27 files changed, 96 insertions, 25 deletions

diff --git a/src/bash_completion/Makefile.in b/src/bash_completion/Makefile.in
index d8a393aa4..f7db9e6b4 100644
--- a/src/bash_completion/Makefile.in
+++ b/src/bash_completion/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: firejail.bash_completion
 
 include ../common.mk
@@ -7,8 +8,10 @@ firejail.bash_completion: firejail.bash_completion.in
         sed "s|_SYSCONFDIR_|$(sysconfdir)|" < $@.tmp > $@
         rm $@.tmp
 
+.PHONY: clean
 clean:
         rm -fr firejail.bash_completion
 
+.PHONY: distclean
 distclean: clean
         rm -fr Makefile
diff --git a/src/fbuilder/Makefile.in b/src/fbuilder/Makefile.in
index 2847ca2cb..6eaee284b 100644
--- a/src/fbuilder/Makefile.in
+++ b/src/fbuilder/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: fbuilder
 
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 fbuilder: $(OBJS)
         $(CC)  $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS)
 
+.PHONY: clean
 clean:; rm -fr *.o fbuilder *.gcov *.gcda *.gcno *.plist
 
+.PHONY: distclean
 distclean: clean
         rm -fr Makefile
diff --git a/src/fcopy/Makefile.in b/src/fcopy/Makefile.in
index 85f84aa32..e19f5d3b5 100644
--- a/src/fcopy/Makefile.in
+++ b/src/fcopy/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: fcopy
 
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 fcopy: $(OBJS) ../lib/common.o
         $(CC)  $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o $(LIBS) $(EXTRA_LDFLAGS)
 
+.PHONY: clean
 clean:; rm -fr *.o fcopy *.gcov *.gcda *.gcno *.plist
 
+.PHONY: distclean
 distclean: clean
         rm -fr Makefile
diff --git a/src/firecfg/Makefile.in b/src/firecfg/Makefile.in
index 40f6b9679..43329be46 100644
--- a/src/firecfg/Makefile.in
+++ b/src/firecfg/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: firecfg
 
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 firecfg: $(OBJS) ../lib/common.o ../lib/firejail_user.o
         $(CC)  $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/firejail_user.o $(LIBS) $(EXTRA_LDFLAGS)
 
+.PHONY: clean
 clean:; rm -fr *.o firecfg *.gcov *.gcda *.gcno *.plist
 
+.PHONY: distclean
 distclean: clean
         rm -fr Makefile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index b44a1bc85..16cd59aa5 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -553,6 +553,8 @@ neverputt
 newsbeuter
 newsboat
 newsflash
+nextcloud
+nextcloud-desktop
 nheko
 nicotine
 nitroshare
diff --git a/src/firejail/Makefile.in b/src/firejail/Makefile.in
index b9bf13b9c..793d2cdd1 100644
--- a/src/firejail/Makefile.in
+++ b/src/firejail/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: firejail
 
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 firejail: $(OBJS) ../lib/libnetlink.o ../lib/common.o ../lib/ldd_utils.o ../lib/firejail_user.o ../lib/errno.o ../lib/syscall.o
         $(CC)  $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/ldd_utils.o ../lib/firejail_user.o ../lib/errno.o ../lib/syscall.o $(LIBS) $(EXTRA_LDFLAGS)
 
+.PHONY: clean
 clean:; rm -fr *.o firejail *.gcov *.gcda *.gcno *.plist
 
+.PHONY: distclean
 distclean: clean
         rm -fr Makefile
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
index b9ed81db3..abec25d45 100644
--- a/src/firejail/fs_etc.c
+++ b/src/firejail/fs_etc.c
@@ -18,6 +18,7 @@
  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 #include "firejail.h"
+#include <errno.h>
 #include <sys/mount.h>
 #include <sys/stat.h>
 #include <sys/types.h>
@@ -147,12 +148,10 @@ void fs_private_dir_copy(const char *private_dir, const char *private_run_dir, c
         struct stat s;
         if (stat(private_dir, &s) == -1) {
                 if (arg_debug)
-                        printf("Cannot find %s\n", private_dir);
+                        printf("Cannot find %s: %s\n", private_dir, strerror(errno));
                 return;
         }
 
-        timetrace_start();
-
         // create /run/firejail/mnt/etc directory
         mkdir_attr(private_run_dir, 0755, 0, 0);
         selinux_relabel_path(private_run_dir, private_dir);
@@ -191,16 +190,17 @@ void fs_private_dir_mount(const char *private_dir, const char *private_run_dir)
         assert(private_dir);
         assert(private_run_dir);
 
+        if (arg_debug)
+                printf("Mount-bind %s on top of %s\n", private_run_dir, private_dir);
+
         // nothing to do if directory does not exist
         struct stat s;
         if (stat(private_dir, &s) == -1) {
                 if (arg_debug)
-                        printf("Cannot find %s\n", private_dir);
+                        printf("Cannot find %s: %s\n", private_dir, strerror(errno));
                 return;
         }
 
-        if (arg_debug)
-                printf("Mount-bind %s on top of %s\n", private_run_dir, private_dir);
         if (mount(private_run_dir, private_dir, NULL, MS_BIND|MS_REC, NULL) < 0)
                 errExit("mount bind");
         fs_logger2("mount", private_dir);
@@ -209,11 +209,11 @@ void fs_private_dir_mount(const char *private_dir, const char *private_run_dir)
         if (mount("tmpfs", private_run_dir, "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME,  "mode=755,gid=0") < 0)
                 errExit("mounting tmpfs");
         fs_logger2("tmpfs", private_run_dir);
-
-        fmessage("Private %s installed in %0.2f ms\n", private_dir, timetrace_end());
 }
 
 void fs_private_dir_list(const char *private_dir, const char *private_run_dir, const char *private_list) {
+        timetrace_start();
         fs_private_dir_copy(private_dir, private_run_dir, private_list);
         fs_private_dir_mount(private_dir, private_run_dir);
+        fmessage("Private %s installed in %0.2f ms\n", private_dir, timetrace_end());
 }
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index f3266c23e..351b760df 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -157,6 +157,10 @@ static int check_nosound(void) {
         return arg_nosound != 0;
 }
 
+static int check_private(void) {
+        return arg_private;
+}
+
 static int check_x11(void) {
         return (arg_x11_block || arg_x11_xorg || env_get("FIREJAIL_X11"));
 }
@@ -174,6 +178,7 @@ Cond conditionals[] = {
         {"HAS_NET", check_netoptions},
         {"HAS_NODBUS", check_nodbus},
         {"HAS_NOSOUND", check_nosound},
+        {"HAS_PRIVATE", check_private},
         {"HAS_X11", check_x11},
         {"BROWSER_DISABLE_U2F", check_disable_u2f},
         {"BROWSER_ALLOW_DRM", check_allow_drm},
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index a04551ed4..b6e0468c6 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -575,12 +575,12 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) {
 }
 
 static void enforce_filters(void) {
+        fmessage("\n** Warning: dropping all Linux capabilities and setting NO_NEW_PRIVS prctl **\n\n");
         // enforce NO_NEW_PRIVS
         arg_nonewprivs = 1;
         force_nonewprivs = 1;
 
         // disable all capabilities
-        fmessage("\n**     Warning: dropping all Linux capabilities and setting NO_NEW_PRIVS prctl     **\n\n");
         arg_caps_drop_all = 1;
 
         // drop all supplementary groups; /etc/group file inside chroot
@@ -786,14 +786,13 @@ int sandbox(void* sandbox_arg) {
 #else
         bool always_enforce_filters = false;
 #endif
-        // need ld.so.preload if tracing or seccomp with any non-default lists
-        bool need_preload = arg_trace || arg_tracelog || arg_seccomp_postexec;
         // for --appimage, --chroot and --overlay* we force NO_NEW_PRIVS
         // and drop all capabilities
-        if (getuid() != 0 && (arg_appimage || cfg.chrootdir || arg_overlay || always_enforce_filters)) {
+        if (getuid() != 0 && (arg_appimage || cfg.chrootdir || arg_overlay || always_enforce_filters))
                 enforce_filters();
-                need_preload = arg_trace || arg_tracelog;
-        }
+
+        // need ld.so.preload if tracing or seccomp with any non-default lists
+        bool need_preload = arg_trace || arg_tracelog || arg_seccomp_postexec;
 
         // trace pre-install
         if (need_preload)
@@ -971,21 +970,24 @@ int sandbox(void* sandbox_arg) {
                          * 2. unmount bind mounts from /etc
                          * 3. mount RUN_ETC_DIR at /etc
                          */
+                        timetrace_start();
                         fs_private_dir_copy("/etc", RUN_ETC_DIR, cfg.etc_private_keep);
-                        fs_private_dir_copy("/usr/etc", RUN_USR_ETC_DIR, cfg.etc_private_keep); // openSUSE
 
                         if (umount2("/etc/group", MNT_DETACH) == -1)
-                                fprintf(stderr, "/etc/group: unmount: %m\n");
-
+                                fprintf(stderr, "/etc/group: unmount: %s\n", strerror(errno));
                         if (umount2("/etc/passwd", MNT_DETACH) == -1)
-                                fprintf(stderr, "/etc/passwd: unmount: %m\n");
+                                fprintf(stderr, "/etc/passwd: unmount: %s\n", strerror(errno));
 
                         fs_private_dir_mount("/etc", RUN_ETC_DIR);
-                        fs_private_dir_mount("/usr/etc", RUN_USR_ETC_DIR);
+                        fmessage("Private /etc installed in %0.2f ms\n", timetrace_end());
 
                         // create /etc/ld.so.preload file again
                         if (need_preload)
                                 fs_trace_preload();
+
+                        // openSUSE configuration is split between /etc and /usr/etc
+                        // process private-etc a second time
+                        fs_private_dir_list("/usr/etc", RUN_USR_ETC_DIR, cfg.etc_private_keep);
                 }
         }
 
diff --git a/src/firemon/Makefile.in b/src/firemon/Makefile.in
index 9ee798fe9..a1b6692aa 100644
--- a/src/firemon/Makefile.in
+++ b/src/firemon/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: firemon
 
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 firemon: $(OBJS) ../lib/common.o ../lib/pid.o
         $(CC)  $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/pid.o $(LIBS) $(EXTRA_LDFLAGS)
 
+.PHONY: clean
 clean:; rm -fr *.o firemon *.gcov *.gcda *.gcno *.plist
 
+.PHONY: distclean
 distclean: clean
         rm -fr Makefile
diff --git a/src/fldd/Makefile.in b/src/fldd/Makefile.in
index 37b139d38..ba87d16cd 100644
--- a/src/fldd/Makefile.in
+++ b/src/fldd/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: fldd
 
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 fldd: $(OBJS) ../lib/common.o ../lib/ldd_utils.o
         $(CC)  $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/ldd_utils.o $(LIBS) $(EXTRA_LDFLAGS)
 
+.PHONY: clean
 clean:; rm -fr *.o fldd *.gcov *.gcda *.gcno *.plist
 
+.PHONY: distclean
 distclean: clean
         rm -fr Makefile
diff --git a/src/fnet/Makefile.in b/src/fnet/Makefile.in
index bd5fe9e7a..7447c6d3f 100644
--- a/src/fnet/Makefile.in
+++ b/src/fnet/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: fnet
 
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 fnet: $(OBJS) ../lib/common.o ../lib/libnetlink.o
         $(CC)  $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/libnetlink.o $(LIBS) $(EXTRA_LDFLAGS)
 
+.PHONY: clean
 clean:; rm -fr *.o fnet *.gcov *.gcda *.gcno *.plist
 
+.PHONY: distclean
 distclean: clean
         rm -fr Makefile
diff --git a/src/fnetfilter/Makefile.in b/src/fnetfilter/Makefile.in
index 6fe650a17..825262482 100644
--- a/src/fnetfilter/Makefile.in
+++ b/src/fnetfilter/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: fnetfilter
 
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 fnetfilter: $(OBJS) ../lib/common.o
         $(CC)  $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o $(LIBS) $(EXTRA_LDFLAGS)
 
+.PHONY: clean
 clean:; rm -fr *.o fnetfilter *.gcov *.gcda *.gcno *.plist
 
+.PHONY: distclean
 distclean: clean
         rm -fr Makefile
diff --git a/src/fsec-optimize/Makefile.in b/src/fsec-optimize/Makefile.in
index cc5ac7e35..a2187e89c 100644
--- a/src/fsec-optimize/Makefile.in
+++ b/src/fsec-optimize/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: fsec-optimize
 
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 fsec-optimize: $(OBJS) ../lib/common.o ../lib/libnetlink.o
         $(CC)  $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/errno.o $(LIBS) $(EXTRA_LDFLAGS)
 
+.PHONY: clean
 clean:; rm -fr *.o fsec-optimize *.gcov *.gcda *.gcno *.plist
 
+.PHONY: distclean
 distclean: clean
         rm -fr Makefile
diff --git a/src/fsec-print/Makefile.in b/src/fsec-print/Makefile.in
index bf39a8c77..824fb5daf 100644
--- a/src/fsec-print/Makefile.in
+++ b/src/fsec-print/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: fsec-print
 
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 fsec-print: $(OBJS) ../lib/common.o ../lib/libnetlink.o ../lib/errno.o ../lib/syscall.o
         $(CC)  $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/errno.o ../lib/syscall.o $(LIBS) $(EXTRA_LDFLAGS)
 
+.PHONY: clean
 clean:; rm -fr *.o fsec-print *.gcov *.gcda *.gcno *.plist
 
+.PHONY: distclean
 distclean: clean
         rm -fr Makefile
diff --git a/src/fseccomp/Makefile.in b/src/fseccomp/Makefile.in
index b776a73ce..41abfce17 100644
--- a/src/fseccomp/Makefile.in
+++ b/src/fseccomp/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: fseccomp
 
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 fseccomp: $(OBJS) ../lib/common.o ../lib/errno.o ../lib/syscall.o
         $(CC)  $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/errno.o ../lib/syscall.o $(LIBS) $(EXTRA_LDFLAGS)
 
+.PHONY: clean
 clean:; rm -fr *.o fseccomp *.gcov *.gcda *.gcno *.plist
 
+.PHONY: distclean
 distclean: clean
         rm -fr Makefile
diff --git a/src/ftee/Makefile.in b/src/ftee/Makefile.in
index 32cdc63d3..05caf81be 100644
--- a/src/ftee/Makefile.in
+++ b/src/ftee/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: ftee
 
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 ftee: $(OBJS)
         $(CC)  $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS)
 
+.PHONY: clean
 clean:; rm -fr *.o ftee *.gcov *.gcda *.gcno *.plist
 
+.PHONY: distclean
 distclean: clean
         rm -fr Makefile
diff --git a/src/jailtest/Makefile.in b/src/jailtest/Makefile.in
index 9c9c0c508..6306d24ec 100644
--- a/src/jailtest/Makefile.in
+++ b/src/jailtest/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: jailtest
 
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 jailtest: $(OBJS)
         $(CC)  $(LDFLAGS) -o $@ $(OBJS)  ../lib/common.o ../lib/pid.o $(LIBS) $(EXTRA_LDFLAGS)
 
+.PHONY: clean
 clean:; rm -fr *.o jailtest *.gcov *.gcda *.gcno *.plist
 
+.PHONY: distclean
 distclean: clean
         rm -fr Makefile
diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in
index 681252832..49c8057b3 100644
--- a/src/lib/Makefile.in
+++ b/src/lib/Makefile.in
@@ -1,11 +1,14 @@
 include ../common.mk
 
+.PHONY: all
 all: $(OBJS)
 
 %.o : %.c $(H_FILE_LIST)
         $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@
 
+.PHONY: clean
 clean:; rm -fr $(OBJS) *.gcov *.gcda *.gcno *.plist
 
+.PHONY: distclean
 distclean: clean
         rm -fr Makefile
diff --git a/src/libpostexecseccomp/Makefile.in b/src/libpostexecseccomp/Makefile.in
index edd4534b8..e3e5716ca 100644
--- a/src/libpostexecseccomp/Makefile.in
+++ b/src/libpostexecseccomp/Makefile.in
@@ -11,6 +11,7 @@ BINOBJS =  $(foreach file, $(OBJS), $file)
 CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -Wformat -Wformat-security
 LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now
 
+.PHONY: all
 all: libpostexecseccomp.so
 
 %.o : %.c $(H_FILE_LIST) ../include/seccomp.h ../include/rundefs.h
@@ -19,7 +20,9 @@ all: libpostexecseccomp.so
 libpostexecseccomp.so: $(OBJS)
         $(CC) $(LDFLAGS) -shared -fPIC -z relro -o $@ $(OBJS) -ldl
 
+.PHONY: clean
 clean:; rm -fr $(OBJS) libpostexecseccomp.so *.plist
 
+.PHONY: distclean
 distclean: clean
         rm -fr Makefile
diff --git a/src/libtrace/Makefile.in b/src/libtrace/Makefile.in
index 5c7d0f885..095037569 100644
--- a/src/libtrace/Makefile.in
+++ b/src/libtrace/Makefile.in
@@ -11,6 +11,7 @@ BINOBJS =  $(foreach file, $(OBJS), $file)
 CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -Wformat -Wformat-security
 LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now
 
+.PHONY: all
 all: libtrace.so
 
 %.o : %.c $(H_FILE_LIST)
@@ -19,8 +20,9 @@ all: libtrace.so
 libtrace.so: $(OBJS)
         $(CC) $(LDFLAGS) -shared -fPIC -z relro -o $@ $(OBJS) -ldl
 
-
+.PHONY: clean
 clean:; rm -fr $(OBJS) libtrace.so *.plist
 
+.PHONY: distclean
 distclean: clean
         rm -fr Makefile
diff --git a/src/libtracelog/Makefile.in b/src/libtracelog/Makefile.in
index b1ac9e57c..5bac19c04 100644
--- a/src/libtracelog/Makefile.in
+++ b/src/libtracelog/Makefile.in
@@ -11,6 +11,7 @@ BINOBJS =  $(foreach file, $(OBJS), $file)
 CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -Wformat -Wformat-security
 LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now
 
