size_limit_reached = 1;
-                free(outfname);
+                goto out;
-                return 0;
        }
        file_cnt++;
@@ -262,7 +305,8 @@ static int fs_copydir(const char *infname, const struct stat *st, int ftype, str
        else if (ftype == FTW_SL) {
                copy_link(infname, outfname, mode, uid, gid);
        }
+out:
+        free(outfname);
        return(0);
 }
@@ -295,6 +339,7 @@ static char *check(const char *src) {
                return rsrc;                      // normal exit from the function
 errexit:
+        free(rsrc);
        fprintf(stderr, "Error fcopy: invalid file %s\n", src);
        exit(1);
 }
diff --git a/src/firecfg/Makefile.in b/src/firecfg/Makefile.in
index 40f6b9679..43329be46 100644
--- a/src/firecfg/Makefile.in
+++ b/src/firecfg/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: firecfg
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 firecfg: $(OBJS) ../lib/common.o ../lib/firejail_user.o
        $(CC)  $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/firejail_user.o $(LIBS) $(EXTRA_LDFLAGS)
+.PHONY: clean
 clean:; rm -fr *.o firecfg *.gcov *.gcda *.gcno *.plist
+.PHONY: distclean
 distclean: clean
        rm -fr Makefile
diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c
index 16aa638b3..06b0a117f 100644
--- a/src/firecfg/desktop_files.c
+++ b/src/firecfg/desktop_files.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index d056d0654..6cef32249 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -20,7 +20,9 @@ Maelstrom
 Maps
 Mathematica
 Natron
+PCSX2
 PPSSPPQt
+PPSSPPSDL
 QMediathekView
 QOwnNotes
 Screenshot
@@ -77,6 +79,7 @@ balsa
 baobab
 barrier
 basilisk
+bcompare
 beaker
 bibletime
 bijiben
@@ -146,6 +149,7 @@ cola
 com.github.bleakgrey.tootle
 com.github.dahenson.agenda
 com.github.johnfactotum.Foliate
+com.github.phase1geo.minder
 com.gitlab.newsflash
 conkeror
 conky
@@ -191,6 +195,10 @@ dropbox
 d-feet
 easystroke
 ebook-viewer
+ebook-convert
+ebook-edit
+ebook-meta
+ebook-polish
 electron-mail
 electrum
 element-desktop
@@ -375,6 +383,8 @@ impressive
 inkscape
 inkview
 inox
+ipcalc
+ipcalc-ng
 iridium
 iridium-browser
 jd-gui
@@ -458,7 +468,7 @@ lynx
 lyx
 macrofusion
 magicor
-# man
+man
 manaplus
 marker
 masterpdfeditor
@@ -547,6 +557,8 @@ neverputt
 newsbeuter
 newsboat
 newsflash
+nextcloud
+nextcloud-desktop
 nheko
 nicotine
 nitroshare
@@ -573,6 +585,8 @@ openarena
 openarena_ded
 opencity
 openclonk
+openmw
+openmw-launcher
 openoffice.org
 openshot
 openshot-qt
@@ -589,6 +603,7 @@ parole
 patch
 pavucontrol
 pavucontrol-qt
+pcsxr
 pdfchain
 pdfmod
 pdfsam
@@ -803,6 +818,8 @@ vivaldi-snapshot
 vivaldi-stable
 vlc
 vmware
+vmware-player
+vmware-workstation
 vscodium
 vulturesclaw
 vultureseye
@@ -864,6 +881,7 @@ yandex-browser
 yelp
 youtube
 youtube-dl
+youtube-dl-gui
 youtube-viewer
 youtubemusic-nativefier
 ytmdesktop
diff --git a/src/firecfg/firecfg.h b/src/firecfg/firecfg.h
index 4dfc4194e..15826cf37 100644
--- a/src/firecfg/firecfg.h
+++ b/src/firecfg/firecfg.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firecfg/main.c b/src/firecfg/main.c
index 0e520b0f1..363000e15 100644
--- a/src/firecfg/main.c
+++ b/src/firecfg/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firecfg/sound.c b/src/firecfg/sound.c
index e7670c94c..e3fcdbd83 100644
--- a/src/firecfg/sound.c
+++ b/src/firecfg/sound.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firecfg/util.c b/src/firecfg/util.c
index b46da0be3..14d90b549 100644
--- a/src/firecfg/util.c
+++ b/src/firecfg/util.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/Makefile.in b/src/firejail/Makefile.in
index b9bf13b9c..793d2cdd1 100644
--- a/src/firejail/Makefile.in
+++ b/src/firejail/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: firejail
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 firejail: $(OBJS) ../lib/libnetlink.o ../lib/common.o ../lib/ldd_utils.o ../lib/firejail_user.o ../lib/errno.o ../lib/syscall.o
        $(CC)  $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/ldd_utils.o ../lib/firejail_user.o ../lib/errno.o ../lib/syscall.o $(LIBS) $(EXTRA_LDFLAGS)
+.PHONY: clean
 clean:; rm -fr *.o firejail *.gcov *.gcda *.gcno *.plist
+.PHONY: distclean
 distclean: clean
        rm -fr Makefile
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c
index dd94b9921..59758bf2d 100644
--- a/src/firejail/appimage.c
+++ b/src/firejail/appimage.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -29,7 +29,7 @@
 #include <errno.h>
 static char *devloop = NULL;    // device file
-static char *mntdir = NULL;     // mount point in /tmp directory
+static long unsigned size = 0;  // offset into appimage file
 #ifdef LOOP_CTL_GET_FREE        // test for older kernels; this definition is found in /usr/include/linux/loop.h
 static void err_loop(void) {
@@ -44,27 +44,27 @@ void appimage_set(const char *appimage) {
        EUID_ASSERT();
 #ifdef LOOP_CTL_GET_FREE
-        // check appimage file
+        // open appimage file
        invalid_filename(appimage, 0); // no globbing
-        if (access(appimage, R_OK) == -1) {
+        int ffd = open(appimage, O_RDONLY|O_CLOEXEC);
-                fprintf(stderr, "Error: cannot access AppImage file\n");
+        if (ffd == -1) {
+                fprintf(stderr, "Error: cannot read AppImage file\n");
+                exit(1);
+        }
+        struct stat s;
+        if (fstat(ffd, &s) == -1)
+                errExit("fstat");
+        if (!S_ISREG(s.st_mode)) {
+                fprintf(stderr, "Error: invalid AppImage file\n");
                exit(1);
        }
        // get appimage type and ELF size
        // a value of 0 means we are dealing with a type1 appimage
-        long unsigned int size = appimage2_size(appimage);
+        size = appimage2_size(ffd);
        if (arg_debug)
                printf("AppImage ELF size %lu\n", size);
-        // open appimage file
-        /* coverity[toctou] */
-        int ffd = open(appimage, O_RDONLY|O_CLOEXEC);
-        if (ffd == -1) {
-                fprintf(stderr, "Error: cannot open AppImage file\n");
-                exit(1);
-        }
        // find or allocate a free loop device to use
        EUID_ROOT();
        int cfd = open("/dev/loop-control", O_RDWR);
@@ -77,6 +77,7 @@ void appimage_set(const char *appimage) {
        if (asprintf(&devloop, "/dev/loop%d", devnr) == -1)
                errExit("asprintf");
+        // associate loop device with appimage
        int lfd = open(devloop, O_RDONLY);
        if (lfd == -1)
                err_loop();
@@ -90,64 +91,24 @@ void appimage_set(const char *appimage) {
                if (ioctl(lfd,  LOOP_SET_STATUS64, &info) == -1)
                        err_loop();
        }
        close(lfd);
        close(ffd);
        EUID_USER();
-        // creates appimage mount point perms 0700
+        // set environment
-        if (asprintf(&mntdir, "%s/.appimage-%u",  RUN_FIREJAIL_APPIMAGE_DIR, getpid()) == -1)
-                errExit("asprintf");
-        EUID_ROOT();
-        mkdir_attr(mntdir, 0700, getuid(), getgid());
-        EUID_USER();
-        // mount
-        char *mode;
-        if (asprintf(&mode, "mode=700,uid=%d,gid=%d", getuid(), getgid()) == -1)
-                errExit("asprintf");
-        unsigned long flags = MS_MGC_VAL|MS_RDONLY;
-        if (getuid())
-                flags |= MS_NODEV|MS_NOSUID;
-        EUID_ROOT();
-        if (size == 0) {
-                fmessage("Mounting appimage type 1\n");
-                if (mount(devloop, mntdir, "iso9660", flags, mode) < 0)
-                        errExit("mounting appimage");
-        }
-        else {
-                fmessage("Mounting appimage type 2\n");
-                if (mount(devloop, mntdir, "squashfs", flags, NULL) < 0)
-                        errExit("mounting appimage");
-        }
-        if (arg_debug)
-                printf("appimage mounted on %s\n", mntdir);
-        EUID_USER();
        char* abspath = realpath(appimage, NULL);
        if (abspath == NULL)
                errExit("Failed to obtain absolute path");
-        // set environment
        env_store_name_val("APPIMAGE", abspath, SETENV);
+        free(abspath);
-        if (mntdir)
+        env_store_name_val("APPDIR", RUN_FIREJAIL_APPIMAGE_DIR, SETENV);
-                env_store_name_val("APPDIR", mntdir, SETENV);
        if (size != 0)
                env_store_name_val("ARGV0", appimage, SETENV);
        if (cfg.cwd)
                env_store_name_val("OWD", cfg.cwd, SETENV);
-        // build new command line
-        if (asprintf(&cfg.command_line, "%s/AppRun", mntdir) == -1)
-                errExit("asprintf");
-        free(abspath);
-        free(mode);
 #ifdef HAVE_GCOV
        __gcov_flush();
 #endif
@@ -157,44 +118,38 @@ void appimage_set(const char *appimage) {
 #endif
 }
-void appimage_clear(void) {
+// mount appimage into sandbox file system
-        int rv;
+void appimage_mount(void) {
+        if (!devloop)
+                return;
-        EUID_ROOT();
+        unsigned long flags = MS_MGC_VAL|MS_RDONLY;
-        if (mntdir) {
+        if (getuid())
-                int i;
+                flags |= MS_NODEV|MS_NOSUID;
-                int rv = 0;
-                for (i = 0; i < 5; i++) {
-                        rv = umount2(mntdir, MNT_FORCE);
-                        if (rv == 0) {
-                                fmessage("AppImage unmounted\n");
-                                break;
-                        }
-                        if (rv == -1 && errno == EBUSY) {
-                                fwarning("EBUSY error trying to unmount %s\n", mntdir);
-                                sleep(2);
-                                continue;
-                        }
-                        // rv = -1
-                        if (!arg_quiet) {
-                                fwarning("error trying to unmount %s\n", mntdir);
-                                perror("umount");
-                        }
-                }
-                if (rv == 0) {
+        if (size == 0) {
-                        rmdir(mntdir);
+                fmessage("Mounting appimage type 1\n");
-                        free(mntdir);
+                char *mode;
-                }
+                if (asprintf(&mode, "mode=700,uid=%d,gid=%d", getuid(), getgid()) == -1)
+                        errExit("asprintf");
+                if (mount(devloop, RUN_FIREJAIL_APPIMAGE_DIR, "iso9660", flags, mode) < 0)
+                        errExit("mounting appimage");
+                free(mode);
        }
+        else {
+                fmessage("Mounting appimage type 2\n");
+                if (mount(devloop, RUN_FIREJAIL_APPIMAGE_DIR, "squashfs", flags, NULL) < 0)
+                        errExit("mounting appimage");
+        }
+}
+void appimage_clear(void) {
+        EUID_ROOT();
        if (devloop) {
                int lfd = open(devloop, O_RDONLY);
                if (lfd != -1) {
-                        rv = ioctl(lfd, LOOP_CLR_FD, 0);
+                        if (ioctl(lfd, LOOP_CLR_FD, 0) != -1)
-                        (void) rv;
+                                fmessage("AppImage detached\n");
                        close(lfd);
                }
        }
diff --git a/src/firejail/appimage_size.c b/src/firejail/appimage_size.c
index a58f9a8ca..43ca501da 100644
--- a/src/firejail/appimage_size.c
+++ b/src/firejail/appimage_size.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -132,22 +132,20 @@ static long unsigned int read_elf64(int fd) {
 // return 0 if error
 // return 0 if this is not an appimgage2 file
-long unsigned int appimage2_size(const char *fname) {
+long unsigned int appimage2_size(int fd) {
        ssize_t ret;
-        int fd;
        long unsigned int size = 0;
-        fd = open(fname, O_RDONLY);
        if (fd < 0)
                return 0;
        ret = pread(fd, ehdr.e_ident, EI_NIDENT, 0);
        if (ret != EI_NIDENT)
-                goto getout;
+                return 0;
        if ((ehdr.e_ident[EI_DATA] != ELFDATA2LSB) &&
             (ehdr.e_ident[EI_DATA] != ELFDATA2MSB))
-                goto getout;
+                return 0;
        if(ehdr.e_ident[EI_CLASS] == ELFCLASS32) {
                size = read_elf32(fd);
@@ -156,23 +154,19 @@ long unsigned int appimage2_size(const char *fname) {
                size = read_elf64(fd);
        }
        else {
-                goto getout;
+                return 0;
        }
        if (size == 0)
-                goto getout;
+                return 0;
        // look for a LZMA header at this location
        unsigned char buf[4];
        ret = pread(fd, buf, 4, size);
-        if (ret != 4) {
+        if (ret != 4)
-                size = 0;
+                return 0;
-                goto getout;
-        }
        if (memcmp(buf, "hsqs", 4) != 0)
-                size = 0;
+                return 0;
-getout:
-        close(fd);
        return size;
 }
diff --git a/src/firejail/arp.c b/src/firejail/arp.c
index 69d872110..1e9641097 100644
--- a/src/firejail/arp.c
+++ b/src/firejail/arp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c
index 6fd0b53ef..1c952c0bc 100644
--- a/src/firejail/bandwidth.c
+++ b/src/firejail/bandwidth.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/caps.c b/src/firejail/caps.c
index b89e3009a..597f9915b 100644
--- a/src/firejail/caps.c
+++ b/src/firejail/caps.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -162,6 +162,21 @@ static CapsEntry capslist[] = {
 #else
        {"audit_read", 37 },
 #endif
+#ifdef CAP_PERFMON
+        {"perfmon", CAP_PERFMON },
+#else
+        {"perfmon", 38 },
+#endif
+#ifdef CAP_BPF
+        {"bpf", CAP_BPF },
+#else
+        {"bpf", 39 },
+#endif
+#ifdef CAP_CHECKPOINT_RESTORE
+        {"checkpoint_restore", CAP_CHECKPOINT_RESTORE },
+#else
+        {"checkpoint_restore", 40 },
+#endif
 //
 // end of generated code
diff --git a/src/firejail/cgroup.c b/src/firejail/cgroup.c
index 30cd96c42..986b1157d 100644
--- a/src/firejail/cgroup.c
+++ b/src/firejail/cgroup.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index fb2171a55..e1613b325 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -269,6 +269,14 @@ errout:
 void print_compiletime_support(void) {
        printf("Compile time support:\n");
+        printf("\t- Always force nonewprivs support is %s\n",
+#ifdef HAVE_FORCE_NONEWPRIVS
+                "enabled"
+#else
+                "disabled"
+#endif
+                );
        printf("\t- AppArmor support is %s\n",
 #ifdef HAVE_APPARMOR
                "enabled"
@@ -333,6 +341,13 @@ void print_compiletime_support(void) {
 #endif
                );
+        printf("\t- output logging is %s\n",
+#ifdef HAVE_OUTPUT
+                "enabled"
+#else
+                "disabled"
+#endif
+                );
        printf("\t- overlayfs support is %s\n",
 #ifdef HAVE_OVERLAYFS
                "enabled"
@@ -380,4 +395,6 @@ void print_compiletime_support(void) {
                "disabled"
 #endif
                );
 }
diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c
index 9253490ca..d7e96cf4c 100644
--- a/src/firejail/chroot.c
+++ b/src/firejail/chroot.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -171,7 +171,7 @@ void fs_chroot(const char *rootdir) {
        free(proc);
        close(fd);
-        // x11
+#ifdef HAVE_X11
        // if users want this mount, they should set FIREJAIL_CHROOT_X11
        if (env_get("FIREJAIL_X11") || env_get("FIREJAIL_CHROOT_X11")) {
                if (arg_debug)
@@ -199,6 +199,7 @@ void fs_chroot(const char *rootdir) {
                free(proc);
                close(fd);
        }
+#endif // HAVE_X11
        // some older distros don't have a /run directory, create one by default
        if (mkdirat(parentfd, "run", 0755) == -1 && errno != EEXIST)
diff --git a/src/firejail/cmdline.c b/src/firejail/cmdline.c
index 91279a977..f902c4e1c 100644
--- a/src/firejail/cmdline.c
+++ b/src/firejail/cmdline.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -161,18 +161,16 @@ void build_cmdline(char **command_line, char **window_title, int argc, char **ar
        assert(*window_title);
 }
-void build_appimage_cmdline(char **command_line, char **window_title, int argc, char **argv, int index, char *apprun_path) {
+void build_appimage_cmdline(char **command_line, char **window_title, int argc, char **argv, int index) {
        // index == -1 could happen if we have --shell=none and no program was specified
        // the program should exit with an error before entering this function
        assert(index != -1);
-        if (arg_debug)
+        char *apprun_path = RUN_FIREJAIL_APPIMAGE_DIR "/AppRun";
-                printf("Building AppImage command line: %s\n", *command_line);
        int len1 = cmdline_length(argc, argv, index);  // length of argv w/o changes
        int len2 = cmdline_length(1, &argv[index], 0); // apptest.AppImage
-        int len3 = cmdline_length(1, &apprun_path, 0); // /run/firejail/appimage/.appimage-23304/AppRun
+        int len3 = cmdline_length(1, &apprun_path, 0); // /run/firejail/appimage/AppRun
        int len4 = (len1 - len2 + len3) + 1;           // apptest.AppImage is replaced by /path/to/AppRun
        if (len4 > ARG_MAX) {
@@ -180,11 +178,6 @@ void build_appimage_cmdline(char **command_line, char **window_title, int argc,
                errExit("cmdline_length");
        }
-        // save created apprun in cfg.command_line
-        char *tmp1 = strdup(*command_line);
-        if (!tmp1)
-                errExit("strdup");
        // TODO: deal with extra allocated memory.
        char *command_line_tmp = malloc(len1 + len3 + 1);
        if (!command_line_tmp)
@@ -200,13 +193,12 @@ void build_appimage_cmdline(char **command_line, char **window_title, int argc,
        assert(*window_title);
        // 'fix' command_line now
-        if (asprintf(command_line, "'%s' %s", tmp1, command_line_tmp + len2) == -1)
+        if (asprintf(command_line, "'%s' %s", apprun_path, command_line_tmp + len2) == -1)
                errExit("asprintf");
        if (arg_debug)
                printf("AppImage quoted command line: %s\n", *command_line);
        // free strdup
-        free(tmp1);
        free(command_line_tmp);
 }
diff --git a/src/firejail/cpu.c b/src/firejail/cpu.c
index 66fa9fadf..3427e8ade 100644
--- a/src/firejail/cpu.c
+++ b/src/firejail/cpu.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/dbus.c b/src/firejail/dbus.c
index 1d0f07089..658b84537 100644
--- a/src/firejail/dbus.c
+++ b/src/firejail/dbus.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -111,7 +111,7 @@ static int check_object_path(const char *path) {
                }
                ++p;
        }
-        return in_segment && segments >= 2;
+        return in_segment && segments >= 1;
 }
 int dbus_check_name(const char *name) {
diff --git a/src/firejail/dhcp.c b/src/firejail/dhcp.c
index 456bba91b..bdbb338d5 100644
--- a/src/firejail/dhcp.c
+++ b/src/firejail/dhcp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/env.c b/src/firejail/env.c
index 9ee6c6bfb..03818df0b 100644
--- a/src/firejail/env.c
+++ b/src/firejail/env.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index e352dadc4..ca4c988fa 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -328,8 +328,6 @@ extern int arg_keep_var_tmp; // don't overwrite /var/tmp
 extern int arg_writable_run_user;       // writable /run/user
 extern int arg_writable_var_log; // writable /var/log
 extern int arg_appimage;        // appimage
-extern int arg_audit;           // audit
-extern char *arg_audit_prog;    // audit
 extern int arg_apparmor;        // apparmor
 extern int arg_allow_debuggers; // allow debuggers
 extern int arg_x11_block;       // block X11
@@ -451,6 +449,9 @@ int profile_check_line(char *ptr, int lineno, const char *fname);
 // add a profile entry in cfg.profile list; use str to populate the list
 void profile_add(char *str);
 void profile_add_ignore(const char *str);
+char *profile_list_normalize(char *list);
+char *profile_list_compress(char *list);
+void profile_list_augment(char **list, const char *items);
 // list.c
 void list(void);
@@ -649,6 +650,8 @@ void network_set_run_file(pid_t pid);
 // fs_etc.c
 void fs_machineid(void);
+void fs_private_dir_copy(const char *private_dir, const char *private_run_dir, const char *private_list);
+void fs_private_dir_mount(const char *private_dir, const char *private_run_dir);
 void fs_private_dir_list(const char *private_dir, const char *private_run_dir, const char *private_list);
 // no_sandbox.c
@@ -795,15 +798,15 @@ void print_compiletime_support(void);
 // appimage.c
 void appimage_set(const char *appimage_path);
+void appimage_mount(void);
 void appimage_clear(void);
-const char *appimage_getdir(void);
 // appimage_size.c
-long unsigned int appimage2_size(const char *fname);
+long unsigned int appimage2_size(int fd);
 // cmdline.c
 void build_cmdline(char **command_line, char **window_title, int argc, char **argv, int index);
-void build_appimage_cmdline(char **command_line, char **window_title, int argc, char **argv, int index, char *apprun_path);
+void build_appimage_cmdline(char **command_line, char **window_title, int argc, char **argv, int index);
 // sbox.c
 // programs
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index ef1f87f0c..fc67a15f3 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -170,6 +170,7 @@ static void disable_file(OPERATION op, const char *filename) {
                                }
                        }
                        fs_tmpfs(fname, getuid());
+                        selinux_relabel_path(fname, fname);
                        last_disable = SUCCESSFUL;
                }
                else
@@ -800,8 +801,6 @@ void disable_config(void) {
                disable_file(BLACKLIST_FILE, RUN_FIREJAIL_PROFILE_DIR);
        if (stat(RUN_FIREJAIL_X11_DIR, &s) == 0)
                disable_file(BLACKLIST_FILE, RUN_FIREJAIL_X11_DIR);
-        if (!arg_appimage && stat(RUN_FIREJAIL_APPIMAGE_DIR, &s) == 0)
-                disable_file(BLACKLIST_FILE, RUN_FIREJAIL_APPIMAGE_DIR);
 }
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c
index a48d6cf67..61398f12b 100644
--- a/src/firejail/fs_bin.c
+++ b/src/firejail/fs_bin.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c
index 3950ea2fd..b2fa60f63 100644
--- a/src/firejail/fs_dev.c
+++ b/src/firejail/fs_dev.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
index 271e46855..abec25d45 100644
--- a/src/firejail/fs_etc.c
+++ b/src/firejail/fs_etc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -18,6 +18,7 @@
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 #include "firejail.h"
+#include <errno.h>
 #include <sys/mount.h>
 #include <sys/stat.h>
 #include <sys/types.h>
@@ -138,7 +139,7 @@ static void duplicate(const char *fname, const char *private_dir, const char *pr
 }
-void fs_private_dir_list(const char *private_dir, const char *private_run_dir, const char *private_list) {
+void fs_private_dir_copy(const char *private_dir, const char *private_run_dir, const char *private_list) {
        assert(private_dir);
        assert(private_run_dir);
        assert(private_list);
@@ -147,12 +148,10 @@ void fs_private_dir_list(const char *private_dir, const char *private_run_dir, c
        struct stat s;
        if (stat(private_dir, &s) == -1) {
                if (arg_debug)
-                        printf("Cannot find %s\n", private_dir);
+                        printf("Cannot find %s: %s\n", private_dir, strerror(errno));
                return;
        }
-        timetrace_start();
        // create /run/firejail/mnt/etc directory
        mkdir_attr(private_run_dir, 0755, 0, 0);
        selinux_relabel_path(private_run_dir, private_dir);
@@ -185,9 +184,23 @@ void fs_private_dir_list(const char *private_dir, const char *private_run_dir, c
                free(dlist);
                fs_logger_print();
        }
+}
+void fs_private_dir_mount(const char *private_dir, const char *private_run_dir) {
+        assert(private_dir);
+        assert(private_run_dir);
        if (arg_debug)
                printf("Mount-bind %s on top of %s\n", private_run_dir, private_dir);
+        // nothing to do if directory does not exist
+        struct stat s;
+        if (stat(private_dir, &s) == -1) {
+                if (arg_debug)
+                        printf("Cannot find %s: %s\n", private_dir, strerror(errno));
+                return;
+        }
        if (mount(private_run_dir, private_dir, NULL, MS_BIND|MS_REC, NULL) < 0)
                errExit("mount bind");
        fs_logger2("mount", private_dir);
@@ -196,6 +209,11 @@ void fs_private_dir_list(const char *private_dir, const char *private_run_dir, c
        if (mount("tmpfs", private_run_dir, "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME,  "mode=755,gid=0") < 0)
                errExit("mounting tmpfs");
        fs_logger2("tmpfs", private_run_dir);
+}
+void fs_private_dir_list(const char *private_dir, const char *private_run_dir, const char *private_list) {
+        timetrace_start();
+        fs_private_dir_copy(private_dir, private_run_dir, private_list);
+        fs_private_dir_mount(private_dir, private_run_dir);
        fmessage("Private %s installed in %0.2f ms\n", private_dir, timetrace_end());
 }
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index 8c7c19203..46f32d7ad 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -31,7 +31,7 @@
 #include <fcntl.h>
 #ifndef O_PATH
-# define O_PATH 010000000
+#define O_PATH 010000000
 #endif
 static void skel(const char *homedir, uid_t u, gid_t g) {
@@ -384,7 +384,6 @@ void fs_private(void) {
                        if (chown(homedir, u, g) < 0)
                                errExit("chown");
-                        selinux_relabel_path(homedir, homedir);
                        fs_logger2("mkdir", homedir);
                        fs_logger2("tmpfs", homedir);
                }
@@ -392,6 +391,8 @@ void fs_private(void) {
                        // mask user home directory
                        // the directory should be owned by the current user
                        fs_tmpfs(homedir, 1);
+                selinux_relabel_path(homedir, homedir);
        }
        skel(homedir, u, g);
@@ -549,7 +550,7 @@ void fs_private_home_list(void) {
        // create /run/firejail/mnt/home directory
        mkdir_attr(RUN_HOME_DIR, 0755, uid, gid);
-        selinux_relabel_path(RUN_HOME_DIR, "/home");
+        selinux_relabel_path(RUN_HOME_DIR, homedir);
        fs_logger_print();      // save the current log
        if (arg_debug)
diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c
index 5d6fddf8e..8a3bb71ea 100644
--- a/src/firejail/fs_hostname.c
+++ b/src/firejail/fs_hostname.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c
index b8c1b21b1..0491fd9b1 100644
--- a/src/firejail/fs_lib.c
+++ b/src/firejail/fs_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -23,16 +23,43 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
-#include <dirent.h>
+#include <fcntl.h>
+#include <errno.h>
 #include <glob.h>
 #define MAXBUF 4096
 extern void fslib_install_stdc(void);
+extern void fslib_install_firejail(void);
 extern void fslib_install_system(void);
 static int lib_cnt = 0;
 static int dir_cnt = 0;
+static const char *masked_lib_dirs[] = {
+        "/usr/lib64",
+        "/lib64",
+        "/usr/lib",
+        "/lib",
+        "/usr/local/lib64",
+        "/usr/local/lib",
+        NULL,
+};
+// return 1 if the file is in masked_lib_dirs[]
+static int valid_full_path(const char *full_path) {
+        if (strstr(full_path, ".."))
+                return 0;
+        int i = 0;
+        while (masked_lib_dirs[i]) {
+                if (strncmp(full_path, masked_lib_dirs[i], strlen(masked_lib_dirs[i])) == 0 &&
+                    full_path[strlen(masked_lib_dirs[i])] == '/')
+                        return 1;
+                i++;
+        }
+        return 0;
+}
 char *find_in_path(const char *program) {
        EUID_ASSERT();
        if (arg_debug)
@@ -44,9 +71,10 @@ char *find_in_path(const char *program) {
                errExit("readlink");
        self[len] = '\0';
-        char *path = getenv("PATH");
+        const char *path = env_get("PATH");
        if (!path)
                return NULL;
        char *dup = strdup(path);
        if (!dup)
                errExit("strdup");
@@ -79,22 +107,6 @@ char *find_in_path(const char *program) {
        return NULL;
 }
-static void report_duplication(const char *full_path) {
-        char *fname = strrchr(full_path, '/');
-        if (fname && *(++fname) != '\0') {
-                // report the file on all bin paths
-                int i = 0;
-                while (default_lib_paths[i]) {
-                        char *p;
-                        if (asprintf(&p, "%s/%s", default_lib_paths[i], fname) == -1)
-                                errExit("asprintf");
-                        fs_logger2("clone", p);
-                        free(p);
-                        i++;
-                }
-        }
-}
 static char *build_dest_dir(const char *full_path) {
        assert(full_path);
        if (strstr(full_path, "/x86_64-linux-gnu/"))
@@ -102,68 +114,108 @@ static char *build_dest_dir(const char *full_path) {
        return RUN_LIB_DIR;
 }
-// copy fname in private_run_dir
+// return name of mount target in allocated memory
-void fslib_duplicate(const char *full_path) {
+static char *build_dest_name(const char *full_path) {
        assert(full_path);
+        char *fname = strrchr(full_path, '/');
+        assert(fname);
+        fname++;
+        assert(*fname != '\0');
-        struct stat s;
+        char *dest;
-        if (stat(full_path, &s) != 0 || s.st_uid != 0 || access(full_path, R_OK))
+        if (asprintf(&dest, "%s/%s", build_dest_dir(full_path), fname) == -1)
-                return;
+                errExit("asprintf");
+        return dest;
+}
-        char *dest_dir = build_dest_dir(full_path);
+static void fslib_mount_dir(const char *full_path) {
+        // create new directory and mount the original on top of it
+        char *dest = build_dest_name(full_path);
+        if (mkdir(dest, 0755) == -1) {
+                if (errno == EEXIST) { // directory has been mounted already, nothing to do
+                        free(dest);
+                        return;
+                }
+                errExit("mkdir");
+        }
-        // don't copy it if the file is already there
+        if (arg_debug || arg_debug_private_lib)
-        char *ptr = strrchr(full_path, '/');
+                printf("    mounting %s on %s\n", full_path, dest);
-        if (!ptr)
+        // if full_path is a symbolic link, mount will follow it
-                return;
+        if (mount(full_path, dest, NULL, MS_BIND|MS_REC, NULL) < 0)
-        ptr++;
+                errExit("mount bind");
-        if (*ptr == '\0')
+        free(dest);
-                return;
+        dir_cnt++;
+}
-        char *name;
+static void fslib_mount_file(const char *full_path) {
-        if (asprintf(&name, "%s/%s", dest_dir, ptr) == -1)
+        // create new file and mount the original on top of it
-                errExit("asprintf");
+        char *dest = build_dest_name(full_path);
-        if (stat(name, &s) == 0) {
+        int fd = open(dest, O_RDONLY|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWUSR);
-                free(name);
+        if (fd == -1) {
-                return;
+                if (errno == EEXIST) { // file has been mounted already, nothing to do
+                        free(dest);
+                        return;
+                }
+                errExit("open");
        }
-        free(name);
+        close(fd);
        if (arg_debug || arg_debug_private_lib)
-                printf("    copying %s to private %s\n", full_path, dest_dir);
+                printf("    mounting %s on %s\n", full_path, dest);
+        // if full_path is a symbolic link, mount will follow it
-        sbox_run(SBOX_ROOT| SBOX_SECCOMP, 4, PATH_FCOPY, "--follow-link", full_path, dest_dir);
+        if (mount(full_path, dest, NULL, MS_BIND, NULL) < 0)
-        report_duplication(full_path);
+                errExit("mount bind");
+        free(dest);
        lib_cnt++;
 }
+void fslib_mount(const char *full_path) {
+        assert(full_path);
+        struct stat s;
+        if (!valid_full_path(full_path) ||
+            access(full_path, F_OK) != 0 ||
+            stat(full_path, &s) != 0 ||
+            s.st_uid != 0)
+                return;
+        if (S_ISDIR(s.st_mode))
+                fslib_mount_dir(full_path);
+        else if (S_ISREG(s.st_mode) && is_lib_64(full_path))
+                fslib_mount_file(full_path);
+}
 // requires full path for lib
 // it could be a library or an executable
 // lib is not copied, only libraries used by it
-void fslib_copy_libs(const char *full_path) {
+void fslib_mount_libs(const char *full_path, unsigned user) {
        assert(full_path);
-        if (arg_debug || arg_debug_private_lib)
-                printf("    fslib_copy_libs %s\n", full_path);
        // if library/executable does not exist or the user does not have read access to it
        // print a warning and exit the function.
