6 files changed, 12 insertions, 7 deletions
diff --git a/etc/profile-m-z/okular.profile b/etc/profile-m-z/okular.profile
index 9f4990246..645510124 100644
--- a/etc/profile-m-z/okular.profile
+++ b/etc/profile-m-z/okular.profile
@@ -58,7 +58,7 @@ protocol unix
 seccomp
 tracelog
-private-bin kbuildsycoca4,kdeinit4,lpr,okular,unar,unrar
+private-bin kbuildsycoca4,kdeinit4,lpr,okular,ps2pdf,unar,unrar
 private-dev
 private-etc @x11,cups
 # on KDE we need access to the real /tmp for data exchange with email clients
diff --git a/etc/profile-m-z/palemoon.profile b/etc/profile-m-z/palemoon.profile
index 8917a9bc5..8e1a5daf5 100644
--- a/etc/profile-m-z/palemoon.profile
+++ b/etc/profile-m-z/palemoon.profile
@@ -21,8 +21,7 @@ seccomp
 ignore seccomp
 #private-bin palemoon
-# private-etc must first be enabled in firefox-common.profile
+private-etc palemoon
-#private-etc palemoon
 restrict-namespaces
 ignore restrict-namespaces
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile
index 62efa28db..1c4d85ea0 100644
--- a/etc/profile-m-z/ssh.profile
+++ b/etc/profile-m-z/ssh.profile
@@ -19,7 +19,8 @@ include disable-exec.inc
 include disable-programs.inc
 whitelist ${RUNUSER}/gcr/ssh
-whitelist ${RUNUSER}/gnupg/S.gpg-agent.ssh
+whitelist ${RUNUSER}/gnupg/S.gpg-agent.ssh # default gpg homedir setup
+whitelist ${RUNUSER}/gnupg/*/S.gpg-agent.ssh # custom gpg homedir setup
 whitelist ${RUNUSER}/keyring/ssh
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/sway.profile b/etc/profile-m-z/sway.profile
index f71905150..b7f90f6ad 100644
--- a/etc/profile-m-z/sway.profile
+++ b/etc/profile-m-z/sway.profile
@@ -10,6 +10,10 @@ include globals.local
 noblacklist ${HOME}/.config/sway
 # sway uses ~/.config/i3 as fallback if there is no ~/.config/sway
 noblacklist ${HOME}/.config/i3
+# allow creation of IPC socket
+noblacklist ${RUNUSER}/sway-ipc.*
+noblacklist /tmp/sway-ipc.*
 include disable-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/waterfox.profile b/etc/profile-m-z/waterfox.profile
index bf6f45e41..cf2fced64 100644
--- a/etc/profile-m-z/waterfox.profile
+++ b/etc/profile-m-z/waterfox.profile
@@ -21,9 +21,7 @@ whitelist /usr/share/waterfox
 # waterfox requires a shell to launch on Arch. We can possibly remove sh though.
 # Add the next line to your waterfox.local to enable private-bin.
 #private-bin bash,dbus-launch,dbus-send,env,sh,waterfox,waterfox-classic,waterfox-current,which
-# Add the next line to your waterfox.local to enable private-etc. Note that private-etc must first be
+private-etc waterfox
-# enabled in your firefox-common.local.
-#private-etc waterfox
 # Redirect
 include firefox-common.profile
diff --git a/etc/profile-m-z/zoom.profile b/etc/profile-m-z/zoom.profile
index 306212f85..430934df2 100644
--- a/etc/profile-m-z/zoom.profile
+++ b/etc/profile-m-z/zoom.profile
@@ -19,6 +19,7 @@ ignore dbus-system none
 noblacklist ${HOME}/.config/zoom.conf
 noblacklist ${HOME}/.config/zoomus.conf
 noblacklist ${HOME}/.zoom
+noblacklist ${DOCUMENTS}
 nowhitelist ${DOWNLOADS}
@@ -26,10 +27,12 @@ mkdir ${HOME}/.cache/zoom
 mkfile ${HOME}/.config/zoom.conf
 mkfile ${HOME}/.config/zoomus.conf
 mkdir ${HOME}/.zoom
+mkdir ${HOME}/Documents/Zoom
 whitelist ${HOME}/.cache/zoom
 whitelist ${HOME}/.config/zoom.conf
 whitelist ${HOME}/.config/zoomus.conf
 whitelist ${HOME}/.zoom
+whitelist ${HOME}/Documents/Zoom
 # Disable for now, see https://github.com/netblue30/firejail/issues/3726
 #private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl