31 files changed, 91 insertions, 90 deletions
diff --git a/etc/profile-m-z/PCSX2.profile b/etc/profile-m-z/PCSX2.profile
index b2687ba3c..e678b7204 100644
--- a/etc/profile-m-z/PCSX2.profile
+++ b/etc/profile-m-z/PCSX2.profile
@@ -6,7 +6,7 @@ include PCSX2.local
 # Persistent global definitions
 include globals.local
-# Note: you must whitelist your games folder in a PCSX2.local
+# Note: you must whitelist your games folder in your PCSX2.local.
 noblacklist ${HOME}/.config/PCSX2
@@ -32,7 +32,7 @@ caps.drop all
 ipc-namespace
 net none
 netfilter
-# Uncomment the following line if not loading games from disc
+# Add the next line to your PCSX2.local if you're not loading games from disc.
 #nodvd
 nogroups
 nonewprivs
@@ -47,7 +47,7 @@ shell none
 private-bin PCSX2
 private-cache
-# uncomment the following line if you do not need controller support
+# Add the next line to your PCSX2.local if you do not need controller support.
 #private-dev
 private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg
 private-opt none
diff --git a/etc/profile-m-z/marker.profile b/etc/profile-m-z/marker.profile
index 70e5c72cf..84039aca3 100644
--- a/etc/profile-m-z/marker.profile
+++ b/etc/profile-m-z/marker.profile
@@ -6,7 +6,7 @@ include marker.local
 # Persistent global definitions
 include globals.local
-# Uncomment (or add to your marker.local) if you need internet access.
+# Add the next lines to your marker.local if you need internet access.
 #ignore net none
 #protocol unix,inet,inet6
 #private-etc ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf
diff --git a/etc/profile-m-z/meld.profile b/etc/profile-m-z/meld.profile
index d76522fce..900523b81 100644
--- a/etc/profile-m-z/meld.profile
+++ b/etc/profile-m-z/meld.profile
@@ -7,11 +7,11 @@ include meld.local
 include globals.local
 # If you want to use meld as git mergetool (and maybe some other VCS integrations) you need
-# to bypass firejail, you can do this by removing the symlink or calling it by its absolute path
+# to bypass firejail. You can do this by removing the symlink or by calling it by its absolute path.
 # Removing the symlink:
-#  sudo rm /usr/local/bin/meld
+# $ sudo rm /usr/local/bin/meld
 # Calling it by its absolute path (example for git mergetool):
-#  git config --global mergetool.meld.cmd /usr/bin/meld
+# $ git config --global mergetool.meld.cmd /usr/bin/meld
 noblacklist ${HOME}/.config/meld
 noblacklist ${HOME}/.config/git
@@ -21,30 +21,31 @@ noblacklist ${HOME}/.local/share/meld
 noblacklist ${HOME}/.subversion
 # Allow python (blacklisted by disable-interpreters.inc)
-# Python 2 is EOL (see #3164). Uncomment the next line (or put it into your meld.local) if you understand the risks but want python 2 support for older meld versions.
+# Python 2 is EOL (see #3164). Add the next line to your meld.local if you understand the risks
+# but want to keep Python 2 support for older meld versions.
 #include allow-python2.inc
 include allow-python3.inc
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
-# Uncomment the next line (or put it into your meld.local) if you don't need to compare files in disable-common.inc.
+# Add the next line to your meld.local if you don't need to compare files in disable-common.inc.
 #include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
-# Uncomment the next line (or put it into your meld.local) if you don't need to compare files in disable-programs.inc.
+# Add the next line to your meld.local if you don't need to compare files in disable-programs.inc.
 #include disable-programs.inc
 include disable-shell.inc
 include whitelist-runuser-common.inc
-# Uncomment the next lines (or put it into your meld.local) if you don't need to compare files in /usr/share.
+# Add the next lines to your meld.local if you don't need to compare files in /usr/share.
