151 files changed, 758 insertions, 185 deletions

diff --git a/src/faudit/caps.c b/src/faudit/caps.c
index 644a69b82..6687fce5a 100644
--- a/src/faudit/caps.c
+++ b/src/faudit/caps.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/faudit/dbus.c b/src/faudit/dbus.c
index 2e4a7550b..8c26c5271 100644
--- a/src/faudit/dbus.c
+++ b/src/faudit/dbus.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/faudit/dev.c b/src/faudit/dev.c
index 3b5921aee..9c80f99df 100644
--- a/src/faudit/dev.c
+++ b/src/faudit/dev.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/faudit/faudit.h b/src/faudit/faudit.h
index ec01dde32..20189a0ff 100644
--- a/src/faudit/faudit.h
+++ b/src/faudit/faudit.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/faudit/files.c b/src/faudit/files.c
index 33d68efbf..6dd3874b9 100644
--- a/src/faudit/files.c
+++ b/src/faudit/files.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/faudit/main.c b/src/faudit/main.c
index 06dcbece0..f6df9772d 100644
--- a/src/faudit/main.c
+++ b/src/faudit/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/faudit/network.c b/src/faudit/network.c
index 214cb972c..f28aff554 100644
--- a/src/faudit/network.c
+++ b/src/faudit/network.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/faudit/pid.c b/src/faudit/pid.c
index 6be2483ae..a45b6e31a 100644
--- a/src/faudit/pid.c
+++ b/src/faudit/pid.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/faudit/seccomp.c b/src/faudit/seccomp.c
index 346b4b457..ca9d34b84 100644
--- a/src/faudit/seccomp.c
+++ b/src/faudit/seccomp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/faudit/syscall.c b/src/faudit/syscall.c
index 3cdbf7407..a8aa572a7 100644
--- a/src/faudit/syscall.c
+++ b/src/faudit/syscall.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/faudit/x11.c b/src/faudit/x11.c
index d41c3698d..5907ca761 100644
--- a/src/faudit/x11.c
+++ b/src/faudit/x11.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fbuilder/build_bin.c b/src/fbuilder/build_bin.c
index d62ec3f17..a44546699 100644
--- a/src/fbuilder/build_bin.c
+++ b/src/fbuilder/build_bin.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c
index 4feb8d9bc..b08afb939 100644
--- a/src/fbuilder/build_fs.c
+++ b/src/fbuilder/build_fs.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fbuilder/build_home.c b/src/fbuilder/build_home.c
index 1f30fe5be..8db17a942 100644
--- a/src/fbuilder/build_home.c
+++ b/src/fbuilder/build_home.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c
index a0f71ae03..ea9e9a4a0 100644
--- a/src/fbuilder/build_profile.c
+++ b/src/fbuilder/build_profile.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fbuilder/build_seccomp.c b/src/fbuilder/build_seccomp.c
index 6fe4c56d8..041d14d0e 100644
--- a/src/fbuilder/build_seccomp.c
+++ b/src/fbuilder/build_seccomp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fbuilder/fbuilder.h b/src/fbuilder/fbuilder.h
index 66bf8c544..5c043ffec 100644
--- a/src/fbuilder/fbuilder.h
+++ b/src/fbuilder/fbuilder.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fbuilder/filedb.c b/src/fbuilder/filedb.c
index 89fe72c29..bf4e911dd 100644
--- a/src/fbuilder/filedb.c
+++ b/src/fbuilder/filedb.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fbuilder/main.c b/src/fbuilder/main.c
index 159af9ae8..5612c21d5 100644
--- a/src/fbuilder/main.c
+++ b/src/fbuilder/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fbuilder/utils.c b/src/fbuilder/utils.c
index c1cd05f39..2ae829403 100644
--- a/src/fbuilder/utils.c
+++ b/src/fbuilder/utils.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fcopy/main.c b/src/fcopy/main.c
index 00cbe8d12..5c4a76753 100644
--- a/src/fcopy/main.c
+++ b/src/fcopy/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fgit/fgit-install.sh b/src/fgit/fgit-install.sh
index 1f710c688..262b6f112 100755
--- a/src/fgit/fgit-install.sh
+++ b/src/fgit/fgit-install.sh
@@ -1,4 +1,8 @@
 #!/bin/sh
+# This file is part of Firejail project
+# Copyright (C) 2014-2020 Firejail Authors
+# License GPL v2
+#
 # Purpose: Fetch, compile, and install firejail from GitHub source. Package-manager agnostic.
 #
 
diff --git a/src/fgit/fgit-uninstall.sh b/src/fgit/fgit-uninstall.sh
index bc7cc9563..d40f90320 100644
--- a/src/fgit/fgit-uninstall.sh
+++ b/src/fgit/fgit-uninstall.sh
@@ -1,4 +1,8 @@
 #!/bin/sh
+# This file is part of Firejail project
+# Copyright (C) 2014-2020 Firejail Authors
+# License GPL v2
+#
 # Purpose: Fetch, compile, and install firejail from GitHub source. Package-manager agnostic.
 #
 
diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c
index c8f684abc..16aa638b3 100644
--- a/src/firecfg/desktop_files.c
+++ b/src/firecfg/desktop_files.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 011d6c7e1..040ad3827 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -122,6 +122,7 @@ clawsker
 clementine
 clion
 clipit
+clipgrab
 cliqz
 clocks
 cmus
@@ -179,6 +180,7 @@ eog
 eom
 ephemeral
 #epiphany
+et
 etr
 evince
 evince-previewer
@@ -202,6 +204,7 @@ firefox-developer-edition
 firefox-esr
 firefox-nightly
 firefox-wayland
+firefox-x11
 flacsplt
 flameshot
 flashpeak-slimjet
@@ -265,6 +268,7 @@ gnome-mplayer
 gnome-mpv
 gnome-music
 gnome-nettool
+gnome-passwordsafe
 gnome-photos
 gnome-recipes
 gnome-schedule
@@ -288,6 +292,7 @@ gramps
 gthumb
 guayadeque
 gucharmap
+gummi
 gwenview
 handbrake
 handbrake-gtk
@@ -296,7 +301,6 @@ hedgewars
 hexchat
 highlight
 hugin
-i2prouter
 icecat
 icedove
 iceweasel
@@ -427,6 +431,7 @@ ms-outlook
 ms-powerpoint
 ms-skype
 ms-word
+multimc
 multimc5
 mumble
 mupdf
@@ -642,6 +647,7 @@ tremulous
 truecraft
 tshark
 tuxguitar
+tvbrowser
 udiskie
 uefitool
 uget-gtk
@@ -683,6 +689,9 @@ wire-desktop
 wireshark
 wireshark-gtk
 wireshark-qt
+wpp
+wps
+wpspdf
 xcalc
 xchat
 xed
diff --git a/src/firecfg/firecfg.h b/src/firecfg/firecfg.h
index 71e5d625d..4dfc4194e 100644
--- a/src/firecfg/firecfg.h
+++ b/src/firecfg/firecfg.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firecfg/main.c b/src/firecfg/main.c
index 9a2efebd2..1e49a2fc7 100644
--- a/src/firecfg/main.c
+++ b/src/firecfg/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firecfg/sound.c b/src/firecfg/sound.c
index 2d38e4cfb..e7670c94c 100644
--- a/src/firecfg/sound.c
+++ b/src/firecfg/sound.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firecfg/util.c b/src/firecfg/util.c
index 23a66ba67..b46da0be3 100644
--- a/src/firecfg/util.c
+++ b/src/firecfg/util.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c
index 520960db2..6190b6f01 100644
--- a/src/firejail/appimage.c
+++ b/src/firejail/appimage.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/appimage_size.c b/src/firejail/appimage_size.c
index 2868a1f88..a58f9a8ca 100644
--- a/src/firejail/appimage_size.c
+++ b/src/firejail/appimage_size.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/arp.c b/src/firejail/arp.c
index 843d00ce0..3714af9a3 100644
--- a/src/firejail/arp.c
+++ b/src/firejail/arp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c
index 30f387765..edef823fd 100644
--- a/src/firejail/bandwidth.c
+++ b/src/firejail/bandwidth.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/caps.c b/src/firejail/caps.c
index 738675766..b89e3009a 100644
--- a/src/firejail/caps.c
+++ b/src/firejail/caps.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/cgroup.c b/src/firejail/cgroup.c
index 21eee6b45..30cd96c42 100644
--- a/src/firejail/cgroup.c
+++ b/src/firejail/cgroup.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index d6b591133..fbe150b34 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c
index ec5363ced..cae52e20b 100644
--- a/src/firejail/chroot.c
+++ b/src/firejail/chroot.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/cmdline.c b/src/firejail/cmdline.c
index 134000a3d..91279a977 100644
--- a/src/firejail/cmdline.c
+++ b/src/firejail/cmdline.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/cpu.c b/src/firejail/cpu.c
index 702186eaf..66fa9fadf 100644
--- a/src/firejail/cpu.c
+++ b/src/firejail/cpu.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/dbus.c b/src/firejail/dbus.c
index b856ff809..7acbd338c 100644
--- a/src/firejail/dbus.c
+++ b/src/firejail/dbus.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/dhcp.c b/src/firejail/dhcp.c
new file mode 100644
index 000000000..7593a47f2
--- /dev/null
+++ b/src/firejail/dhcp.c
@@ -0,0 +1,161 @@
+/*
+ * Copyright (C) 2014-2020 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#include "firejail.h"
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <errno.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <string.h>
+
+pid_t dhclient4_pid = 0;
+pid_t dhclient6_pid = 0;
+
+typedef struct {
+        char *version_arg;
+        char *pid_file;
+        char *leases_file;
+        uint8_t generate_duid;
+        char *duid_leases_file;
+        pid_t *pid;
+        ptrdiff_t arg_offset;
+} Dhclient;
+
+static const Dhclient dhclient4 = {
+        .version_arg = "-4",
+        .pid_file = RUN_DHCLIENT_4_PID_FILE,
+        .leases_file = RUN_DHCLIENT_4_LEASES_FILE,
+        .generate_duid = 1,
+        .pid = &dhclient4_pid,
+        .arg_offset = offsetof(Bridge, arg_ip_dhcp)
+};
+
+static const Dhclient dhclient6 = {
+        .version_arg = "-6",
+        .pid_file = RUN_DHCLIENT_6_PID_FILE,
+        .leases_file = RUN_DHCLIENT_6_LEASES_FILE,
+        .duid_leases_file = RUN_DHCLIENT_4_LEASES_FILE,
+        .pid = &dhclient6_pid,
+        .arg_offset = offsetof(Bridge, arg_ip6_dhcp)
+};
+
+static void dhcp_run_dhclient(const Dhclient *client) {
+        char *argv[256] = {
+                "dhclient",
+                client->version_arg,
+                "-pf", client->pid_file,
+                "-lf", client->leases_file,
+        };
+        int i = 6;
+        if (client->generate_duid)
+                argv[i++] = "-i";
+        if (client->duid_leases_file) {
+                argv[i++] = "-df";
+                argv[i++] = client->duid_leases_file;
+        }
+        if (arg_debug)
+                argv[i++] = "-v";
+        if (*(uint8_t *)((char *)&cfg.bridge0 + client->arg_offset))
+                argv[i++] = cfg.bridge0.devsandbox;
+        if (*(uint8_t *)((char *)&cfg.bridge1 + client->arg_offset))
+                argv[i++] = cfg.bridge1.devsandbox;
+        if (*(uint8_t *)((char *)&cfg.bridge2 + client->arg_offset))
+                argv[i++] = cfg.bridge2.devsandbox;
+        if (*(uint8_t *)((char *)&cfg.bridge3 + client->arg_offset))
+                argv[i++] = cfg.bridge3.devsandbox;
+
+        sbox_run_v(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_CAPS_NET_SERVICE | SBOX_SECCOMP, argv);
+}
+
+static pid_t dhcp_read_pidfile(const Dhclient *client) {
+        // We have to run dhclient as a forking daemon (not pass the -d option),
+        // because we want to be notified of a successful DHCP lease by the parent process exit.
+        // However, try to be extra paranoid with race conditions,
+        // because dhclient only writes the daemon pid into the pidfile
+        // after its parent process has exited.
+        int tries = 0;
+        pid_t found = 0;
+        while (found == 0 && tries < 10) {
+                if (tries >= 1)
+                        usleep(100000);
+                FILE *pidfile = fopen(client->pid_file, "r");
+                if (pidfile) {
+                        long pid;
+                        if (fscanf(pidfile, "%ld", &pid) == 1) {
+                                char *pidname = pid_proc_comm((pid_t) pid);
+                                if (pidname && strcmp(pidname, "dhclient") == 0)
+                                        found = (pid_t) pid;
+                        }
+                        fclose(pidfile);
+                }
+                ++tries;
+        }
+        if (found == 0) {
+                fprintf(stderr, "Error: Cannot get dhclient %s PID from %s\n",
+                                                client->version_arg, client->pid_file);
+                exit(1);
+        }
+        return found;
+}
+
+static void dhcp_start_dhclient(const Dhclient *client) {
+        dhcp_run_dhclient(client);
+        *(client->pid) = dhcp_read_pidfile(client);
+}
+
+static void dhcp_waitll(const char *ifname) {
+        sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 3, PATH_FNET, "waitll", ifname);
+}
+
+static void dhcp_waitll_all() {
+        if (cfg.bridge0.arg_ip6_dhcp)
+                dhcp_waitll(cfg.bridge0.devsandbox);
+        if (cfg.bridge1.arg_ip6_dhcp)
+                dhcp_waitll(cfg.bridge1.devsandbox);
+        if (cfg.bridge2.arg_ip6_dhcp)
+                dhcp_waitll(cfg.bridge2.devsandbox);
+        if (cfg.bridge3.arg_ip6_dhcp)
+                dhcp_waitll(cfg.bridge3.devsandbox);
+}
+
+void dhcp_start(void) {
+        if (!any_dhcp())
+                return;
+
+        EUID_ROOT();
+        if (mkdir(RUN_DHCLIENT_DIR, 0700))
+                errExit("mkdir");
+
+        if (any_ip_dhcp()) {
+                dhcp_start_dhclient(&dhclient4);
+                if (arg_debug)
+                        printf("Running dhclient -4 in the background as pid %ld\n", (long) dhclient4_pid);
+        }
+        if (any_ip6_dhcp()) {
+                dhcp_waitll_all();
+                dhcp_start_dhclient(&dhclient6);
+                if (arg_debug)
+                        printf("Running dhclient -6 in the background as pid %ld\n", (long) dhclient6_pid);
+                if (dhclient4_pid == dhclient6_pid) {
+                        fprintf(stderr, "Error: dhclient -4 and -6 have the same PID: %ld\n", (long) dhclient4_pid);
+                        exit(1);
+                }
+        }
+}
diff --git a/src/firejail/env.c b/src/firejail/env.c
index f15e1362f..a8b344544 100644
--- a/src/firejail/env.c
+++ b/src/firejail/env.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 03bcbda46..4dc580a5e 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
@@ -103,6 +103,8 @@ typedef struct bridge_t {
 