-        if (access(full_path, R_OK)) {
+        if (user && access(full_path, R_OK)) {
                if (arg_debug || arg_debug_private_lib)
-                        printf("cannot find %s for private-lib, skipping...\n", full_path);
+                        printf("Cannot read %s, skipping...\n", full_path);
                return;
        }
+        if (arg_debug || arg_debug_private_lib)
+                printf("    fslib_mount_libs %s (parse as %s)\n", full_path, user ? "user" : "root");
        // create an empty RUN_LIB_FILE and allow the user to write to it
        unlink(RUN_LIB_FILE);                     // in case is there
        create_empty_file_as_root(RUN_LIB_FILE, 0644);
-        if (chown(RUN_LIB_FILE, getuid(), getgid()))
+        if (user && chown(RUN_LIB_FILE, getuid(), getgid()))
                errExit("chown");
        // run fldd to extract the list of files
        if (arg_debug || arg_debug_private_lib)
                printf("    running fldd %s\n", full_path);
-        sbox_run(SBOX_USER | SBOX_SECCOMP | SBOX_CAPS_NONE, 3, PATH_FLDD, full_path, RUN_LIB_FILE);
+        unsigned mask;
+        if (user)
+                mask = SBOX_USER;
+        else
+                mask = SBOX_ROOT;
+        sbox_run(mask | SBOX_SECCOMP | SBOX_CAPS_NONE, 3, PATH_FLDD, full_path, RUN_LIB_FILE);
        // open the list of libraries and install them on by one
        FILE *fp = fopen(RUN_LIB_FILE, "r");
@@ -176,68 +228,30 @@ void fslib_copy_libs(const char *full_path) {
                char *ptr = strchr(buf, '\n');
                if (ptr)
                        *ptr = '\0';
-                fslib_duplicate(buf);
+                fslib_mount(buf);
        }
        fclose(fp);
        unlink(RUN_LIB_FILE);
 }
+// fname should be a valid full path at this point
-void fslib_copy_dir(const char *full_path) {
-        assert(full_path);
-        if (arg_debug || arg_debug_private_lib)
-                printf("    fslib_copy_dir %s\n", full_path);
-        // do nothing if the directory does not exist or is not owned by root
-        struct stat s;
-        if (stat(full_path, &s) != 0 || s.st_uid != 0 || !S_ISDIR(s.st_mode) || access(full_path, R_OK))
-                return;
-        char *dir_name = strrchr(full_path, '/');
-        assert(dir_name);
-        dir_name++;
-        assert(*dir_name != '\0');
-        // do nothing if the directory is already there
-        char *dest;
-        if (asprintf(&dest, "%s/%s", build_dest_dir(full_path), dir_name) == -1)
-                errExit("asprintf");
-        if (stat(dest, &s) == 0) {
-                free(dest);
-                return;
-        }
-        // create new directory and mount the original on top of it
-        mkdir_attr(dest, 0755, 0, 0);
-        if (mount(full_path, dest, NULL, MS_BIND|MS_REC, NULL) < 0 ||
-                mount(NULL, dest, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY|MS_NOSUID|MS_NODEV|MS_REC, NULL) < 0)
-                errExit("mount bind");
-        fs_logger2("clone", full_path);
-        fs_logger2("mount", full_path);
-        dir_cnt++;
-        free(dest);
-}
-// fname should be a vallid full path at this point
 static void load_library(const char *fname) {
        assert(fname);
        assert(*fname == '/');
-        // existing file owned by root, read access
+        // existing file owned by root
        struct stat s;
-        if (stat(fname, &s) == 0 && s.st_uid == 0 && !access(fname, R_OK)) {
+        if (!access(fname, F_OK) && stat(fname, &s) == 0 && s.st_uid == 0) {
                // load directories, regular 64 bit libraries, and 64 bit executables
-                if (is_dir(fname) || is_lib_64(fname)) {
+                if (S_ISDIR(s.st_mode))
-                        if (is_dir(fname))
+                        fslib_mount(fname);
-                                fslib_copy_dir(fname);
+                else if (S_ISREG(s.st_mode) && is_lib_64(fname)) {
-                        else {
+                        if (strstr(fname, ".so") ||
-                                if (strstr(fname, ".so") ||
+                            access(fname, X_OK) != 0) // don't duplicate executables, just install the libraries
-                                    access(fname, X_OK) != 0) // don't duplicate executables, just install the libraries
+                                fslib_mount(fname);
-                                        fslib_duplicate(fname);
+                        fslib_mount_libs(fname, 1); // parse as user
-                                fslib_copy_libs(fname);
-                        }
                }
        }
 }
@@ -293,7 +307,6 @@ static void install_list_entry(const char *lib) {
        return;
 }
 void fslib_install_list(const char *lib_list) {
        assert(lib_list);
        if (arg_debug || arg_debug_private_lib)
@@ -316,34 +329,20 @@ void fslib_install_list(const char *lib_list) {
        fs_logger_print();
 }
 static void mount_directories(void) {
-        if (arg_debug || arg_debug_private_lib)
+        fs_remount(RUN_LIB_DIR, MOUNT_READONLY, 1); // should be redundant except for RUN_LIB_DIR itself
-                printf("Mount-bind %s on top of /lib /lib64 /usr/lib\n", RUN_LIB_DIR);
+        int i = 0;
-        if (is_dir("/lib")) {
+        while (masked_lib_dirs[i]) {
-                if (mount(RUN_LIB_DIR, "/lib", NULL, MS_BIND|MS_REC, NULL) < 0 ||
+                if (is_dir(masked_lib_dirs[i])) {
-                        mount(NULL, "/lib", NULL, MS_BIND|MS_REMOUNT|MS_NOSUID|MS_NODEV|MS_REC, NULL) < 0)
+                        if (arg_debug || arg_debug_private_lib)
-                        errExit("mount bind");
+                                printf("Mount-bind %s on top of %s\n", RUN_LIB_DIR, masked_lib_dirs[i]);
-                fs_logger2("tmpfs", "/lib");
+                        if (mount(RUN_LIB_DIR, masked_lib_dirs[i], NULL, MS_BIND|MS_REC, NULL) < 0)
-                fs_logger("mount /lib");
+                                errExit("mount bind");
-        }
+                        fs_logger2("tmpfs", masked_lib_dirs[i]);
+                        fs_logger2("mount", masked_lib_dirs[i]);
-        if (is_dir("/lib64")) {
+                }
-                if (mount(RUN_LIB_DIR, "/lib64", NULL, MS_BIND|MS_REC, NULL) < 0 ||
+                i++;
-                        mount(NULL, "/lib64", NULL, MS_BIND|MS_REMOUNT|MS_NOSUID|MS_NODEV|MS_REC, NULL) < 0)
-                        errExit("mount bind");
-                fs_logger2("tmpfs", "/lib64");
-                fs_logger("mount /lib64");
-        }
-        if (is_dir("/usr/lib")) {
-                if (mount(RUN_LIB_DIR, "/usr/lib", NULL, MS_BIND|MS_REC, NULL) < 0 ||
-                        mount(NULL, "/usr/lib", NULL, MS_BIND|MS_REMOUNT|MS_NOSUID|MS_NODEV|MS_REC, NULL) < 0)
-                        errExit("mount bind");
-                fs_logger2("tmpfs", "/usr/lib");
-                fs_logger("mount /usr/lib");
        }
        // for amd64 only - we'll deal with i386 later
@@ -379,25 +378,12 @@ void fs_private_lib(void) {
                printf("Installing standard C library\n");
        fslib_install_stdc();
-        // start timetrace
+        // install other libraries needed by firejail
-        timetrace_start();
-        // bring in firejail executable libraries in case we are redirected here by a firejail symlink from /usr/local/bin/firejail
        if (arg_debug || arg_debug_private_lib)
                printf("Installing Firejail libraries\n");
-        fslib_install_list(PATH_FIREJAIL);
+        fslib_install_firejail();
-        // bring in firejail directory
-        fslib_install_list(LIBDIR "/firejail");
-        // bring in dhclient libraries
-        if (any_dhcp()) {
-                if (arg_debug || arg_debug_private_lib)
-                        printf("Installing dhclient libraries\n");
-                fslib_install_list(RUN_MNT_DIR "/dhclient");
-        }
-        fmessage("Firejail libraries installed in %0.2f ms\n", timetrace_end());
+        // start timetrace
        timetrace_start();
        // copy the libs in the new lib directory for the main exe
@@ -426,7 +412,6 @@ void fs_private_lib(void) {
                fslib_install_list(cfg.shell);
                // a shell is useless without some basic commands
                fslib_install_list("/bin/ls,/bin/cat,/bin/mv,/bin/rm");
        }
        // for the listed libs and directories
diff --git a/src/firejail/fs_lib2.c b/src/firejail/fs_lib2.c
index 95e10ee05..c69bf7c98 100644
--- a/src/firejail/fs_lib2.c
+++ b/src/firejail/fs_lib2.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -21,9 +21,8 @@
 #include <dirent.h>
 #include <sys/stat.h>
-extern void fslib_duplicate(const char *full_path);
+extern void fslib_mount_libs(const char *full_path, unsigned user);
-extern void fslib_copy_libs(const char *full_path);
+extern void fslib_mount(const char *full_path);
-extern void fslib_copy_dir(const char *full_path);
 //***************************************************************
 // Standard C library
@@ -97,7 +96,8 @@ static void stdc(const char *dirname) {
                                if (asprintf(&fname, "%s/%s", dirname, entry->d_name) == -1)
                                        errExit("asprintf");
-                                fslib_duplicate(fname);
+                                fslib_mount(fname);
+                                free(fname);
                        }
                }
                closedir(dir);
@@ -118,11 +118,56 @@ void fslib_install_stdc(void) {
        // install locale
        if (stat("/usr/lib/locale", &s) == 0)
-                fslib_copy_dir("/usr/lib/locale");
+                fslib_mount("/usr/lib/locale");
        fmessage("Standard C library installed in %0.2f ms\n", timetrace_end());
 }
+//***************************************************************
+// Firejail libraries
+//***************************************************************
+static void fdir(void) {
+        // firejail directory itself
+        fslib_mount(LIBDIR "/firejail");
+        // executables and libraries from firejail directory
+        static const char * const fbin[] = {
+                PATH_FCOPY, // currently sufficient to find all needed libraries
+                // PATH_FSECCOMP,
+                // PATH_FSEC_OPTIMIZE,
+                // PATH_FSEC_PRINT,
+                // RUN_FIREJAIL_LIB_DIR "/libtrace.so",
+                // RUN_FIREJAIL_LIB_DIR "/libtracelog.so",
+                // RUN_FIREJAIL_LIB_DIR "/libpostexecseccomp.so",
+                NULL,
+        };
+        // need to parse as root user, unprivileged users have no read permission on executables
+        int i;
+        for (i = 0; fbin[i]; i++)
+                fslib_mount_libs(fbin[i], 0);
+}
+void fslib_install_firejail(void) {
+        timetrace_start();
+        // bring in firejail executable libraries, in case we are redirected here
+        // by a firejail symlink from /usr/local/bin/firejail
+        fslib_mount_libs(PATH_FIREJAIL, 1); // parse as user
+        // bring in firejail directory
+        fdir();
+        // bring in dhclient libraries
+        if (any_dhcp())
+                fslib_mount_libs(RUN_MNT_DIR "/dhclient", 1); // parse as user
+        // bring in xauth libraries
+        if (arg_x11_xorg)
+                fslib_mount_libs("/usr/bin/xauth", 1); // parse as user
+        fmessage("Firejail libraries installed in %0.2f ms\n", timetrace_end());
+}
 //***************************************************************
 // various system libraries
@@ -268,8 +313,8 @@ void fslib_install_system(void) {
                        if (asprintf(&name, "/usr/lib/x86_64-linux-gnu/%s", ptr->dir1) == -1)
                                errExit("asprintf");
                        if (access(name, R_OK) == 0) {
-                                fslib_copy_libs(name);
+                                fslib_mount_libs(name, 1); // parse as user
-                                fslib_copy_dir(name);
+                                fslib_mount(name);
                        }
                        else {
                                free(name);
@@ -277,8 +322,8 @@ void fslib_install_system(void) {
                                if (asprintf(&name, "/usr/lib64/%s", ptr->dir1) == -1)
                                        errExit("asprintf");
                                if (access(name, R_OK) == 0) {
-                                        fslib_copy_libs(name);
+                                        fslib_mount_libs(name, 1); // parse as user
-                                        fslib_copy_dir(name);
+                                        fslib_mount(name);
                                }
                        }
                        free(name);
@@ -288,8 +333,8 @@ void fslib_install_system(void) {
                                if (asprintf(&name, "/usr/lib/x86_64-linux-gnu/%s", ptr->dir2) == -1)
                                        errExit("asprintf");
                                if (access(name, R_OK) == 0) {
-                                        fslib_copy_libs(name);
+                                        fslib_mount_libs(name, 1); // parse as user
-                                        fslib_copy_dir(name);
+                                        fslib_mount(name);
                                }
                                else {
                                        free(name);
@@ -297,8 +342,8 @@ void fslib_install_system(void) {
                                        if (asprintf(&name, "/usr/lib64/%s", ptr->dir2) == -1)
                                                errExit("asprintf");
                                        if (access(name, R_OK) == 0) {
-                                                fslib_copy_libs(name);
+                                                fslib_mount_libs(name, 1); // parse as user
-                                                fslib_copy_dir(name);
+                                                fslib_mount(name);
                                        }
                                }
                                free(name);
diff --git a/src/firejail/fs_logger.c b/src/firejail/fs_logger.c
index 892c91e3f..67ad4b52e 100644
--- a/src/firejail/fs_logger.c
+++ b/src/firejail/fs_logger.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c
index 0e213f2f8..8cfeea582 100644
--- a/src/firejail/fs_mkdir.c
+++ b/src/firejail/fs_mkdir.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -46,7 +46,7 @@ static void mkdir_recursive(char *path) {
        struct stat s;
        if (chdir("/")) {
-                fprintf(stderr, "Error: can't chdir to /");
+                fprintf(stderr, "Error: can't chdir to /\n");
                return;
        }
@@ -63,7 +63,7 @@ static void mkdir_recursive(char *path) {
                        return;
                }
                if (chdir(subdir)) {
-                        fprintf(stderr, "Error: can't chdir to %s", subdir);
+                        fprintf(stderr, "Error: can't chdir to %s\n", subdir);
                        return;
                }
diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c
index 1894784a8..8f939b5f5 100644
--- a/src/firejail/fs_trace.c
+++ b/src/firejail/fs_trace.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c
index cafe9fa49..f07581cd8 100644
--- a/src/firejail/fs_var.c
+++ b/src/firejail/fs_var.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index d60c57fec..698d47b69 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/join.c b/src/firejail/join.c
index bdd0f286c..1575a7469 100644
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -411,7 +411,7 @@ void join(pid_t pid, int argc, char **argv, int index) {
        extract_x11_display(parent);
        int shfd = -1;
-        if (!arg_shell_none && !arg_audit)
+        if (!arg_shell_none)
                shfd = open_shell();
        EUID_ROOT();
diff --git a/src/firejail/ls.c b/src/firejail/ls.c
index e61edf427..63ef2309b 100644
--- a/src/firejail/ls.c
+++ b/src/firejail/ls.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/macros.c b/src/firejail/macros.c
index 2623d794f..7f2f6dbf3 100644
--- a/src/firejail/macros.c
+++ b/src/firejail/macros.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 982a4c7a6..b3524fcf5 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -130,8 +130,6 @@ int arg_keep_var_tmp = 0;                       // don't overwrite /var/tmp
 int arg_writable_run_user = 0;                  // writable /run/user
 int arg_writable_var_log = 0;           // writable /var/log
 int arg_appimage = 0;                           // appimage
-int arg_audit = 0;                              // audit
-char *arg_audit_prog = NULL;                    // audit
 int arg_apparmor = 0;                           // apparmor
 int arg_allow_debuggers = 0;                    // allow debuggers
 int arg_x11_block = 0;                          // block X11
@@ -297,7 +295,7 @@ static void check_network(Bridge *br) {
        else if (br->ipsandbox) { // for macvlan check network range
                char *rv = in_netrange(br->ipsandbox, br->ip, br->mask);
                if (rv) {
-                        fprintf(stderr, "%s", rv);
+                        fprintf(stderr, "%s\n", rv);
                        exit(1);
                }
        }
@@ -1008,7 +1006,7 @@ int main(int argc, char **argv, char **envp) {
        // sanity check for environment variables
        if (i >= MAX_ENVS) {
-                fprintf(stderr, "Error: too many environment variables, please use --rmenv\n");
+                fprintf(stderr, "Error: too many environment variables\n");
                exit(1);
        }
@@ -1022,9 +1020,6 @@ int main(int argc, char **argv, char **envp) {
                        fprintf(stderr, "Error: too long arguments\n");
                        exit(1);
                }
-                // Also remove requested environment variables
-                if (strncmp(argv[i], "--rmenv=", 8) == 0)
-                        env_store(argv[i] + 8, RMENV);
        }
        // Reapply a minimal set of environment variables
@@ -1236,10 +1231,12 @@ int main(int argc, char **argv, char **envp) {
 #endif
                }
        }
+#ifdef HAVE_OUTPUT
        else {
                // check --output option and execute it;
                check_output(argc, argv); // the function will not return if --output or --output-stderr option was found
        }
+#endif
        EUID_ASSERT();
        // check for force-nonewprivs in /etc/firejail/firejail.config file
@@ -1288,15 +1285,10 @@ int main(int argc, char **argv, char **envp) {
 #endif
                else if (strncmp(argv[i], "--protocol=", 11) == 0) {
                        if (checkcfg(CFG_SECCOMP)) {
-                                if (cfg.protocol) {
+                                const char *add = argv[i] + 11;
-                                        fwarning("more than one protocol list is present, \"%s\" will be installed\n", cfg.protocol);
+                                profile_list_augment(&cfg.protocol, add);
-                                }
+                                if (arg_debug)
-                                else {
+                                        fprintf(stderr, "[option] combined protocol list: \"%s\"\n", cfg.protocol);
-                                        // store list
-                                        cfg.protocol = strdup(argv[i] + 11);
-                                        if (!cfg.protocol)
-                                                errExit("strdup");
-                                }
                        }
                        else
                                exit_err_feature("seccomp");
@@ -1592,7 +1584,26 @@ int main(int argc, char **argv, char **envp) {
                        profile_add(line);
                }
 #endif
+                else if (strncmp(argv[i], "--mkdir=", 8) == 0) {
+                        char *line;
+                        if (asprintf(&line, "mkdir %s", argv[i] + 8) == -1)
+                                errExit("asprintf");
+                        /* Note: Applied both immediately in profile_check_line()
+                         *       and later on via fs_blacklist().
+                         */
+                        profile_check_line(line, 0, NULL);
+                        profile_add(line);
+                }
+                else if (strncmp(argv[i], "--mkfile=", 9) == 0) {
+                        char *line;
+                        if (asprintf(&line, "mkfile %s", argv[i] + 9) == -1)
+                                errExit("asprintf");
+                        /* Note: Applied both immediately in profile_check_line()
+                         *       and later on via fs_blacklist().
+                         */
+                        profile_check_line(line, 0, NULL);
+                        profile_add(line);
+                }
                else if (strncmp(argv[i], "--read-only=", 12) == 0) {
                        char *line;
                        if (asprintf(&line, "read-only %s", argv[i] + 12) == -1)
@@ -2595,28 +2606,6 @@ int main(int argc, char **argv, char **envp) {
                //*************************************
                else if (strncmp(argv[i], "--timeout=", 10) == 0)
                        cfg.timeout = extract_timeout(argv[i] + 10);
-                else if (strcmp(argv[i], "--audit") == 0) {
-                        arg_audit_prog = LIBDIR "/firejail/faudit";
-                        profile_add_ignore("shell none");
-                        arg_audit = 1;
-                }
-                else if (strncmp(argv[i], "--audit=", 8) == 0) {
-                        if (strlen(argv[i] + 8) == 0) {
-                                fprintf(stderr, "Error: invalid audit program\n");
-                                exit(1);
-                        }
-                        arg_audit_prog = strdup(argv[i] + 8);
-                        if (!arg_audit_prog)
-                                errExit("strdup");
-                        struct stat s;
-                        if (stat(arg_audit_prog, &s) != 0) {
-                                fprintf(stderr, "Error: cannot find the audit program %s\n", arg_audit_prog);
-                                exit(1);
-                        }
-                        profile_add_ignore("shell none");
-                        arg_audit = 1;
-                }
                else if (strcmp(argv[i], "--appimage") == 0)
                        arg_appimage = 1;
                else if (strcmp(argv[i], "--shell=none") == 0) {
@@ -2801,7 +2790,7 @@ int main(int argc, char **argv, char **envp) {
                if (arg_debug)
                        printf("Configuring appimage environment\n");
                appimage_set(cfg.command_name);
-                build_appimage_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index, cfg.command_line);
+                build_appimage_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index);
        }
        else {
                build_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index);
diff --git a/src/firejail/mountinfo.c b/src/firejail/mountinfo.c
index 34d8d1700..a700729d3 100644
--- a/src/firejail/mountinfo.c
+++ b/src/firejail/mountinfo.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c
index e0a2ce086..fc79dddec 100644
--- a/src/firejail/netfilter.c
+++ b/src/firejail/netfilter.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/netns.c b/src/firejail/netns.c
index 7ccff3265..b5d6fb636 100644
--- a/src/firejail/netns.c
+++ b/src/firejail/netns.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2020 Firejail Authors
+ * Copyright (C) 2020-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/network.c b/src/firejail/network.c
index 8cdf04947..f7142cefd 100644
--- a/src/firejail/network.c
+++ b/src/firejail/network.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c
index 85896e528..ee3c00872 100644
--- a/src/firejail/network_main.c
+++ b/src/firejail/network_main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -120,7 +120,7 @@ void net_configure_sandbox_ip(Bridge *br) {
                // check network range
                char *rv = in_netrange(br->ipsandbox, br->ip, br->mask);
                if (rv) {
-                        fprintf(stderr, "%s", rv);
+                        fprintf(stderr, "%s\n", rv);
                        exit(1);
                }
                // send an ARP request and check if there is anybody on this IP address
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c
index 111d94333..60a82821e 100644
--- a/src/firejail/no_sandbox.c
+++ b/src/firejail/no_sandbox.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -168,29 +168,17 @@ void run_no_sandbox(int argc, char **argv) {
                errExit("setresuid");
        // process limited subset of options
+        // and find first non option arg:
+        //      - first argument not starting with --,
+        //      - whatever follows after -c (example: firejail -c ls)
+        int prog_index = 0;
        int i;
-        for (i = 0; i < argc; i++) {
+        for (i = 1; i < argc; i++) {
                if (strcmp(argv[i], "--debug") == 0)
                        arg_debug = 1;
                else if (strncmp(argv[i], "--shell=", 8) == 0)
-                        fwarning("shell-related command line options are disregarded - using SHELL environment variable\n");
+                        fwarning("shell-related command line options are disregarded\n");
-        }
+                else if (strcmp(argv[i], "-c") == 0) {
-        // use $SHELL to get shell used in sandbox, guess shell otherwise
-        cfg.shell = guess_shell();
-        if (!cfg.shell) {
-                fprintf(stderr, "Error: unable to guess your shell, please set SHELL environment variable\n");
-                exit(1);
-        }
-        else if (arg_debug)
-                printf("Selecting %s as shell\n", cfg.shell);
-        int prog_index = 0;
-        // find first non option arg:
-        //      - first argument not starting with --,
-        //      - whatever follows after -c (example: firejail -c ls)
-        for (i = 1; i < argc; i++) {
-                if (strcmp(argv[i], "-c") == 0) {
                        prog_index = i + 1;
                        if (prog_index == argc) {
                                fprintf(stderr, "Error: option -c requires an argument\n");
@@ -199,36 +187,36 @@ void run_no_sandbox(int argc, char **argv) {
                        break;
                }
                // check first argument not starting with --
-                if (strncmp(argv[i],"--",2) != 0) {
+                else if (strncmp(argv[i],"--",2) != 0) {
                        prog_index = i;
                        break;
                }
        }
-// if shell is /usr/bin/firejail, replace it with /bin/bash
-//      if (strcmp(cfg.shell, PATH_FIREJAIL) == 0) {
-//              cfg.shell = "/bin/bash";
-//              prog_index = 0;
-//      }
        if (prog_index == 0) {
-                assert(cfg.command_line == NULL); // runs cfg.shell
+                // got no command, require a shell and try to execute it
+                cfg.shell = guess_shell();
+                if (!cfg.shell) {
+                        fprintf(stderr, "Error: unable to guess your shell, please set SHELL environment variable\n");
+                        exit(1);
+                }
+                assert(cfg.command_line == NULL);
                cfg.window_title = cfg.shell;
        } else {
+                // this sandbox might not allow execution of a shell
+                // force --shell=none in order to not break firecfg symbolic links
+                arg_shell_none = 1;
                build_cmdline(&cfg.command_line, &cfg.window_title, argc, argv, prog_index);
        }
+        fwarning("an existing sandbox was detected. "
+                "%s will run without any additional sandboxing features\n", prog_index ? argv[prog_index] : cfg.shell);
        cfg.original_argv = argv;
        cfg.original_program_index = prog_index;
-        char *command;
-        if (prog_index == 0)
-                command = cfg.shell;
-        else
-                command = argv[prog_index];
-        fwarning("an existing sandbox was detected. "
-                "%s will run without any additional sandboxing features\n", command);
        arg_quiet = 1;
        start_application(1, -1, NULL);
diff --git a/src/firejail/output.c b/src/firejail/output.c
index 1682ee025..835dff2db 100644
--- a/src/firejail/output.c
+++ b/src/firejail/output.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -22,6 +22,7 @@
 #include <sys/stat.h>
 #include <unistd.h>
+#ifdef HAVE_OUTPUT
 void check_output(int argc, char **argv) {
        EUID_ASSERT();
@@ -149,3 +150,4 @@ void check_output(int argc, char **argv) {
        perror("execvp");
        exit(1);
 }
+#endif
diff --git a/src/firejail/paths.c b/src/firejail/paths.c
index 981a6bc71..b800fa944 100644
--- a/src/firejail/paths.c
+++ b/src/firejail/paths.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c
index 836526593..7f602545d 100644
--- a/src/firejail/preproc.c
+++ b/src/firejail/preproc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 3766ba8f0..351b760df 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -157,6 +157,10 @@ static int check_nosound(void) {
        return arg_nosound != 0;
 }
+static int check_private(void) {
+        return arg_private;
+}
 static int check_x11(void) {
        return (arg_x11_block || arg_x11_xorg || env_get("FIREJAIL_X11"));
 }
@@ -174,6 +178,7 @@ Cond conditionals[] = {
        {"HAS_NET", check_netoptions},
        {"HAS_NODBUS", check_nodbus},
        {"HAS_NOSOUND", check_nosound},
+        {"HAS_PRIVATE", check_private},
        {"HAS_X11", check_x11},
        {"BROWSER_DISABLE_U2F", check_disable_u2f},
        {"BROWSER_ALLOW_DRM", check_allow_drm},
@@ -911,15 +916,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
        if (strncmp(ptr, "protocol ", 9) == 0) {
                if (checkcfg(CFG_SECCOMP)) {
-                        if (cfg.protocol) {
+                        const char *add = ptr + 9;
-                                fwarning("more than one protocol list is present, \"%s\" will be installed\n", cfg.protocol);
+                        profile_list_augment(&cfg.protocol, add);
-                                return 0;
+                        if (arg_debug)
-                        }
+                                fprintf(stderr, "[profile] combined protocol list: \"%s\"\n", cfg.protocol);
-                        // store list
-                        cfg.protocol = strdup(ptr + 9);
-                        if (!cfg.protocol)
-                                errExit("strdup");
                }
                else
                        warning_feature_disabled("seccomp");
@@ -931,7 +931,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                return 0;
        }
        if (strncmp(ptr, "rmenv ", 6) == 0) {
-                unsetenv(ptr + 6); // Remove also immediately from Firejail itself
                env_store(ptr + 6, RMENV);
                return 0;
        }
@@ -1774,3 +1773,143 @@ void profile_read(const char *fname) {
        }
        fclose(fp);
 }
+char *profile_list_normalize(char *list)
+{
+        /* Remove redundant commas.
+         *
+         * As result is always shorter than original,
+         * in-place copying can be used.