 #whitelist /usr/share/meld
 #include whitelist-usr-share-common.inc
-# Uncomment the next line (or put it into your meld.local) if you don't need to compare files in /var.
+# Add the next line to your meld.local if you don't need to compare files in /var.
 #include whitelist-var-common.inc
 apparmor
@@ -70,9 +71,9 @@ tracelog
 private-bin bzr,cvs,git,hg,meld,python*,svn
 private-cache
 private-dev
-# Uncomment the next line (or put it into your meld.local) if you don't need to compare in /etc.
+# Add the next line to your meld.local if you don't need to compare files in /etc.
 #private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,pki,resolv.conf,ssl,subversion
-# Comment the next line (or add 'ignore private-tmp to your meld.local') if you want to use it as a difftool (#3551)
+# Add 'ignore private-tmp' to your meld.local if you want to use it as difftool (#3551).
 private-tmp
 read-only ${HOME}/.ssh
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile
index 24782c033..2c6e047d8 100644
--- a/etc/profile-m-z/mutt.profile
+++ b/etc/profile-m-z/mutt.profile
@@ -38,8 +38,7 @@ noblacklist ${HOME}/sent
 blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}/wayland-*
-# Uncomment or put them in mutt.local for oauth.py,S/MIME
+# Add the next lines to your mutt.local for oauth.py,S/MIME support.
 #include allow-perl.inc
 #include allow-python2.inc
 #include allow-python3.inc
diff --git a/etc/profile-m-z/nextcloud.profile b/etc/profile-m-z/nextcloud.profile
index 4e7c902d9..53dd3a05a 100644
--- a/etc/profile-m-z/nextcloud.profile
+++ b/etc/profile-m-z/nextcloud.profile
@@ -9,7 +9,7 @@ include globals.local
 noblacklist ${HOME}/Nextcloud
 noblacklist ${HOME}/.config/Nextcloud
 noblacklist ${HOME}/.local/share/Nextcloud
-# Uncomment or put in your nextcloud.local to allow sync with more directories.
+# Add the next lines to your nextcloud.local to allow sync in more directories.
 #noblacklist ${DOCUMENTS}
 #noblacklist ${MUSIC}
 #noblacklist ${PICTURES}
@@ -30,7 +30,7 @@ mkdir ${HOME}/.local/share/Nextcloud
 whitelist ${HOME}/Nextcloud
 whitelist ${HOME}/.config/Nextcloud
 whitelist ${HOME}/.local/share/Nextcloud
-# Uncomment or put in your nextcloud.local to allow sync with more directories.
+# Add the next lines to your nextcloud.local to allow sync in more directories.
 #whitelist ${DOCUMENTS}
 #whitelist ${MUSIC}
 #whitelist ${PICTURES}
diff --git a/etc/profile-m-z/nheko.profile b/etc/profile-m-z/nheko.profile
index 2fbbef832..1b5da8d27 100644
--- a/etc/profile-m-z/nheko.profile
+++ b/etc/profile-m-z/nheko.profile
@@ -51,9 +51,11 @@ private-dev
 private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
 private-tmp
+# Add the next lines to your nheko.local to enable notification support.
+#ignore dbus-user none
+#dbus-user filter
+#dbus-user.talk org.freedesktop.Notifications
+#dbus-user.talk org.kde.StatusNotifierWatcher
 dbus-user none
-# Comment the above line and uncomment below lines for notification popups
-# dbus-user filter
-# dbus-user.talk org.freedesktop.Notifications
-# dbus-user.talk org.kde.StatusNotifierWatcher
 dbus-system none
diff --git a/etc/profile-m-z/npm.profile b/etc/profile-m-z/npm.profile
index e95e875be..f51d58782 100644
--- a/etc/profile-m-z/npm.profile
+++ b/etc/profile-m-z/npm.profile
@@ -15,7 +15,7 @@ noblacklist ${HOME}/.npm
 noblacklist ${HOME}/.npmrc
 # If you want whitelisting, change ${HOME}/Projects below to your npm projects directory
-# and uncomment the lines below.