         // flags
         uint8_t arg_ip_none;    // --ip=none
+        uint8_t arg_ip_dhcp;
+        uint8_t arg_ip6_dhcp;
         uint8_t macvlan;        // set by --net=eth0 (or eth1, ...); reset by --net=br0 (or br1, ...)
         uint8_t configured;
         uint8_t scan;           // set by --scan
@@ -237,6 +239,24 @@ static inline int any_interface_configured(void) {
                 return 0;
 }
 
+static inline int any_ip_dhcp(void) {
+        if (cfg.bridge0.arg_ip_dhcp || cfg.bridge1.arg_ip_dhcp || cfg.bridge2.arg_ip_dhcp || cfg.bridge3.arg_ip_dhcp)
+                return 1;
+        else
+                return 0;
+}
+
+static inline int any_ip6_dhcp(void) {
+        if (cfg.bridge0.arg_ip6_dhcp || cfg.bridge1.arg_ip6_dhcp || cfg.bridge2.arg_ip6_dhcp || cfg.bridge3.arg_ip6_dhcp)
+                return 1;
+        else
+                return 0;
+}
+
+static inline int any_dhcp(void) {
+  return any_ip_dhcp() || any_ip6_dhcp();
+}
+
 extern int arg_private;         // mount private /home
 extern int arg_private_cache;   // private home/.cache
 extern int arg_debug;           // print debug messages
@@ -792,9 +812,11 @@ void build_appimage_cmdline(char **command_line, char **window_title, int argc,
 #define SBOX_ALLOW_STDIN (1 << 5)               // don't close stdin
 #define SBOX_STDIN_FROM_FILE (1 << 6)   // open file and redirect it to stdin
 #define SBOX_CAPS_HIDEPID (1 << 7)      // hidepid caps filter for running firemon
+#define SBOX_CAPS_NET_SERVICE (1 << 8) // caps filter for programs running network services
 
 // run sbox
 int sbox_run(unsigned filter, int num, ...);
+int sbox_run_v(unsigned filter, char * const arg[]);
 
 // run_files.c
 void delete_run_files(pid_t pid);
@@ -806,4 +828,9 @@ void set_profile_run_file(pid_t pid, const char *fname);
 // dbus.c
 void dbus_disable(void);
 
+// dhcp.c
+extern pid_t dhclient4_pid;
+extern pid_t dhclient6_pid;
+void dhcp_start(void);
+
 #endif
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 316057ec5..c7dd91b06 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
@@ -521,12 +521,16 @@ void fs_remount(const char *dir, OPERATION op, unsigned check_mnt) {
                 if (mount(dir, dir, NULL, MS_BIND|MS_REC, NULL) < 0 ||
                     mount(NULL, dir, NULL, flags|MS_BIND|MS_REMOUNT, NULL) < 0)
                         errExit("remounting");
+                // run a sanity check on /proc/self/mountinfo
                 if (check_mnt) {
-                        // run a sanity check on /proc/self/mountinfo
+                        // confirm target of the last mount operation was dir; if there are other
+                        // mount points contained inside dir, one of those will show up as target
+                        // of the last mount operation instead
                         MountData *mptr = get_last_mount();
                         size_t len = strlen(dir);
-                        if (strncmp(mptr->dir, dir, len) != 0 ||
+                        if ((strncmp(mptr->dir, dir, len) != 0 ||
                            (*(mptr->dir + len) != '\0' && *(mptr->dir + len) != '/'))
+                           && strcmp(dir, "/") != 0) // support read-only=/
                                 errLogExit("invalid %s mount", opstr[op]);
                 }
                 fs_logger2(opstr[op], dir);
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c
index 17db45bf1..7150fd3eb 100644
--- a/src/firejail/fs_bin.c
+++ b/src/firejail/fs_bin.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
@@ -185,12 +185,12 @@ static void duplicate(char *fname) {
         // add to private-lib list
         if (cfg.bin_private_lib == NULL) {
                 if (asprintf(&cfg.bin_private_lib, "%s,%s",fname, full_path) == -1)
-                        errExit("asprinf");
+                        errExit("asprintf");
         }
         else {
                 char *tmp;
                 if (asprintf(&tmp, "%s,%s,%s", cfg.bin_private_lib, fname, full_path) == -1)
-                        errExit("asprinf");
+                        errExit("asprintf");
                 free(cfg.bin_private_lib);
                 cfg.bin_private_lib = tmp;
         }
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c
index d807f527d..63911ab9e 100644
--- a/src/firejail/fs_dev.c
+++ b/src/firejail/fs_dev.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
index 082f8b4a0..26e010d0d 100644
--- a/src/firejail/fs_etc.c
+++ b/src/firejail/fs_etc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index cfa0af078..bdfaba480 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c
index 9da01b24c..fd5e1bbd3 100644
--- a/src/firejail/fs_hostname.c
+++ b/src/firejail/fs_hostname.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
@@ -89,7 +89,7 @@ errexit:
 }
 
 void fs_resolvconf(void) {
-        if (cfg.dns1 == NULL)
+        if (cfg.dns1 == NULL && !any_dhcp())
                 return;
 
         if (arg_debug)
@@ -108,7 +108,8 @@ void fs_resolvconf(void) {
                 if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
                         continue;
                 // for resolv.conf we create a brand new file
-                if (strcmp(entry->d_name, "resolv.conf") == 0)
+                if (strcmp(entry->d_name, "resolv.conf") == 0 ||
+        strcmp(entry->d_name, "resolv.conf.dhclient-new") == 0)
                         continue;
 //              printf("linking %s\n", entry->d_name);
 
@@ -169,8 +170,11 @@ void fs_resolvconf(void) {
                 exit(1);
         }
 
-        if (cfg.dns1)
+        if (cfg.dns1) {
+                if (any_dhcp())
+                        fwarning("network setup uses DHCP, nameservers will likely be overwritten\n");
                 fprintf(fp, "nameserver %s\n", cfg.dns1);
+        }
         if (cfg.dns2)
                 fprintf(fp, "nameserver %s\n", cfg.dns2);
         if (cfg.dns3)
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c
index 70c6ac88a..c539ce83c 100644
--- a/src/firejail/fs_lib.c
+++ b/src/firejail/fs_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/fs_lib2.c b/src/firejail/fs_lib2.c
index 9923190b5..2982c4cbb 100644
--- a/src/firejail/fs_lib2.c
+++ b/src/firejail/fs_lib2.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/fs_logger.c b/src/firejail/fs_logger.c
index 31e0147ca..892c91e3f 100644
--- a/src/firejail/fs_logger.c
+++ b/src/firejail/fs_logger.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c
index 09e5c3200..eb660df90 100644
--- a/src/firejail/fs_mkdir.c
+++ b/src/firejail/fs_mkdir.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c
index c1b821cce..1894784a8 100644
--- a/src/firejail/fs_trace.c
+++ b/src/firejail/fs_trace.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c
index 75369b47c..303d6f9aa 100644
--- a/src/firejail/fs_var.c
+++ b/src/firejail/fs_var.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index d2ea495ed..be5bcc4c0 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/join.c b/src/firejail/join.c
index 1494c782f..531f8c06a 100644
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
@@ -322,8 +322,8 @@ bool is_ready_for_join(const pid_t pid) {
 void check_join_permission(pid_t pid) {
         // check if pid belongs to a fully set up firejail sandbox
         unsigned long i;
-        for (i = 0; is_ready_for_join(pid) == false; i += SNOOZE) { // give sandbox some time to start up
-                if (i >= join_timeout) {
+        for (i = SNOOZE; is_ready_for_join(pid) == false; i += SNOOZE) { // give sandbox some time to start up
+                if (i > join_timeout) {
                         fprintf(stderr, "Error: no valid sandbox\n");
                         exit(1);
                 }
@@ -531,6 +531,7 @@ void join(pid_t pid, int argc, char **argv, int index) {
 