+.PHONY: all
 all: libtracelog.so
 
 %.o : %.c $(H_FILE_LIST) ../include/rundefs.h
@@ -19,8 +20,9 @@ all: libtracelog.so
 libtracelog.so: $(OBJS)
         $(CC) $(LDFLAGS) -shared -fPIC -z relro -o $@ $(OBJS) -ldl
 
-
+.PHONY: clean
 clean:; rm -fr $(OBJS) libtracelog.so *.plist
 
+.PHONY: distclean
 distclean: clean
         rm -fr Makefile
diff --git a/src/man/Makefile.in b/src/man/Makefile.in
index 1a1f8ba08..3711d5cec 100644
--- a/src/man/Makefile.in
+++ b/src/man/Makefile.in
@@ -1,10 +1,14 @@
+.PHONY: all
 all: firecfg.man firejail.man firejail-login.man firejail-users.man firejail-profile.man firemon.man jailtest.man
+
 include ../common.mk
 
 %.man: %.txt
         gawk -f ./preproc.awk -- $(MANFLAGS) < $< > $@
 
+.PHONY: clean
 clean:; rm -fr *.man
 
+.PHONY: distclean
 distclean: clean
         rm -fr Makefile
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index b25fc9181..b0b390507 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -103,7 +103,7 @@ Example: "?HAS_APPIMAGE: whitelist ${HOME}/special/appimage/dir"
 
 This example will load the whitelist profile line only if the \-\-appimage option has been specified on the command line.
 
-Currently the only conditionals supported this way are HAS_APPIMAGE, HAS_NET, HAS_NODBUS, HAS_NOSOUND and HAS_X11. The conditionals BROWSER_DISABLE_U2F and BROWSER_ALLOW_DRM
+Currently the only conditionals supported this way are HAS_APPIMAGE, HAS_NET, HAS_NODBUS, HAS_NOSOUND, HAS_PRIVATE and HAS_X11. The conditionals BROWSER_DISABLE_U2F and BROWSER_ALLOW_DRM
 can be enabled or disabled globally in Firejail's configuration file.
 
 The profile line may be any profile line that you would normally use in a profile \fBexcept\fR for "quiet" and "include" lines.
diff --git a/src/man/jailtest.txt b/src/man/jailtest.txt
index 1b64097ea..b52fc5eed 100644
--- a/src/man/jailtest.txt
+++ b/src/man/jailtest.txt
@@ -14,7 +14,7 @@ These directories are build by firejail at startup using --private* and --whitel
 .TP
 \fB2. Noexec test
 jailtest inserts executable programs in /home/username, /tmp, and /var/tmp directories
-and tries to run them form inside the sandbox, thus testing if the directory is executable or not.
+and tries to run them from inside the sandbox, thus testing if the directory is executable or not.
 .TP
 \fB3. Read access test
 jailtest creates test files in the directories specified by the user and tries to read
@@ -29,10 +29,10 @@ The program is started as root using sudo.
 .SH OPTIONS
 .TP
 \fB\-\-debug
-Print debug messages
+Print debug messages.
 .TP
 \fB\-?\fR, \fB\-\-help\fR
-Print options end exit.
+Print options and exit.
 .TP
 \fB\-\-version
 Print program version and exit.
diff --git a/src/profstats/Makefile.in b/src/profstats/Makefile.in
index 2beaa3ed6..e025f5939 100644
--- a/src/profstats/Makefile.in
+++ b/src/profstats/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: profstats
 
 include ../common.mk
@@ -8,7 +9,9 @@ include ../common.mk
 profstats: $(OBJS)
         $(CC)  $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS)
 
+.PHONY: clean
 clean:; rm -fr *.o profstats *.gcov *.gcda *.gcno *.plist
 
+.PHONY: distclean
 distclean: clean
         rm -fr Makefile
diff --git a/src/zsh_completion/Makefile.in b/src/zsh_completion/Makefile.in
index 3f756aa5f..a83cccf6c 100644
--- a/src/zsh_completion/Makefile.in
+++ b/src/zsh_completion/Makefile.in
@@ -1,3 +1,4 @@
+.PHONY: all
 all: _firejail
 
 include ../common.mk
@@ -7,8 +8,10 @@ _firejail: _firejail.in
         sed "s|_SYSCONFDIR_|$(sysconfdir)|" < $@.tmp > $@
         rm $@.tmp
 
+.PHONY: clean
 clean:
         rm -fr _firejail
 
+.PHONY: distclean
 distclean: clean
         rm -fr Makefile