+# and add the next lines to your npm.local.
 #mkdir ${HOME}/.node-gyp
 #mkdir ${HOME}/.npm
 #mkfile ${HOME}/.npmrc
diff --git a/etc/profile-m-z/ocenaudio.profile b/etc/profile-m-z/ocenaudio.profile
index ae18cfff9..be3618e31 100644
--- a/etc/profile-m-z/ocenaudio.profile
+++ b/etc/profile-m-z/ocenaudio.profile
@@ -26,7 +26,7 @@ apparmor
 caps.drop all
 ipc-namespace
 # net none - breaks update functionality and AppArmor on Ubuntu systems
-# uncomment (or put 'net none' in your ocenaudio.local) when needed
+# Add 'net none' to your ocenaudio.local when you want that functionality.
 #net none
 netfilter
 no3d
diff --git a/etc/profile-m-z/openmw.profile b/etc/profile-m-z/openmw.profile
index 270d64c1e..89b146619 100644
--- a/etc/profile-m-z/openmw.profile
+++ b/etc/profile-m-z/openmw.profile
@@ -22,8 +22,8 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/openmw
 mkdir ${HOME}/.local/share/openmw
 whitelist ${HOME}/.config/openmw
-# Copy Morrowind data files into the following directory or load it from /mnt
+# Copy Morrowind data files into ${HOME}/.local/share/openmw or load them from /mnt.
-# or whitelist it in a openmw.local
+# Alternatively you can whitelist custom paths in your openmw.local.
 whitelist ${HOME}/.local/share/openmw
 whitelist /usr/share/openmw
 include whitelist-common.inc
@@ -36,7 +36,7 @@ caps.drop all
 ipc-namespace
 net none
 netfilter
-# Uncomment the following line if installing from disc
+# Add 'ignore nodvd' to your openmw.local when installing from disc.
 nodvd
 nogroups
 nonewprivs
diff --git a/etc/profile-m-z/pcsxr.profile b/etc/profile-m-z/pcsxr.profile
index c25c4ae66..a6dab2a9a 100644
--- a/etc/profile-m-z/pcsxr.profile
+++ b/etc/profile-m-z/pcsxr.profile
@@ -6,7 +6,7 @@ include pcsxr.local
 # Persistent global definitions
 include globals.local
-# Note: you must whitelist your games folder in a pcsxr.local
+# Note: you must whitelist your games folder in your pcsxr.local
 noblacklist ${HOME}/.pcsxr
@@ -32,7 +32,7 @@ caps.drop all
 ipc-namespace
 net none
 netfilter
-# Uncomment the following line if not loading games from disc
+# Add the next line to your pcsxr.local when not loading games from disc.
 #nodvd
 nogroups
 nonewprivs
@@ -47,7 +47,7 @@ tracelog
 private-bin pcsxr
 private-cache
-# uncomment the following line if you do not need controller support
+# Add the next line to your pcsxr.local if you do not need controller support.
 #private-dev
 private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg
 private-opt none
diff --git a/etc/profile-m-z/ppsspp.profile b/etc/profile-m-z/ppsspp.profile
index 263d99c83..1f73c1d89 100644
--- a/etc/profile-m-z/ppsspp.profile
+++ b/etc/profile-m-z/ppsspp.profile
@@ -6,7 +6,7 @@ include ppsspp.local
 # Persistent global definitions
 include globals.local
-# Note: you must whitelist your games folder in a ppsspp.local
+# Note: you must whitelist your games folder in your ppsspp.local.
 noblacklist ${HOME}/.config/ppsspp
@@ -42,7 +42,7 @@ seccomp
 shell none
 private-bin ppsspp,PPSSPP,PPSSPPQt,PPSSPPSDL
-# uncomment the following line if you do not need controller support
+# Add the next line to your ppsspp.local if you do not need controller support.