                 // it will never get here!!!
         }
+        EUID_USER();
 
         int status = 0;
         //*****************************
diff --git a/src/firejail/ls.c b/src/firejail/ls.c
index 75333fdc2..aa33d838b 100644
--- a/src/firejail/ls.c
+++ b/src/firejail/ls.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/macros.c b/src/firejail/macros.c
index ef64178b5..6901b7d44 100644
--- a/src/firejail/macros.c
+++ b/src/firejail/macros.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 179f8ddf9..78717ab41 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
@@ -2144,7 +2144,10 @@ int main(int argc, char **argv) {
                                 // configure this IP address for the last bridge defined
                                 if (strcmp(argv[i] + 5, "none") == 0)
                                         br->arg_ip_none = 1;
-                                else {
+                                else if (strcmp(argv[i] + 5, "dhcp") == 0) {
+                                        br->arg_ip_none = 1;
+                                        br->arg_ip_dhcp = 1;
+                                } else {
                                         if (atoip(argv[i] + 5, &br->ipsandbox)) {
                                                 fprintf(stderr, "Error: invalid IP address\n");
                                                 exit(1);
@@ -2184,20 +2187,24 @@ int main(int argc, char **argv) {
                                         fprintf(stderr, "Error: no network device configured\n");
                                         exit(1);
                                 }
-                                if (br->ip6sandbox) {
+                                if (br->arg_ip6_dhcp || br->ip6sandbox) {
                                         fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n");
                                         exit(1);
                                 }
 
                                 // configure this IP address for the last bridge defined
-                                if (check_ip46_address(argv[i] + 6) == 0) {
-                                        fprintf(stderr, "Error: invalid IPv6 address\n");
-                                        exit(1);
-                                }
+                                if (strcmp(argv[i] + 6, "dhcp") == 0)
+                                        br->arg_ip6_dhcp = 1;
+                                else {
+                                        if (check_ip46_address(argv[i] + 6) == 0) {
+                                                fprintf(stderr, "Error: invalid IPv6 address\n");
+                                                exit(1);
+                                        }
 
-                                br->ip6sandbox = strdup(argv[i] + 6);
-                                if (br->ip6sandbox == NULL)
-                                        errExit("strdup");
+                                        br->ip6sandbox = strdup(argv[i] + 6);
+                                        if (br->ip6sandbox == NULL)
+                                                errExit("strdup");
+                                }
                         }
                         else
                                 exit_err_feature("networking");
diff --git a/src/firejail/mountinfo.c b/src/firejail/mountinfo.c
index 162f5dbec..34d8d1700 100644
--- a/src/firejail/mountinfo.c
+++ b/src/firejail/mountinfo.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c
index bec32cfde..e0a2ce086 100644
--- a/src/firejail/netfilter.c
+++ b/src/firejail/netfilter.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/netns.c b/src/firejail/netns.c
index 3d8edf5ae..104453376 100644
--- a/src/firejail/netns.c
+++ b/src/firejail/netns.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2018 Firejail Authors
+ * Copyright (C) 2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/network.c b/src/firejail/network.c
index 93249a29b..aa05e3bd0 100644
--- a/src/firejail/network.c
+++ b/src/firejail/network.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c
index 6800bde8d..85896e528 100644
--- a/src/firejail/network_main.c
+++ b/src/firejail/network_main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
@@ -246,6 +246,10 @@ void net_check_cfg(void) {
         if (cfg.defaultgw)
                 check_default_gw(cfg.defaultgw);
         else {
+                // if the first network has no assigned address,
+                // do not try to set up a gateway, because it will fail
+                if (cfg.bridge0.arg_ip_none)
+                        return;
                 // first network is a regular bridge
                 if (cfg.bridge0.macvlan == 0)
                         cfg.defaultgw = cfg.bridge0.ip;
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c
index dca36a4d8..8bf8adecc 100644
--- a/src/firejail/no_sandbox.c
+++ b/src/firejail/no_sandbox.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/output.c b/src/firejail/output.c
index bd7e44788..d4a7f464a 100644
--- a/src/firejail/output.c
+++ b/src/firejail/output.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/paths.c b/src/firejail/paths.c
index 960412acf..f03d98e29 100644
--- a/src/firejail/paths.c
+++ b/src/firejail/paths.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c
index a2dea0339..278099e55 100644
--- a/src/firejail/preproc.c
+++ b/src/firejail/preproc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 9a724331b..969209869 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
@@ -672,7 +672,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                         // configure this IP address for the last bridge defined
                         if (strcmp(ptr + 3, "none") == 0)
                                 br->arg_ip_none = 1;
-                        else {
+                        else if (strcmp(ptr + 3, "dhcp") == 0) {
+                                br->arg_ip_none = 1;
+                                br->arg_ip_dhcp = 1;
+                        } else {
                                 if (atoip(ptr + 3, &br->ipsandbox)) {
                                         fprintf(stderr, "Error: invalid IP address\n");
                                         exit(1);
@@ -693,21 +696,24 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                                 fprintf(stderr, "Error: no network device configured\n");
                                 exit(1);
                         }
-                        if (br->ip6sandbox) {
+                        if (br->arg_ip6_dhcp || br->ip6sandbox) {
                                 fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n");
                                 exit(1);
                         }
 
                         // configure this IP address for the last bridge defined
-                        if (check_ip46_address(ptr + 4) == 0) {
-                                fprintf(stderr, "Error: invalid IPv6 address\n");
-                                exit(1);
-                        }
-
-                        br->ip6sandbox = strdup(ptr + 4);
-                        if (br->ip6sandbox == NULL)
-                                errExit("strdup");
+                        if (strcmp(ptr + 4, "dhcp") == 0)
+                                br->arg_ip6_dhcp = 1;
+                        else {
+                                if (check_ip46_address(ptr + 4) == 0) {
+                                        fprintf(stderr, "Error: invalid IPv6 address\n");
+                                        exit(1);
+                                }
 