+         */
+        size_t i = 0;
+        size_t j = 0;
+        int c;
+        while (list[i] == ',')
+                ++i;
+        while ((c = list[i++])) {
+                if (c == ',') {
+                        while (list[i] == ',')
+                                ++i;
+                        if (list[i] == 0)
+                                break;
+                }
+                list[j++] = c;
+        }
+        list[j] = 0;
+        return list;
+}
+char *profile_list_compress(char *list)
+{
+        size_t i;
+        /* Comma separated list is processed so that:
+         * "item"  -> adds item to list
+         * "-item" -> removes item from list
+         * "+item" -> adds item to list
+         * "=item" -> clear list, add item
+         *
+         * For example:
+         * ,a,,,b,,,c, -> a,b,c
+         * a,,b,,,c,a  -> a,b,c
+         * a,b,c,-a    -> b,c
+         * a,b,c,-a,a  -> b,c,a
+         * a,+b,c      -> a,b,c
+         * a,b,=c,d    -> c,d
+         * a,b,c,=     ->
+         */
+        profile_list_normalize(list);
+        /* Count items: comma count + 1 */
+        size_t count = 1;
+        for (i = 0; list[i]; ++i) {
+                if (list[i] == ',')
+                        ++count;
+        }
+        /* Collect items in an array */
+        char *in[count];
+        count = 0;
+        in[count++] = list;
+        for (i = 0; list[i]; ++i) {
+                if (list[i] != ',')
+                        continue;
+                list[i] = 0;
+                in[count++] = list + i + 1;
+        }
+        /* Filter array: add, remove, reset, filter out duplicates */
+        for (i = 0; i < count; ++i) {
+                char *item = in[i];
+                assert(item);
+                size_t k;
+                switch (*item) {
+                case '-':
+                        ++item;
+                        /* Do not include this item */
+                        in[i] = 0;
+                        /* Remove if already included */
+                        for (k = 0; k < i; ++k) {
+                                if (in[k] && !strcmp(in[k], item)) {
+                                        in[k] = 0;
+                                        break;
+                                }
+                        }
+                        break;
+                case '+':
+                        /* Allow +/- symmetry */
+                        in[i] = ++item;
+                        /* FALLTHRU */
+                default:
+                        /* Adding empty item is a NOP */
+                        if (!*item) {
+                                in[i] = 0;
+                                break;
+                        }
+                        /* Include item unless it is already included */
+                        for (k = 0; k < i; ++k) {
+                                if (in[k] && !strcmp(in[k], item)) {
+                                        in[i] = 0;
+                                        break;
+                                }
+                        }
+                        break;
+                case '=':
+                        in[i] = ++item;
+                        /* Include non-empty item */
+                        if (!*item)
+                                in[i] = 0;
+                        /* Remove all allready included items */
+                        for (k = 0; k < i; ++k)
+                                in[k] = 0;
+                        break;
+                }
+        }
+        /* Copying back using in-place data works because the
+         * original order is retained and no item gets longer
+         * than what it used to be.
+         */
+        char *pos = list;
+        for (i = 0; i < count; ++i) {
+                char *item = in[i];
+                if (!item)
+                        continue;
+                if (pos > list)
+                        *pos++ = ',';
+                while (*item)
+                        *pos++ = *item++;
+        }
+        *pos = 0;
+        return list;
+}
+void profile_list_augment(char **list, const char *items)
+{
+        char *tmp = 0;
+        if (asprintf(&tmp, "%s,%s", *list ?: "", items ?: "") < 0)
+                errExit("asprintf");
+        free(*list);
+        *list = profile_list_compress(tmp);
+}
diff --git a/src/firejail/protocol.c b/src/firejail/protocol.c
index cd54eb72d..926af7967 100644
--- a/src/firejail/protocol.c
+++ b/src/firejail/protocol.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c
index 5df3d9cd3..4b9203c36 100644
--- a/src/firejail/pulseaudio.c
+++ b/src/firejail/pulseaudio.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -80,8 +80,6 @@ static void pulseaudio_fallback(const char *path) {
        fmessage("Cannot mount tmpfs on %s/.config/pulse\n", cfg.homedir);
        env_store_name_val("PULSE_CLIENTCONFIG", path, SETENV);
-        if (setenv("PULSE_CLIENTCONFIG", path, 1) < 0)
-                errExit("setenv");
 }
 // disable shm in pulseaudio (issue #69)
@@ -176,8 +174,7 @@ void pulseaudio_init(void) {
        char *p;
        if (asprintf(&p, "%s/client.conf", homeusercfg) == -1)
                errExit("asprintf");
-        if (setenv("PULSE_CLIENTCONFIG", p, 1) < 0)
+        env_store_name_val("PULSE_CLIENTCONFIG", p, SETENV);
-                errExit("setenv");
        fs_logger2("create", p);
        free(p);
diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c
index a007312a6..a0ca4c02c 100644
--- a/src/firejail/restrict_users.c
+++ b/src/firejail/restrict_users.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -72,7 +72,7 @@ static void sanitize_home(void) {
        if (arg_debug)
                printf("Cleaning /home directory\n");
-        // keep a copy of the user home directory
+        // open user home directory in order to keep it around
        int fd = safe_fd(cfg.homedir, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC);
        if (fd == -1)
                goto errout;
@@ -82,47 +82,38 @@ static void sanitize_home(void) {
                close(fd);
                goto errout;
        }
-        char *proc;
-        if (asprintf(&proc, "/proc/self/fd/%d", fd) == -1)
-                errExit("asprintf");
-        if (mkdir(RUN_WHITELIST_HOME_DIR, 0755) == -1)
-                errExit("mkdir");
-        if (mount(proc, RUN_WHITELIST_HOME_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
-                errExit("mount bind");
-        free(proc);
-        close(fd);
-        // mount tmpfs in the new home
+        // mount tmpfs on /home
        if (mount("tmpfs", "/home", "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME,  "mode=755,gid=0") < 0)
                errExit("mount tmpfs");
        selinux_relabel_path("/home", "/home");
        fs_logger("tmpfs /home");
-        // create user home directory
+        // create new user home directory
        if (mkdir(cfg.homedir, 0755) == -1) {
-                if (mkpath_as_root(cfg.homedir))
+                if (mkpath_as_root(cfg.homedir) == -1)
                        errExit("mkpath");
                if (mkdir(cfg.homedir, 0755) == -1)
                        errExit("mkdir");
-                selinux_relabel_path(cfg.homedir, cfg.homedir);
        }
        fs_logger2("mkdir", cfg.homedir);
        // set mode and ownership
        if (set_perms(cfg.homedir, s.st_uid, s.st_gid, s.st_mode))
                errExit("set_perms");
+        selinux_relabel_path(cfg.homedir, cfg.homedir);
-        // mount user home directory
+        // bring back real user home directory
-        if (mount(RUN_WHITELIST_HOME_DIR, cfg.homedir, NULL, MS_BIND|MS_REC, NULL) < 0)
+        char *proc;
+        if (asprintf(&proc, "/proc/self/fd/%d", fd) == -1)
+                errExit("asprintf");
+        if (mount(proc, cfg.homedir, NULL, MS_BIND|MS_REC, NULL) < 0)
                errExit("mount bind");
+        free(proc);
+        close(fd);
-        // mask home dir under /run
-        if (mount("tmpfs", RUN_WHITELIST_HOME_DIR, "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME,  "mode=755,gid=0") < 0)
-                errExit("mount tmpfs");
-        fs_logger2("tmpfs", RUN_WHITELIST_HOME_DIR);
        if (!arg_private)
                fs_logger2("whitelist", cfg.homedir);
        return;
 errout:
@@ -137,22 +128,15 @@ static void sanitize_run(void) {
        if (asprintf(&runuser, "/run/user/%u", getuid()) == -1)
                errExit("asprintf");
-        struct stat s;
+        // open /run/user/$UID directory in order to keep it around
-        if (stat(runuser, &s) == -1) {
+        int fd = open(runuser, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC);
-                // cannot find /user/run/$UID directory, just return
+        if (fd == -1) {
                if (arg_debug)
-                        printf("Cannot find %s directory\n", runuser);
+                        printf("Cannot open %s directory\n", runuser);
                free(runuser);
                return;
        }
-        if (mkdir(RUN_WHITELIST_RUN_DIR, 0755) == -1)
-                errExit("mkdir");
-        // keep a copy of the /run/user/$UID directory
-        if (mount(runuser, RUN_WHITELIST_RUN_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
-                errExit("mount bind");
        // mount tmpfs on /run/user
        if (mount("tmpfs", "/run/user", "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME,  "mode=755,gid=0") < 0)
                errExit("mount tmpfs");
@@ -162,22 +146,23 @@ static void sanitize_run(void) {
        // create new user directory
        if (mkdir(runuser, 0700) == -1)
                errExit("mkdir");
-        selinux_relabel_path(runuser, runuser);
        fs_logger2("mkdir", runuser);
        // set mode and ownership
        if (set_perms(runuser, getuid(), getgid(), 0700))
                errExit("set_perms");
+        selinux_relabel_path(runuser, runuser);
-        // mount /run/user/$UID directory
+        // bring back real run/user/$UID directory
-        if (mount(RUN_WHITELIST_RUN_DIR, runuser, NULL, MS_BIND|MS_REC, NULL) < 0)
+        char *proc;
+        if (asprintf(&proc, "/proc/self/fd/%d", fd) == -1)
+                errExit("asprintf");
+        if (mount(proc, runuser, NULL, MS_BIND|MS_REC, NULL) < 0)
                errExit("mount bind");
+        free(proc);
+        close(fd);
-        // mask mirrored /run/user/$UID directory
+        fs_logger2("whitelist", runuser);
-        if (mount("tmpfs", RUN_WHITELIST_RUN_DIR, "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME,  "mode=755,gid=0") < 0)
-                errExit("mount tmpfs");
-        fs_logger2("tmpfs", RUN_WHITELIST_RUN_DIR);
        free(runuser);
 }
diff --git a/src/firejail/restricted_shell.c b/src/firejail/restricted_shell.c
index b80d4ae55..ae453f4f1 100644
--- a/src/firejail/restricted_shell.c
+++ b/src/firejail/restricted_shell.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/rlimit.c b/src/firejail/rlimit.c
index 0ca4a34df..78f00bc63 100644
--- a/src/firejail/rlimit.c
+++ b/src/firejail/rlimit.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/run_files.c b/src/firejail/run_files.c
index b9c80c459..cd44f745f 100644
--- a/src/firejail/run_files.c
+++ b/src/firejail/run_files.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/run_symlink.c b/src/firejail/run_symlink.c
index 5bf27fc6d..77fac5438 100644
--- a/src/firejail/run_symlink.c
+++ b/src/firejail/run_symlink.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 1f94d86cd..743d84b43 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -462,10 +462,10 @@ static int ok_to_run(const char *program) {
 void start_application(int no_sandbox, int fd, char *set_sandbox_status) {
        // set environment
-        if (no_sandbox == 0) {
+        if (no_sandbox == 0)
                env_defaults();
-                env_apply_all();
+        env_apply_all();
-        }
        // restore original umask
        umask(orig_umask);
@@ -475,23 +475,9 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) {
        }
        //****************************************
-        // audit
-        //****************************************
-        if (arg_audit) {
-                assert(arg_audit_prog);
-#ifdef HAVE_GCOV
-                __gcov_dump();
-#endif
-                seccomp_install_filters();
-                if (set_sandbox_status)
-                        *set_sandbox_status = SANDBOX_DONE;
-                execl(arg_audit_prog, arg_audit_prog, NULL);
-        }
-        //****************************************
        // start the program without using a shell
        //****************************************
-        else if (arg_shell_none) {
+        if (arg_shell_none) {
                if (arg_debug) {
                        int i;
                        for (i = cfg.original_program_index; i < cfg.original_argc; i++) {
@@ -589,12 +575,12 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) {
 }
 static void enforce_filters(void) {
+        fmessage("\n** Warning: dropping all Linux capabilities and setting NO_NEW_PRIVS prctl **\n\n");
        // enforce NO_NEW_PRIVS
        arg_nonewprivs = 1;
        force_nonewprivs = 1;
        // disable all capabilities
-        fmessage("\n**     Warning: dropping all Linux capabilities     **\n\n");
        arg_caps_drop_all = 1;
        // drop all supplementary groups; /etc/group file inside chroot
@@ -795,14 +781,18 @@ int sandbox(void* sandbox_arg) {
                        exit(rv);
        }
-        // need ld.so.preload if tracing or seccomp with any non-default lists
+#ifdef HAVE_FORCE_NONEWPRIVS
-        bool need_preload = arg_trace || arg_tracelog || arg_seccomp_postexec;
+        bool always_enforce_filters = true;
+#else
+        bool always_enforce_filters = false;
+#endif
        // for --appimage, --chroot and --overlay* we force NO_NEW_PRIVS
        // and drop all capabilities
-        if (getuid() != 0 && (arg_appimage || cfg.chrootdir || arg_overlay)) {
+        if (getuid() != 0 && (arg_appimage || cfg.chrootdir || arg_overlay || always_enforce_filters))
                enforce_filters();
-                need_preload = arg_trace || arg_tracelog;
-        }
+        // need ld.so.preload if tracing or seccomp with any non-default lists
+        bool need_preload = arg_trace || arg_tracelog || arg_seccomp_postexec;
        // trace pre-install
        if (need_preload)
@@ -835,6 +825,11 @@ int sandbox(void* sandbox_arg) {
                fs_basic_fs();
        //****************************
+        // appimage
+        //****************************
+        appimage_mount();
+        //****************************
        // private mode
        //****************************
        if (arg_private) {
@@ -969,11 +964,35 @@ int sandbox(void* sandbox_arg) {
                else if (arg_overlay)
                        fwarning("private-etc feature is disabled in overlay\n");
                else {
-                        fs_private_dir_list("/etc", RUN_ETC_DIR, cfg.etc_private_keep);
+                        /* Current /etc/passwd and /etc/group files are bind
-                        fs_private_dir_list("/usr/etc", RUN_USR_ETC_DIR, cfg.etc_private_keep); // openSUSE
+                         * mounted filtered versions of originals. Leaving
+                         * them underneath private-etc mount causes problems
+                         * in devices with older kernels, e.g. attempts to
+                         * update the real /etc/passwd file yield EBUSY.
+                         *
+                         * As we do want to retain filtered /etc content:
+                         * 1. duplicate /etc content to RUN_ETC_DIR
+                         * 2. unmount bind mounts from /etc
+                         * 3. mount RUN_ETC_DIR at /etc
+                         */
+                        timetrace_start();
+                        fs_private_dir_copy("/etc", RUN_ETC_DIR, cfg.etc_private_keep);
+                        if (umount2("/etc/group", MNT_DETACH) == -1)
+                                fprintf(stderr, "/etc/group: unmount: %s\n", strerror(errno));
+                        if (umount2("/etc/passwd", MNT_DETACH) == -1)
+                                fprintf(stderr, "/etc/passwd: unmount: %s\n", strerror(errno));
+                        fs_private_dir_mount("/etc", RUN_ETC_DIR);
+                        fmessage("Private /etc installed in %0.2f ms\n", timetrace_end());
                        // create /etc/ld.so.preload file again
                        if (need_preload)
                                fs_trace_preload();
+                        // openSUSE configuration is split between /etc and /usr/etc
+                        // process private-etc a second time
+                        fs_private_dir_list("/usr/etc", RUN_USR_ETC_DIR, cfg.etc_private_keep);
                }
        }
@@ -1015,23 +1034,11 @@ int sandbox(void* sandbox_arg) {
                fs_dev_disable_video();
        //****************************
-        // install trace
-        //****************************
-        if (need_preload)
-                fs_trace();
-        //****************************
        // set dns
        //****************************
        fs_resolvconf();
        //****************************
-        // fs post-processing
-        //****************************
-        fs_logger_print();
-        fs_logger_change_owner();
-        //****************************
        // start dhcp client
        //****************************
        dhcp_start();
@@ -1080,6 +1087,12 @@ int sandbox(void* sandbox_arg) {
        save_umask();
        //****************************
+        // fs post-processing
+        //****************************
+        fs_logger_print();
+        fs_logger_change_owner();
+        //****************************
        // set security filters
        //****************************
        // save state of nonewprivs
@@ -1136,13 +1149,21 @@ int sandbox(void* sandbox_arg) {
        fs_remount(RUN_SECCOMP_DIR, MOUNT_READONLY, 0);
        seccomp_debug();
+        //****************************
+        // install trace - still need capabilities
+        //****************************
+        if (need_preload)
+                fs_trace();
+        //****************************
+        // continue security filters
+        //****************************
        // set capabilities
        set_caps();
        //****************************************
        // relay status information to join option
        //****************************************
        char *set_sandbox_status = create_join_file();
        //****************************************
@@ -1203,7 +1224,6 @@ int sandbox(void* sandbox_arg) {
        //****************************************
        // set cpu affinity
        //****************************************
        if (cfg.cpus)
                set_cpu_affinity();
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c
index baf99c5b9..f9c41f661 100644
--- a/src/firejail/sbox.c
+++ b/src/firejail/sbox.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -203,15 +203,16 @@ static int __attribute__((noreturn)) sbox_do_exec_v(unsigned filtermask, char *
                }
        }
-        if (filtermask & SBOX_ROOT) {
+        if (filtermask & SBOX_USER)
+                drop_privs(1);
+        else if (filtermask & SBOX_ROOT) {
                // elevate privileges in order to get grsecurity working
                if (setreuid(0, 0))
                        errExit("setreuid");
                if (setregid(0, 0))
                        errExit("setregid");
        }
-        else if (filtermask & SBOX_USER)
+        else assert(0);
-                drop_privs(1);
        if (arg[0]) { // get rid of scan-build warning
                int fd = open(arg[0], O_PATH | O_CLOEXEC);
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c
index 808dd4c37..785c29517 100644
--- a/src/firejail/seccomp.c
+++ b/src/firejail/seccomp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/selinux.c b/src/firejail/selinux.c
index dd776fcce..06189d7f6 100644
--- a/src/firejail/selinux.c
+++ b/src/firejail/selinux.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2020 Firejail and systemd authors
+ * Copyright (C) 2020-2021 Firejail and systemd authors
 *
 * This file is part of firejail project, from systemd selinux-util.c
 *
diff --git a/src/firejail/shutdown.c b/src/firejail/shutdown.c
index 7e9628007..8fb03d0a6 100644
--- a/src/firejail/shutdown.c
+++ b/src/firejail/shutdown.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index d58bbb409..397150158 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -33,7 +33,6 @@ static char *usage_str =
        "    --apparmor - enable AppArmor confinement.\n"
        "    --apparmor.print=name|pid - print apparmor status.\n"
        "    --appimage - sandbox an AppImage application.\n"
-        "    --audit[=test-program] - audit the sandbox.\n"
 #ifdef HAVE_NETWORK
        "    --bandwidth=name|pid - set bandwidth limits.\n"
 #endif
@@ -56,6 +55,7 @@ static char *usage_str =
 #endif
        "    --cpu=cpu-number,cpu-number - set cpu affinity.\n"
        "    --cpu.print=name|pid - print the cpus in use.\n"
+#ifdef HAVE_DBUSPROXY
        "    --dbus-log=file - set DBus log file location.\n"
        "    --dbus-system=filter|none - set system DBus access policy.\n"
        "    --dbus-system.broadcast=rule - allow signals on the system DBus according to rule.\n"
@@ -71,6 +71,7 @@ static char *usage_str =
        "    --dbus-user.own=name - allow ownership of name on the session DBus.\n"
        "    --dbus-user.see=name - allow seeing name on the session DBus.\n"
        "    --dbus-user.talk=name - allow talking to name on the session DBus.\n"
+#endif
        "    --debug - print sandbox debug messages.\n"
        "    --debug-blacklists - debug blacklisting.\n"
        "    --debug-caps - print all recognized capabilities.\n"
@@ -125,6 +126,8 @@ static char *usage_str =
        "    --machine-id - preserve /etc/machine-id\n"
        "    --memory-deny-write-execute - seccomp filter to block attempts to create\n"
        "\tmemory mappings that are both writable and executable.\n"
+        "    --mkdir=dirname - create a directory.\n"
+        "    --mkfile=filename - create a file.\n"
 #ifdef HAVE_NETWORK
        "    --mtu=number - set interface MTU.\n"
 #endif
@@ -161,14 +164,18 @@ static char *usage_str =
        "    --novideo - disable video devices.\n"
        "    --nou2f - disable U2F devices.\n"
        "    --nowhitelist=filename - disable whitelist for file or directory.\n"
+#ifdef HAVE_OUTPUT
        "    --output=logfile - stdout logging and log rotation.\n"
        "    --output-stderr=logfile - stdout and stderr logging and log rotation.\n"
+#endif
+#ifdef HAVE_OVERLAYFS
        "    --overlay - mount a filesystem overlay on top of the current filesystem.\n"
        "    --overlay-named=name - mount a filesystem overlay on top of the current\n"
        "\tfilesystem, and store it in name directory.\n"
        "    --overlay-tmpfs - mount a temporary filesystem overlay on top of the\n"
        "\tcurrent filesystem.\n"
        "    --overlay-clean - clean all overlays stored in $HOME/.firejail directory.\n"
+#endif
        "    --private - temporary home directory.\n"
        "    --private=directory - use directory as user home.\n"
        "    --private-cache - temporary ~/.cache directory.\n"
diff --git a/src/firejail/util.c b/src/firejail/util.c
index 911c8bd94..2ad85acd6 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -400,6 +400,8 @@ void touch_file_as_user(const char *fname, mode_t mode) {
                        SET_PERMS_STREAM(fp, -1, -1, mode);
                        fclose(fp);
                }
+                else
+                        fwarning("cannot create %s\n", fname);
 #ifdef HAVE_GCOV
                __gcov_flush();
 #endif
@@ -439,35 +441,22 @@ int is_dir(const char *fname) {
        return 0;
 }
 // return 1 if the file is a link
 int is_link(const char *fname) {
        assert(fname);
        if (*fname == '\0')
                return 0;
-        char *dup = NULL;
+        char *dup = strdup(fname);
-        struct stat s;
+        if (!dup)
-        if (lstat(fname, &s) == 0) {
+                errExit("strdup");
-                if (S_ISLNK(s.st_mode))
+        trim_trailing_slash_or_dot(dup);
-                        return 1;
-                if (S_ISDIR(s.st_mode)) {
+        char c;
-                        // remove trailing slashes and single dots and try again
+        ssize_t rv = readlink(dup, &c, 1);
-                        dup = strdup(fname);
-                        if (!dup)
-                                errExit("strdup");
-                        trim_trailing_slash_or_dot(dup);
-                        if (lstat(dup, &s) == 0) {
-                                if (S_ISLNK(s.st_mode)) {
-                                        free(dup);
-                                        return 1;
-                                }
-                        }
-                }
-        }
        free(dup);
-        return 0;
+        return (rv != -1);
 }
 // remove all slashes and single dots from the end of a path
diff --git a/src/firejail/x11.c b/src/firejail/x11.c
index 1121ec84e..1dabf272e 100644
--- a/src/firejail/x11.c
+++ b/src/firejail/x11.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/Makefile.in b/src/firemon/Makefile.in
index 9ee798fe9..a1b6692aa 100644
--- a/src/firemon/Makefile.in
+++ b/src/firemon/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: firemon
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 firemon: $(OBJS) ../lib/common.o ../lib/pid.o
        $(CC)  $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/pid.o $(LIBS) $(EXTRA_LDFLAGS)
+.PHONY: clean
 clean:; rm -fr *.o firemon *.gcov *.gcda *.gcno *.plist
+.PHONY: distclean
 distclean: clean
        rm -fr Makefile
diff --git a/src/firemon/apparmor.c b/src/firemon/apparmor.c
index c34a44165..eb810a9e7 100644
--- a/src/firemon/apparmor.c
+++ b/src/firemon/apparmor.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/arp.c b/src/firemon/arp.c
index 3bd59e65e..1a69a67b1 100644
--- a/src/firemon/arp.c
+++ b/src/firemon/arp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/caps.c b/src/firemon/caps.c
index 0e720706d..c0f305a5d 100644
--- a/src/firemon/caps.c
+++ b/src/firemon/caps.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/cgroup.c b/src/firemon/cgroup.c
index e0d605d10..97ba591a6 100644
--- a/src/firemon/cgroup.c
+++ b/src/firemon/cgroup.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/cpu.c b/src/firemon/cpu.c
index e97068851..91b455941 100644
--- a/src/firemon/cpu.c
+++ b/src/firemon/cpu.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c
index 5ae0ed013..37870747d 100644
--- a/src/firemon/firemon.c
+++ b/src/firemon/firemon.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/firemon.h b/src/firemon/firemon.h
index 948214d4d..5252ad34f 100644
--- a/src/firemon/firemon.h
+++ b/src/firemon/firemon.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/interface.c b/src/firemon/interface.c
index 34d616647..e04b6f431 100644
--- a/src/firemon/interface.c
+++ b/src/firemon/interface.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/list.c b/src/firemon/list.c
index 22a08272d..51099a75c 100644
--- a/src/firemon/list.c
+++ b/src/firemon/list.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/netstats.c b/src/firemon/netstats.c
index c746cc127..850959eb3 100644
--- a/src/firemon/netstats.c
+++ b/src/firemon/netstats.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c
index b64b6210d..8085d2d29 100644
--- a/src/firemon/procevent.c
+++ b/src/firemon/procevent.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/route.c b/src/firemon/route.c
index 19c823a87..9cf5054b2 100644
--- a/src/firemon/route.c
+++ b/src/firemon/route.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/seccomp.c b/src/firemon/seccomp.c
index 7867fbad3..04111b6c0 100644
--- a/src/firemon/seccomp.c
+++ b/src/firemon/seccomp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/top.c b/src/firemon/top.c
index ba707ef19..a25e3c0d8 100644
--- a/src/firemon/top.c
+++ b/src/firemon/top.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/tree.c b/src/firemon/tree.c
index 711066c19..899214b9f 100644
--- a/src/firemon/tree.c
+++ b/src/firemon/tree.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/usage.c b/src/firemon/usage.c
index 0c3da00f8..baaef3111 100644
--- a/src/firemon/usage.c
+++ b/src/firemon/usage.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/firemon/x11.c b/src/firemon/x11.c
index 19b54429c..97e24b2d2 100644
--- a/src/firemon/x11.c
+++ b/src/firemon/x11.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fldd/Makefile.in b/src/fldd/Makefile.in
index 37b139d38..ba87d16cd 100644
--- a/src/fldd/Makefile.in
+++ b/src/fldd/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: fldd
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 fldd: $(OBJS) ../lib/common.o ../lib/ldd_utils.o
        $(CC)  $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/ldd_utils.o $(LIBS) $(EXTRA_LDFLAGS)
+.PHONY: clean
 clean:; rm -fr *.o fldd *.gcov *.gcda *.gcno *.plist
+.PHONY: distclean
 distclean: clean
        rm -fr Makefile
diff --git a/src/fldd/main.c b/src/fldd/main.c
index 55a0dfcce..9d91557c1 100644
--- a/src/fldd/main.c
+++ b/src/fldd/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnet/Makefile.in b/src/fnet/Makefile.in
index bd5fe9e7a..7447c6d3f 100644
--- a/src/fnet/Makefile.in
+++ b/src/fnet/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: fnet
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 fnet: $(OBJS) ../lib/common.o ../lib/libnetlink.o
        $(CC)  $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/libnetlink.o $(LIBS) $(EXTRA_LDFLAGS)
+.PHONY: clean
 clean:; rm -fr *.o fnet *.gcov *.gcda *.gcno *.plist
+.PHONY: distclean
 distclean: clean
        rm -fr Makefile
diff --git a/src/fnet/arp.c b/src/fnet/arp.c
index 64f177574..59798d32d 100644
--- a/src/fnet/arp.c
+++ b/src/fnet/arp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnet/fnet.h b/src/fnet/fnet.h
index b9cf96c64..c0154b53e 100644
--- a/src/fnet/fnet.h
+++ b/src/fnet/fnet.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnet/interface.c b/src/fnet/interface.c
index 62df0930e..91d91360d 100644
--- a/src/fnet/interface.c
+++ b/src/fnet/interface.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnet/main.c b/src/fnet/main.c
index db090fb95..df8f7226c 100644
--- a/src/fnet/main.c
+++ b/src/fnet/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnet/veth.c b/src/fnet/veth.c
index 777e4e07e..e09b1b1c5 100644
--- a/src/fnet/veth.c
+++ b/src/fnet/veth.c
@@ -26,7 +26,7 @@
 *
 */
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fnetfilter/Makefile.in b/src/fnetfilter/Makefile.in
index 6fe650a17..825262482 100644
--- a/src/fnetfilter/Makefile.in
+++ b/src/fnetfilter/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: fnetfilter
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 fnetfilter: $(OBJS) ../lib/common.o
        $(CC)  $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o $(LIBS) $(EXTRA_LDFLAGS)
+.PHONY: clean
 clean:; rm -fr *.o fnetfilter *.gcov *.gcda *.gcno *.plist
+.PHONY: distclean
 distclean: clean
        rm -fr Makefile
diff --git a/src/fnetfilter/main.c b/src/fnetfilter/main.c
index 381d0d36e..979f082d0 100644
--- a/src/fnetfilter/main.c
+++ b/src/fnetfilter/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fsec-optimize/Makefile.in b/src/fsec-optimize/Makefile.in
index cc5ac7e35..a2187e89c 100644
--- a/src/fsec-optimize/Makefile.in
+++ b/src/fsec-optimize/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: fsec-optimize
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 fsec-optimize: $(OBJS) ../lib/common.o ../lib/libnetlink.o
        $(CC)  $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/errno.o $(LIBS) $(EXTRA_LDFLAGS)
+.PHONY: clean
 clean:; rm -fr *.o fsec-optimize *.gcov *.gcda *.gcno *.plist
+.PHONY: distclean
 distclean: clean
        rm -fr Makefile
diff --git a/src/fsec-optimize/fsec_optimize.h b/src/fsec-optimize/fsec_optimize.h
index 211111641..fc9dd7db8 100644
--- a/src/fsec-optimize/fsec_optimize.h
+++ b/src/fsec-optimize/fsec_optimize.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fsec-optimize/main.c b/src/fsec-optimize/main.c
index c64587068..84bf2d4f9 100644
--- a/src/fsec-optimize/main.c
+++ b/src/fsec-optimize/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fsec-optimize/optimizer.c b/src/fsec-optimize/optimizer.c
index eb777f13b..4c02de59d 100644
--- a/src/fsec-optimize/optimizer.c
+++ b/src/fsec-optimize/optimizer.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fsec-print/Makefile.in b/src/fsec-print/Makefile.in
index bf39a8c77..824fb5daf 100644
--- a/src/fsec-print/Makefile.in
+++ b/src/fsec-print/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: fsec-print
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 fsec-print: $(OBJS) ../lib/common.o ../lib/libnetlink.o ../lib/errno.o ../lib/syscall.o
        $(CC)  $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/errno.o ../lib/syscall.o $(LIBS) $(EXTRA_LDFLAGS)
+.PHONY: clean
 clean:; rm -fr *.o fsec-print *.gcov *.gcda *.gcno *.plist
+.PHONY: distclean
 distclean: clean
        rm -fr Makefile
diff --git a/src/fsec-print/fsec_print.h b/src/fsec-print/fsec_print.h
index 337199288..75a82c11a 100644
--- a/src/fsec-print/fsec_print.h
+++ b/src/fsec-print/fsec_print.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fsec-print/main.c b/src/fsec-print/main.c
index ed030db21..5bca93d50 100644
--- a/src/fsec-print/main.c
+++ b/src/fsec-print/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fsec-print/print.c b/src/fsec-print/print.c
index eecf18832..143a7a53e 100644
--- a/src/fsec-print/print.c
+++ b/src/fsec-print/print.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fseccomp/Makefile.in b/src/fseccomp/Makefile.in
index b776a73ce..41abfce17 100644
--- a/src/fseccomp/Makefile.in
+++ b/src/fseccomp/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: fseccomp
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 fseccomp: $(OBJS) ../lib/common.o ../lib/errno.o ../lib/syscall.o
        $(CC)  $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/errno.o ../lib/syscall.o $(LIBS) $(EXTRA_LDFLAGS)
+.PHONY: clean
 clean:; rm -fr *.o fseccomp *.gcov *.gcda *.gcno *.plist
+.PHONY: distclean
 distclean: clean
        rm -fr Makefile
diff --git a/src/fseccomp/fseccomp.h b/src/fseccomp/fseccomp.h
index e8dd083b6..97eac9ed8 100644
--- a/src/fseccomp/fseccomp.h
+++ b/src/fseccomp/fseccomp.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fseccomp/main.c b/src/fseccomp/main.c
index f47efb5e8..326c29a44 100644
--- a/src/fseccomp/main.c
+++ b/src/fseccomp/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fseccomp/protocol.c b/src/fseccomp/protocol.c
index 4d261f9e5..48dda61dd 100644
--- a/src/fseccomp/protocol.c
+++ b/src/fseccomp/protocol.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fseccomp/seccomp.c b/src/fseccomp/seccomp.c
index e808538b0..99e671799 100644
--- a/src/fseccomp/seccomp.c
+++ b/src/fseccomp/seccomp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fseccomp/seccomp_file.c b/src/fseccomp/seccomp_file.c
index 9e8ceb898..846c7f335 100644
--- a/src/fseccomp/seccomp_file.c
+++ b/src/fseccomp/seccomp_file.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fseccomp/seccomp_secondary.c b/src/fseccomp/seccomp_secondary.c
index b8e8d0a89..540892026 100644
--- a/src/fseccomp/seccomp_secondary.c
+++ b/src/fseccomp/seccomp_secondary.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/fshaper/fshaper.sh b/src/fshaper/fshaper.sh
index ef76813ea..f9a6c4f06 100755
--- a/src/fshaper/fshaper.sh
+++ b/src/fshaper/fshaper.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 TCFILE=""
diff --git a/src/ftee/Makefile.in b/src/ftee/Makefile.in
index 32cdc63d3..05caf81be 100644
--- a/src/ftee/Makefile.in
+++ b/src/ftee/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: ftee
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 ftee: $(OBJS)
        $(CC)  $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS)
+.PHONY: clean
 clean:; rm -fr *.o ftee *.gcov *.gcda *.gcno *.plist
+.PHONY: distclean
 distclean: clean
        rm -fr Makefile
diff --git a/src/ftee/ftee.h b/src/ftee/ftee.h
index aec64595d..a556efb75 100644
--- a/src/ftee/ftee.h
+++ b/src/ftee/ftee.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/ftee/main.c b/src/ftee/main.c
index a1e42ed32..4d447f2c4 100644
--- a/src/ftee/main.c
+++ b/src/ftee/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/include/common.h b/src/include/common.h
index 5497929c7..5bcbaad88 100644
--- a/src/include/common.h
+++ b/src/include/common.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/include/euid_common.h b/src/include/euid_common.h
index d8277ade7..8d8dd95f6 100644
--- a/src/include/euid_common.h
+++ b/src/include/euid_common.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/include/firejail_user.h b/src/include/firejail_user.h
index a8d269daa..cf17fa0cf 100644
--- a/src/include/firejail_user.h
+++ b/src/include/firejail_user.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/include/ldd_utils.h b/src/include/ldd_utils.h
index 29dd8926e..ffd6e189f 100644
--- a/src/include/ldd_utils.h
+++ b/src/include/ldd_utils.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/include/pid.h b/src/include/pid.h
index 1f15d3c68..17e51f660 100644
--- a/src/include/pid.h
+++ b/src/include/pid.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/include/rundefs.h b/src/include/rundefs.h
index 21aad66f7..d14f6782f 100644
--- a/src/include/rundefs.h
+++ b/src/include/rundefs.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -84,8 +84,6 @@
 #define RUN_DEVLOG_FILE                 RUN_MNT_DIR "/devlog"
 #define RUN_WHITELIST_X11_DIR           RUN_MNT_DIR "/orig-x11"
-#define RUN_WHITELIST_HOME_DIR          RUN_MNT_DIR "/orig-home"                // default home directory masking
-#define RUN_WHITELIST_RUN_DIR           RUN_MNT_DIR "/orig-run"         // default run directory masking
 #define RUN_WHITELIST_HOME_USER_DIR     RUN_MNT_DIR "/orig-home-user"           // home directory whitelisting
 #define RUN_WHITELIST_RUN_USER_DIR      RUN_MNT_DIR "/orig-run-user"            // run directory whitelisting
 #define RUN_WHITELIST_TMP_DIR           RUN_MNT_DIR "/orig-tmp"
diff --git a/src/include/seccomp.h b/src/include/seccomp.h
index b3b75c2d1..43bb73a04 100644
--- a/src/include/seccomp.h
+++ b/src/include/seccomp.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/include/syscall.h b/src/include/syscall.h
index 489da0600..015dd01b9 100644
--- a/src/include/syscall.h
+++ b/src/include/syscall.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/jailtest/Makefile.in b/src/jailtest/Makefile.in
new file mode 100644
index 000000000..6306d24ec
--- /dev/null
+++ b/src/jailtest/Makefile.in
@@ -0,0 +1,17 @@
+.PHONY: all
+all: jailtest
+include ../common.mk
+%.o : %.c $(H_FILE_LIST) ../include/common.h ../include/pid.h
+        $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@
+jailtest: $(OBJS)
+        $(CC)  $(LDFLAGS) -o $@ $(OBJS)  ../lib/common.o ../lib/pid.o $(LIBS) $(EXTRA_LDFLAGS)
+.PHONY: clean
+clean:; rm -fr *.o jailtest *.gcov *.gcda *.gcno *.plist
+.PHONY: distclean
+distclean: clean
+        rm -fr Makefile
diff --git a/src/jailtest/access.c b/src/jailtest/access.c
new file mode 100644
index 000000000..4e737dc7a
--- /dev/null
+++ b/src/jailtest/access.c
@@ -0,0 +1,143 @@
+/*
+ * Copyright (C) 2014-2021 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#include "jailtest.h"
+#include <dirent.h>
+#include <sys/wait.h>
+typedef struct {
+        char *tfile;
+        char *tdir;
+} TestDir;
+#define MAX_TEST_FILES 16
+TestDir td[MAX_TEST_FILES];
+static int files_cnt = 0;
+void access_setup(const char *directory) {
+        // I am root!