 #private-dev
 private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl
 private-opt ppsspp
diff --git a/etc/profile-m-z/psi.profile b/etc/profile-m-z/psi.profile
index d3112ae95..376743b8d 100644
--- a/etc/profile-m-z/psi.profile
+++ b/etc/profile-m-z/psi.profile
@@ -6,8 +6,8 @@ include psi.local
 # Persistent global definitions
 include globals.local
-# Uncomment for GPG
+# Add the next line to your psi.local to enable GPG support.
-# noblacklist ${HOME}/.gnupg
+#noblacklist ${HOME}/.gnupg
 noblacklist ${HOME}/.cache/psi
 noblacklist ${HOME}/.cache/Psi
 noblacklist ${HOME}/.config/psi
@@ -23,28 +23,28 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-# Uncomment for GPG
+# Add the next line to your psi.local to enable GPG support.
-# mkdir ${HOME}/.gnupg
+#mkdir ${HOME}/.gnupg
 mkdir ${HOME}/.cache/psi
 mkdir ${HOME}/.cache/Psi
 mkdir ${HOME}/.config/psi
 mkdir ${HOME}/.local/share/psi
 mkdir ${HOME}/.local/share/Psi
-# Uncomment for GPG
+# Add the next line to your psi.local to enable GPG support.
-# whitelist ${HOME}/.gnupg
+#whitelist ${HOME}/.gnupg
 whitelist ${HOME}/.cache/psi
 whitelist ${HOME}/.cache/Psi
 whitelist ${HOME}/.config/psi
 whitelist ${HOME}/.local/share/psi
 whitelist ${HOME}/.local/share/Psi
 whitelist ${DOWNLOADS}
-# Uncomment for GPG
+# Add the next lines to your psi.local to enable GPG support.
-# whitelist /usr/share/gnupg
+#whitelist /usr/share/gnupg
-# whitelist /usr/share/gnupg2
+#whitelist /usr/share/gnupg2
 whitelist /usr/share/psi
-# Uncomment for GPG
+# Add the next lines to your psi.local to enable GPG support.
-# whitelist ${RUNUSER}/gnupg
+#whitelist ${RUNUSER}/gnupg
-# whitelist ${RUNUSER}/keyring
+#whitelist ${RUNUSER}/keyring
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
@@ -63,11 +63,11 @@ nou2f
 protocol unix,inet,inet6,netlink
 seccomp !chroot
 shell none
-# breaks on Arch
+#tracelog - breaks on Arch
-# tracelog
 disable-mnt
-# Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for GPG
+# Add the next line to your psi.local to enable GPG support.
+#private-bin gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet
 private-bin getopt,psi
 private-cache
 private-dev
diff --git a/etc/profile-m-z/rsync-download_only.profile b/etc/profile-m-z/rsync-download_only.profile
index 78159527a..4bce35d16 100644
--- a/etc/profile-m-z/rsync-download_only.profile
+++ b/etc/profile-m-z/rsync-download_only.profile
@@ -7,9 +7,8 @@ include rsync.local
 # Persistent global definitions
 include globals.local
-# Warning: This profile is writte to use rsync as an client for downloading,
+# WARNING: this profile is designed to use rsync as a client for downloading,
-# it is not writen to use rsync as an daemon (rsync --daemon) or to create backups.
+# not as a daemon (rsync --daemon) nor to create backups.
 # Usage: firejail --profile=rsync-download_only rsync
 blacklist /tmp/.X11-unix
@@ -24,7 +23,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-# Uncomment or add to rsync.local to enable extra hardening
+# Add the next line to your rsync-download_only.local to enable extra hardening.
 #whitelist ${DOWNLOADS}
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/rtv.profile b/etc/profile-m-z/rtv.profile
index 6f971b96b..970545ff6 100644
--- a/etc/profile-m-z/rtv.profile
+++ b/etc/profile-m-z/rtv.profile
@@ -16,10 +16,9 @@ noblacklist ${HOME}/.local/share/rtv
 include allow-python2.inc
 include allow-python3.inc
-# You can configure rtv to open different type of links
+# You can configure rtv to open different type of links in external applications.