+                                br->ip6sandbox = strdup(ptr + 4);
+                                if (br->ip6sandbox == NULL)
+                                        errExit("strdup");
+                        }
                 }
                 else
                         warning_feature_disabled("networking");
diff --git a/src/firejail/protocol.c b/src/firejail/protocol.c
index d3a9e0153..6402afbc6 100644
--- a/src/firejail/protocol.c
+++ b/src/firejail/protocol.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c
index b82473476..57095a53c 100644
--- a/src/firejail/pulseaudio.c
+++ b/src/firejail/pulseaudio.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c
index ee2e497cb..b51172219 100644
--- a/src/firejail/restrict_users.c
+++ b/src/firejail/restrict_users.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/restricted_shell.c b/src/firejail/restricted_shell.c
index ce809c697..b80d4ae55 100644
--- a/src/firejail/restricted_shell.c
+++ b/src/firejail/restricted_shell.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/rlimit.c b/src/firejail/rlimit.c
index ea9fb2d6b..0ca4a34df 100644
--- a/src/firejail/rlimit.c
+++ b/src/firejail/rlimit.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/run_files.c b/src/firejail/run_files.c
index 521a8aa02..b9c80c459 100644
--- a/src/firejail/run_files.c
+++ b/src/firejail/run_files.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/run_symlink.c b/src/firejail/run_symlink.c
index a63f29322..ea3889024 100644
--- a/src/firejail/run_symlink.c
+++ b/src/firejail/run_symlink.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 995e98f9f..96ad30bed 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
@@ -337,6 +337,8 @@ static int monitor_application(pid_t app_pid) {
                                 continue;
                         if (pid == 1)
                                 continue;
+                        if ((pid_t) pid == dhclient4_pid || (pid_t) pid == dhclient6_pid)
+                                continue;
 
                         // todo: make this generic
                         // Dillo browser leaves a dpid process running, we need to shut it down
@@ -993,7 +995,7 @@ int sandbox(void* sandbox_arg) {
                 fs_dev_disable_dvd();
 
         if (arg_nou2f)
-                fs_dev_disable_u2f();
+                fs_dev_disable_u2f();
 
         if (arg_novideo)
                 fs_dev_disable_video();
@@ -1016,6 +1018,11 @@ int sandbox(void* sandbox_arg) {
         fs_logger_change_owner();
 
         //****************************
+        // start dhcp client
+        //****************************
+        dhcp_start();
+
+        //****************************
         // set application environment
         //****************************
         EUID_USER();
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c
index e5739ecb5..203c0fc03 100644
--- a/src/firejail/sbox.c
+++ b/src/firejail/sbox.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
@@ -105,23 +105,34 @@ static struct sock_fprog prog = {
 };
 
 int sbox_run(unsigned filtermask, int num, ...) {
-        EUID_ROOT();
-
-        int i;
         va_list valist;
         va_start(valist, num);
 
         // build argument list
-        char *arg[num + 1];
+  char **arg = malloc((num + 1) * sizeof(char *));
+  int i;
         for (i = 0; i < num; i++)
                 arg[i] = va_arg(valist, char*);
         arg[i] = NULL;
         va_end(valist);
 
+  int status = sbox_run_v(filtermask, arg); 
+
+  free(arg);
+
+  return status;
+}
+
+int sbox_run_v(unsigned filtermask, char * const arg[]) {
+        EUID_ROOT();
+
         if (arg_debug) {
                 printf("sbox run: ");
-                for (i = 0; i <= num; i++)
+                int i = 0;
+                while (arg[i]) {
                         printf("%s ", arg[i]);
+                        i++;
+                }
                 printf("\n");
         }
 
@@ -171,6 +182,7 @@ int sbox_run(unsigned filtermask, int num, ...) {
 
                 // close all other file descriptors
                 int max = 20; // getdtablesize() is overkill for a firejail process
+                int i = 3;
                 for (i = 3; i < max; i++)
                         close(i); // close open files
 
@@ -179,20 +191,31 @@ int sbox_run(unsigned filtermask, int num, ...) {
                 // apply filters
                 if (filtermask & SBOX_CAPS_NONE) {
                         caps_drop_all();
-                }
-                else if (filtermask & SBOX_CAPS_NETWORK) {
+                } else {
+                        uint64_t set = 0;
+                        if (filtermask & SBOX_CAPS_NETWORK) {
 #ifndef HAVE_GCOV // the following filter will prevent GCOV from saving info in .gcda files
-                        uint64_t set = ((uint64_t) 1) << CAP_NET_ADMIN;
-                        set |=  ((uint64_t) 1) << CAP_NET_RAW;
-                        caps_set(set);
+                                set |= ((uint64_t) 1) << CAP_NET_ADMIN;
+                                set |= ((uint64_t) 1) << CAP_NET_RAW;
 #endif
-                }
-                else if (filtermask & SBOX_CAPS_HIDEPID) {
+                        }
+                        if (filtermask & SBOX_CAPS_HIDEPID) {
+#ifndef HAVE_GCOV // the following filter will prevent GCOV from saving info in .gcda files
+                                set |= ((uint64_t) 1) << CAP_SYS_PTRACE;
+                                set |= ((uint64_t) 1) << CAP_SYS_PACCT;
+#endif
+                        }
+                        if (filtermask & SBOX_CAPS_NET_SERVICE) {
 #ifndef HAVE_GCOV // the following filter will prevent GCOV from saving info in .gcda files
-                        uint64_t set = ((uint64_t) 1) << CAP_SYS_PTRACE;
-                        set |=  ((uint64_t) 1) << CAP_SYS_PACCT;
-                        caps_set(set);
+                                set |= ((uint64_t) 1) << CAP_NET_BIND_SERVICE;
+                                set |= ((uint64_t) 1) << CAP_NET_BROADCAST;
 #endif
+                        }
+                        if (set != 0) { // some SBOX_CAPS_ flag was specified, drop all other capabilities
+#ifndef HAVE_GCOV // the following filter will prevent GCOV from saving info in .gcda files
+                                caps_set(set);
+#endif
+                        }
                 }
 