+        assert(directory);
+        assert(user_home_dir);
+        if (files_cnt >= MAX_TEST_FILES) {
+                fprintf(stderr, "Error: maximum number of test directories exceded\n");
+                exit(1);
+        }
+        char *fname = strdup(directory);
+        if (!fname)
+                errExit("strdup");
+        if (strncmp(fname, "~/", 2) == 0) {
+                free(fname);
+                if (asprintf(&fname, "%s/%s", user_home_dir, directory + 2) == -1)
+                        errExit("asprintf");
+        }
+        char *path = realpath(fname, NULL);
+        free(fname);
+        if (path == NULL) {
+                fprintf(stderr, "Warning: invalid directory %s, skipping...\n", directory);
+                return;
+        }
+        // file in home directory
+        if (strncmp(path, user_home_dir, strlen(user_home_dir)) != 0) {
+                fprintf(stderr, "Warning: file %s is not in user home directory, skipping...\n", directory);
+                free(path);
+                return;
+        }
+        // try to open the dir as root
+        DIR *dir = opendir(path);
+        if (!dir) {
+                fprintf(stderr, "Warning: directory %s not found, skipping\n", directory);
+                free(path);
+                return;
+        }
+        closedir(dir);
+        // create a test file
+        char *test_file;
+        if (asprintf(&test_file, "%s/jailtest-access-%d", path, getpid()) == -1)
+                errExit("asprintf");
+        FILE *fp = fopen(test_file, "w");
+        if (!fp) {
+                printf("Warning: I cannot create test file in directory %s, skipping...\n", directory);
+                return;
+        }
+        fprintf(fp, "this file was created by firetest utility, you can safely delete it\n");
+        fclose(fp);
+        int rv = chown(test_file, user_uid, user_gid);
+        if (rv)
+                errExit("chown");
+        char *dname = strdup(directory);
+        if (!dname)
+                errExit("strdup");
+        td[files_cnt].tdir = dname;
+        td[files_cnt].tfile = test_file;
+        files_cnt++;
+}
+void access_destroy(void) {
+        // remove test files
+        int i;
+        for (i = 0; i < files_cnt; i++) {
+                int rv = unlink(td[i].tfile);
+                (void) rv;
+        }
+        files_cnt = 0;
+}
+void access_test(void) {
+        // I am root in sandbox mount namespace
+        assert(user_uid);
+        int i;
+        pid_t child = fork();
+        if (child == -1)
+                errExit("fork");
+        if (child == 0) { // child
+                // drop privileges
+                if (setgid(user_gid) != 0)
+                        errExit("setgid");
+                if (setuid(user_uid) != 0)
+                        errExit("setuid");
+                for (i = 0; i < files_cnt; i++) {
+                        assert(td[i].tfile);
+                        // try to open the file for reading
+                        FILE *fp = fopen(td[i].tfile, "r");
+                        if (fp) {
+                                printf("   Warning: I can read %s\n", td[i].tdir);
+                                fclose(fp);
+                        }
+                }
+                exit(0);
+        }
+        // wait for the child to finish
+        int status;
+        wait(&status);
+}
diff --git a/src/jailtest/apparmor.c b/src/jailtest/apparmor.c
new file mode 100644
index 000000000..9ddfea3de
--- /dev/null
+++ b/src/jailtest/apparmor.c
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2014-2021 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#include "jailtest.h"
+#ifdef HAVE_APPARMOR
+#include <sys/apparmor.h>
+void apparmor_test(pid_t pid) {
+        char *label = NULL;
+        char *mode = NULL;
+        int rv = aa_gettaskcon(pid, &label, &mode);
+        if (rv == -1 || mode == NULL)
+                printf("   Warning: AppArmor not enabled\n");
+}
+#else
+void apparmor_test(pid_t pid) {
+        (void) pid;
+        return;
+}
+#endif
diff --git a/src/jailtest/jailtest.h b/src/jailtest/jailtest.h
new file mode 100644
index 000000000..0c4883061
--- /dev/null
+++ b/src/jailtest/jailtest.h
@@ -0,0 +1,62 @@
+/*
+ * Copyright (C) 2014-2021 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#ifndef JAILTEST_H
+#define JAILTEST_H
+#include "../include/common.h"
+// main.c
+extern uid_t user_uid;
+extern gid_t user_gid;
+extern char *user_name;
+extern char *user_home_dir;
+extern char *user_run_dir;
+// access.c
+void access_setup(const char *directory);
+void access_test(void);
+void access_destroy(void);
+// noexec.c
+void noexec_setup(void);
+void noexec_test(const char *msg);
+// sysfiles.c
+void sysfiles_setup(const char *file);
+void sysfiles_test(void);
+// virtual.c
+void virtual_setup(const char *directory);
+void virtual_destroy(void);
+void virtual_test(void);
+// apparmor.c
+void apparmor_test(pid_t pid);
+// seccomp.c
+void seccomp_test(pid_t pid);
+// utils.c
+char *get_sudo_user(void);
+char *get_homedir(const char *user, uid_t *uid, gid_t *gid);
+int find_child(pid_t pid);
+pid_t switch_to_child(pid_t pid);
+#endif
+\ No newline at end of file
diff --git a/src/jailtest/main.c b/src/jailtest/main.c
new file mode 100644
index 000000000..3369dca39
--- /dev/null
+++ b/src/jailtest/main.c
@@ -0,0 +1,192 @@
+/*
+ * Copyright (C) 2014-2021 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#include "jailtest.h"
+#include "../include/firejail_user.h"
+#include "../include/pid.h"
+#include <sys/wait.h>
+uid_t user_uid = 0;
+gid_t user_gid = 0;
+char *user_name = NULL;
+char *user_home_dir = NULL;
+char *user_run_dir = NULL;
+int arg_debug = 0;
+static char *usage_str =
+        "Usage: jailtest [options] directory [directory]\n\n"
+        "Options:\n"
+        "   --debug - print debug messages.\n"
+        "   --help, -? - this help screen.\n"
+        "   --version - print program version and exit.\n";
+static void usage(void) {
+        printf("firetest - version %s\n\n", VERSION);
+        puts(usage_str);
+}
+static void cleanup(void) {
+        // running only as root
+        if (getuid() == 0) {
+                if (arg_debug)
+                        printf("cleaning up!\n");
+                access_destroy();
+                virtual_destroy();
+        }
+}
+int main(int argc, char **argv) {
+        int i;
+        int findex = 0;
+        for (i = 1; i < argc; i++) {
+                if (strcmp(argv[i], "-?") == 0 || strcmp(argv[i], "--help") == 0) {
+                        usage();
+                        return 0;
+                }
+                else if (strcmp(argv[i], "--version") == 0) {
+                        printf("firetest version %s\n\n", VERSION);
+                        return 0;
+                }
+                else if (strncmp(argv[i], "--hello=", 8) == 0) { // used by noexec test
+                        printf("   Warning: I can run programs in %s\n", argv[i] + 8);
+                        return 0;
+                }
+                else if (strcmp(argv[i], "--debug") == 0)
+                        arg_debug = 1;
+                else if (strncmp(argv[i], "--", 2) == 0) {
+                        fprintf(stderr, "Error: invalid option\n");
+                        return 1;
+                }
+                else {
+                        findex = i;
+                        break;
+                }
+        }
+        // user setup
+        if (getuid() != 0) {
+                fprintf(stderr, "Error: you need to be root (via sudo) to run this program\n");
+                exit(1);
+        }
+        user_name = get_sudo_user();
+        assert(user_name);
+        user_home_dir = get_homedir(user_name, &user_uid, &user_gid);
+        if (user_uid == 0) {
+                fprintf(stderr, "Error: root user not supported\n");
+                exit(1);
+        }
+        if (asprintf(&user_run_dir, "/run/user/%d", user_uid) == -1)
+                errExit("asprintf");
+        // test setup
+        atexit(cleanup);
+        access_setup("~/.ssh");
+        access_setup("~/.gnupg");
+        if (findex > 0) {
+                for (i = findex; i < argc; i++)
+                        access_setup(argv[i]);
+        }
+        noexec_setup();
+        virtual_setup(user_home_dir);
+        virtual_setup("/tmp");
+        virtual_setup("/var/tmp");
+        virtual_setup("/dev");
+        virtual_setup("/etc");
+        virtual_setup("/bin");
+        virtual_setup("/usr/share");
+        virtual_setup(user_run_dir);
+        // basic sysfiles
+        sysfiles_setup("/etc/shadow");
+        sysfiles_setup("/etc/gshadow");
+        sysfiles_setup("/usr/bin/mount");
+        sysfiles_setup("/usr/bin/su");
+        sysfiles_setup("/usr/bin/ksu");
+        sysfiles_setup("/usr/bin/sudo");
+        sysfiles_setup("/usr/bin/strace");
+        // X11
+        sysfiles_setup("/usr/bin/xev");
+        sysfiles_setup("/usr/bin/xinput");
+        // compilers
+        sysfiles_setup("/usr/bin/gcc");
+        sysfiles_setup("/usr/bin/clang");
+        // networking
+        sysfiles_setup("/usr/bin/dig");
+        sysfiles_setup("/usr/bin/nslookup");
+        sysfiles_setup("/usr/bin/resolvectl");
+        sysfiles_setup("/usr/bin/nc");
+        sysfiles_setup("/usr/bin/ncat");
+        sysfiles_setup("/usr/bin/nmap");
+        sysfiles_setup("/usr/sbin/tcpdump");
+        // terminals
+        sysfiles_setup("/usr/bin/gnome-terminal");
+        sysfiles_setup("/usr/bin/xfce4-terminal");
+        sysfiles_setup("/usr/bin/lxterminal");
+        // print processes
+        pid_read(0);
+        for (i = 0; i < max_pids; i++) {
+                if (pids[i].level == 1) {
+                        uid_t uid = pid_get_uid(i);
+                        if (uid != user_uid) // not interested in other user sandboxes
+                                continue;
+                        // in case the pid is that of a firejail process, use the pid of the first child process
+                        uid_t pid = find_child(i);
+                        printf("\n");
+                        pid_print_list(i, 0); //  no wrapping
+                        apparmor_test(pid);
+                        seccomp_test(pid);
+                        fflush(0);
+                        pid_t child = fork();
+                        if (child == -1)
+                                errExit("fork");
+                        if (child == 0) {
+                                int rv = join_namespace(pid, "mnt");
+                                if (rv == 0) {
+                                        virtual_test();
+                                        noexec_test(user_home_dir);
+                                        noexec_test("/tmp");
+                                        noexec_test("/var/tmp");
+                                        noexec_test(user_run_dir);
+                                        access_test();
+                                        sysfiles_test();
+                                }
+                                else {
+                                        printf("   Error: I cannot join the process mount space\n");
+                                        exit(1);
+                                }
+                                // drop privileges in order not to trigger cleanup()
+                                if (setgid(user_gid) != 0)
+                                        errExit("setgid");
+                                if (setuid(user_uid) != 0)
+                                        errExit("setuid");
+                                return 0;
+                        }
+                        int status;
+                        wait(&status);
+                }
+        }
+        return 0;
+}
diff --git a/src/jailtest/noexec.c b/src/jailtest/noexec.c
new file mode 100644
index 000000000..4347b7eef
--- /dev/null
+++ b/src/jailtest/noexec.c
@@ -0,0 +1,113 @@
+/*
+ * Copyright (C) 2014-2021 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#include "jailtest.h"
+#include <sys/wait.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+static unsigned char *execfile = NULL;
+static int execfile_len = 0;
+void noexec_setup(void) {
+        // grab a copy of myself
+        char *self = realpath("/proc/self/exe", NULL);
+        if (self) {
+                struct stat s;
+                if (access(self, X_OK) == 0 && stat(self, &s) == 0) {
+                        assert(s.st_size);
+                        execfile = malloc(s.st_size);
+                        int fd = open(self, O_RDONLY);
+                        if (fd == -1)
+                                errExit("open");
+                        int len = 0;
+                        do {
+                                int rv = read(fd, execfile + len, s.st_size - len);
+                                if (rv == -1)
+                                        errExit("read");
+                                if (rv == 0) {
+                                        // something went wrong!
+                                        free(execfile);
+                                        execfile = NULL;
+                                        printf("Warning: I cannot grab a copy of myself, skipping noexec test...\n");
+                                        break;
+                                }
+                                len += rv;
+                        }
+                        while (len < s.st_size);
+                        execfile_len = s.st_size;
+                        close(fd);
+                }
+        }
+}
+void noexec_test(const char *path) {
+        assert(user_uid);
+        // I am root in sandbox mount namespace
+        if (!execfile)
+                return;
+        char *fname;
+        if (asprintf(&fname, "%s/jailtest-noexec-%d", path, getpid()) == -1)
+                errExit("asprintf");
+        pid_t child = fork();
+        if (child == -1)
+                errExit("fork");
+        if (child == 0) { // child
+                // drop privileges
+                if (setgid(user_gid) != 0)
+                        errExit("setgid");
+                if (setuid(user_uid) != 0)
+                        errExit("setuid");
+                int fd = open(fname, O_CREAT | O_TRUNC | O_WRONLY, 0700);
+                if (fd == -1) {
+                        printf("   I cannot create files in %s, skipping noexec...\n", path);
+                        exit(1);
+                }
+                int len = 0;
+                while (len < execfile_len) {
+                        int rv = write(fd, execfile + len, execfile_len - len);
+                        if (rv == -1 || rv == 0) {
+                                printf("   I cannot create files in %s, skipping noexec....\n", path);
+                                exit(1);
+                        }
+                        len += rv;
+                }
+                fchmod(fd, 0700);
+                close(fd);
+                char *arg;
+                if (asprintf(&arg, "--hello=%s", path) == -1)
+                        errExit("asprintf");
+                int rv = execl(fname, fname, arg, NULL);
+                (void) rv; // if we get here execl failed
+                exit(0);
+        }
+        int status;
+        wait(&status);
+        int rv = unlink(fname);
+        (void) rv;
+}
+\ No newline at end of file
diff --git a/src/faudit/dev.c b/src/jailtest/seccomp.c
index 9c80f99df..2cecb4b4d 100644
--- a/src/faudit/dev.c
+++ b/src/jailtest/seccomp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -17,31 +17,31 @@
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
-#include "faudit.h"
+#include "jailtest.h"
-#include <dirent.h>
+#define MAXBUF 4096
-void dev_test(void) {
+void seccomp_test(pid_t pid) {
-        DIR *dir;
+        char *file;
-        if (!(dir = opendir("/dev"))) {
+        if (asprintf(&file, "/proc/%d/status", pid) == -1)
-                fprintf(stderr, "Error: cannot open /dev directory\n");
+                errExit("asprintf");
+        FILE *fp = fopen(file, "r");
+        if (!fp) {
+                printf("  Error: cannot open %s\n", file);
+                free(file);
                return;
        }
-        struct dirent *entry;
+        char buf[MAXBUF];
-        printf("INFO: files visible in /dev directory: ");
+        while (fgets(buf, MAXBUF, fp)) {
-        int cnt = 0;
+                if (strncmp(buf, "Seccomp:", 8) == 0) {
-        while ((entry = readdir(dir)) != NULL) {
+                        int val = -1;
-                if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
+                        int rv = sscanf(buf + 8, "\t%d", &val);
-                        continue;
+                        if (rv != 1 || val == 0)
+                                printf("   Warning: seccomp not enabled\n");
-                printf("%s, ", entry->d_name);
+                        break;
-                cnt++;
+                }
        }
-        printf("\n");
+        fclose(fp);
+        free(file);
-        if (cnt > 20)
-                printf("MAYBE: /dev directory seems to be fully populated. Use --private-dev or --whitelist to restrict the access.\n");
-        else
-                printf("GOOD: Access to /dev directory is restricted.\n");
-        closedir(dir);
 }
diff --git a/src/jailtest/sysfiles.c b/src/jailtest/sysfiles.c
new file mode 100644
index 000000000..7e4709453
--- /dev/null
+++ b/src/jailtest/sysfiles.c
@@ -0,0 +1,88 @@
+/*
+ * Copyright (C) 2014-2021 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#include "jailtest.h"
+#include <dirent.h>
+#include <sys/wait.h>
+typedef struct {
+        char *tfile;
+} TestFile;
+#define MAX_TEST_FILES 32
+TestFile tf[MAX_TEST_FILES];
+static int files_cnt = 0;
+void sysfiles_setup(const char *file) {
+        // I am root!
+        assert(file);
+        if (files_cnt >= MAX_TEST_FILES) {
+                fprintf(stderr, "Error: maximum number of system test files exceded\n");
+                exit(1);
+        }
+        if (access(file, F_OK)) {
+                // no such file
+                return;
+        }
+        char *fname = strdup(file);
+        if (!fname)
+                errExit("strdup");
+        tf[files_cnt].tfile = fname;
+        files_cnt++;
+}
+void sysfiles_test(void) {
+        // I am root in sandbox mount namespace
+        assert(user_uid);
+        int i;
+        pid_t child = fork();
+        if (child == -1)
+                errExit("fork");
+        if (child == 0) { // child
+                // drop privileges
+                if (setgid(user_gid) != 0)
+                        errExit("setgid");
+                if (setuid(user_uid) != 0)
+                        errExit("setuid");
+                for (i = 0; i < files_cnt; i++) {
+                        assert(tf[i].tfile);
+                        // try to open the file for reading
+                        FILE *fp = fopen(tf[i].tfile, "r");
+                        if (fp) {
+                                printf("   Warning: I can access %s\n", tf[i].tfile);
+                                fclose(fp);
+                        }
+                }
+                exit(0);
+        }
+        // wait for the child to finish
+        int status;
+        wait(&status);
+}
diff --git a/src/jailtest/utils.c b/src/jailtest/utils.c
new file mode 100644
index 000000000..41c21b753
--- /dev/null
+++ b/src/jailtest/utils.c
@@ -0,0 +1,102 @@
+/*
+ * Copyright (C) 2014-2021 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#include "jailtest.h"
+#include "../include/pid.h"
+#include <errno.h>
+#include <pwd.h>
+#include <dirent.h>
+#define BUFLEN 4096
+char *get_sudo_user(void) {
+        char *user = getenv("SUDO_USER");
+        if (!user) {
+                user = getpwuid(getuid())->pw_name;
+                if (!user) {
+                        fprintf(stderr, "Error: cannot detect login user\n");
+                        exit(1);
+                }
+        }
+        return user;
+}
+char *get_homedir(const char *user, uid_t *uid, gid_t *gid) {
+        // find home directory
+        struct passwd *pw = getpwnam(user);
+        if (!pw)
+                goto errexit;
+        char *home = pw->pw_dir;
+        if (!home)
+                goto errexit;
+        *uid = pw->pw_uid;
+        *gid = pw->pw_gid;
+        return home;
+errexit:
+        fprintf(stderr, "Error: cannot find home directory for user %s\n", user);
+        exit(1);
+}
+// find the second child process for the specified pid
+// return -1 if not found
+//
+// Example:
+//14776:netblue:/usr/bin/firejail /usr/bin/transmission-qt
+//  14777:netblue:/usr/bin/firejail /usr/bin/transmission-qt
+//    14792:netblue:/usr/bin/transmission-qt
+// We need 14792, the first real sandboxed process
+// duplicate from src/firemon/main.c
+int find_child(int id) {
+        int i;
+        int first_child = -1;
+        // find the first child
+        for (i = 0; i < max_pids; i++) {
+                if (pids[i].level == 2 && pids[i].parent == id) {
+                        // skip /usr/bin/xdg-dbus-proxy (started by firejail for dbus filtering)
+                        char *cmdline = pid_proc_cmdline(i);
+                        if (strncmp(cmdline, XDG_DBUS_PROXY_PATH, strlen(XDG_DBUS_PROXY_PATH)) == 0) {
+                                free(cmdline);
+                                continue;
+                        }
+                        free(cmdline);
+                        first_child = i;
+                        break;
+                }
+        }
+        if (first_child == -1)
+                return -1;
+        // find the second-level child
+        for (i = 0; i < max_pids; i++) {
+                if (pids[i].level == 3 && pids[i].parent == first_child)
+                        return i;
+        }
+        // if a second child is not found, return the first child pid
+        // this happens for processes sandboxed with --join
+        return first_child;
+}
diff --git a/src/jailtest/virtual.c b/src/jailtest/virtual.c
new file mode 100644
index 000000000..fcdcf9720
--- /dev/null
+++ b/src/jailtest/virtual.c
@@ -0,0 +1,125 @@
+/*
+ * Copyright (C) 2014-2021 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#include "jailtest.h"
+#include <dirent.h>
+#include <sys/wait.h>
+#define MAX_TEST_FILES 16
+static char *dirs[MAX_TEST_FILES];
+static char *files[MAX_TEST_FILES];
+static int files_cnt = 0;
+void virtual_setup(const char *directory) {
+        // I am root!
+        assert(directory);
+        assert(*directory == '/');
+        assert(files_cnt < MAX_TEST_FILES);
+        // try to open the dir as root
+        DIR *dir = opendir(directory);
+        if (!dir) {
+                fprintf(stderr, "Warning: directory %s not found, skipping\n", directory);
+                return;
+        }
+        closedir(dir);
+        // create a test file
+        char *test_file;
+        if (asprintf(&test_file, "%s/jailtest-private-%d", directory, getpid()) == -1)
+                errExit("asprintf");
+        FILE *fp = fopen(test_file, "w");
+        if (!fp) {
+                printf("Warning: I cannot create test file in directory %s, skipping...\n", directory);
+                return;
+        }
+        fprintf(fp, "this file was created by firetest utility, you can safely delete it\n");
+        fclose(fp);
+        if (strcmp(directory, user_home_dir) == 0) {
+                int rv = chown(test_file, user_uid, user_gid);
+                if (rv)
+                        errExit("chown");
+        }
+        char *dname = strdup(directory);
+        if (!dname)
+                errExit("strdup");
+        dirs[files_cnt] = dname;
+        files[files_cnt] = test_file;
+        files_cnt++;
+}
+void virtual_destroy(void) {
+        // remove test files
+        int i;
+        for (i = 0; i < files_cnt; i++) {
+                int rv = unlink(files[i]);
+                (void) rv;
+        }
+        files_cnt = 0;
+}
+void virtual_test(void) {
+        // I am root in sandbox mount namespace
+        assert(user_uid);
+        int i;
+        int cnt = 0;
+        cnt += printf("   Virtual dirs: "); fflush(0);
+        for (i = 0; i < files_cnt; i++) {
+                assert(files[i]);
+                // I am root!
+                pid_t child = fork();
+                if (child == -1)
+                        errExit("fork");
+                if (child == 0) { // child
+                        // drop privileges
+                        if (setgid(user_gid) != 0)
+                                errExit("setgid");
+                        if (setuid(user_uid) != 0)
+                                errExit("setuid");
+                        // try to open the file for reading
+                        FILE *fp = fopen(files[i], "r");
+                        if (fp)
+                                fclose(fp);
+                        else {
+                                if (cnt == 0)
+                                        cnt += printf("\n                 ");
+                                cnt += printf("%s, ", dirs[i]);
+                                if (cnt > 60)
+                                        cnt = 0;
+                        }
+                        fflush(0);
+                        exit(cnt);
+                }
+                // wait for the child to finish
+                int status;
+                wait(&status);
+                cnt = WEXITSTATUS(status);
+        }
+        printf("\n");
+}
diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in
index 681252832..49c8057b3 100644
--- a/src/lib/Makefile.in
+++ b/src/lib/Makefile.in
@@ -1,11 +1,14 @@
 include ../common.mk
+.PHONY: all
 all: $(OBJS)
 %.o : %.c $(H_FILE_LIST)
        $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@
+.PHONY: clean
 clean:; rm -fr $(OBJS) *.gcov *.gcda *.gcno *.plist
+.PHONY: distclean
 distclean: clean
        rm -fr Makefile
diff --git a/src/lib/common.c b/src/lib/common.c
index ace5cb87e..f1bd7a6fe 100644
--- a/src/lib/common.c
+++ b/src/lib/common.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/lib/errno.c b/src/lib/errno.c
index 881c3b27e..9edb44c22 100644
--- a/src/lib/errno.c
+++ b/src/lib/errno.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/lib/firejail_user.c b/src/lib/firejail_user.c
index 2e03ce0e0..d6a3c71ab 100644
--- a/src/lib/firejail_user.c
+++ b/src/lib/firejail_user.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/lib/ldd_utils.c b/src/lib/ldd_utils.c
index 32bfb0974..cd60d74e4 100644
--- a/src/lib/ldd_utils.c
+++ b/src/lib/ldd_utils.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -23,13 +23,16 @@
 #include <sys/stat.h>
 #include <fcntl.h>
+// todo: resolve overlap with masked_lib_dirs[] array from fs_lib.c
 const char * const default_lib_paths[] = {
        "/usr/lib/x86_64-linux-gnu",    // Debian & friends
        "/lib/x86_64-linux-gnu",                // CentOS, Fedora
+        "/usr/lib64",
+        "/lib64",
        "/usr/lib",
        "/lib",
-        "/lib64",
        LIBDIR,
+        "/usr/local/lib64",
        "/usr/local/lib",
        "/usr/lib/x86_64-linux-gnu/mesa", // libGL.so is sometimes a symlink into this directory
        "/usr/lib/x86_64-linux-gnu/mesa-egl", // libGL.so is sometimes a symlink into this directory
diff --git a/src/lib/pid.c b/src/lib/pid.c
index cad0e5424..ca62aaa42 100644
--- a/src/lib/pid.c
+++ b/src/lib/pid.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/lib/syscall.c b/src/lib/syscall.c
index 758f1ce0b..b3131ac17 100644
--- a/src/lib/syscall.c
+++ b/src/lib/syscall.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/libpostexecseccomp/Makefile.in b/src/libpostexecseccomp/Makefile.in
index edd4534b8..e3e5716ca 100644
--- a/src/libpostexecseccomp/Makefile.in
+++ b/src/libpostexecseccomp/Makefile.in
@@ -11,6 +11,7 @@ BINOBJS =  $(foreach file, $(OBJS), $file)
 CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -Wformat -Wformat-security
 LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now
+.PHONY: all
 all: libpostexecseccomp.so
 %.o : %.c $(H_FILE_LIST) ../include/seccomp.h ../include/rundefs.h
@@ -19,7 +20,9 @@ all: libpostexecseccomp.so
 libpostexecseccomp.so: $(OBJS)
        $(CC) $(LDFLAGS) -shared -fPIC -z relro -o $@ $(OBJS) -ldl
+.PHONY: clean
 clean:; rm -fr $(OBJS) libpostexecseccomp.so *.plist
+.PHONY: distclean
 distclean: clean
        rm -fr Makefile
diff --git a/src/libpostexecseccomp/libpostexecseccomp.c b/src/libpostexecseccomp/libpostexecseccomp.c
index c86faa329..1d1eb283b 100644
--- a/src/libpostexecseccomp/libpostexecseccomp.c
+++ b/src/libpostexecseccomp/libpostexecseccomp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/libtrace/Makefile.in b/src/libtrace/Makefile.in
index 5c7d0f885..095037569 100644
--- a/src/libtrace/Makefile.in
+++ b/src/libtrace/Makefile.in
@@ -11,6 +11,7 @@ BINOBJS =  $(foreach file, $(OBJS), $file)
 CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -Wformat -Wformat-security
 LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now
+.PHONY: all
 all: libtrace.so
 %.o : %.c $(H_FILE_LIST)
@@ -19,8 +20,9 @@ all: libtrace.so
 libtrace.so: $(OBJS)
        $(CC) $(LDFLAGS) -shared -fPIC -z relro -o $@ $(OBJS) -ldl
+.PHONY: clean
 clean:; rm -fr $(OBJS) libtrace.so *.plist
+.PHONY: distclean
 distclean: clean
        rm -fr Makefile
diff --git a/src/libtrace/libtrace.c b/src/libtrace/libtrace.c
index a27fa7a03..d88512b0a 100644
--- a/src/libtrace/libtrace.c
+++ b/src/libtrace/libtrace.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/libtracelog/Makefile.in b/src/libtracelog/Makefile.in
index b1ac9e57c..5bac19c04 100644
--- a/src/libtracelog/Makefile.in
+++ b/src/libtracelog/Makefile.in
@@ -11,6 +11,7 @@ BINOBJS =  $(foreach file, $(OBJS), $file)
 CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -Wformat -Wformat-security
 LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now
+.PHONY: all
 all: libtracelog.so
 %.o : %.c $(H_FILE_LIST) ../include/rundefs.h
@@ -19,8 +20,9 @@ all: libtracelog.so
 libtracelog.so: $(OBJS)
        $(CC) $(LDFLAGS) -shared -fPIC -z relro -o $@ $(OBJS) -ldl
+.PHONY: clean
 clean:; rm -fr $(OBJS) libtracelog.so *.plist
+.PHONY: distclean
 distclean: clean
        rm -fr Makefile
diff --git a/src/libtracelog/libtracelog.c b/src/libtracelog/libtracelog.c
index 9102a8ef6..b946cc889 100644
--- a/src/libtracelog/libtracelog.c
+++ b/src/libtracelog/libtracelog.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/man/Makefile.in b/src/man/Makefile.in
index 1c4444307..3711d5cec 100644
--- a/src/man/Makefile.in
+++ b/src/man/Makefile.in
@@ -1,10 +1,14 @@
-all: firecfg.man firejail.man firejail-login.man firejail-users.man firejail-profile.man firemon.man
+.PHONY: all
+all: firecfg.man firejail.man firejail-login.man firejail-users.man firejail-profile.man firemon.man jailtest.man
 include ../common.mk
 %.man: %.txt
        gawk -f ./preproc.awk -- $(MANFLAGS) < $< > $@
+.PHONY: clean
 clean:; rm -fr *.man
+.PHONY: distclean
 distclean: clean
        rm -fr Makefile
diff --git a/src/man/firecfg.txt b/src/man/firecfg.txt
index 2c02aee47..dbb9397c6 100644
--- a/src/man/firecfg.txt
+++ b/src/man/firecfg.txt
@@ -130,8 +130,9 @@ This program is free software; you can redistribute it and/or modify it under th
 .PP
 Homepage: https://firejail.wordpress.com
 .SH SEE ALSO
-\&\flfirejail\fR\|(1),
+.BR firejail (1),
-\&\flfiremon\fR\|(1),
+.BR firemon (1),
-\&\flfirejail-profile\fR\|(5),
+.BR firejail-profile (5),
-\&\flfirejail-login\fR\|(5)
+.BR firejail-login (5),
-\&\flfirejail-users\fR\|(5)
+.BR firejail-users (5),
+.BR jailtest (1)
diff --git a/src/man/firejail-login.txt b/src/man/firejail-login.txt
index 430e86cc8..1b8a4931c 100644
--- a/src/man/firejail-login.txt
+++ b/src/man/firejail-login.txt
@@ -3,7 +3,7 @@
 login.users \- Login file syntax for Firejail
 .SH DESCRIPTION
-/etc/firejail/login.users file describes additional arguments passed to firejail executable
+/etc/firejail/login.users file describes additional arguments passed to the firejail executable
 upon user logging into a Firejail restricted shell. Each user entry in the file consists of
 a user name followed by the arguments passed to firejail. The format is as follows:
@@ -19,8 +19,8 @@ Wildcard patterns are accepted in the user name field:
 .SH RESTRICTED SHELL
 To configure a restricted shell, replace /bin/bash with /usr/bin/firejail in
-/etc/passwd file for each user that needs to be restricted. Alternatively,
+the /etc/passwd file for each user that needs to be restricted. Alternatively,
-you can specify /usr/bin/firejail  using adduser or usermod commands:
+you can specify /usr/bin/firejail using the `adduser` or `usermod` commands:
 adduser \-\-shell /usr/bin/firejail username
 .br
@@ -34,8 +34,9 @@ Firejail is free software; you can redistribute it and/or modify it under the te
 .PP
 Homepage: https://firejail.wordpress.com
 .SH SEE ALSO
-\&\flfirejail\fR\|(1),
+.BR firejail (1),
-\&\flfiremon\fR\|(1),
+.BR firemon (1),
-\&\flfirecfg\fR\|(1),
+.BR firecfg (1),
-\&\flfirejail-profile\fR\|(5)
+.BR firejail-profile (5),
-\&\flfirejail-users\fR\|(5)
+.BR firejail-users (5),
+.BR jailtest (1)
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 5e77b5f70..ee685da73 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -103,7 +103,7 @@ Example: "?HAS_APPIMAGE: whitelist ${HOME}/special/appimage/dir"
 This example will load the whitelist profile line only if the \-\-appimage option has been specified on the command line.
-Currently the only conditionals supported this way are HAS_APPIMAGE, HAS_NET, HAS_NODBUS, HAS_NOSOUND and HAS_X11. The conditionals BROWSER_DISABLE_U2F and BROWSER_ALLOW_DRM
+Currently the only conditionals supported this way are HAS_APPIMAGE, HAS_NET, HAS_NODBUS, HAS_NOSOUND, HAS_PRIVATE and HAS_X11. The conditionals BROWSER_DISABLE_U2F and BROWSER_ALLOW_DRM
 can be enabled or disabled globally in Firejail's configuration file.
 The profile line may be any profile line that you would normally use in a profile \fBexcept\fR for "quiet" and "include" lines.
@@ -266,7 +266,7 @@ Mount new /root and /home/user directories in temporary
 filesystems. All modifications are discarded when the sandbox is
 closed.
 .TP
-\fBprivate=directory
+\fBprivate directory
 Use directory as user home.
 .TP
 \fBprivate-bin file,file
@@ -666,7 +666,7 @@ Disable DVB (Digital Video Broadcasting) TV devices.
 Disable U2F devices.
 .TP
 \fBnovideo
-Disable video devices.
+Disable video capture devices.
 .TP
 \fBshell none
 Run the program directly, without a shell.
@@ -889,10 +889,12 @@ Firejail is free software; you can redistribute it and/or modify it under the te
 .PP
 Homepage: https://firejail.wordpress.com
 .SH SEE ALSO
-\&\flfirejail\fR\|(1),
+.BR firejail (1),
-\&\flfiremon\fR\|(1),
+.BR firemon (1),
-\&\flfirecfg\fR\|(1),
+.BR firecfg (1),
-\&\flfirejail-login\fR\|(5),
+.BR firejail-login (5),
-\&\flfirejail-users\fR\|(5),
+.BR firejail-users (5),
+.BR jailtest (1)
 .UR https://github.com/netblue30/firejail/wiki/Creating-Profiles
 .UE
diff --git a/src/man/firejail-users.txt b/src/man/firejail-users.txt
index 6fa09e05e..c5a9c1848 100644
--- a/src/man/firejail-users.txt
+++ b/src/man/firejail-users.txt
@@ -54,8 +54,9 @@ as published by the Free Software Foundation; either version 2 of the License, o
 .PP
 Homepage: https://firejail.wordpress.com
 .SH SEE ALSO
-\&\flfirejail\fR\|(1),
+.BR firejail (1),
-\&\flfiremon\fR\|(1),
+.BR firemon (1),
-\&\flfirecfg\fR\|(1),
+.BR firecfg (1),
-\&\flfirejail-profile\fR\|(5)
+.BR firejail-profile (5),
-\&\flfirejail-login\fR\|(5)
+.BR firejail-login (5),
+.BR jailtest (1)
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index e85a02ee8..0b9b403f8 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -42,6 +42,15 @@ Miscellaneous:
 firejail {\-? | \-\-debug-caps | \-\-debug-errnos | \-\-debug-syscalls | \-\-debug-syscalls32 | \-\-debug-protocols | \-\-help | \-\-version}
 .RE
 .SH DESCRIPTION
+#ifdef HAVE_LTS
+This is Firejail long-term support (LTS), an enterprise focused version of the software,
+LTS is usually supported for two or three years.
+During this time  only bugs and the occasional documentation problems are fixed.
+The attack surface of the SUID executable was greatly reduced by removing some of the features.
+.br
+.br
+#endif
 Firejail is a SUID sandbox program that reduces the risk of security breaches by
 restricting the running environment of untrusted applications using Linux
 namespaces, seccomp-bpf and Linux capabilities.
@@ -146,12 +155,6 @@ $ firejail --appimage --private krita-3.0-x86_64.appimage
 $ firejail --appimage --net=none --x11 krita-3.0-x86_64.appimage
 #endif
 .TP
-\fB\-\-audit
-Audit the sandbox, see \fBAUDIT\fR section for more details.
-.TP
-\fB\-\-audit=test-program
-Audit the sandbox, see \fBAUDIT\fR section for more details.
-.TP
 \fB\-\-bandwidth=name|pid
 Set bandwidth limits for the sandbox identified by name or PID, see \fBTRAFFIC SHAPING\fR section for more details.
 .TP
@@ -430,7 +433,7 @@ org.freedesktop.Notifications.*@/org/freedesktop/Notifications
 .TP
 \fB\-\-dbus-system.log
-Turn on DBus logging for the system DBus. This option requires --dbus-system=log.
+Turn on DBus logging for the system DBus. This option requires --dbus-system=filter.
 .br
 Example:
@@ -557,7 +560,7 @@ org.freedesktop.Notifications.*@/org/freedesktop/Notifications
 .TP
 \fB\-\-dbus-user.log
-Turn on DBus logging for the session DBus. This option requires --dbus-user=log.
+Turn on DBus logging for the session DBus. This option requires --dbus-user=filter.
 .br
 Example:
@@ -818,6 +821,16 @@ $ firejail \-\-ignore=shell --ignore=seccomp firefox
 $ firejail \-\-ignore="net eth0" firefox
 #endif
+.TP
+\fB\-\-\include=file.profile
+Include a profile file before the regular profiles are used.
+.br
+.br
+Example:
+.br
+$ firejail --include=/etc/firejail/disable-devel.inc gedit
 #ifdef HAVE_NETWORK
 .TP
 \fB\-\-interface=interface
@@ -1105,6 +1118,26 @@ Example:
 $ firejail \-\-machine-id
 .TP
+\fB\-\-mkdir=dirname
+Create a directory in user home. Parent directories are created as needed.
+.br
+.br
+Example:
+.br
+$ firejail --mkdir=~/work/project
+.TP
+\fB\-\-mkfile=filename
+Create an empty file in user home.
+.br
+.br
+Example:
+.br
+$ firejail --mkfile=~/work/project/readme
+.TP
 \fB\-\-memory-deny-write-execute
 Install a seccomp filter to block attempts to create memory mappings
 that are both writable and executable, to change mappings to be
@@ -1622,6 +1655,7 @@ Disable video devices.
 \fB\-\-nowhitelist=dirname_or_filename
 Disable whitelist for this directory or file.
+#ifdef HAVE_OUTPUT
 .TP
 \fB\-\-output=logfile
 stdout logging and log rotation. Copy stdout to logfile, and keep the size of the file under 500KB using log
@@ -1652,6 +1686,7 @@ $ ls -l sandboxlog*
 .TP
 \fB\-\-output-stderr=logfile
 Similar to \-\-output, but stderr is also stored.
+#endif
 #ifdef HAVE_OVERLAYFS
 .TP
@@ -2451,7 +2486,7 @@ $ firejail --seccomp.print=browser
 $
 .TP
-\fB\-\-seccomp-error-action= kill | ERRNO
+\fB\-\-seccomp-error-action= kill | ERRNO | log
 By default, if a seccomp filter blocks a system call, the process gets
 EPERM as the error. With \-\-seccomp-error-action=error, another error
 number can be returned, for example ENOSYS or EACCES. The process can
@@ -2941,30 +2976,6 @@ To enable AppArmor confinement on top of your current Firejail security features
 $ firejail --apparmor firefox
 #endif
-.SH AUDIT
-Audit feature allows the user to point out gaps in security profiles. The
-implementation replaces the program to be sandboxed with a test program. By
-default, we use faudit program distributed with Firejail. A custom test program
-can also be supplied by the user. Examples:
-Running the default audit program:
-.br
-        $ firejail --audit transmission-gtk
-Running a custom audit program:
-.br
-        $ firejail --audit=~/sandbox-test transmission-gtk
-In the examples above, the sandbox configures transmission-gtk profile and
-starts the test program. The real program, transmission-gtk, will not be
-started.
-You can also audit a specific profile without specifying a program.
-.br
-        $ firejail --audit --profile=/etc/firejail/zoom.profile
-Limitations: audit feature is not implemented for --x11 commands.
 .SH DESKTOP INTEGRATION
 A symbolic link to /usr/bin/firejail under the name of a program, will start the program in Firejail sandbox.
 The symbolic link should be placed in the first $PATH position. On most systems, a good place
@@ -3332,11 +3343,13 @@ This program is free software; you can redistribute it and/or modify it under th
 .PP
 Homepage: https://firejail.wordpress.com
 .SH SEE ALSO
-\&\flfiremon\fR\|(1),
+.BR firemon (1),
-\&\flfirecfg\fR\|(1),
+.BR firecfg (1),
-\&\flfirejail-profile\fR\|(5),
+.BR firejail-profile (5),
-\&\flfirejail-login\fR\|(5),
+.BR firejail-login (5),
-\&\flfirejail-users\fR\|(5),
+.BR firejail-users (5),
+.BR jailtest (1)
 .UR https://github.com/netblue30/firejail/wiki
 .UE ,
 .UR https://github.com/netblue30/firejail
diff --git a/src/man/firemon.txt b/src/man/firemon.txt
index cea6c0265..64f15a1f0 100644
--- a/src/man/firemon.txt
+++ b/src/man/firemon.txt
@@ -115,8 +115,9 @@ This program is free software; you can redistribute it and/or modify it under th
 .PP
 Homepage: https://firejail.wordpress.com
 .SH SEE ALSO
-\&\flfirejail\fR\|(1),
+.BR firejail (1),
-\&\flfirecfg\fR\|(1),
+.BR firecfg (1),
-\&\flfirejail-profile\fR\|(5),
+.BR firejail-profile (5),
-\&\flfirejail-login\fR\|(5)
+.BR firejail-login (5),
-\&\flfirejail-users\fR\|(5)
+.BR firejail-users (5),
+.BR jailtest (1)
diff --git a/src/man/jailtest.txt b/src/man/jailtest.txt
new file mode 100644
index 000000000..b52fc5eed
--- /dev/null
+++ b/src/man/jailtest.txt
@@ -0,0 +1,106 @@
+.TH JAILTEST 1 "MONTH YEAR" "VERSION" "JAILTEST man page"
+.SH NAME
+jailtest \- Simple utility program to test running sandboxes
+.SH SYNOPSIS
+sudo jailtest [OPTIONS] [directory]
+.SH DESCRIPTION
+WORK IN PROGRESS!
+jailtest attaches itself to all sandboxes started by the user and performs some basic tests
+on the sandbox filesystem:
+.TP
+\fB1. Virtual directories
+jailtest extracts a list with the main virtual directories installed by the sandbox.
+These directories are build by firejail at startup using --private* and --whitelist commands.
+.TP
+\fB2. Noexec test
+jailtest inserts executable programs in /home/username, /tmp, and /var/tmp directories
+and tries to run them from inside the sandbox, thus testing if the directory is executable or not.
+.TP
+\fB3. Read access test
+jailtest creates test files in the directories specified by the user and tries to read
+them from inside the sandbox.
+.TP
+\fB4. AppArmor test
+.TP
+\fB5. Seccomp test
+.TP
+The program is started as root using sudo.
+.SH OPTIONS
+.TP
+\fB\-\-debug
+Print debug messages.
+.TP
+\fB\-?\fR, \fB\-\-help\fR
+Print options and exit.
+.TP
+\fB\-\-version
+Print program version and exit.
+.TP
+\fB[directory]
+One or more directories in user home to test for read access. ~/.ssh and ~/.gnupg are tested by default.
+.SH OUTPUT
+For each sandbox detected we print the following line:
+        PID:USER:Sandbox Name:Command
+It is followed by relevant sandbox information, such as the virtual directories and various warnings.
+.SH EXAMPLE
+$ sudo jailtest
+.br
+2014:netblue::firejail /usr/bin/gimp
+.br
+   Virtual dirs: /tmp, /var/tmp, /dev, /usr/share,
+.br
+   Warning: I can run programs in /home/netblue
+.br
+.br
+2055:netblue::firejail /usr/bin/ssh -X netblue@x.y.z.net
+.br
+   Virtual dirs: /var/tmp, /dev, /usr/share, /run/user/1000,
+.br
+   Warning: I can read ~/.ssh
+.br
+.br
+2186:netblue:libreoffice:firejail --appimage /opt/LibreOffice-fresh.appimage
+.br
+   Virtual dirs: /tmp, /var/tmp, /dev,
+.br
+.br
+26090:netblue::/usr/bin/firejail /opt/firefox/firefox
+.br
+   Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /usr/share,
+.br
+                 /run/user/1000,
+.br
+.br
+26160:netblue:tor:firejail --private=~/tor-browser_en-US ./start-tor
+.br
+   Warning: AppArmor not enabled
+.br
+   Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /bin,
+.br
+                 /usr/share, /run/user/1000,
+.br
+   Warning: I can run programs in /home/netblue
+.br
+.SH LICENSE
+This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+.PP
+Homepage: https://firejail.wordpress.com
+.SH SEE ALSO
+.BR firejail (1),
+.BR firemon (1),
+.BR firecfg (1),
+.BR firejail-profile (5),
+.BR firejail-login (5),
+.BR firejail-users (5),
diff --git a/src/man/preproc.awk b/src/man/preproc.awk
index 1471be3ec..1ce5c82de 100755
--- a/src/man/preproc.awk
+++ b/src/man/preproc.awk
@@ -1,6 +1,6 @@
 #!/usr/bin/gawk -E
-# Copyright (c) 2019,2020 rusty-snake
+# Copyright (c) 2019-2021 rusty-snake
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
diff --git a/src/profstats/Makefile.in b/src/profstats/Makefile.in
index 2beaa3ed6..e025f5939 100644
--- a/src/profstats/Makefile.in
+++ b/src/profstats/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: profstats
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 profstats: $(OBJS)
        $(CC)  $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS)
+.PHONY: clean
 clean:; rm -fr *.o profstats *.gcov *.gcda *.gcno *.plist
+.PHONY: distclean
 distclean: clean
        rm -fr Makefile
diff --git a/src/profstats/main.c b/src/profstats/main.c
index 68f62831b..a810a11f8 100644
--- a/src/profstats/main.c
+++ b/src/profstats/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/tools/check-caps.sh b/src/tools/check-caps.sh
index 34ac5993d..b7026b1cd 100755
--- a/src/tools/check-caps.sh
+++ b/src/tools/check-caps.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 if [ $# -eq 0 ]
diff --git a/src/tools/extract_caps.c b/src/tools/extract_caps.c
index d76749e44..8da9c452b 100644
--- a/src/tools/extract_caps.c
+++ b/src/tools/extract_caps.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
@@ -17,6 +17,7 @@
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
+#include <ctype.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
diff --git a/src/tools/extract_errnos.sh b/src/tools/extract_errnos.sh
index 286fdd767..34c416b04 100644
--- a/src/tools/extract_errnos.sh
+++ b/src/tools/extract_errnos.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 echo -e "#include <errno.h>\n#include <attr/xattr.h>" | \
diff --git a/src/tools/extract_seccomp.c b/src/tools/extract_seccomp.c
index 133e65e8c..b5f92d2df 100644
--- a/src/tools/extract_seccomp.c
+++ b/src/tools/extract_seccomp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/tools/extract_syscalls.c b/src/tools/extract_syscalls.c
index 83c2f65f3..9159b6576 100644
--- a/src/tools/extract_syscalls.c
+++ b/src/tools/extract_syscalls.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/tools/mkcoverit.sh b/src/tools/mkcoverit.sh
index b21418d5c..86d798a11 100755
--- a/src/tools/mkcoverit.sh
+++ b/src/tools/mkcoverit.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 # unpack firejail archive
diff --git a/src/tools/testuid.c b/src/tools/testuid.c
index ad3d2be5f..a18d57d5e 100644
--- a/src/tools/testuid.c
+++ b/src/tools/testuid.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/tools/ttytest.c b/src/tools/ttytest.c
index beaeb4fbe..0f72753bc 100644
--- a/src/tools/ttytest.c
+++ b/src/tools/ttytest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/tools/unixsocket.c b/src/tools/unixsocket.c
index 0987deb7a..c4ecabca7 100644
--- a/src/tools/unixsocket.c
+++ b/src/tools/unixsocket.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/src/zsh_completion/Makefile.in b/src/zsh_completion/Makefile.in
new file mode 100644
index 000000000..a83cccf6c
--- /dev/null
+++ b/src/zsh_completion/Makefile.in
@@ -0,0 +1,17 @@
+.PHONY: all
+all: _firejail
+include ../common.mk
+_firejail: _firejail.in
+        gawk -f ../man/preproc.awk -- $(MANFLAGS) < $< > $@.tmp
+        sed "s|_SYSCONFDIR_|$(sysconfdir)|" < $@.tmp > $@
+        rm $@.tmp
+.PHONY: clean
+clean:
+        rm -fr _firejail
+.PHONY: distclean
+distclean: clean
+        rm -fr Makefile
diff --git a/src/zsh_completion/_firejail.in b/src/zsh_completion/_firejail.in
new file mode 100644
index 000000000..fd27bb35f
--- /dev/null
+++ b/src/zsh_completion/_firejail.in
@@ -0,0 +1,283 @@
+#compdef firejail
+# Documentation: man 1 zshcompsys
+# HowTo: https://github.com/zsh-users/zsh-completions/blob/master/zsh-completions-howto.org
+_all_firejails() {
+    local -a _all_firejails_list
+    for jail in ${(f)"$(_call_program modules_tag "firejail --list 2> /dev/null | cut -d: -f1")"}; do
+        _all_firejails_list+=${jail%% *}
+    done
+    _describe 'firejails list' _all_firejails_list
+}
+_all_cpus() {
+    _cpu_count=$(getconf _NPROCESSORS_ONLN)
+    for i in {0..$((_cpu_count-1))} ; do
+        print $i
+    done
+}
+_profiles() {
+    print $1/*.profile | sed -E "s;$1/;;g;s;\.profile;;g;"
+}
+_profiles_with_ext() {
+    print $1/*.profile
+}
+_all_profiles() {
+    _values 'profiles' $(_profiles _SYSCONFDIR_/firejail) $(_profiles $HOME/.config/firejail) $(_profiles_with_ext .)
+}
+_session_bus_names() {
+    _values names $(busctl --user list --no-legend --activatable | cut -d" " -f1)
+    # Alternatives to hack on for non-systemd systems:
+    #  dbus-send --session --dest=org.freedesktop.DBus --type=method_call --print-reply=literal /org/freedesktop/DBus org.freedesktop.DBus.ListNames
+    #  ls /usr/share/dbus-1/services | xargs -I FILENAME basename FILENAME .service
+}
+_system_bus_names() {
+    _values names $(busctl --system list --no-legend --activatable | cut -d" " -f1)
+}
+_caps() {
+    _values -s "," caps $(firejail --debug-caps | awk '/[0-9]+\s*- /{print $3}')
+}
+_firejail_args=(
+    '*::arguments:_normal'
+    '--appimage[sandbox an AppImage application]'
+    '--build[build a whitelisted profile for the application and print it on stdout]'
+    '--build=-[build a whitelisted profile for the application and save it]: :_files'
+    # Ignore that you can do -? too as it's the only short option
+    '--help[this help screen]'
+    '--join=-[join the sandbox name|pid]: :_all_firejails'
+    '--join-filesystem=-[join the mount namespace name|pid]: :_all_firejails'
+    '--list[list all sandboxes]'
+    '(--profile)--noprofile[do not use a security profile]'
+    '(--noprofile)--profile=-[use a custom profile]: :_all_profiles'
+    '--shutdown=-[shutdown the sandbox identified by name|pid]: :_all_firejails'
+    '--top[monitor the most CPU-intensive sandboxes]'
+    '--tree[print a tree of all sandboxed processes]'
+    '--version[print program version and exit]'
+    '--debug[print sandbox debug messages]'
+    '--debug-blacklists[debug blacklisting]'
+    '--debug-caps[print all recognized capabilities]'
+    '--debug-errnos[print all recognized error numbers]'
+    '--debug-private-lib[debug for --private-lib option]'
+    '--debug-protocols[print all recognized protocols]'
+    '--debug-syscalls[print all recognized system calls]'
+    '--debug-syscalls32[print all recognized 32 bit system calls]'
+    '--debug-whitelists[debug whitelisting]'
+    '--caps.print=-[print the caps filter name|pid]:firejail:_all_firejails'
+    '--cpu.print=-[print the cpus in use name|pid]: :_all_firejails'
+    '--fs.print=-[print the filesystem log name|pid]: :_all_firejails'
+    '--profile.print=-[print the name of profile file name|pid]: :_all_firejails'
+    '--protocol.print=-[print the protocol filter name|pid]: :_all_firejails'
+    '--seccomp.print=-[print the seccomp filter for the sandbox identified by name|pid]: :_all_firejails'
+    '--allow-debuggers[allow tools such as strace and gdb inside the sandbox]'
+    '--allusers[all user home directories are visible inside the sandbox]'
+    # Should be _files, a comma and files or files -/
+    '*--bind=-[mount-bind dirname1/filename1 on top of dirname2/filename2]: :(file1,file2 dir1,dir2)'
+    '*--blacklist=-[blacklist directory or file]: :_files'
+    '--caps[enable default Linux capabilities filter]'
+    '--caps.drop=all[drop all capabilities]'
+    '*--caps.drop=-[drop capabilities: all|cap1,cap2,...]: :_caps'
+    '*--caps.keep=-[keep capabilities: cap1,cap2,...]: :_caps'
+    '--cgroup=-[place the sandbox in the specified control group]: :'
+    '--cpu=-[set cpu affinity]: :->cpus'
+    "--deterministic-exit-code[always exit with first child's status code]"
+    '*--dns=-[set DNS server]: :'
+    '*--env=-[set environment variable]: :'
+    '--hostname=-[set sandbox hostname]: :'
+    '--hosts-file=-[use file as /etc/hosts]: :_files'
+    '*--ignore=-[ignore command in profile files]: :'
+    '--ipc-namespace[enable a new IPC namespace]'
+    '--join-or-start=-[join the sandbox or start a new one name|pid]: :_all_firejails'
+    '--keep-dev-shm[/dev/shm directory is untouched (even with --private-dev)]'
+    '--keep-var-tmp[/var/tmp directory is untouched]'
+    '--machine-id[preserve /etc/machine-id]'
+    '--memory-deny-write-execute[seccomp filter to block attempts to create memory mappings that are both writable and executable]'
+    '*--mkdir=-[create a directory]:'
+    '*--mkfile=-[create a file]:'
+    '--name=-[set sandbox name]: :'
+    '--net=none[enable a new, unconnected network namespace]'
+    # Sample values as I don't think
+    # many would enjoy getting a list from -20..20
+    '--nice=-[set nice value]: :(1 10 15 20)'
+    '--no3d[disable 3D hardware acceleration]'
+    '--noautopulse[disable automatic ~/.config/pulse init]'
+    '--noblacklist=-[disable blacklist for file or directory]: :_files'
+    '--nodbus[disable D-Bus access]'
+    '--nodvd[disable DVD and audio CD devices]'
+    '*--noexec=-[remount the file or directory noexec nosuid and nodev]: :_files'
+    '--nogroups[disable supplementary groups]'
+    '--nonewprivs[sets the NO_NEW_PRIVS prctl]'
+    '--nosound[disable sound system]'
+    '--nou2f[disable U2F devices]'
+    '--novideo[disable video devices]'
+    '--private[temporary home directory]'
+    '--private=-[use directory as user home]: :_files -/'
+    '--private-bin=-[build a new /bin in a temporary filesystem, and copy the programs in the list]: :_files -W /usr/bin'
+    '--private-cwd[do not inherit working directory inside jail]'
+    '--private-cwd=-[set working directory inside jail]: :_files -/'
+    '--private-dev[create a new /dev directory with a small number of common device files]'
+    '(--writable-etc)--private-etc=-[build a new /etc in a temporary filesystem, and copy the files and directories in the list]: :_files -W /etc'
+    '--private-opt=-[build a new /opt in a temporary filesystem]: :_files -W /opt'
+    '--private-srv=-[build a new /srv in a temporary filesystem]: :_files -W /srv'
+    '--private-tmp[mount a tmpfs on top of /tmp directory]'
+    '*--protocol=-[enable protocol filter]: :_values -s , protocols unix inet inet6 netlink packet bluetooth'
+    "--quiet[turn off Firejail's output.]"
+    '*--read-only=-[set directory or file read-only]: :_files'
+    '*--read-write=-[set directory or file read-write]: :_files'
+    "--rlimit-as=-[set the maximum size of the process's virtual memory (address space) in bytes]: :"
+    '--rlimit-cpu=-[set the maximum CPU time in seconds]: :'
+    '--rlimit-fsize=-[set the maximum file size that can be created by a process]: :'
+    '--rlimit-nofile=-[set the maximum number of files that can be opened by a process]: :'
+    '--rlimit-nproc=-[set the maximum number of processes that can be created for the real user ID of the calling process]: :'
+    '--rlimit-sigpending=-[set the maximum number of pending signals for a process]: :'
+    '*--rmenv=-[remove environment variable in the new sandbox]: :_values environment-variables $(env | cut -d= -f1)'
+    '--seccomp[enable seccomp filter and apply the default blacklist]: :'
+    '--seccomp=-[enable seccomp filter, blacklist the default syscall list and the syscalls specified by the command]: :->seccomp'
+    '--seccomp.block-secondary[build only the native architecture filters]'
+    '*--seccomp.drop=-[enable seccomp filter, and blacklist the syscalls specified by the command]: :->seccomp'
+    '*--seccomp.keep=-[enable seccomp filter, and whitelist the syscalls specified by the command]: :->seccomp'
+    '*--seccomp.32.drop=-[enable seccomp filter, and blacklist the 32 bit syscalls specified by the command]: :'
+    '*--seccomp.32.keep=-[enable seccomp filter, and whitelist the 32 bit syscalls specified by the command]: :'
+    # FIXME: Add errnos
+    '--seccomp-error-action=-[change error code, kill process or log the attempt]: :(kill log)'
+    '--shell=none[run the program directly without a user shell]'
+    '--shell=-[set default user shell]: :_values $(cat /etc/shells)'
+    '--timeout=-[kill the sandbox automatically after the time has elapsed]: :'
+    #'(--tracelog)--trace[trace open, access and connect system calls]'
+    '(--tracelog)--trace=-[trace open, access and connect system calls]: :_files'
+    '(--trace)--tracelog[add a syslog message for every access to files or directories blacklisted by the security profile]'
+    '(--private-etc)--writable-etc[/etc directory is mounted read-write]'
+    '--writable-run-user[allow access to /run/user/$UID/systemd and /run/user/$UID/gnupg]'
+    '--writable-var[/var directory is mounted read-write]'
+    '--writable-var-log[use the real /var/log directory, not a clone]'
+#ifdef HAVE_APPARMOR
+    '--apparmor[enable AppArmor confinement]'
+    '--apparmor.print=-[print apparmor status name|pid]:firejail:_all_firejails'
+#endif
+#ifdef HAVE_CHROOT
+    '(--noroot --overlay --overlay-named --overlay-tmpfs)--chroot=-[chroot into directory]: :_files -/'
+#endif
+#ifdef HAVE_DBUSPROXY
+    # FIXME: _xx_bus_names is actually wrong for --dbus-*.{broadcast,call}.
+    # We can steal some function from https://github.com/systemd/systemd/blob/main/shell-completion/zsh/_busctl
+    '--dbus-log=-[set DBus log file location]: :_files'
+    '--dbus-system=-[set system DBus access policy]: :(filter none)'
+    '--dbus-system.broadcast=-[allow signals on the system DBus according to rule]: :_system_bus_names'
+    '--dbus-system.call=-[allow calls on the system DBus according to rule]: :_system_bus_names'
+    '--dbus-system.own=-[allow ownership of name on the system DBus]: :_system_bus_names'
+    '--dbus-system.see=-[allow seeing name on the system DBus]: :_system_bus_names'
+    '--dbus-system.talk=-[allow talking to name on the system DBus]: :_system_bus_names'
+    '--dbus-user=-[set session DBus access policy or none]: :(filter none)'
+    '--dbus-user.broadcast=-[allow signals on the session DBus according to rule]: :_session_bus_names'
+    '--dbus-user.call=-[allow calls on the session DBus according to rule]: :_session_bus_names'
+    '--dbus-user.own=-[allow ownership of name on the session DBus]: :_session_bus_names'
+    '--dbus-user.see=-[allow seeing name on the session DBus]: :_session_bus_names'
+    '--dbus-user.talk=-[allow talking to name on the session DBus]: :_session_bus_names'
+#endif
+#ifdef HAVE_FILE_TRANSFER
+    '--cat=-[print content of file from sandbox container name|pid]: :_all_firejails'
+    '--get=-[get a file from sandbox container name|pid]: :_all_firejails'
+    # --put=name|pid src-filename dest-filename - put a file in sandbox container.
+    '--put=-[put a file in sandbox container]: :'
+    '--ls=-[list files in sandbox container name|pid]: :_all_firejails'
+#endif
+#ifdef HAVE_FIRETUNNEL
+    '--tunnel=-[connect the sandbox to a tunnel created by firetunnel utility]: :'
+#endif
+#ifdef HAVE_NETWORK
+    '--bandwidth=-[set bandwidth limits name|pid]: :_all_firejails'
+    '--defaultgw=[configure default gateway]: :'
+    '--dns.print=-[print DNS configuration name|pid]: :_all_firejails'
+    '--join-network=-[join the network namespace name|pid]: :_all_firejails'
+    '--mac=-[set interface MAC address]: :(xx\:xx\:xx\:xx\:xx\:xx)'
+    '--mtu=-[set interface MTU]: :'
+    '--net=-[enable network namespaces and connect to this bridge or Ethernet interface (or none to disable)]: :->net_or_none'
+    '--net.print=-[print network interface configuration name|pid]: :_all_firejails'
+    '--netfilter=-[enable firewall]: :'
+    '--netfilter.print=-[print the firewall name|pid]: :_all_firejails'
+    '--netfilter6=-[enable IPv6 firewall]: :'
+    '--netfilter6.print=-[print the IPv6 firewall name|pid]: :_all_firejails'
+    '--netmask=-[define a network mask when dealing with unconfigured parrent interfaces]: :'
+    '--netns=-[Run the program in a named, persistent network namespace]: :'
+    '--netstats[monitor network statistics]'
+    '--interface=-[move interface in sandbox]: :'
+    '--ip=-[set interface IP address none|dhcp|ADDRESS]: :(none dhcp)'
+    '--ip6=-[set interface IPv6 address or use dhcp via dhclient]: :(dhcp)'
+    '--iprange=-[configure an IP address in this range]: :'
+    '--scan[ARP-scan all the networks from inside a network namespace]'
+    '--veth-name=-[use this name for the interface connected to the bridge]: :'
+#endif
+#ifdef HAVE_OUTPUT
+    '--output=-[stdout logging and log rotation]: :_files'
+    '--output-stderr=-[stdout and stderr logging and log rotation]: :_files'
+#endif
+#ifdef HAVE_OVERLAYFS
+    '(--chroot --noroot)--overlay[mount a filesystem overlay on top of the current filesystem]'
+    '--overlay-clean[clean all overlays stored in $HOME/.firejail directory]'
+    '(--chroot --noroot)--overlay-named=-[mount a filesystem overlay on top of the current filesystem, and store it in name directory]: :_files -/'
+    '(--chroot --noroot)--overlay-tmpfs[mount a temporary filesystem overlay on top of the current filesystem]'
+#endif
+#ifdef HAVE_PRIVATE_HOME
+    '--private-home=-[build a new user home in a temporary filesystem, and copy the files and directories in the list in the new home]: :_files'
+#endif
+#ifdef HAVE_USERNS
+    '(--chroot --overlay --overlay-named --overlay-tmpfs)--noroot[install a user namespace with only the current user]'
+#endif
+#ifdef HAVE_USERTMPFS
+    '--private-cache[temporary ~/.cache directory]'
+    '*--tmpfs=-[mount a tmpfs filesystem on directory dirname]: :_files -/'
+#endif
+#ifdef HAVE_WHITELIST
+    '*--nowhitelist=-[disable whitelist for file or directory]: :_files'
+    '*--whitelist=-[whitelist directory or file]: :_files'
+#endif
+#ifdef HAVE_X11
+    '--x11[enable X11 sandboxing. The software checks first if Xpra is installed, then it checks if Xephyr is installed. If all fails, it will attempt to use X11 security extension]'
+    '--x11=-[disable or enable specific X11 server]: :(none xephyr xorg xpra xvfb)'
+    '--xephyr-screen=-[set screen size for --x11=xephyr]: :(WIDTHxHEIGHT)'
+#endif
+)
+_firejail() {
+    _arguments -S $_firejail_args
+    case "$state" in
+        cpus)
+            _values -s "," 'cpus' $(_all_cpus)
+            ;;
+        net_or_none)
+            local netdevs=($(ip link | awk '{print $2}' | grep '^.*:$' | tr -d ':'))
+            local net_and_none=(none $netdevs)
+            _values 'net' $net_and_none
+            ;;
+        seccomp)
+            # TODO: syscall groups
+            _values -s "," 'syscalls' $(firejail --debug-syscalls | cut -d" " -f2)
+            ;;
+    esac
+}
+# vim: ft=zsh sw=4 ts=4 et sts=4 ai
diff --git a/test/Makefile.in b/test/Makefile.in
index d41ab39d1..264314a3b 100644
--- a/test/Makefile.in
+++ b/test/Makefile.in
@@ -1,13 +1,14 @@
 TESTS=$(patsubst %/,%,$(wildcard */))
 .PHONY: $(TESTS)
 $(TESTS):
        cd $@ && ./$@.sh 2>&1 | tee $@.log
        cd $@ && grep -a TESTING $@.log && grep -a -L "TESTING ERROR" $@.log
+.PHONY: clean
 clean:
        for test in $(TESTS); do rm -f "$$test/$$test.log"; done
+.PHONY: distclean
 distclean: clean
        rm -f Makefile
diff --git a/test/appimage/appimage-args.exp b/test/appimage/appimage-args.exp
index cee01d509..eecb9bf82 100755
--- a/test/appimage/appimage-args.exp
+++ b/test/appimage/appimage-args.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
@@ -96,7 +96,7 @@ send -- "firejail --shutdown=appimage-test\r"
 set spawn_id $appimage_id
 expect {
        timeout {puts "shutdown\n";exit}
-        "AppImage unmounted"
+        "AppImage detached"
 }
 after 100
diff --git a/test/appimage/appimage-trace.exp b/test/appimage/appimage-trace.exp
index 07a0aac0d..2f67eb531 100755
--- a/test/appimage/appimage-trace.exp
+++ b/test/appimage/appimage-trace.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
@@ -31,7 +31,7 @@ expect {
 }
 expect {
        timeout {puts "shutdown\n"}
-        "AppImage unmounted"
+        "AppImage detached"
 }
 sleep 1
@@ -58,7 +58,7 @@ expect {
 }
 expect {
        timeout {puts "shutdown\n"}
-        "AppImage unmounted"
+        "AppImage detached"
 }
 sleep 1
diff --git a/test/appimage/appimage-v1.exp b/test/appimage/appimage-v1.exp
index 80e228145..b8b6e0c96 100755
--- a/test/appimage/appimage-v1.exp
+++ b/test/appimage/appimage-v1.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
@@ -84,7 +84,7 @@ send -- "firejail --shutdown=appimage-test\r"
 set spawn_id $appimage_id
 expect {
        timeout {puts "shutdown\n"}
-        "AppImage unmounted"
+        "AppImage detached"
 }
 after 100
diff --git a/test/appimage/appimage-v2.exp b/test/appimage/appimage-v2.exp
index ccdeae0aa..243824f75 100755
--- a/test/appimage/appimage-v2.exp
+++ b/test/appimage/appimage-v2.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
@@ -83,7 +83,7 @@ send -- "firejail --shutdown=appimage-test\r"
 set spawn_id $appimage_id
 expect {
        timeout {puts "shutdown\n"}
-        "AppImage unmounted"
+        "AppImage detached"
 }
 after 100
diff --git a/test/appimage/appimage.sh b/test/appimage/appimage.sh
index fa1a53195..e766b1acd 100755
--- a/test/appimage/appimage.sh
+++ b/test/appimage/appimage.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
@@ -20,4 +20,4 @@ echo "TESTING: AppImage argsv1 (test/appimage/appimage-args.exp)"
 ./appimage-args.exp
 echo "TESTING: AppImage trace (test/appimage/appimage-trace.exp)"
-./appimage-args.exp
+./appimage-trace.exp
diff --git a/test/appimage/filename.exp b/test/appimage/filename.exp
index e4c7d3a95..54d8d722d 100755
--- a/test/appimage/filename.exp
+++ b/test/appimage/filename.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
@@ -17,7 +17,7 @@ after 100
 send -- "firejail --appimage /etc/shadow\r"
 expect {
        timeout {puts "TESTING ERROR 2\n";exit}
-        "cannot access"
+        "cannot read"
 }
 after 100
diff --git a/test/apps-x11-xorg/apps-x11-xorg.sh b/test/apps-x11-xorg/apps-x11-xorg.sh
index 568dee85d..7f37914aa 100755
--- a/test/apps-x11-xorg/apps-x11-xorg.sh
+++ b/test/apps-x11-xorg/apps-x11-xorg.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/apps-x11-xorg/firefox.exp b/test/apps-x11-xorg/firefox.exp
index 8322e2d0e..12fcc13ce 100755
--- a/test/apps-x11-xorg/firefox.exp
+++ b/test/apps-x11-xorg/firefox.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11-xorg/thunderbird.exp b/test/apps-x11-xorg/thunderbird.exp
index 24549e6c8..5c810c517 100755
--- a/test/apps-x11-xorg/thunderbird.exp
+++ b/test/apps-x11-xorg/thunderbird.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11-xorg/transmission-gtk.exp b/test/apps-x11-xorg/transmission-gtk.exp
index b688bc619..e0f519c00 100755
--- a/test/apps-x11-xorg/transmission-gtk.exp
+++ b/test/apps-x11-xorg/transmission-gtk.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11-xorg/transmission-qt.exp b/test/apps-x11-xorg/transmission-qt.exp
index 5864bb845..02a015968 100755
--- a/test/apps-x11-xorg/transmission-qt.exp
+++ b/test/apps-x11-xorg/transmission-qt.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11/apps-x11.sh b/test/apps-x11/apps-x11.sh
index 609eb5dc9..9954cb736 100755
--- a/test/apps-x11/apps-x11.sh
+++ b/test/apps-x11/apps-x11.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/apps-x11/chromium.exp b/test/apps-x11/chromium.exp
index 14f8ff616..92739048c 100755
--- a/test/apps-x11/chromium.exp
+++ b/test/apps-x11/chromium.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11/firefox.exp b/test/apps-x11/firefox.exp
index 8de9d939b..69efc79d9 100755
--- a/test/apps-x11/firefox.exp
+++ b/test/apps-x11/firefox.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11/thunderbird.exp b/test/apps-x11/thunderbird.exp
index 73133fa1b..7cfc957b7 100755
--- a/test/apps-x11/thunderbird.exp
+++ b/test/apps-x11/thunderbird.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11/transmission-gtk.exp b/test/apps-x11/transmission-gtk.exp
index a8ce1d940..53e396a9e 100755
--- a/test/apps-x11/transmission-gtk.exp
+++ b/test/apps-x11/transmission-gtk.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11/x11-none.exp b/test/apps-x11/x11-none.exp
index 3f56a3072..b45751aa7 100755
--- a/test/apps-x11/x11-none.exp
+++ b/test/apps-x11/x11-none.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11/x11-xephyr.exp b/test/apps-x11/x11-xephyr.exp
index 4efdbc4f0..3da0e1a46 100755
--- a/test/apps-x11/x11-xephyr.exp
+++ b/test/apps-x11/x11-xephyr.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11/xterm-xephyr.exp b/test/apps-x11/xterm-xephyr.exp
index 7dc193110..5edbadad9 100755
--- a/test/apps-x11/xterm-xephyr.exp
+++ b/test/apps-x11/xterm-xephyr.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11/xterm-xorg.exp b/test/apps-x11/xterm-xorg.exp
index 893306830..a2a027729 100755
--- a/test/apps-x11/xterm-xorg.exp
+++ b/test/apps-x11/xterm-xorg.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps-x11/xterm-xpra.exp b/test/apps-x11/xterm-xpra.exp
index 0b35a7009..0f1458d15 100755
--- a/test/apps-x11/xterm-xpra.exp
+++ b/test/apps-x11/xterm-xpra.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/apps.sh b/test/apps/apps.sh
index 1e5f0f8c5..c332fe416 100755
--- a/test/apps/apps.sh
+++ b/test/apps/apps.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/apps/chromium.exp b/test/apps/chromium.exp
index d6375323e..d65bc93a9 100755
--- a/test/apps/chromium.exp
+++ b/test/apps/chromium.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/deluge.exp b/test/apps/deluge.exp
index 92f50fc8a..25c98623c 100755
--- a/test/apps/deluge.exp
+++ b/test/apps/deluge.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/fbreader.exp b/test/apps/fbreader.exp
index 55f7dd49f..67301c1d2 100755
--- a/test/apps/fbreader.exp
+++ b/test/apps/fbreader.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/filezilla.exp b/test/apps/filezilla.exp
index 9952a4d29..da37f1eff 100755
--- a/test/apps/filezilla.exp
+++ b/test/apps/filezilla.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/firefox.exp b/test/apps/firefox.exp
index 9869972f0..2a6f18276 100755
--- a/test/apps/firefox.exp
+++ b/test/apps/firefox.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/gnome-mplayer.exp b/test/apps/gnome-mplayer.exp
index 1d00cdd9b..564220d95 100755
--- a/test/apps/gnome-mplayer.exp
+++ b/test/apps/gnome-mplayer.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/gthumb.exp b/test/apps/gthumb.exp
index 9fba8a98e..569adcd34 100755
--- a/test/apps/gthumb.exp
+++ b/test/apps/gthumb.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/hexchat.exp b/test/apps/hexchat.exp
index b933e1edb..adea02216 100755
--- a/test/apps/hexchat.exp
+++ b/test/apps/hexchat.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/kcalc.exp b/test/apps/kcalc.exp
index ae743cf23..aaeb5221d 100755
--- a/test/apps/kcalc.exp
+++ b/test/apps/kcalc.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/ktorrent.exp b/test/apps/ktorrent.exp
index ef177bd08..8693f5f1d 100755
--- a/test/apps/ktorrent.exp
+++ b/test/apps/ktorrent.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/midori.exp b/test/apps/midori.exp
index 78a55313f..fae41e6da 100755
--- a/test/apps/midori.exp
+++ b/test/apps/midori.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/opera.exp b/test/apps/opera.exp
index b88368ec6..990476ed5 100755
--- a/test/apps/opera.exp
+++ b/test/apps/opera.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/qbittorrent.exp b/test/apps/qbittorrent.exp
index 67dfa73c7..bc0386335 100755
--- a/test/apps/qbittorrent.exp
+++ b/test/apps/qbittorrent.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/thunderbird.exp b/test/apps/thunderbird.exp
index 319ebbccf..10d0bb2f6 100755
--- a/test/apps/thunderbird.exp
+++ b/test/apps/thunderbird.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/transmission-qt.exp b/test/apps/transmission-qt.exp
index 4aec7d094..fec18a8bf 100755
--- a/test/apps/transmission-qt.exp
+++ b/test/apps/transmission-qt.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/uget-gtk.exp b/test/apps/uget-gtk.exp
index 397c63846..caa4063b9 100755
--- a/test/apps/uget-gtk.exp
+++ b/test/apps/uget-gtk.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/vlc.exp b/test/apps/vlc.exp
index 8110a6d93..ce3df1ba6 100755
--- a/test/apps/vlc.exp
+++ b/test/apps/vlc.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/wine.exp b/test/apps/wine.exp
index af8c5dca8..982a0c6d9 100755
--- a/test/apps/wine.exp
+++ b/test/apps/wine.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/apps/xchat.exp b/test/apps/xchat.exp
index 1d88ef7e4..9ed75d821 100755
--- a/test/apps/xchat.exp
+++ b/test/apps/xchat.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/arguments/arguments.sh b/test/arguments/arguments.sh
deleted file mode 100755
index 12e2aac6d..000000000
--- a/test/arguments/arguments.sh
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/bin/bash
-# This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
-# License GPL v2
-export LC_ALL=C
-if [ -f /etc/debian_version ]; then
-        libdir=$(dirname "$(dpkg -L firejail | grep faudit)")
-        export PATH="$PATH:$libdir"
-fi
-export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail"
-echo "TESTING: 1. regular bash session"
-./bashrun.exp
-sleep 1
-echo "TESTING: 2. symbolic link to firejail"
-./symrun.exp
-rm -fr symtest
-sleep 1
-echo "TESTING: 3. --join option"
-./joinrun.exp
-sleep 1
-echo "TESTING: 4. --output option"
-./outrun.exp
-rm out
-rm out.*
diff --git a/test/arguments/bashrun.exp b/test/arguments/bashrun.exp
deleted file mode 100755
index 782484cad..000000000
--- a/test/arguments/bashrun.exp
+++ /dev/null
@@ -1,89 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
-# License GPL v2
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send --  "./bashrun.sh\r"
-expect {
-        timeout {puts "TESTING ERROR 1.1.1\n";exit}
-        "Arguments:"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.1.2\n";exit}
-        "#arg1#"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.1.3\n";exit}
-        "#arg2#"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.2.1\n";exit}
-        "Arguments:"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.2.2\n";exit}
-        "#arg1 tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.2.3\n";exit}
-        "#arg2 tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.3.1\n";exit}
-        "Arguments:"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.3.2\n";exit}
-        "#arg1 tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.3.3\n";exit}
-        "#arg2 tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.4.1\n";exit}
-        "Arguments:"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.4.2\n";exit}
-        "#arg1 tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.4.3\n";exit}
-        "#arg2 tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.5.1\n";exit}
-        "Arguments:"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.5.2\n";exit}
-        "#arg1&tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.5.3\n";exit}
-        "#arg2&tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.6.1\n";exit}
-        "Arguments:"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.6.2\n";exit}
-        "#arg1&tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.6.3\n";exit}
-        "#arg2&tail#"
-}
-puts "\nall done\n"
diff --git a/test/arguments/bashrun.sh b/test/arguments/bashrun.sh
deleted file mode 100755
index 433d92436..000000000
--- a/test/arguments/bashrun.sh
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/bash
-# This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
-# License GPL v2
-echo "TESTING: 1.1 - simple args"
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit arg1 arg2
-# simple quotes, testing spaces in file names
-echo "TESTING: 1.2 - args with space and \""
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit "arg1 tail" "arg2 tail"
-echo "TESTING: 1.3 - args with space and '"
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit 'arg1 tail' 'arg2 tail'
-# escaped space in file names
-echo "TESTING: 1.4 - args with space and \\"
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit arg1\ tail arg2\ tail
-# & char appears in URLs - URLs should be quoted
-echo "TESTING: 1.5 - args with & and \""
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit "arg1&tail" "arg2&tail"
-echo "TESTING: 1.6 - args with & and '"
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit 'arg1&tail' 'arg2&tail'
diff --git a/test/arguments/joinrun.exp b/test/arguments/joinrun.exp
deleted file mode 100755
index 8359b4819..000000000
--- a/test/arguments/joinrun.exp
+++ /dev/null
@@ -1,92 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
-# License GPL v2
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send -- "firejail --name=joinrun\r"
-sleep 2
-spawn $env(SHELL)
-send --  "./joinrun.sh\r"
-expect {
-        timeout {puts "TESTING ERROR 3.1.1\n";exit}
-        "Arguments:"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1.2\n";exit}
-        "#arg1#"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1.3\n";exit}
-        "#arg2#"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.2.1\n";exit}
-        "Arguments:"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.2.2\n";exit}
-        "#arg1 tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.2.3\n";exit}
-        "#arg2 tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.3.1\n";exit}
-        "Arguments:"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.3.2\n";exit}
-        "#arg1 tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.3.3\n";exit}
-        "#arg2 tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.4.1\n";exit}
-        "Arguments:"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.4.2\n";exit}
-        "#arg1 tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.4.3\n";exit}
-        "#arg2 tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.5.1\n";exit}
-        "Arguments:"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.5.2\n";exit}
-        "#arg1&tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.5.3\n";exit}
-        "#arg2&tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.6.1\n";exit}
-        "Arguments:"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.6.2\n";exit}
-        "#arg1&tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.6.3\n";exit}
-        "#arg2&tail#"
-}
-puts "\nall done\n"
diff --git a/test/arguments/joinrun.sh b/test/arguments/joinrun.sh
deleted file mode 100755
index 0019563be..000000000
--- a/test/arguments/joinrun.sh
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/bash
-# This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
-# License GPL v2
-echo "TESTING: 3.1 - simple args"
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --join=joinrun faudit arg1 arg2
-# simple quotes, testing spaces in file names
-echo "TESTING: 3.2 - args with space and \""
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --join=joinrun faudit "arg1 tail" "arg2 tail"
-echo "TESTING: 3.3 - args with space and '"
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --join=joinrun faudit 'arg1 tail' 'arg2 tail'
-# escaped space in file names
-echo "TESTING: 3.4 - args with space and \\"
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --join=joinrun faudit arg1\ tail arg2\ tail
-# & char appears in URLs - URLs should be quoted
-echo "TESTING: 3.5 - args with & and \""
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --join=joinrun faudit "arg1&tail" "arg2&tail"
-echo "TESTING: 3.6 - args with & and '"
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --join=joinrun faudit 'arg1&tail' 'arg2&tail'
diff --git a/test/arguments/outrun.exp b/test/arguments/outrun.exp
deleted file mode 100755
index 46a226870..000000000
--- a/test/arguments/outrun.exp
+++ /dev/null
@@ -1,93 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
-# License GPL v2
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send --  "./outrun.sh\r"
-expect {
-        timeout {puts "TESTING ERROR 4.1.1\n";exit}
-        "Arguments:"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.1.2\n";exit}
-        "#arg1#"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.1.3\n";exit}
-        "#arg2#"
-}
-exit
-#***************************************************
-#  breaking down from here on - bug to fix
-#***************************************************
-expect {
-        timeout {puts "TESTING ERROR 4.2.1\n";exit}
-        "Arguments:"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.2.2\n";exit}
-        "#arg1 tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.2.3\n";exit}
-        "#arg2 tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.3.1\n";exit}
-        "Arguments:"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.3.2\n";exit}
-        "#arg1 tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.3.3\n";exit}
-        "#arg2 tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.4.1\n";exit}
-        "Arguments:"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.4.2\n";exit}
-        "#arg1 tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.4.3\n";exit}
-        "#arg2 tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.5.1\n";exit}
-        "Arguments:"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.5.2\n";exit}
-        "#arg1&tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.5.3\n";exit}
-        "#arg2&tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.6.1\n";exit}
-        "Arguments:"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.6.2\n";exit}
-        "#arg1&tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.6.3\n";exit}
-        "#arg2&tail#"
-}
-puts "\nall done\n"
diff --git a/test/arguments/outrun.sh b/test/arguments/outrun.sh
deleted file mode 100755
index 4e8b52417..000000000
--- a/test/arguments/outrun.sh
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/bash
-# This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
-# License GPL v2
-echo "TESTING: 4.1 - simple args"
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out faudit arg1 arg2
-# simple quotes, testing spaces in file names
-echo "TESTING: 4.2 - args with space and \""
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out faudit "arg1 tail" "arg2 tail"
-echo "TESTING: 4.3 - args with space and '"
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out faudit 'arg1 tail' 'arg2 tail'
-# escaped space in file names
-echo "TESTING: 4.4 - args with space and \\"
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out faudit arg1\ tail arg2\ tail
-# & char appears in URLs - URLs should be quoted
-echo "TESTING: 4.5 - args with & and \""
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out faudit "arg1&tail" "arg2&tail"
-echo "TESTING: 4.6 - args with & and '"
-firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out faudit 'arg1&tail' 'arg2&tail'
diff --git a/test/arguments/symrun.exp b/test/arguments/symrun.exp
deleted file mode 100755
index 49e0d28e0..000000000
--- a/test/arguments/symrun.exp
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
-# License GPL v2
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send --  "./symrun.sh\r"
-expect {
-        timeout {puts "TESTING ERROR 2.1.1\n";exit}
-        "Arguments:"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.1.2\n";exit}
-        "#arg1#"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.1.3\n";exit}
-        "#arg2#"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.3.1\n";exit}
-        "Arguments:"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.3.2\n";exit}
-        "#arg1 tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.3.3\n";exit}
-        "#arg2 tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.4.1\n";exit}
-        "Arguments:"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.4.2\n";exit}
-        "#arg1 tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.4.3\n";exit}
-        "#arg2 tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.5.1\n";exit}
-        "Arguments:"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.5.2\n";exit}
-        "#arg1&tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.5.3\n";exit}
-        "#arg2&tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.6.1\n";exit}
-        "Arguments:"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.6.2\n";exit}
-        "#arg1&tail#"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.6.3\n";exit}
-        "#arg2&tail#"
-}
diff --git a/test/arguments/symrun.sh b/test/arguments/symrun.sh
deleted file mode 100755
index 00c17df69..000000000
--- a/test/arguments/symrun.sh
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/bash
-# This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
-# License GPL v2
-mkdir symtest
-ln -s /usr/bin/firejail symtest/faudit
-# search for faudit in current directory
-export PATH=$PATH:.