-# in external applications. Configuration here:
+# Configuration: https://github.com/michael-lazar/rtv#viewing-media-links.
-# https://github.com/michael-lazar/rtv#viewing-media-links
+# Add the next line to your rtv.local to enable external application support.
-# Uncomment or put in rtv.local for external application support
 #include rtv-addons.profile
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/seahorse.profile b/etc/profile-m-z/seahorse.profile
index 065409e78..2b82e5d06 100644
--- a/etc/profile-m-z/seahorse.profile
+++ b/etc/profile-m-z/seahorse.profile
@@ -22,7 +22,7 @@ include disable-programs.inc
 include disable-xdg.inc
 # whitelisting in ${HOME} breaks file encryption feature of nautilus.
-# once #2882 is fixed this can be uncommented and nowhitelisted in seahorse-tool.profile
+# Once #2882 is fixed this can be activated here and nowhitelisted in seahorse-tool.profile.
 #mkdir ${HOME}/.gnupg
 #mkdir ${HOME}/.ssh
 #whitelist ${HOME}/.gnupg
diff --git a/etc/profile-m-z/servo.profile b/etc/profile-m-z/servo.profile
index 65da5d0de..dc3fdaf34 100644
--- a/etc/profile-m-z/servo.profile
+++ b/etc/profile-m-z/servo.profile
@@ -17,7 +17,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-# Add a whitelist for the directory where servo is installed and uncomment the lines below.
+# Add the next lines to your servo.local to turn this into a whitelisting profile.
+# You will need to add a whitelist for the directory where servo is installed.
 #whitelist ${DOWNLOADS}
 #include whitelist-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/spectacle.profile b/etc/profile-m-z/spectacle.profile
index 73d2556ac..144763332 100644
--- a/etc/profile-m-z/spectacle.profile
+++ b/etc/profile-m-z/spectacle.profile
@@ -6,7 +6,7 @@ include spectacle.local
 # Persistent global definitions
 include globals.local
-# Uncomment the following lines to use sharing services.
+# Add the next lines to your spectacle.local to use sharing services.
 #netfilter
 #ignore net none
 #private-etc ca-certificates,crypto-policies,pki,resolv.conf,ssl
diff --git a/etc/profile-m-z/spectral.profile b/etc/profile-m-z/spectral.profile
index 093661d8c..bf0f9f3a1 100644
--- a/etc/profile-m-z/spectral.profile
+++ b/etc/profile-m-z/spectral.profile
@@ -50,8 +50,9 @@ private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,
 private-tmp
 dbus-user none
-# Comment the above line and uncomment below lines for notification popups
+# Add the next lines to your spectral.local to enable notification support.
-# dbus-user filter
+#ignore dbus-user none
-# dbus-user.talk org.freedesktop.Notifications
+#dbus-user filter
-# dbus-user.talk org.kde.StatusNotifierWatcher
+#dbus-user.talk org.freedesktop.Notifications
+#dbus-user.talk org.kde.StatusNotifierWatcher
 dbus-system none
diff --git a/etc/profile-m-z/supertuxkart.profile b/etc/profile-m-z/supertuxkart.profile
index 1b20f5d3d..6a0ed46e0 100644
--- a/etc/profile-m-z/supertuxkart.profile
+++ b/etc/profile-m-z/supertuxkart.profile
@@ -50,7 +50,7 @@ tracelog
 disable-mnt
 private-bin supertuxkart
 private-cache
-# uncomment the following line if you do not need controller support
+# Add the next line to your supertuxkart.local if you do not need controller support.
 #private-dev
 private-etc alternatives,ca-certificates,crypto-policies,drirc,hosts,machine-id,openal,pki,resolv.conf,ssl
 private-tmp
diff --git a/etc/profile-m-z/sylpheed.profile b/etc/profile-m-z/sylpheed.profile
index 50506d100..328812b04 100644
--- a/etc/profile-m-z/sylpheed.profile
+++ b/etc/profile-m-z/sylpheed.profile
@@ -19,7 +19,7 @@ dbus-user filter
 dbus-user.talk ca.desrt.dconf
 dbus-user.talk org.freedesktop.secrets
 dbus-user.talk org.gnome.keyring.SystemPrompter
-# Uncomment below for notifications (or put them in your sylpheed.local)
+# Add the next line to your sylpheed.local to enable notifications.
 # dbus-user.talk org.freedesktop.Notifications
 # Redirect
diff --git a/etc/profile-m-z/torbrowser-launcher.profile b/etc/profile-m-z/torbrowser-launcher.profile
index 5cb5caf8d..3cbfe8d8b 100644
--- a/etc/profile-m-z/torbrowser-launcher.profile
+++ b/etc/profile-m-z/torbrowser-launcher.profile
@@ -37,7 +37,7 @@ include whitelist-var-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
-# Uncomment the line below or put 'apparmor' in your torbrowser-launcher.local.
+# Add 'apparmor' to your torbrowser-launcher.local to enable AppArmor support.
 # IMPORTANT: the relevant rule in /etc/apparmor.d/local/firejail-default will need
 # to be uncommented too for this to work as expected.
 #apparmor
@@ -53,8 +53,7 @@ novideo
 protocol unix,inet,inet6
 seccomp !chroot
 shell none
-# tracelog may cause issues, see github issue #1930
+#tracelog - may cause issues, see #1930
-#tracelog
 disable-mnt
 private-bin bash,cat,cp,cut,dirname,env,expr,file,gpg,grep,gxmessage,id,kdialog,ln,mkdir,mv,python*,rm,sed,sh,tail,tar,tclsh,test,tor-browser,tor-browser-en,torbrowser-launcher,update-desktop-database,xmessage,xz,zenity
diff --git a/etc/profile-m-z/vmware-view.profile b/etc/profile-m-z/vmware-view.profile
index 0117af376..0cb6d34d2 100644
--- a/etc/profile-m-z/vmware-view.profile
+++ b/etc/profile-m-z/vmware-view.profile
@@ -37,9 +37,8 @@ nonewprivs
 noroot
 notv
 nou2f
-# Comment novideo (or add 'ignore novideo' to your vmware-view.local) if you need your webcam
+# Add 'ignore novideo' to your vmware-view.local if you need your webcam.
 novideo
-# protocol produces a lot error messages but nothing seems to be broken
 protocol unix,inet,inet6
 seccomp !iopl
 seccomp.block-secondary
@@ -50,8 +49,7 @@ disable-mnt
 private-cache
 private-dev
 private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gai.conf,gconf,glvnd,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,machine-id,magic,magic.mgc,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,proxychains.conf,pulse,resolv.conf,rpc,services,ssl,terminfo,vmware,vmware-tools,vmware-vix,X11,xdg
-# Logs are "stored" in /tmp, comment (or add 'ignore private-tmp' to your vmware-view.local)
+# Logs are kept in /tmp. Add 'ignore private-tmp' to your vmware-view.local if you need them without joining the sandbox.
-# if you need them without joining the sandbox.
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/vmware.profile b/etc/profile-m-z/vmware.profile
index d00e16fef..5241e27b3 100644
--- a/etc/profile-m-z/vmware.profile
+++ b/etc/profile-m-z/vmware.profile
@@ -21,7 +21,7 @@ mkdir ${HOME}/.cache/vmware
 mkdir ${HOME}/.vmware
 whitelist ${HOME}/.cache/vmware
 whitelist ${HOME}/.vmware
-# Uncomment the following if you need to use "shared VM"
+# Add the next lines to your vmware.local if you need to use "shared VM".
 #whitelist /var/lib/vmware
 #writable-var
 include whitelist-common.inc
@@ -37,6 +37,7 @@ shell none
 tracelog
 #disable-mnt
+# Add the next line to your vmware.local to enable private-bin.
 #private-bin env,bash,sh,ovftool,vmafossexec,vmaf_*,vmnet-*,vmplayer,vmrest,vmrun,vmss2core,vmstat,vmware,vmware-*
 private-etc alsa,asound.conf,ca-certificates,conf.d,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl,vmware,vmware-installer,vmware-vix
 dbus-user none
diff --git a/etc/profile-m-z/w3m.profile b/etc/profile-m-z/w3m.profile
index 0e172333a..a43835944 100644
--- a/etc/profile-m-z/w3m.profile
+++ b/etc/profile-m-z/w3m.profile
@@ -7,7 +7,7 @@ include w3m.local
 # Persistent global definitions
 include globals.local
-# Uncomment or add to your w3m.local if you want to use w3m-img on a vconsole
+# Add the next lines to your w3m.local if you want to use w3m-img on a vconsole.
 #ignore nogroups
 #ignore private-dev
 #ignore private-etc
diff --git a/etc/profile-m-z/waterfox.profile b/etc/profile-m-z/waterfox.profile
index c6c940fa3..18f1ca79a 100644
--- a/etc/profile-m-z/waterfox.profile
+++ b/etc/profile-m-z/waterfox.profile
@@ -13,14 +13,15 @@ mkdir ${HOME}/.waterfox
 whitelist ${HOME}/.cache/waterfox
 whitelist ${HOME}/.waterfox
-# Uncomment (or add to watefox.local) the following lines if you want to
+# Add the next lines to your watefox.local if you want to use the migration wizard.
-# use the migration wizard.
 #noblacklist ${HOME}/.mozilla
 #whitelist ${HOME}/.mozilla
 # waterfox requires a shell to launch on Arch. We can possibly remove sh though.
+# Add the next line to your waterfox.local to enable private-bin.
 #private-bin bash,dbus-launch,dbus-send,env,sh,waterfox,waterfox-classic,waterfox-current,which
-# private-etc must first be enabled in firefox-common.profile
+# Add the next line to your waterfox.local to enable private-etc. Note that private-etc must first be
+# enabled in your firefox-common.local.
 #private-etc waterfox
 # Redirect
diff --git a/etc/profile-m-z/wget.profile b/etc/profile-m-z/wget.profile
index f67d28618..8a7042f59 100644
--- a/etc/profile-m-z/wget.profile
+++ b/etc/profile-m-z/wget.profile
@@ -21,7 +21,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
-# depending on workflow you can uncomment the below or put 'include disable-xdg.inc' in your wget.local
+# Depending on workflow you can add the next line to your wget.local.
 #include disable-xdg.inc
 include whitelist-usr-share-common.inc
@@ -50,7 +50,7 @@ tracelog
 private-bin wget
 private-cache
 private-dev
-# depending on workflow you can uncomment the below or put this private-etc in your wget.local
+# Depending on workflow you can add the next line to your wget.local.
 #private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl,wgetrc
 #private-tmp
diff --git a/etc/profile-m-z/wine.profile b/etc/profile-m-z/wine.profile
index 6ac74b9da..67427209f 100644
--- a/etc/profile-m-z/wine.profile
+++ b/etc/profile-m-z/wine.profile
@@ -24,8 +24,7 @@ include disable-programs.inc
 # include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
-# some applications don't need allow-debuggers, comment the next line
+# Some applications don't need allow-debuggers. Add 'ignore allow-debuggers' to your wine.local if you want to override this.
-# if it is not necessary (or put 'ignore allow-debuggers' in your wine.local)
 allow-debuggers
 caps.drop all
 # net none
diff --git a/etc/profile-m-z/wps.profile b/etc/profile-m-z/wps.profile
index 6e4a313e3..2b97d5b0a 100644
--- a/etc/profile-m-z/wps.profile
+++ b/etc/profile-m-z/wps.profile
@@ -23,7 +23,7 @@ include whitelist-var-common.inc
 apparmor
 caps.drop all
 machine-id
-# Uncomment the next line (or add to wps.local) if you don't use network features.