                 if (filtermask & SBOX_SECCOMP) {
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c
index 648ce1612..10a2a5665 100644
--- a/src/firejail/seccomp.c
+++ b/src/firejail/seccomp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/shutdown.c b/src/firejail/shutdown.c
index 24b3665fc..a7d0b2fbe 100644
--- a/src/firejail/shutdown.c
+++ b/src/firejail/shutdown.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index fbace7374..52d4f7c03 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
@@ -82,7 +82,9 @@ static char *usage_str =
         "    --interface=name - move interface in sandbox.\n"
         "    --ip=address - set interface IP address.\n"
         "    --ip=none - no IP address and no default gateway are configured.\n"
+        "    --ip=dhcp - acquire IP address by running dhclient.\n"
         "    --ip6=address - set interface IPv6 address.\n"
+        "    --ip6=dhcp - acquire IPv6 address by running dhclient.\n"
         "    --iprange=address,address - configure an IP address in this range.\n"
 #endif
         "    --ipc-namespace - enable a new IPC namespace.\n"
diff --git a/src/firejail/util.c b/src/firejail/util.c
index 18d121ca9..6bfc80903 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firejail/x11.c b/src/firejail/x11.c
index b390ad38e..9a50532c2 100644
--- a/src/firejail/x11.c
+++ b/src/firejail/x11.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firemon/apparmor.c b/src/firemon/apparmor.c
index cf5808b00..028dbc212 100644
--- a/src/firemon/apparmor.c
+++ b/src/firemon/apparmor.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firemon/arp.c b/src/firemon/arp.c
index 9c8cb9f52..a43593ced 100644
--- a/src/firemon/arp.c
+++ b/src/firemon/arp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firemon/caps.c b/src/firemon/caps.c
index c3e1aa5f1..951bd21a5 100644
--- a/src/firemon/caps.c
+++ b/src/firemon/caps.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firemon/cgroup.c b/src/firemon/cgroup.c
index f2020eafb..251db0077 100644
--- a/src/firemon/cgroup.c
+++ b/src/firemon/cgroup.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firemon/cpu.c b/src/firemon/cpu.c
index 6186ff3f0..6170ef8c1 100644
--- a/src/firemon/cpu.c
+++ b/src/firemon/cpu.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c
index dad3b0afb..39c05d63e 100644
--- a/src/firemon/firemon.c
+++ b/src/firemon/firemon.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firemon/firemon.h b/src/firemon/firemon.h
index 7f8bc698c..7a55a64fb 100644
--- a/src/firemon/firemon.h
+++ b/src/firemon/firemon.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firemon/interface.c b/src/firemon/interface.c
index 0a0801fee..325ffd80e 100644
--- a/src/firemon/interface.c
+++ b/src/firemon/interface.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firemon/list.c b/src/firemon/list.c
index 68a066604..8a07f9eb2 100644
--- a/src/firemon/list.c
+++ b/src/firemon/list.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firemon/netstats.c b/src/firemon/netstats.c
index e7a4354d1..c746cc127 100644
--- a/src/firemon/netstats.c
+++ b/src/firemon/netstats.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c
index 762d22514..c823943c0 100644
--- a/src/firemon/procevent.c
+++ b/src/firemon/procevent.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firemon/route.c b/src/firemon/route.c
index 105814434..9fd46505f 100644
--- a/src/firemon/route.c
+++ b/src/firemon/route.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firemon/seccomp.c b/src/firemon/seccomp.c
index 099ac8819..7bc700ee6 100644
--- a/src/firemon/seccomp.c
+++ b/src/firemon/seccomp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firemon/top.c b/src/firemon/top.c
index 514b9710e..ba707ef19 100644
--- a/src/firemon/top.c
+++ b/src/firemon/top.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firemon/tree.c b/src/firemon/tree.c
index 9e9900c53..f3610eaec 100644
--- a/src/firemon/tree.c
+++ b/src/firemon/tree.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firemon/usage.c b/src/firemon/usage.c
index 196fc32c3..0c3da00f8 100644
--- a/src/firemon/usage.c
+++ b/src/firemon/usage.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/firemon/x11.c b/src/firemon/x11.c
index 3eb06390a..a41f4825f 100644
--- a/src/firemon/x11.c
+++ b/src/firemon/x11.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fldd/main.c b/src/fldd/main.c
index d085ea59b..dd22e601e 100644
--- a/src/fldd/main.c
+++ b/src/fldd/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fnet/arp.c b/src/fnet/arp.c
index a4fe02987..122d0007c 100644
--- a/src/fnet/arp.c
+++ b/src/fnet/arp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fnet/fnet.h b/src/fnet/fnet.h
index 4900967f7..b9cf96c64 100644
--- a/src/fnet/fnet.h
+++ b/src/fnet/fnet.h
@@ -1,5 +1,5 @@
  /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
@@ -47,6 +47,7 @@ int net_get_mac(const char *ifname, unsigned char mac[6]);
 void net_if_ip(const char *ifname, uint32_t ip, uint32_t mask, int mtu);
 int net_if_mac(const char *ifname, const unsigned char mac[6]);
 void net_if_ip6(const char *ifname, const char *addr6);
+void net_if_waitll(const char *ifname);
 
 
 // arp.c
diff --git a/src/fnet/interface.c b/src/fnet/interface.c
index 7e7cceeed..62df0930e 100644
--- a/src/fnet/interface.c
+++ b/src/fnet/interface.c
@@ -1,5 +1,5 @@
  /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
@@ -28,6 +28,8 @@
 #include <net/if_arp.h>
 #include <net/route.h>
 #include <linux/if_bridge.h>
+#include <linux/netlink.h>
+#include <linux/rtnetlink.h>
 
 static void check_if_name(const char *ifname) {
         if (strlen(ifname) > IFNAMSIZ) {
@@ -370,3 +372,129 @@ void net_if_ip6(const char *ifname, const char *addr6) {
 
         close(sock);
 }
+
+static int net_netlink_address_tentative(struct nlmsghdr *current_header) {
+        struct ifaddrmsg *msg = NLMSG_DATA(current_header);
+        int has_flags = 0;
+#ifdef IFA_FLAGS
+        struct rtattr *rta = IFA_RTA(msg);
+        size_t msg_len = IFA_PAYLOAD(current_header);
+        while (RTA_OK(rta, msg_len)) {
+                if (rta->rta_type == IFA_FLAGS) {
+                        has_flags = 1;
+                        uint32_t *flags = RTA_DATA(rta);
+                        if (*flags & IFA_F_TENTATIVE)
+                                return 1;
+                }
+                rta = RTA_NEXT(rta, msg_len);
+        }
+#endif
+        // According to <linux/if_addr.h>, if an IFA_FLAGS attribute is present,
+        // the field ifa_flags should be ignored.
+        return !has_flags && (msg->ifa_flags & IFA_F_TENTATIVE);
+}
+
+static int net_netlink_if_has_ll(int sock, uint32_t index) {
+        struct {
+                struct nlmsghdr header;
+                struct ifaddrmsg message;
+        } req;
+        memset(&req, 0, sizeof(req));
+        req.header.nlmsg_len = NLMSG_LENGTH(sizeof(req.message));
+        req.header.nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP;
+        req.header.nlmsg_type = RTM_GETADDR;
+        req.message.ifa_family = AF_INET6;
+        if (send(sock, &req, req.header.nlmsg_len, 0) != req.header.nlmsg_len)
+                errExit("send");
+
+        int found = 0;
+        int all_parts_processed = 0;
+        while (!all_parts_processed) {
+                char buf[16384];
+                ssize_t len = recv(sock, buf, sizeof(buf), 0);
+                if (len < 0)
+                        errExit("recv");
+                if (len < (ssize_t) sizeof(struct nlmsghdr)) {
+                        fprintf(stderr, "Received incomplete netlink message\n");
+                        exit(1);
+                }
+
+                struct nlmsghdr *current_header = (struct nlmsghdr *) buf;
+                while (NLMSG_OK(current_header, len)) {
+                        switch (current_header->nlmsg_type) {
+                        case RTM_NEWADDR: {
+                                struct ifaddrmsg *msg = NLMSG_DATA(current_header);
+                                if (!found && msg->ifa_index == index && msg->ifa_scope == RT_SCOPE_LINK &&
+                                                !net_netlink_address_tentative(current_header))
+                                        found = 1;
+                        }
+                                break;
+                        case NLMSG_NOOP:
+                                break;
+                        case NLMSG_DONE:
+                                all_parts_processed = 1;
+                                break;
+                        case NLMSG_ERROR: {
+                                struct nlmsgerr *err = NLMSG_DATA(current_header);
+                                fprintf(stderr, "Netlink error: %d\n", err->error);
+                                exit(1);
+                        }
+                                break;
+                        default:
+                                fprintf(stderr, "Unknown netlink message type: %u\n", current_header->nlmsg_type);
+                                exit(1);
+                                break;
+                        }
+
+                        current_header = NLMSG_NEXT(current_header, len);
+                }
+        }
+
+        return found;
+}
+
+// wait for a link-local IPv6 address for DHCPv6
+// ex: firejail --net=br0 --ip6=dhcp
+void net_if_waitll(const char *ifname) {
+        // find interface index
+        int inet6_sock = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
+        if (inet6_sock < 0) {
+                fprintf(stderr, "Error fnet: IPv6 is not supported on this system\n");
+                exit(1);
+        }
+        struct ifreq ifr;
+        memset(&ifr, 0, sizeof(ifr));
+        strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
+        ifr.ifr_addr.sa_family = AF_INET;
+        if (ioctl(inet6_sock, SIOGIFINDEX, &ifr) < 0) {
+                perror("ioctl SIOGIFINDEX");
+                exit(1);
+        }
+        close(inet6_sock);
+        if (ifr.ifr_ifindex < 0) {
+                fprintf(stderr, "Error fnet: interface index is negative\n");
+                exit(1);
+        }
+        uint32_t index = (uint32_t) ifr.ifr_ifindex;
+
+        // poll for link-local address
+        int netlink_sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+        if (netlink_sock < 0)
+                errExit("socket");
+        int tries = 0;
+        int found = 0;
+        while (tries < 60 && !found) {
+                if (tries >= 1)
+                        usleep(500000);
+
+                found = net_netlink_if_has_ll(netlink_sock, index);
+
+                tries++;
+        }
+        close(netlink_sock);
+
+        if (!found) {
+                fprintf(stderr, "Waiting for link-local IPv6 address of %s timed out\n", ifname);
+                exit(1);
+        }
+}
diff --git a/src/fnet/main.c b/src/fnet/main.c
index 890f842f6..95e12164e 100644
--- a/src/fnet/main.c
+++ b/src/fnet/main.c
@@ -1,5 +1,5 @@
  /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
@@ -47,6 +47,7 @@ static void usage(void) {
         printf("\tfnet config mac addr\n");
         printf("\tfnet config ipv6 dev ip\n");
         printf("\tfnet ifup dev\n");
+  printf("\tfnet waitll dev\n");
 }
 