-export FIREJAIL_TEST_ARGUMENTS=yes
-echo "TESTING: 2.1 - simple args"
-symtest/faudit arg1 arg2
-# simple quotes, testing spaces in file names
-echo "TESTING: 2.2 - args with space and \""
-symtest/faudit "arg1 tail" "arg2 tail"
-echo "TESTING: 2.3 - args with space and '"
-symtest/faudit 'arg1 tail' 'arg2 tail'
-# escaped space in file names
-echo "TESTING: 2.4 - args with space and \\"
-symtest/faudit arg1\ tail arg2\ tail
-# & char appears in URLs - URLs should be quoted
-echo "TESTING: 2.5 - args with & and \""
-symtest/faudit "arg1&tail" "arg2&tail"
-echo "TESTING: 2.6 - args with & and '"
-symtest/faudit 'arg1&tail' 'arg2&tail'
-rm -fr symtest
diff --git a/test/chroot/chroot.sh b/test/chroot/chroot.sh
index 7f65b2188..1ac5cf47e 100755
--- a/test/chroot/chroot.sh
+++ b/test/chroot/chroot.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/chroot/configure b/test/chroot/configure
index 465092abb..747dc4383 100755
--- a/test/chroot/configure
+++ b/test/chroot/configure
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 # build a very small chroot
diff --git a/test/chroot/fs_chroot.exp b/test/chroot/fs_chroot.exp
index 1db8269b9..650425829 100755
--- a/test/chroot/fs_chroot.exp
+++ b/test/chroot/fs_chroot.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/chroot/unchroot-as-root.exp b/test/chroot/unchroot-as-root.exp
index 844bd7450..b88367054 100755
--- a/test/chroot/unchroot-as-root.exp
+++ b/test/chroot/unchroot-as-root.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/chroot/unchroot.c b/test/chroot/unchroot.c
index 4454dd1c4..643983ce4 100644
--- a/test/chroot/unchroot.c
+++ b/test/chroot/unchroot.c
@@ -1,5 +1,5 @@
 // This file is part of Firejail project
-// Copyright (C) 2014-2020 Firejail Authors
+// Copyright (C) 2014-2021 Firejail Authors
 // License GPL v2
 // simple unchroot example from http://linux-vserver.org/Secure_chroot_Barrier
diff --git a/test/compile/compile.sh b/test/compile/compile.sh
index 04819d95d..101998187 100755
--- a/test/compile/compile.sh
+++ b/test/compile/compile.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 # not currently covered
diff --git a/test/environment/allow-debuggers.exp b/test/environment/allow-debuggers.exp
index c2f4be64c..f660c123a 100755
--- a/test/environment/allow-debuggers.exp
+++ b/test/environment/allow-debuggers.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/csh.exp b/test/environment/csh.exp
index ff61e6a83..f8ced07b5 100755
--- a/test/environment/csh.exp
+++ b/test/environment/csh.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/dash.exp b/test/environment/dash.exp
index 82e2f5cad..983a527cf 100755
--- a/test/environment/dash.exp
+++ b/test/environment/dash.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/deterministic-exit-code.exp b/test/environment/deterministic-exit-code.exp
index a92203b2d..1a1e53605 100755
--- a/test/environment/deterministic-exit-code.exp
+++ b/test/environment/deterministic-exit-code.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 4
diff --git a/test/environment/dns.exp b/test/environment/dns.exp
index 801a7e2b1..5b06b51c0 100755
--- a/test/environment/dns.exp
+++ b/test/environment/dns.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/doubledash.exp b/test/environment/doubledash.exp
index 60d4700dd..275755337 100755
--- a/test/environment/doubledash.exp
+++ b/test/environment/doubledash.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/env.exp b/test/environment/env.exp
index 107a41beb..4f6f8a1b7 100755
--- a/test/environment/env.exp
+++ b/test/environment/env.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/environment.sh b/test/environment/environment.sh
index 0706cbd88..152975c9d 100755
--- a/test/environment/environment.sh
+++ b/test/environment/environment.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/environment/extract_command.exp b/test/environment/extract_command.exp
index 50a933ec3..f91a10fa6 100755
--- a/test/environment/extract_command.exp
+++ b/test/environment/extract_command.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/firejail-in-firejail.exp b/test/environment/firejail-in-firejail.exp
index be422a294..459056260 100755
--- a/test/environment/firejail-in-firejail.exp
+++ b/test/environment/firejail-in-firejail.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/hostfile.exp b/test/environment/hostfile.exp
index 7f5034931..6b98863e5 100755
--- a/test/environment/hostfile.exp
+++ b/test/environment/hostfile.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
diff --git a/test/environment/ibus.exp b/test/environment/ibus.exp
index 857cef38c..089736f33 100755
--- a/test/environment/ibus.exp
+++ b/test/environment/ibus.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/machineid.exp b/test/environment/machineid.exp
index ecfd70f55..f0b3d2942 100755
--- a/test/environment/machineid.exp
+++ b/test/environment/machineid.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
diff --git a/test/environment/nice.exp b/test/environment/nice.exp
index b4afc28d2..80591978d 100755
--- a/test/environment/nice.exp
+++ b/test/environment/nice.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/output.exp b/test/environment/output.exp
index 0ad5250c1..dd03001d7 100755
--- a/test/environment/output.exp
+++ b/test/environment/output.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/output.sh b/test/environment/output.sh
index 14c20a79a..edf7dc4cb 100755
--- a/test/environment/output.sh
+++ b/test/environment/output.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 i="0"
diff --git a/test/environment/quiet.exp b/test/environment/quiet.exp
index 0a22051f5..510491738 100755
--- a/test/environment/quiet.exp
+++ b/test/environment/quiet.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 4
diff --git a/test/environment/rlimit-bad-profile.exp b/test/environment/rlimit-bad-profile.exp
index 35d9b4479..b838f83f4 100755
--- a/test/environment/rlimit-bad-profile.exp
+++ b/test/environment/rlimit-bad-profile.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/rlimit-bad.exp b/test/environment/rlimit-bad.exp
index 7eaac27b6..3a82ded9b 100755
--- a/test/environment/rlimit-bad.exp
+++ b/test/environment/rlimit-bad.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/rlimit-profile.exp b/test/environment/rlimit-profile.exp
index 63b01a38c..4071675ee 100755
--- a/test/environment/rlimit-profile.exp
+++ b/test/environment/rlimit-profile.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/rlimit.exp b/test/environment/rlimit.exp
index c80f2857c..6fcb554a7 100755
--- a/test/environment/rlimit.exp
+++ b/test/environment/rlimit.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/shell-none.exp b/test/environment/shell-none.exp
index aed9adbd4..507225326 100755
--- a/test/environment/shell-none.exp
+++ b/test/environment/shell-none.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/sound.exp b/test/environment/sound.exp
index fadad9eed..e5fa27e77 100755
--- a/test/environment/sound.exp
+++ b/test/environment/sound.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
diff --git a/test/environment/timeout.exp b/test/environment/timeout.exp
index c8b215084..ea0dd67b7 100755
--- a/test/environment/timeout.exp
+++ b/test/environment/timeout.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/umask.exp b/test/environment/umask.exp
index a3b80bd1c..e1f520fcd 100755
--- a/test/environment/umask.exp
+++ b/test/environment/umask.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/environment/zsh.exp b/test/environment/zsh.exp
index 8c493ac23..a750ac55c 100755
--- a/test/environment/zsh.exp
+++ b/test/environment/zsh.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fcopy/cmdline.exp b/test/fcopy/cmdline.exp
index f0416d51e..00e44e489 100755
--- a/test/fcopy/cmdline.exp
+++ b/test/fcopy/cmdline.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fcopy/dircopy.exp b/test/fcopy/dircopy.exp
index a74ce1616..633d12d08 100755
--- a/test/fcopy/dircopy.exp
+++ b/test/fcopy/dircopy.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
diff --git a/test/fcopy/fcopy.sh b/test/fcopy/fcopy.sh
index 96b515238..822f6a9cd 100755
--- a/test/fcopy/fcopy.sh
+++ b/test/fcopy/fcopy.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/fcopy/filecopy.exp b/test/fcopy/filecopy.exp
index 7f7fbea9e..fb911e222 100755
--- a/test/fcopy/filecopy.exp
+++ b/test/fcopy/filecopy.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
diff --git a/test/fcopy/linkcopy.exp b/test/fcopy/linkcopy.exp
index a9b3a067f..dbc33c6a7 100755
--- a/test/fcopy/linkcopy.exp
+++ b/test/fcopy/linkcopy.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
diff --git a/test/features/1.1.exp b/test/features/1.1.exp
index 5cf3b724e..fe1e0f132 100755
--- a/test/features/1.1.exp
+++ b/test/features/1.1.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # disable /boot
diff --git a/test/features/1.10.exp b/test/features/1.10.exp
index b37b6c568..5dd03ecef 100755
--- a/test/features/1.10.exp
+++ b/test/features/1.10.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # disable /selinux
diff --git a/test/features/1.2.exp b/test/features/1.2.exp
index c9a9480a7..f7a55b445 100755
--- a/test/features/1.2.exp
+++ b/test/features/1.2.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # new /proc
diff --git a/test/features/1.4.exp b/test/features/1.4.exp
index a19589b6e..66a8c1175 100755
--- a/test/features/1.4.exp
+++ b/test/features/1.4.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # mask other users
diff --git a/test/features/1.5.exp b/test/features/1.5.exp
index cd296bbd8..ba0aea220 100755
--- a/test/features/1.5.exp
+++ b/test/features/1.5.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # PID namespace
diff --git a/test/features/1.6.exp b/test/features/1.6.exp
index 24951d27a..89fa29de0 100755
--- a/test/features/1.6.exp
+++ b/test/features/1.6.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # new /var/log
diff --git a/test/features/1.7.exp b/test/features/1.7.exp
index 701aa0ca5..3e9c0908f 100755
--- a/test/features/1.7.exp
+++ b/test/features/1.7.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # new /var/tmp
diff --git a/test/features/1.8.exp b/test/features/1.8.exp
index bd7d7add2..15936c2fb 100755
--- a/test/features/1.8.exp
+++ b/test/features/1.8.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # disable /etc/firejail and ~/.config/firejail
diff --git a/test/features/2.1.exp b/test/features/2.1.exp
index 4ad3f3bff..6e741a1c2 100755
--- a/test/features/2.1.exp
+++ b/test/features/2.1.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # hostname
diff --git a/test/features/2.2.exp b/test/features/2.2.exp
index c8c6461dd..3f30d0bad 100755
--- a/test/features/2.2.exp
+++ b/test/features/2.2.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # DNS
diff --git a/test/features/2.3.exp b/test/features/2.3.exp
index ccc2bd168..6c520fdba 100755
--- a/test/features/2.3.exp
+++ b/test/features/2.3.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # mac-vlan
diff --git a/test/features/2.4.exp b/test/features/2.4.exp
index fb64d84c1..74b7881f0 100755
--- a/test/features/2.4.exp
+++ b/test/features/2.4.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # bridge
diff --git a/test/features/2.5.exp b/test/features/2.5.exp
index 74f47e1a1..bc3e44e8f 100755
--- a/test/features/2.5.exp
+++ b/test/features/2.5.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # interface
diff --git a/test/features/2.6.exp b/test/features/2.6.exp
index 27347d43d..7c763e6f1 100755
--- a/test/features/2.6.exp
+++ b/test/features/2.6.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # default gateway
diff --git a/test/features/3.1.exp b/test/features/3.1.exp
index c1167f296..6ba56517a 100755
--- a/test/features/3.1.exp
+++ b/test/features/3.1.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # private
diff --git a/test/features/3.10.exp b/test/features/3.10.exp
index fdec33d1b..4797c765b 100755
--- a/test/features/3.10.exp
+++ b/test/features/3.10.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # whitelist tmp
diff --git a/test/features/3.11.exp b/test/features/3.11.exp
index 27daaf752..b26d7b888 100755
--- a/test/features/3.11.exp
+++ b/test/features/3.11.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # mkdir
diff --git a/test/features/3.2.exp b/test/features/3.2.exp
index eae820dd7..df73b9786 100755
--- a/test/features/3.2.exp
+++ b/test/features/3.2.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # read-only
diff --git a/test/features/3.3.exp b/test/features/3.3.exp
index 9f58a1e1a..499718dbd 100755
--- a/test/features/3.3.exp
+++ b/test/features/3.3.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # blacklist
diff --git a/test/features/3.4.exp b/test/features/3.4.exp
index 343f2a37c..e59ff8a38 100755
--- a/test/features/3.4.exp
+++ b/test/features/3.4.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # whitelist home
diff --git a/test/features/3.5.exp b/test/features/3.5.exp
index 37e492ea4..8c37aebb3 100755
--- a/test/features/3.5.exp
+++ b/test/features/3.5.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # private-dev
diff --git a/test/features/3.6.exp b/test/features/3.6.exp
index ca76f6a38..0149a04cd 100755
--- a/test/features/3.6.exp
+++ b/test/features/3.6.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # private-etc
diff --git a/test/features/3.7.exp b/test/features/3.7.exp
index 532c157af..9d3e7265c 100755
--- a/test/features/3.7.exp
+++ b/test/features/3.7.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # private-tmp
diff --git a/test/features/3.8.exp b/test/features/3.8.exp
index 80cdf7306..5546ef15b 100755
--- a/test/features/3.8.exp
+++ b/test/features/3.8.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # private-bin
diff --git a/test/features/3.9.exp b/test/features/3.9.exp
index 56a1fc006..6029160a6 100755
--- a/test/features/3.9.exp
+++ b/test/features/3.9.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # whitelist dev
diff --git a/test/features/test.sh b/test/features/test.sh
index 431a6491b..392e6c159 100755
--- a/test/features/test.sh
+++ b/test/features/test.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 export LC_ALL=C
diff --git a/test/filters/apparmor.exp b/test/filters/apparmor.exp
index 32edba72a..f20326fe0 100755
--- a/test/filters/apparmor.exp
+++ b/test/filters/apparmor.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/caps-join.exp b/test/filters/caps-join.exp
index 5b80b2b48..4f3a2832d 100755
--- a/test/filters/caps-join.exp
+++ b/test/filters/caps-join.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/caps-print.exp b/test/filters/caps-print.exp
index e78ab5275..e8465aee1 100755
--- a/test/filters/caps-print.exp
+++ b/test/filters/caps-print.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/caps.exp b/test/filters/caps.exp
index b9aa8d22e..8776e83d4 100755
--- a/test/filters/caps.exp
+++ b/test/filters/caps.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/debug.exp b/test/filters/debug.exp
index 4a5a11639..b2ca95191 100755
--- a/test/filters/debug.exp
+++ b/test/filters/debug.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/filters.sh b/test/filters/filters.sh
index fba90522d..a9f06b60a 100755
--- a/test/filters/filters.sh
+++ b/test/filters/filters.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/filters/fseccomp.exp b/test/filters/fseccomp.exp
index c7062b395..59f812d6d 100755
--- a/test/filters/fseccomp.exp
+++ b/test/filters/fseccomp.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/memwrexe-32.exp b/test/filters/memwrexe-32.exp
index d7fad9091..1aeaacc82 100755
--- a/test/filters/memwrexe-32.exp
+++ b/test/filters/memwrexe-32.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/memwrexe.c b/test/filters/memwrexe.c
index e68176b42..4fbf05f78 100644
--- a/test/filters/memwrexe.c
+++ b/test/filters/memwrexe.c
@@ -1,5 +1,5 @@
 // This file is part of Firejail project
-// Copyright (C) 2014-2020 Firejail Authors
+// Copyright (C) 2014-2021 Firejail Authors
 // License GPL v2
 #include <stdio.h>
diff --git a/test/filters/memwrexe.exp b/test/filters/memwrexe.exp
index 244f2477f..2b170803c 100755
--- a/test/filters/memwrexe.exp
+++ b/test/filters/memwrexe.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/noroot.exp b/test/filters/noroot.exp
index e9f01443f..64f72f610 100755
--- a/test/filters/noroot.exp
+++ b/test/filters/noroot.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/protocol.exp b/test/filters/protocol.exp
index 0fecd645d..071460e4c 100755
--- a/test/filters/protocol.exp
+++ b/test/filters/protocol.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-bad-empty.exp b/test/filters/seccomp-bad-empty.exp
index 269ea1a40..5e7c8e1b5 100755
--- a/test/filters/seccomp-bad-empty.exp
+++ b/test/filters/seccomp-bad-empty.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-chmod-profile.exp b/test/filters/seccomp-chmod-profile.exp
index 22392f882..5587e056c 100755
--- a/test/filters/seccomp-chmod-profile.exp
+++ b/test/filters/seccomp-chmod-profile.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-chmod.exp b/test/filters/seccomp-chmod.exp
index c72a68c82..0d01d4ff2 100755
--- a/test/filters/seccomp-chmod.exp
+++ b/test/filters/seccomp-chmod.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-chown.exp b/test/filters/seccomp-chown.exp
index f6094c965..0a19229b4 100755
--- a/test/filters/seccomp-chown.exp
+++ b/test/filters/seccomp-chown.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-debug-32.exp b/test/filters/seccomp-debug-32.exp
index 08e590041..677ca4e30 100755
--- a/test/filters/seccomp-debug-32.exp
+++ b/test/filters/seccomp-debug-32.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-debug.exp b/test/filters/seccomp-debug.exp
index c3ba9c084..852abf822 100755
--- a/test/filters/seccomp-debug.exp
+++ b/test/filters/seccomp-debug.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-dualfilter.exp b/test/filters/seccomp-dualfilter.exp
index b6204fc64..e655be848 100755
--- a/test/filters/seccomp-dualfilter.exp
+++ b/test/filters/seccomp-dualfilter.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 1
diff --git a/test/filters/seccomp-empty.exp b/test/filters/seccomp-empty.exp
index 81411218f..3baa7f0c6 100755
--- a/test/filters/seccomp-empty.exp
+++ b/test/filters/seccomp-empty.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-errno.exp b/test/filters/seccomp-errno.exp
index d125a90dc..6c7c63e88 100755
--- a/test/filters/seccomp-errno.exp
+++ b/test/filters/seccomp-errno.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-join.exp b/test/filters/seccomp-join.exp
index bb693e94d..9a8767ed7 100755
--- a/test/filters/seccomp-join.exp
+++ b/test/filters/seccomp-join.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-numeric.exp b/test/filters/seccomp-numeric.exp
index 6e8402cfa..59fc26884 100755
--- a/test/filters/seccomp-numeric.exp
+++ b/test/filters/seccomp-numeric.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-postexec.exp b/test/filters/seccomp-postexec.exp
index 164230482..18263520a 100755
--- a/test/filters/seccomp-postexec.exp
+++ b/test/filters/seccomp-postexec.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-ptrace.exp b/test/filters/seccomp-ptrace.exp
index 39cd6a393..ec8ab615c 100755
--- a/test/filters/seccomp-ptrace.exp
+++ b/test/filters/seccomp-ptrace.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-run-files.exp b/test/filters/seccomp-run-files.exp
index 5f468cf24..1e3827f0f 100755
--- a/test/filters/seccomp-run-files.exp
+++ b/test/filters/seccomp-run-files.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/seccomp-su.exp b/test/filters/seccomp-su.exp
index 6a3d99916..4bd8b5e93 100755
--- a/test/filters/seccomp-su.exp
+++ b/test/filters/seccomp-su.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/filters/syscall_test.c b/test/filters/syscall_test.c
index f153e8b3f..55ee31afb 100644
--- a/test/filters/syscall_test.c
+++ b/test/filters/syscall_test.c
@@ -1,5 +1,5 @@
 // This file is part of Firejail project
-// Copyright (C) 2014-2020 Firejail Authors
+// Copyright (C) 2014-2021 Firejail Authors
 // License GPL v2
 #include <stdlib.h>
diff --git a/test/fnetfilter/cmdline.exp b/test/fnetfilter/cmdline.exp
index 944fcda52..16e8ccb81 100755
--- a/test/fnetfilter/cmdline.exp
+++ b/test/fnetfilter/cmdline.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fnetfilter/copy.exp b/test/fnetfilter/copy.exp
index 4702a5d02..6c672141f 100755
--- a/test/fnetfilter/copy.exp
+++ b/test/fnetfilter/copy.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fnetfilter/default.exp b/test/fnetfilter/default.exp
index 2b5bdbb69..fee9fb5f3 100755
--- a/test/fnetfilter/default.exp
+++ b/test/fnetfilter/default.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fnetfilter/fnetfilter.sh b/test/fnetfilter/fnetfilter.sh
index 636a9d086..9fac92d39 100755
--- a/test/fnetfilter/fnetfilter.sh
+++ b/test/fnetfilter/fnetfilter.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/fnetfilter/template.exp b/test/fnetfilter/template.exp
index 03a8d6229..0ff09a024 100755
--- a/test/fnetfilter/template.exp
+++ b/test/fnetfilter/template.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/fs.sh b/test/fs/fs.sh
index dd24f5922..591fc1a06 100755
--- a/test/fs/fs.sh
+++ b/test/fs/fs.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/fs/fs_dev_shm.exp b/test/fs/fs_dev_shm.exp
index 5f1013339..04e6e2383 100755
--- a/test/fs/fs_dev_shm.exp
+++ b/test/fs/fs_dev_shm.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/fs_var_lock.exp b/test/fs/fs_var_lock.exp
index 762027b5b..3ea98c3e3 100755
--- a/test/fs/fs_var_lock.exp
+++ b/test/fs/fs_var_lock.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/fs_var_tmp.exp b/test/fs/fs_var_tmp.exp
index 886e773d8..004425719 100755
--- a/test/fs/fs_var_tmp.exp
+++ b/test/fs/fs_var_tmp.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/fscheck-bindnoroot.exp b/test/fs/fscheck-bindnoroot.exp
index eff8c4fad..53a3922ee 100755
--- a/test/fs/fscheck-bindnoroot.exp
+++ b/test/fs/fscheck-bindnoroot.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/fscheck-private.exp b/test/fs/fscheck-private.exp
index 2cf985a9a..ab39b43e1 100755
--- a/test/fs/fscheck-private.exp
+++ b/test/fs/fscheck-private.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/fscheck-readonly.exp b/test/fs/fscheck-readonly.exp
index c591e4670..5d4821dea 100755
--- a/test/fs/fscheck-readonly.exp
+++ b/test/fs/fscheck-readonly.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/fscheck-tmpfs.exp b/test/fs/fscheck-tmpfs.exp
index 818549fe2..8dd08aa72 100755
--- a/test/fs/fscheck-tmpfs.exp
+++ b/test/fs/fscheck-tmpfs.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/invalid_filename.exp b/test/fs/invalid_filename.exp
index bfefcec68..7c4797976 100755
--- a/test/fs/invalid_filename.exp
+++ b/test/fs/invalid_filename.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/kmsg.exp b/test/fs/kmsg.exp
index 8ae520836..209cb8d3b 100755
--- a/test/fs/kmsg.exp
+++ b/test/fs/kmsg.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/macro.exp b/test/fs/macro.exp
index fd9928222..45e892088 100755
--- a/test/fs/macro.exp
+++ b/test/fs/macro.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/mkdir.exp b/test/fs/mkdir.exp
index 61029ec18..8b787f114 100755
--- a/test/fs/mkdir.exp
+++ b/test/fs/mkdir.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 3
diff --git a/test/fs/mkdir_mkfile.exp b/test/fs/mkdir_mkfile.exp
index 82dab1ddf..eddc6ebfb 100755
--- a/test/fs/mkdir_mkfile.exp
+++ b/test/fs/mkdir_mkfile.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/noblacklist-blacklist-noexec.exp b/test/fs/noblacklist-blacklist-noexec.exp
index 31f5ab054..9f5794a7d 100755
--- a/test/fs/noblacklist-blacklist-noexec.exp
+++ b/test/fs/noblacklist-blacklist-noexec.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/noblacklist-blacklist-readonly.exp b/test/fs/noblacklist-blacklist-readonly.exp
index 367d835b0..558d3ac9c 100755
--- a/test/fs/noblacklist-blacklist-readonly.exp
+++ b/test/fs/noblacklist-blacklist-readonly.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/option_bind_user.exp b/test/fs/option_bind_user.exp
index f74d4e994..08b892121 100755
--- a/test/fs/option_bind_user.exp
+++ b/test/fs/option_bind_user.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/option_blacklist.exp b/test/fs/option_blacklist.exp
index f703c0f79..6ee2b07ca 100755
--- a/test/fs/option_blacklist.exp
+++ b/test/fs/option_blacklist.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/option_blacklist_file.exp b/test/fs/option_blacklist_file.exp
index 3c2a6c3df..b0bcc741b 100755
--- a/test/fs/option_blacklist_file.exp
+++ b/test/fs/option_blacklist_file.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/option_blacklist_glob.exp b/test/fs/option_blacklist_glob.exp
index 8afdeff5f..ee79eabf4 100755
--- a/test/fs/option_blacklist_glob.exp
+++ b/test/fs/option_blacklist_glob.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/private-bin.exp b/test/fs/private-bin.exp
index 3f74a196f..b5d205780 100755
--- a/test/fs/private-bin.exp
+++ b/test/fs/private-bin.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/private-cache.exp b/test/fs/private-cache.exp
index 6e4c6bd1b..3244c21c1 100755
--- a/test/fs/private-cache.exp
+++ b/test/fs/private-cache.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/private-cwd.exp b/test/fs/private-cwd.exp
index d439e2c1e..54804a6a6 100755
--- a/test/fs/private-cwd.exp
+++ b/test/fs/private-cwd.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/private-etc-empty.exp b/test/fs/private-etc-empty.exp
index f6c5405bf..9be18f9bd 100755
--- a/test/fs/private-etc-empty.exp
+++ b/test/fs/private-etc-empty.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/private-etc.exp b/test/fs/private-etc.exp
index e727eee5c..c9a74f96e 100755
--- a/test/fs/private-etc.exp
+++ b/test/fs/private-etc.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/private-home-dir.exp b/test/fs/private-home-dir.exp
index bf4296010..75ac5aea5 100755
--- a/test/fs/private-home-dir.exp
+++ b/test/fs/private-home-dir.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/private-home.exp b/test/fs/private-home.exp
index a46071b3a..2f297e93f 100755
--- a/test/fs/private-home.exp
+++ b/test/fs/private-home.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/private-homedir.exp b/test/fs/private-homedir.exp
index 36d61786e..78fb705ec 100755
--- a/test/fs/private-homedir.exp
+++ b/test/fs/private-homedir.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/private-lib.exp b/test/fs/private-lib.exp
index 574ca7ab4..f32affabb 100755
--- a/test/fs/private-lib.exp
+++ b/test/fs/private-lib.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
diff --git a/test/fs/private-whitelist.exp b/test/fs/private-whitelist.exp
index c988bce7f..1879a3d54 100755
--- a/test/fs/private-whitelist.exp
+++ b/test/fs/private-whitelist.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/private.exp b/test/fs/private.exp
index e59f64085..d4f7fc893 100755
--- a/test/fs/private.exp
+++ b/test/fs/private.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/read-write.exp b/test/fs/read-write.exp
index 2ff4cda7c..ad51c2db1 100755
--- a/test/fs/read-write.exp
+++ b/test/fs/read-write.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/sys_fs.exp b/test/fs/sys_fs.exp
index 60e935a4c..de7fadf6c 100755
--- a/test/fs/sys_fs.exp
+++ b/test/fs/sys_fs.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/whitelist-dev.exp b/test/fs/whitelist-dev.exp
index 0db5b571c..ad5c54a9c 100755
--- a/test/fs/whitelist-dev.exp
+++ b/test/fs/whitelist-dev.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/whitelist-double.exp b/test/fs/whitelist-double.exp
index 90cfbaf11..5ce9d8ad7 100755
--- a/test/fs/whitelist-double.exp
+++ b/test/fs/whitelist-double.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/whitelist-empty.exp b/test/fs/whitelist-empty.exp
index c4810963f..dbc04cf30 100755
--- a/test/fs/whitelist-empty.exp
+++ b/test/fs/whitelist-empty.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 30
diff --git a/test/fs/whitelist-noexec.exp b/test/fs/whitelist-noexec.exp
index ee601c12d..e1c39b66f 100755
--- a/test/fs/whitelist-noexec.exp
+++ b/test/fs/whitelist-noexec.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/whitelist-readonly.exp b/test/fs/whitelist-readonly.exp
index 0e5794a17..e5c9cc400 100755
--- a/test/fs/whitelist-readonly.exp
+++ b/test/fs/whitelist-readonly.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/whitelist-whitespace.exp b/test/fs/whitelist-whitespace.exp
index 9534568c4..1b1c4c1cb 100755
--- a/test/fs/whitelist-whitespace.exp
+++ b/test/fs/whitelist-whitespace.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/fs/whitelist.exp b/test/fs/whitelist.exp
index 11dfa98c8..27ee2433e 100755
--- a/test/fs/whitelist.exp
+++ b/test/fs/whitelist.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/4bridges_arp.exp b/test/network/4bridges_arp.exp
index 4e191ffd6..d608128f8 100755
--- a/test/network/4bridges_arp.exp
+++ b/test/network/4bridges_arp.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/4bridges_ip.exp b/test/network/4bridges_ip.exp
index a613b3e54..586dfcba9 100755
--- a/test/network/4bridges_ip.exp
+++ b/test/network/4bridges_ip.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/bandwidth.exp b/test/network/bandwidth.exp
index b8497d936..d73669ebe 100755
--- a/test/network/bandwidth.exp
+++ b/test/network/bandwidth.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/configure b/test/network/configure
index 64d098931..f75e9b23f 100755
--- a/test/network/configure
+++ b/test/network/configure
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 brctl addbr br0
diff --git a/test/network/dns-print.exp b/test/network/dns-print.exp
index a002daeca..5ee4c0d19 100755
--- a/test/network/dns-print.exp
+++ b/test/network/dns-print.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/firemon-arp.exp b/test/network/firemon-arp.exp
index 70d129165..8e0a0b1b0 100755
--- a/test/network/firemon-arp.exp
+++ b/test/network/firemon-arp.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/firemon-interfaces.exp b/test/network/firemon-interfaces.exp
index 17b9f7535..494496a26 100755
--- a/test/network/firemon-interfaces.exp
+++ b/test/network/firemon-interfaces.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/firemon-route.exp b/test/network/firemon-route.exp
index fe2f5a952..a1ded08c1 100755
--- a/test/network/firemon-route.exp
+++ b/test/network/firemon-route.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/hostname.exp b/test/network/hostname.exp
index 205ae8078..825f1f6cf 100755
--- a/test/network/hostname.exp
+++ b/test/network/hostname.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/interface.exp b/test/network/interface.exp
index 35b22daaf..78178e233 100755
--- a/test/network/interface.exp
+++ b/test/network/interface.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 #
 # interface
diff --git a/test/network/ip6.exp b/test/network/ip6.exp
index e1583c22f..ed29964c6 100755
--- a/test/network/ip6.exp
+++ b/test/network/ip6.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/iprange.exp b/test/network/iprange.exp
index 5d270166f..2690a128a 100755
--- a/test/network/iprange.exp
+++ b/test/network/iprange.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_arp.exp b/test/network/net_arp.exp
index 5b170bad5..84912cddd 100755
--- a/test/network/net_arp.exp
+++ b/test/network/net_arp.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_badip.exp b/test/network/net_badip.exp
index 4e20f9040..b09f4d192 100755
--- a/test/network/net_badip.exp
+++ b/test/network/net_badip.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_defaultgw.exp b/test/network/net_defaultgw.exp
index 9093c7ad4..19dd94dbd 100755
--- a/test/network/net_defaultgw.exp