+# Add the next line to your wps.local if you don't use network features.
 #net none
 netfilter
 no3d
@@ -36,7 +36,7 @@ notv
 nou2f
 novideo
 protocol unix,inet,inet6
-# seccomp cause some minor issues, if you can live with them enable it.
+# seccomp causes some minor issues. Add the next line to your wps.local if you can live with those.
 #seccomp
 shell none
 tracelog
diff --git a/etc/profile-m-z/yarn.profile b/etc/profile-m-z/yarn.profile
index f20225050..360bd8442 100644
--- a/etc/profile-m-z/yarn.profile
+++ b/etc/profile-m-z/yarn.profile
@@ -13,7 +13,8 @@ noblacklist ${HOME}/.yarn-config
 noblacklist ${HOME}/.yarncache
 noblacklist ${HOME}/.yarnrc
-# If you want whitelisting, change ${HOME}/Projects below to your yarn projects directory and uncomment the lines below.
+# If you want whitelisting, change ${HOME}/Projects below to your yarn projects directory and
+# add the next lines to you yarn.local.
 #mkdir ${HOME}/.yarn
 #mkdir ${HOME}/.yarn-config
 #mkdir ${HOME}/.yarncache
diff --git a/etc/profile-m-z/yelp.profile b/etc/profile-m-z/yelp.profile
index 479582b2a..a08a30b52 100644
--- a/etc/profile-m-z/yelp.profile
+++ b/etc/profile-m-z/yelp.profile
@@ -33,14 +33,14 @@ include whitelist-var-common.inc
 apparmor
 caps.drop all
-# machine-id breaks sound - uncomment here or put it in your yelp.local if you don't need it
+# machine-id breaks sound - add the next line to your yelp.local if you don't need sound support.
 #machine-id
 net none
 nodvd
 nogroups
 nonewprivs
 noroot
-# nosound - uncomment here or put it in your yelp.local if you don't need it
+# nosound - add the next line to your yelp.local if you don't need sound support.
 #nosound
 notv
 nou2f
@@ -66,11 +66,11 @@ dbus-system none
 # read-only ${HOME} breaks some features:
 #  1. yelp --editor-mode
 #  2. saving the window geometry
-# comment the line below or put 'ignore read-only ${HOME}' into your yelp.local if you need these features
+# add 'ignore read-only ${HOME}' to your yelp.local if you need these features.
 read-only ${HOME}
 read-write ${HOME}/.cache
 #  3. printing to PDF in ${DOCUMENTS}
-# additionally uncomment the lines below or put 'noblacklist ${DOCUMENTS}' and
+# additionally add 'noblacklist ${DOCUMENTS}' and 'whitelist ${DOCUMENTS}' to
-# 'whitelist ${DOCUMENTS}' into your yelp.local if you need printing to PDF support
+# your yelp.local if you need PDF printing support.
 #noblacklist ${DOCUMENTS}
 #whitelist ${DOCUMENTS}
diff --git a/etc/profile-m-z/zoom.profile b/etc/profile-m-z/zoom.profile
index e8cd64c93..ac615d861 100644
--- a/etc/profile-m-z/zoom.profile
+++ b/etc/profile-m-z/zoom.profile
@@ -6,14 +6,14 @@ include zoom.local
 # Persistent global definitions
 include globals.local
-# Disabled until someone reported positive feedback
+# Disabled until someone reports positive feedback.
 ignore apparmor
 ignore novideo
 ignore dbus-user none
 ignore dbus-system none
 # nogroups breaks webcam access on non-systemd systems (see #3711).
-# If you use such a system uncomment the line below or put 'ignore nogroups' in your zoom.local
+# If you use such a system, add 'ignore nogroups' to your zoom.local.
 #ignore nogroups
 noblacklist ${HOME}/.config/zoomus.conf