 int main(int argc, char **argv) {
@@ -141,6 +142,9 @@ printf("\n");
         else if (argc == 5 && strcmp(argv[1], "config") == 0 && strcmp(argv[2], "ipv6") == 0) {
                 net_if_ip6(argv[3], argv[4]);
         }
+  else if (argc == 3 && strcmp(argv[1], "waitll") == 0) {
+    net_if_waitll(argv[2]);
+  }
         else {
                 fprintf(stderr, "Error fnet: invalid arguments\n");
                 return 1;
diff --git a/src/fnet/veth.c b/src/fnet/veth.c
index 7a32da2d1..777e4e07e 100644
--- a/src/fnet/veth.c
+++ b/src/fnet/veth.c
@@ -26,7 +26,7 @@
  *
  */
  /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fnetfilter/main.c b/src/fnetfilter/main.c
index 7be6390e5..8124beb1a 100644
--- a/src/fnetfilter/main.c
+++ b/src/fnetfilter/main.c
@@ -1,5 +1,5 @@
  /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fsec-optimize/fsec_optimize.h b/src/fsec-optimize/fsec_optimize.h
index 279118bee..211111641 100644
--- a/src/fsec-optimize/fsec_optimize.h
+++ b/src/fsec-optimize/fsec_optimize.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fsec-optimize/main.c b/src/fsec-optimize/main.c
index b968bd5f3..416d85b88 100644
--- a/src/fsec-optimize/main.c
+++ b/src/fsec-optimize/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fsec-optimize/optimizer.c b/src/fsec-optimize/optimizer.c
index 69b99f595..776beaa75 100644
--- a/src/fsec-optimize/optimizer.c
+++ b/src/fsec-optimize/optimizer.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fsec-print/fsec_print.h b/src/fsec-print/fsec_print.h
index 777bc609a..0237fd020 100644
--- a/src/fsec-print/fsec_print.h
+++ b/src/fsec-print/fsec_print.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fsec-print/main.c b/src/fsec-print/main.c
index ed942c806..728308dac 100644
--- a/src/fsec-print/main.c
+++ b/src/fsec-print/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fsec-print/print.c b/src/fsec-print/print.c
index 8a5d69120..5c244b000 100644
--- a/src/fsec-print/print.c
+++ b/src/fsec-print/print.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fsec-print/syscall_list.c b/src/fsec-print/syscall_list.c
index db443f5e2..274908cef 100644
--- a/src/fsec-print/syscall_list.c
+++ b/src/fsec-print/syscall_list.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fseccomp/errno.c b/src/fseccomp/errno.c
index d4c2b9249..9c5aa770c 100644
--- a/src/fseccomp/errno.c
+++ b/src/fseccomp/errno.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fseccomp/fseccomp.h b/src/fseccomp/fseccomp.h
index e1579d098..bf55870f2 100644
--- a/src/fseccomp/fseccomp.h
+++ b/src/fseccomp/fseccomp.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fseccomp/main.c b/src/fseccomp/main.c
index faf38ade1..82b96f476 100644
--- a/src/fseccomp/main.c
+++ b/src/fseccomp/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fseccomp/protocol.c b/src/fseccomp/protocol.c
index cdd9f3a40..7a21eb2c2 100644
--- a/src/fseccomp/protocol.c
+++ b/src/fseccomp/protocol.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fseccomp/seccomp.c b/src/fseccomp/seccomp.c
index 95c20d388..29aa2f2f5 100644
--- a/src/fseccomp/seccomp.c
+++ b/src/fseccomp/seccomp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fseccomp/seccomp_file.c b/src/fseccomp/seccomp_file.c
index 266ef0c55..e47e8db25 100644
--- a/src/fseccomp/seccomp_file.c
+++ b/src/fseccomp/seccomp_file.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fseccomp/seccomp_secondary.c b/src/fseccomp/seccomp_secondary.c
index fd0bc5a50..9a00d1884 100644
--- a/src/fseccomp/seccomp_secondary.c
+++ b/src/fseccomp/seccomp_secondary.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fseccomp/syscall.c b/src/fseccomp/syscall.c
index 1683d3140..2b112245c 100644
--- a/src/fseccomp/syscall.c
+++ b/src/fseccomp/syscall.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/fshaper/fshaper.sh b/src/fshaper/fshaper.sh
index 30a07fb86..936a23512 100755
--- a/src/fshaper/fshaper.sh
+++ b/src/fshaper/fshaper.sh
@@ -1,4 +1,7 @@
 #!/bin/bash
+# This file is part of Firejail project
+# Copyright (C) 2014-2020 Firejail Authors
+# License GPL v2
 
 usage() {
         echo "Usage:"
diff --git a/src/ftee/ftee.h b/src/ftee/ftee.h
index 0b026aa7f..aec64595d 100644
--- a/src/ftee/ftee.h
+++ b/src/ftee/ftee.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/ftee/main.c b/src/ftee/main.c
index f488c10a2..a1e42ed32 100644
--- a/src/ftee/main.c
+++ b/src/ftee/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/include/common.h b/src/include/common.h
index 699ed765d..c65ba0d55 100644
--- a/src/include/common.h
+++ b/src/include/common.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/include/euid_common.h b/src/include/euid_common.h
index 9975c72bf..d8277ade7 100644
--- a/src/include/euid_common.h
+++ b/src/include/euid_common.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/include/firejail_user.h b/src/include/firejail_user.h
index 21311bc5d..a8d269daa 100644
--- a/src/include/firejail_user.h
+++ b/src/include/firejail_user.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/include/ldd_utils.h b/src/include/ldd_utils.h
index c9e8b4098..29dd8926e 100644
--- a/src/include/ldd_utils.h
+++ b/src/include/ldd_utils.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/include/pid.h b/src/include/pid.h
index 9d4735bdd..1f15d3c68 100644
--- a/src/include/pid.h
+++ b/src/include/pid.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/include/rundefs.h b/src/include/rundefs.h
index df135b9ca..7f9c68be2 100644
--- a/src/include/rundefs.h
+++ b/src/include/rundefs.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
@@ -49,6 +49,12 @@
 #define RUN_LIB_DIR                     RUN_MNT_DIR "/lib"
 #define RUN_LIB_FILE                    RUN_MNT_DIR "/libfiles"
 #define RUN_DNS_ETC                     RUN_MNT_DIR "/dns-etc"
+#define RUN_DHCLIENT_DIR                        RUN_MNT_DIR "/dhclient"
+#define RUN_DHCLIENT_4_LEASES_FILE              RUN_DHCLIENT_DIR "/dhclient.leases"
+#define RUN_DHCLIENT_6_LEASES_FILE              RUN_DHCLIENT_DIR "/dhclient6.leases"
+#define RUN_DHCLIENT_4_LEASES_FILE              RUN_DHCLIENT_DIR "/dhclient.leases"
+#define RUN_DHCLIENT_4_PID_FILE                 RUN_DHCLIENT_DIR "/dhclient.pid"
+#define RUN_DHCLIENT_6_PID_FILE                 RUN_DHCLIENT_DIR "/dhclient6.pid"
 