+++ b/test/network/net_defaultgw.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_defaultgw2.exp b/test/network/net_defaultgw2.exp
index 3ecb1cb51..4f5864822 100755
--- a/test/network/net_defaultgw2.exp
+++ b/test/network/net_defaultgw2.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_defaultgw3.exp b/test/network/net_defaultgw3.exp
index fe745d326..dc3589c3c 100755
--- a/test/network/net_defaultgw3.exp
+++ b/test/network/net_defaultgw3.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_ip.exp b/test/network/net_ip.exp
index e67dfd587..098eed758 100755
--- a/test/network/net_ip.exp
+++ b/test/network/net_ip.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_local.exp b/test/network/net_local.exp
index c1794f200..d5d4170e8 100755
--- a/test/network/net_local.exp
+++ b/test/network/net_local.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_mac.exp b/test/network/net_mac.exp
index d62a78e39..e067f604f 100755
--- a/test/network/net_mac.exp
+++ b/test/network/net_mac.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_macvlan2.exp b/test/network/net_macvlan2.exp
index 80c85a788..1f67f059e 100755
--- a/test/network/net_macvlan2.exp
+++ b/test/network/net_macvlan2.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_mtu.exp b/test/network/net_mtu.exp
index 19a488376..439e05334 100755
--- a/test/network/net_mtu.exp
+++ b/test/network/net_mtu.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_netfilter.exp b/test/network/net_netfilter.exp
index bce067c43..8a949c22b 100755
--- a/test/network/net_netfilter.exp
+++ b/test/network/net_netfilter.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_noip.exp b/test/network/net_noip.exp
index 46ef6f9fb..53b719f6c 100755
--- a/test/network/net_noip.exp
+++ b/test/network/net_noip.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_noip2.exp b/test/network/net_noip2.exp
index 579661fbc..aa74d6ba8 100755
--- a/test/network/net_noip2.exp
+++ b/test/network/net_noip2.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_none.exp b/test/network/net_none.exp
index 6ec4187d3..c8787c342 100755
--- a/test/network/net_none.exp
+++ b/test/network/net_none.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_profile.exp b/test/network/net_profile.exp
index f31527984..e7c6530df 100755
--- a/test/network/net_profile.exp
+++ b/test/network/net_profile.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_scan.exp b/test/network/net_scan.exp
index 6cd3804be..b9260925a 100755
--- a/test/network/net_scan.exp
+++ b/test/network/net_scan.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_unconfigured.exp b/test/network/net_unconfigured.exp
index 349d4c042..d2b60d73c 100755
--- a/test/network/net_unconfigured.exp
+++ b/test/network/net_unconfigured.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/net_veth.exp b/test/network/net_veth.exp
index ada2d7bd9..cd4e64e24 100755
--- a/test/network/net_veth.exp
+++ b/test/network/net_veth.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/netfilter-template.exp b/test/network/netfilter-template.exp
index 72dfa1653..dadea1430 100755
--- a/test/network/netfilter-template.exp
+++ b/test/network/netfilter-template.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/netns.exp b/test/network/netns.exp
index cec3151ef..9ef4ed554 100755
--- a/test/network/netns.exp
+++ b/test/network/netns.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/netstats.exp b/test/network/netstats.exp
index 4b47c389d..e15e2f42d 100755
--- a/test/network/netstats.exp
+++ b/test/network/netstats.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/network/network.sh b/test/network/network.sh
index a216f5563..9f2b9e1cd 100755
--- a/test/network/network.sh
+++ b/test/network/network.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/network/tcpserver.c b/test/network/tcpserver.c
index f7f8a41bc..72730b674 100644
--- a/test/network/tcpserver.c
+++ b/test/network/tcpserver.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2020 Firejail Authors
+ * Copyright (C) 2014-2021 Firejail Authors
 *
 * This file is part of firejail project
 *
diff --git a/test/network/veth-name.exp b/test/network/veth-name.exp
index 4ad5f868c..1790381e3 100755
--- a/test/network/veth-name.exp
+++ b/test/network/veth-name.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/overlay/firefox-x11-xorg.exp b/test/overlay/firefox-x11-xorg.exp
index 395a91a1f..ecb9288b0 100755
--- a/test/overlay/firefox-x11-xorg.exp
+++ b/test/overlay/firefox-x11-xorg.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/overlay/firefox-x11.exp b/test/overlay/firefox-x11.exp
index 1b3f779bb..5b7b1bec3 100755
--- a/test/overlay/firefox-x11.exp
+++ b/test/overlay/firefox-x11.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/overlay/firefox.exp b/test/overlay/firefox.exp
index fd3c73d32..25c6e5e07 100755
--- a/test/overlay/firefox.exp
+++ b/test/overlay/firefox.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/overlay/fs-named.exp b/test/overlay/fs-named.exp
index abfddabc3..df1dfc244 100755
--- a/test/overlay/fs-named.exp
+++ b/test/overlay/fs-named.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/overlay/fs-tmpfs.exp b/test/overlay/fs-tmpfs.exp
index 130159ad0..5bd2b25fc 100755
--- a/test/overlay/fs-tmpfs.exp
+++ b/test/overlay/fs-tmpfs.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/overlay/fs.exp b/test/overlay/fs.exp
index f8c8150d3..3314e849d 100755
--- a/test/overlay/fs.exp
+++ b/test/overlay/fs.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/overlay/overlay.sh b/test/overlay/overlay.sh
index 3d4ec06d4..f1daba935 100755
--- a/test/overlay/overlay.sh
+++ b/test/overlay/overlay.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/private-lib/atril.exp b/test/private-lib/atril.exp
index effdf0b7f..679799f02 100755
--- a/test/private-lib/atril.exp
+++ b/test/private-lib/atril.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/dig.exp b/test/private-lib/dig.exp
index a15d5e44a..39f3f6d49 100755
--- a/test/private-lib/dig.exp
+++ b/test/private-lib/dig.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/eog.exp b/test/private-lib/eog.exp
index 85f9b3e3d..ac6ecfff7 100755
--- a/test/private-lib/eog.exp
+++ b/test/private-lib/eog.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/eom.exp b/test/private-lib/eom.exp
index a8caf1b01..47e749712 100755
--- a/test/private-lib/eom.exp
+++ b/test/private-lib/eom.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/evince.exp b/test/private-lib/evince.exp
index 184d9e6e6..1e270a2ef 100755
--- a/test/private-lib/evince.exp
+++ b/test/private-lib/evince.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/galculator.exp b/test/private-lib/galculator.exp
index 2fc05772e..68ff9f834 100755
--- a/test/private-lib/galculator.exp
+++ b/test/private-lib/galculator.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/gedit.exp b/test/private-lib/gedit.exp
index 00ecfb184..67be5c215 100755
--- a/test/private-lib/gedit.exp
+++ b/test/private-lib/gedit.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/gnome-calculator.exp b/test/private-lib/gnome-calculator.exp
index 31c139738..67712bd67 100755
--- a/test/private-lib/gnome-calculator.exp
+++ b/test/private-lib/gnome-calculator.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/gnome-logs.exp b/test/private-lib/gnome-logs.exp
index c143f5c99..f671effe4 100755
--- a/test/private-lib/gnome-logs.exp
+++ b/test/private-lib/gnome-logs.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/gnome-nettool.exp b/test/private-lib/gnome-nettool.exp
index 09841c4a8..a68084776 100755
--- a/test/private-lib/gnome-nettool.exp
+++ b/test/private-lib/gnome-nettool.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/gnome-system-log.exp b/test/private-lib/gnome-system-log.exp
index 3a81cff8f..c3b1f2377 100755
--- a/test/private-lib/gnome-system-log.exp
+++ b/test/private-lib/gnome-system-log.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/gpicview.exp b/test/private-lib/gpicview.exp
index cb8b2b040..b438c6de3 100755
--- a/test/private-lib/gpicview.exp
+++ b/test/private-lib/gpicview.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/leafpad.exp b/test/private-lib/leafpad.exp
index 9ef36641a..fbe8e284c 100755
--- a/test/private-lib/leafpad.exp
+++ b/test/private-lib/leafpad.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/mousepad.exp b/test/private-lib/mousepad.exp
index 3bd0f4b77..f47dfe464 100755
--- a/test/private-lib/mousepad.exp
+++ b/test/private-lib/mousepad.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/pavucontrol.exp b/test/private-lib/pavucontrol.exp
index 078c29592..7b8883ade 100755
--- a/test/private-lib/pavucontrol.exp
+++ b/test/private-lib/pavucontrol.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/pluma.exp b/test/private-lib/pluma.exp
index ac274cbfc..99d4299fb 100755
--- a/test/private-lib/pluma.exp
+++ b/test/private-lib/pluma.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/private-lib.sh b/test/private-lib/private-lib.sh
index 724fa4303..a70c3fad6 100755
--- a/test/private-lib/private-lib.sh
+++ b/test/private-lib/private-lib.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3g
diff --git a/test/private-lib/transmission-gtk.exp b/test/private-lib/transmission-gtk.exp
index 1d4b4193e..3c5402c81 100755
--- a/test/private-lib/transmission-gtk.exp
+++ b/test/private-lib/transmission-gtk.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/whois.exp b/test/private-lib/whois.exp
index 19cd55d16..83dc54c76 100755
--- a/test/private-lib/whois.exp
+++ b/test/private-lib/whois.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/private-lib/xcalc.exp b/test/private-lib/xcalc.exp
index 46d8903ae..7cd74d3bd 100755
--- a/test/private-lib/xcalc.exp
+++ b/test/private-lib/xcalc.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/profiles/conditional.exp b/test/profiles/conditional.exp
index fc84581c2..b06b983c1 100755
--- a/test/profiles/conditional.exp
+++ b/test/profiles/conditional.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/profiles/ignore.exp b/test/profiles/ignore.exp
index 7c065ef5c..e7f210a46 100755
--- a/test/profiles/ignore.exp
+++ b/test/profiles/ignore.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/profiles/profile_appname.exp b/test/profiles/profile_appname.exp
index 1148fd764..240a44697 100755
--- a/test/profiles/profile_appname.exp
+++ b/test/profiles/profile_appname.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/profiles/profile_followlnk.exp b/test/profiles/profile_followlnk.exp
index 272f4437d..0500eac35 100755
--- a/test/profiles/profile_followlnk.exp
+++ b/test/profiles/profile_followlnk.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/profiles/profile_noperm.exp b/test/profiles/profile_noperm.exp
index d5f29b0ee..609364389 100755
--- a/test/profiles/profile_noperm.exp
+++ b/test/profiles/profile_noperm.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/profiles/profile_readonly.exp b/test/profiles/profile_readonly.exp
index 57f1a61a6..2046cc297 100755
--- a/test/profiles/profile_readonly.exp
+++ b/test/profiles/profile_readonly.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/profiles/profile_recursivity.exp b/test/profiles/profile_recursivity.exp
index 22a97c96c..c761a1039 100755
--- a/test/profiles/profile_recursivity.exp
+++ b/test/profiles/profile_recursivity.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/profiles/profile_syntax.exp b/test/profiles/profile_syntax.exp
index 8d4b13f74..258089a39 100755
--- a/test/profiles/profile_syntax.exp
+++ b/test/profiles/profile_syntax.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/profiles/profile_syntax2.exp b/test/profiles/profile_syntax2.exp
index c0d0656da..e2ec20ca5 100755
--- a/test/profiles/profile_syntax2.exp
+++ b/test/profiles/profile_syntax2.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/profiles/profiles.sh b/test/profiles/profiles.sh
index 2d7d2a966..a5f74f2e2 100755
--- a/test/profiles/profiles.sh
+++ b/test/profiles/profiles.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/profiles/test-profile.exp b/test/profiles/test-profile.exp
index 51f87d51d..625cb6511 100755
--- a/test/profiles/test-profile.exp
+++ b/test/profiles/test-profile.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/apache2.exp b/test/root/apache2.exp
index 4d2379325..0b4b65dc7 100755
--- a/test/root/apache2.exp
+++ b/test/root/apache2.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 5
diff --git a/test/root/cgroup.exp b/test/root/cgroup.exp
index 3b7db5139..d24a39d07 100755
--- a/test/root/cgroup.exp
+++ b/test/root/cgroup.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/checkcfg.exp b/test/root/checkcfg.exp
index ff40035e3..9a4c666e1 100755
--- a/test/root/checkcfg.exp
+++ b/test/root/checkcfg.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/firecfg.exp b/test/root/firecfg.exp
index b182eee13..65ecefe5d 100755
--- a/test/root/firecfg.exp
+++ b/test/root/firecfg.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/firemon-events.exp b/test/root/firemon-events.exp
index 398342566..7bf51e2c8 100755
--- a/test/root/firemon-events.exp
+++ b/test/root/firemon-events.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/isc-dhcp.exp b/test/root/isc-dhcp.exp
index 13177d383..4c468c3e8 100755
--- a/test/root/isc-dhcp.exp
+++ b/test/root/isc-dhcp.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 5
diff --git a/test/root/join.exp b/test/root/join.exp
index c9b9de110..d995d8aa5 100755
--- a/test/root/join.exp
+++ b/test/root/join.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/login_nobody.exp b/test/root/login_nobody.exp
index 448b0957a..42d8fe013 100755
--- a/test/root/login_nobody.exp
+++ b/test/root/login_nobody.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/nginx.exp b/test/root/nginx.exp
index 5db6a4573..924ee8afd 100755
--- a/test/root/nginx.exp
+++ b/test/root/nginx.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 5
diff --git a/test/root/option_bind_directory.exp b/test/root/option_bind_directory.exp
index 1df318be1..ac6421593 100755
--- a/test/root/option_bind_directory.exp
+++ b/test/root/option_bind_directory.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/option_bind_file.exp b/test/root/option_bind_file.exp
index 9631ae39d..6ead284a8 100755
--- a/test/root/option_bind_file.exp
+++ b/test/root/option_bind_file.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/option_tmpfs.exp b/test/root/option_tmpfs.exp
index ab0a9f0f1..67a678c68 100755
--- a/test/root/option_tmpfs.exp
+++ b/test/root/option_tmpfs.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/private.exp b/test/root/private.exp
index ef4cf2ee2..373bd6cef 100755
--- a/test/root/private.exp
+++ b/test/root/private.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/profile_tmpfs.exp b/test/root/profile_tmpfs.exp
index c56b827e4..8a46d666e 100755
--- a/test/root/profile_tmpfs.exp
+++ b/test/root/profile_tmpfs.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/root.sh b/test/root/root.sh
index 0c88e67d1..d6b60cb23 100755
--- a/test/root/root.sh
+++ b/test/root/root.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 # set a new firejail config file
diff --git a/test/root/seccomp-chmod.exp b/test/root/seccomp-chmod.exp
index 219c8cf60..d6f8b8bcc 100755
--- a/test/root/seccomp-chmod.exp
+++ b/test/root/seccomp-chmod.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/seccomp-chown.exp b/test/root/seccomp-chown.exp
index 80d3eb92e..daf3a5d06 100755
--- a/test/root/seccomp-chown.exp
+++ b/test/root/seccomp-chown.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/seccomp-umount.exp b/test/root/seccomp-umount.exp
index 37ae71736..0a7310fdd 100755
--- a/test/root/seccomp-umount.exp
+++ b/test/root/seccomp-umount.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/root/snmpd.exp b/test/root/snmpd.exp
index 7e6deca04..d1fc49967 100755
--- a/test/root/snmpd.exp
+++ b/test/root/snmpd.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 5
diff --git a/test/root/unbound.exp b/test/root/unbound.exp
index 87d840323..710a95bf4 100755
--- a/test/root/unbound.exp
+++ b/test/root/unbound.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 5
diff --git a/test/root/whitelist.exp b/test/root/whitelist.exp
index e5bcaac24..429a4153e 100755
--- a/test/root/whitelist.exp
+++ b/test/root/whitelist.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/ssh/login.exp b/test/ssh/login.exp
index 67667576e..6a5086a77 100755
--- a/test/ssh/login.exp
+++ b/test/ssh/login.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/ssh/scp.exp b/test/ssh/scp.exp
index a6583545c..bca6a124f 100755
--- a/test/ssh/scp.exp
+++ b/test/ssh/scp.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/ssh/sftp.exp b/test/ssh/sftp.exp
index 0d9792de8..09d3c119e 100755
--- a/test/ssh/sftp.exp
+++ b/test/ssh/sftp.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/ssh/ssh.sh b/test/ssh/ssh.sh
index 77dc89f2f..bdad8cf87 100755
--- a/test/ssh/ssh.sh
+++ b/test/ssh/ssh.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/stress/blacklist.exp b/test/stress/blacklist.exp
index 149f8f3df..fae874b25 100755
--- a/test/stress/blacklist.exp
+++ b/test/stress/blacklist.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/stress/env.exp b/test/stress/env.exp
index 2ac0c6226..d69558114 100755
--- a/test/stress/env.exp
+++ b/test/stress/env.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/stress/net_macvlan.exp b/test/stress/net_macvlan.exp
index b8d192d2c..a535afa2a 100755
--- a/test/stress/net_macvlan.exp
+++ b/test/stress/net_macvlan.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/stress/stress.sh b/test/stress/stress.sh
index f3488a0cf..d32ffe907 100755
--- a/test/stress/stress.sh
+++ b/test/stress/stress.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/sysutils/cpio.exp b/test/sysutils/cpio.exp
index 1d0d43543..4230ba375 100755
--- a/test/sysutils/cpio.exp
+++ b/test/sysutils/cpio.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/sysutils/file.exp b/test/sysutils/file.exp
index 74d5c3064..b97c0c283 100755
--- a/test/sysutils/file.exp
+++ b/test/sysutils/file.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/sysutils/gzip.exp b/test/sysutils/gzip.exp
index d81b78aba..be2222f06 100755
--- a/test/sysutils/gzip.exp
+++ b/test/sysutils/gzip.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/sysutils/less.exp b/test/sysutils/less.exp
index daa666c18..265b0e474 100755
--- a/test/sysutils/less.exp
+++ b/test/sysutils/less.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/sysutils/ping.exp b/test/sysutils/ping.exp
index 58bcb6111..fac4b2ac3 100755
--- a/test/sysutils/ping.exp
+++ b/test/sysutils/ping.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/sysutils/strings.exp b/test/sysutils/strings.exp
index 2b6c3848a..7c91fb78a 100755
--- a/test/sysutils/strings.exp
+++ b/test/sysutils/strings.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/sysutils/sysutils.sh b/test/sysutils/sysutils.sh
index fe931b045..96962d324 100755
--- a/test/sysutils/sysutils.sh
+++ b/test/sysutils/sysutils.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
diff --git a/test/sysutils/tar.exp b/test/sysutils/tar.exp
index 4ed7bace4..60e05f847 100755
--- a/test/sysutils/tar.exp
+++ b/test/sysutils/tar.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/sysutils/xz.exp b/test/sysutils/xz.exp
index 074b90076..4c6fcea9d 100755
--- a/test/sysutils/xz.exp
+++ b/test/sysutils/xz.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 60
diff --git a/test/sysutils/xzdec.exp b/test/sysutils/xzdec.exp
index 02621bbf0..737517d54 100755
--- a/test/sysutils/xzdec.exp
+++ b/test/sysutils/xzdec.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/audit.exp b/test/utils/audit.exp
deleted file mode 100755
index 6ce763e3f..000000000
--- a/test/utils/audit.exp
+++ /dev/null
@@ -1,167 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
-# License GPL v2
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send -- "firejail --audit\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Firejail Audit"
-}
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "is running in a PID namespace"
-}
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "container/sandbox firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "seccomp BPF enabled"
-}
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "all capabilities are disabled"
-}
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "dev directory seems to be fully populated"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "Parent is shutting down, bye..."
-}
-after 100
-send -- "firejail --audit\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        "Firejail Audit"
-}
-expect {
-        timeout {puts "TESTING ERROR 7\n";exit}
-        "is running in a PID namespace"
-}
-expect {
-        timeout {puts "TESTING ERROR 8\n";exit}
-        "container/sandbox firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 9\n";exit}
-        "seccomp BPF enabled"
-}
-expect {
-        timeout {puts "TESTING ERROR 10\n";exit}
-        "all capabilities are disabled"
-}
-expect {
-        timeout {puts "TESTING ERROR 11\n";exit}
-        "dev directory seems to be fully populated"
-}
-expect {
-        timeout {puts "TESTING ERROR 11.1\n";exit}
-        "Parent is shutting down, bye..."
-}
-after 100
-send -- "firejail --audit=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 12\n";exit}
-        "cannot find the audit program"
-}
-after 100
-send -- "firejail --audit=\r"
-expect {
-        timeout {puts "TESTING ERROR 12\n";exit}
-        "invalid audit program"
-}
-after 100
-# run audit executable without a sandbox
-send -- "faudit\r"
-expect {
-        timeout {puts "TESTING ERROR 13\n";exit}
-        "is not running in a PID namespace"
-}
-expect {
-        timeout {puts "TESTING ERROR 14\n";exit}
-        "BAD: seccomp disabled"
-}
-expect {
-        timeout {puts "TESTING ERROR 15\n";exit}
-        "BAD: the capability map is"
-}
-expect {
-        timeout {puts "TESTING ERROR 16\n";exit}
-        "MAYBE: /dev directory seems to be fully populated"
-}
-after 100
-# test seccomp
-send -- "firejail --seccomp.drop=mkdir --audit\r"
-expect {
-        timeout {puts "TESTING ERROR 17\n";exit}
-        "Firejail Audit"
-}
-expect {
-        timeout {puts "TESTING ERROR 18\n";exit}
-        "GOOD: seccomp BPF enabled"
-}
-expect {
-        timeout {puts "TESTING ERROR 19\n";exit}
-        "UGLY: mount syscall permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 20\n";exit}
-        "UGLY: umount2 syscall permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 21\n";exit}
-        "UGLY: ptrace syscall permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 22\n";exit}
-        "UGLY: swapon syscall permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 23\n";exit}
-        "UGLY: swapoff syscall permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 24\n";exit}
-        "UGLY: init_module syscall permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 25\n";exit}
-        "UGLY: delete_module syscall permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 26\n";exit}
-        "UGLY: chroot syscall permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 27\n";exit}
-        "UGLY: pivot_root syscall permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 28\n";exit}
-        "UGLY: iopl syscall permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 29\n";exit}
-        "UGLY: ioperm syscall permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 30\n";exit}
-        "GOOD: all capabilities are disabled"
-}
-after 100
-puts "\nall done\n"
diff --git a/test/utils/build.exp b/test/utils/build.exp
index ac4f30326..cdc2f3b7b 100755
--- a/test/utils/build.exp
+++ b/test/utils/build.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/caps-print.exp b/test/utils/caps-print.exp
index 753511536..6b6090476 100755
--- a/test/utils/caps-print.exp
+++ b/test/utils/caps-print.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/catchsignal-master.sh b/test/utils/catchsignal-master.sh
index e8a5205bb..28e646ddb 100755
--- a/test/utils/catchsignal-master.sh
+++ b/test/utils/catchsignal-master.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 ./catchsignal.sh &
diff --git a/test/utils/catchsignal.sh b/test/utils/catchsignal.sh
index de2c068b3..f7a501011 100755
--- a/test/utils/catchsignal.sh
+++ b/test/utils/catchsignal.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 _term() {
diff --git a/test/utils/catchsignal2.sh b/test/utils/catchsignal2.sh
index 6499972d8..9ba939ef4 100755
--- a/test/utils/catchsignal2.sh
+++ b/test/utils/catchsignal2.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 _term() {
diff --git a/test/utils/command.exp b/test/utils/command.exp
index a2f7e4204..6cb52a7fa 100755
--- a/test/utils/command.exp
+++ b/test/utils/command.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/cpu-print.exp b/test/utils/cpu-print.exp
index 8b3b51dba..e7d709cee 100755
--- a/test/utils/cpu-print.exp
+++ b/test/utils/cpu-print.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/dns-print.exp b/test/utils/dns-print.exp
index edbe66a51..b3b732bee 100755
--- a/test/utils/dns-print.exp
+++ b/test/utils/dns-print.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/firemon-caps.exp b/test/utils/firemon-caps.exp
index a51e5a765..837d08271 100755
--- a/test/utils/firemon-caps.exp
+++ b/test/utils/firemon-caps.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/firemon-cgroup.exp b/test/utils/firemon-cgroup.exp
index f7c6e0adb..3976b0c50 100755
--- a/test/utils/firemon-cgroup.exp
+++ b/test/utils/firemon-cgroup.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/firemon-cpu.exp b/test/utils/firemon-cpu.exp
index 90bb702a3..b410c764e 100755
--- a/test/utils/firemon-cpu.exp
+++ b/test/utils/firemon-cpu.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/firemon-interface.exp b/test/utils/firemon-interface.exp
index ff3cea8bb..0c358d129 100755
--- a/test/utils/firemon-interface.exp
+++ b/test/utils/firemon-interface.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/firemon-name.exp b/test/utils/firemon-name.exp
index 88e41d96d..57729d662 100755
--- a/test/utils/firemon-name.exp
+++ b/test/utils/firemon-name.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/firemon-seccomp.exp b/test/utils/firemon-seccomp.exp
index a8c7fc24d..d35027827 100755
--- a/test/utils/firemon-seccomp.exp
+++ b/test/utils/firemon-seccomp.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/firemon-version.exp b/test/utils/firemon-version.exp
index 837bf0f92..8e4e33ec0 100755
--- a/test/utils/firemon-version.exp
+++ b/test/utils/firemon-version.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/fs-print.exp b/test/utils/fs-print.exp
index 736c309ec..4b6eac391 100755
--- a/test/utils/fs-print.exp
+++ b/test/utils/fs-print.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/help.exp b/test/utils/help.exp
index 77c2e6ec3..71bb5788c 100755
--- a/test/utils/help.exp
+++ b/test/utils/help.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/join-profile.exp b/test/utils/join-profile.exp
index b44f44cfe..d6fcc50d7 100755
--- a/test/utils/join-profile.exp
+++ b/test/utils/join-profile.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/join.exp b/test/utils/join.exp
index 1f1a905b2..25dd31922 100755
--- a/test/utils/join.exp
+++ b/test/utils/join.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/join2.exp b/test/utils/join2.exp
index 6c26db4e9..dada97158 100755
--- a/test/utils/join2.exp
+++ b/test/utils/join2.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/join3.exp b/test/utils/join3.exp
index 74dad7070..305000e92 100755
--- a/test/utils/join3.exp
+++ b/test/utils/join3.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/join4.exp b/test/utils/join4.exp
index d04cbee46..8c5e91d68 100755
--- a/test/utils/join4.exp
+++ b/test/utils/join4.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/join5.exp b/test/utils/join5.exp
index 43ca09b4d..3d365944d 100755
--- a/test/utils/join5.exp
+++ b/test/utils/join5.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/list.exp b/test/utils/list.exp
index fefdd4787..d7d39357d 100755
--- a/test/utils/list.exp
+++ b/test/utils/list.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/ls.exp b/test/utils/ls.exp
index b70f53a74..080bfdad2 100755
--- a/test/utils/ls.exp
+++ b/test/utils/ls.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/man.exp b/test/utils/man.exp
index 102701a6a..41f5a2ff8 100755
--- a/test/utils/man.exp
+++ b/test/utils/man.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/name.exp b/test/utils/name.exp
index 3a1dfb640..9e5367ba7 100755
--- a/test/utils/name.exp
+++ b/test/utils/name.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/profile_print.exp b/test/utils/profile_print.exp
index ddeeb8af6..f8f6708bb 100755
--- a/test/utils/profile_print.exp
+++ b/test/utils/profile_print.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/protocol-print.exp b/test/utils/protocol-print.exp
index c44a659e1..1ed92ddd6 100755
--- a/test/utils/protocol-print.exp
+++ b/test/utils/protocol-print.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/seccomp-print.exp b/test/utils/seccomp-print.exp
index 41a6ce778..86f1e9845 100755
--- a/test/utils/seccomp-print.exp
+++ b/test/utils/seccomp-print.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/shutdown.exp b/test/utils/shutdown.exp
index 0867970a1..35d2750db 100755
--- a/test/utils/shutdown.exp
+++ b/test/utils/shutdown.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 15
diff --git a/test/utils/shutdown2.exp b/test/utils/shutdown2.exp
index 463c2fb78..7eb3d516b 100755
--- a/test/utils/shutdown2.exp
+++ b/test/utils/shutdown2.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/shutdown3.exp b/test/utils/shutdown3.exp
index 9e92889dc..a543bb9e5 100755
--- a/test/utils/shutdown3.exp
+++ b/test/utils/shutdown3.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/shutdown4.exp b/test/utils/shutdown4.exp
index e7733ca41..a9a3978ea 100755
--- a/test/utils/shutdown4.exp
+++ b/test/utils/shutdown4.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/top.exp b/test/utils/top.exp
index 2ef6f0375..150011bba 100755
--- a/test/utils/top.exp
+++ b/test/utils/top.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/trace.exp b/test/utils/trace.exp
index 5df44c1ca..3ed09565b 100755
--- a/test/utils/trace.exp
+++ b/test/utils/trace.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 30
diff --git a/test/utils/tree.exp b/test/utils/tree.exp
index 82045e8c9..ff834bec6 100755
--- a/test/utils/tree.exp
+++ b/test/utils/tree.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10
diff --git a/test/utils/utils.sh b/test/utils/utils.sh
index 8453894a2..c021d6287 100755
--- a/test/utils/utils.sh
+++ b/test/utils/utils.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 export MALLOC_CHECK_=3
@@ -8,7 +8,7 @@ export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
 export LC_ALL=C
 if [ -f /etc/debian_version ]; then
-        libdir=$(dirname "$(dpkg -L firejail | grep faudit)")
+        libdir=$(dirname "$(dpkg -L firejail | grep fcopy)")
        export PATH="$PATH:$libdir"
 fi
 export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail"
@@ -18,13 +18,6 @@ echo "TESTING: build (test/utils/build.exp)"
 rm -f ~/firejail-test-file-7699
 rm -f firejail-test-file-4388
-if [ $(faudit | grep -c "is running in a PID namespace.") -gt 0 ]; then
-        echo "TESTING SKIP: already running in pid namespace (test/utils/audit.exp)"
-else
-        echo "TESTING: audit (test/utils/audit.exp)"
-        ./audit.exp
-fi
 echo "TESTING: name (test/utils/name.exp)"
 ./name.exp
diff --git a/test/utils/version.exp b/test/utils/version.exp
index c78a087bb..be0d152b8 100755
--- a/test/utils/version.exp
+++ b/test/utils/version.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2021 Firejail Authors
 # License GPL v2
 set timeout 10