 #define RUN_SECCOMP_DIR                 RUN_MNT_DIR "/seccomp"
 #define RUN_SECCOMP_LIST                RUN_SECCOMP_DIR "/seccomp.list"         // list of seccomp files installed
diff --git a/src/include/seccomp.h b/src/include/seccomp.h
index 6af84f821..80a83df34 100644
--- a/src/include/seccomp.h
+++ b/src/include/seccomp.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/include/syscall.h b/src/include/syscall.h
index 766f771cf..e11c56a05 100644
--- a/src/include/syscall.h
+++ b/src/include/syscall.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/lib/common.c b/src/lib/common.c
index 3a7f910e1..1fd317d4f 100644
--- a/src/lib/common.c
+++ b/src/lib/common.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/lib/firejail_user.c b/src/lib/firejail_user.c
index f7234cc08..dbf2ca94b 100644
--- a/src/lib/firejail_user.c
+++ b/src/lib/firejail_user.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/lib/ldd_utils.c b/src/lib/ldd_utils.c
index 453c7e9dc..32bfb0974 100644
--- a/src/lib/ldd_utils.c
+++ b/src/lib/ldd_utils.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/lib/pid.c b/src/lib/pid.c
index 04bc8d132..cad0e5424 100644
--- a/src/lib/pid.c
+++ b/src/lib/pid.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
@@ -17,6 +17,7 @@
  * with this program; if not, write to the Free Software Foundation, Inc.,
  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
+
 #include "../include/common.h"
 #include "../include/pid.h"
 #include <string.h>
diff --git a/src/libpostexecseccomp/libpostexecseccomp.c b/src/libpostexecseccomp/libpostexecseccomp.c
index b2f64f18e..c86faa329 100644
--- a/src/libpostexecseccomp/libpostexecseccomp.c
+++ b/src/libpostexecseccomp/libpostexecseccomp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/libtrace/libtrace.c b/src/libtrace/libtrace.c
index 93fa9d5f8..a27fa7a03 100644
--- a/src/libtrace/libtrace.c
+++ b/src/libtrace/libtrace.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/libtracelog/libtracelog.c b/src/libtracelog/libtracelog.c
index 3641a81af..9102a8ef6 100644
--- a/src/libtracelog/libtracelog.c
+++ b/src/libtracelog/libtracelog.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 719a80c2c..84aed41a4 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -582,6 +582,33 @@ net eth0
 ip none
 
 .TP
+\fBip dhcp
+Acquire an IP address and default gateway for the last interface defined by a
+net command, as well as set the DNS servers according to the DHCP response.
+This command requires the ISC dhclient DHCP client to be installed and will start
+it automatically inside the sandbox.
+.br
+
+.br
+Example:
+.br
+net br0
+.br
+ip dhcp
+.br
+
+.br
+This command should not be used in conjunction with the dns command if the
+DHCP server is set to configure DNS servers for the clients, because the
+manually specified DNS servers will be overwritten.
+
+.br
+The DHCP client will NOT release the DHCP lease when the sandbox terminates.
+If your DHCP server requires leases to be explicitly released, consider running
+a DHCP client and releasing the lease manually in conjunction with the
+net none command.
+
+.TP
 \fBip6 address
 Assign IPv6 addresses to the last network interface defined by a net command.
 .br
@@ -594,6 +621,32 @@ net eth0
 ip6 2001:0db8:0:f101::1/64
 
 .TP
+\fBip6 dhcp
+Acquire an IPv6 address and default gateway for the last interface defined by a
+net command, as well as set the DNS servers according to the DHCP response.
+This command requires the ISC dhclient DHCP client to be installed and will start
+it automatically inside the sandbox.
+.br
+
+.br
+Example:
+.br
+net br0
+.br
+ip6 dhcp
+.br
+
+.br
+This command should not be used in conjunction with the dns command if the
+DHCP server is set to configure DNS servers for the clients, because the
+manually specified DNS servers will be overwritten.
+
+.br
+The DHCP client will NOT release the DHCP lease when the sandbox terminates.
+If your DHCP server requires leases to be explicitly released, consider running
+a DHCP client and releasing the lease manually.
+
+.TP
 \fBiprange address,address
 Assign  an  IP address in the provided range to the last network
 interface defined by  a  net command.  A  default  gateway  is assigned by default.
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 32ac07d72..4b1134686 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -567,6 +567,31 @@ If the corresponding interface doesn't have an IP address configured, this
 option is enabled by default.
 
 .TP
+\fB\-\-ip=dhcp
+Acquire an IP address and default gateway for the last interface defined by a
+\-\-net option, as well as set the DNS servers according to the DHCP response.
+This option requires the ISC dhclient DHCP client to be installed and will start
+it automatically inside the sandbox.
+.br
+
+.br
+Example:
+.br
+$ firejail \-\-net=br0 \-\-ip=dhcp
+.br
+
+.br
+This option should not be used in conjunction with the \-\-dns option if the
+DHCP server is set to configure DNS servers for the clients, because the
+manually specified DNS servers will be overwritten.
+
+.br
+The DHCP client will NOT release the DHCP lease when the sandbox terminates.
+If your DHCP server requires leases to be explicitly released, consider running
+a DHCP client and releasing the lease manually in conjunction with the
+\-\-net=none option.
+
+.TP
 \fB\-\-ip6=address
 Assign IPv6 addresses to the last network interface defined by a \-\-net option.
 .br
@@ -579,6 +604,30 @@ $ firejail \-\-net=eth0 \-\-ip6=2001:0db8:0:f101::1/64 firefox
 Note: you don't need this option if you obtain your ip6 address from router via SLAAC (your ip6 address and default route will be configured by kernel automatically).
 
 .TP
+\fB\-\-ip6=dhcp
+Acquire an IPv6 address and default gateway for the last interface defined by a
+\-\-net option, as well as set the DNS servers according to the DHCP response.
+This option requires the ISC dhclient DHCP client to be installed and will start
+it automatically inside the sandbox.
+.br
+
+.br
+Example:
+.br
+$ firejail \-\-net=br0 \-\-ip6=dhcp
+.br
+
+.br
+This option should not be used in conjunction with the \-\-dns option if the
+DHCP server is set to configure DNS servers for the clients, because the
+manually specified DNS servers will be overwritten.
+
+.br
+The DHCP client will NOT release the DHCP lease when the sandbox terminates.
+If your DHCP server requires leases to be explicitly released, consider running
+a DHCP client and releasing the lease manually.
+
+.TP
 \fB\-\-iprange=address,address
 Assign an IP address in the provided range to the last network interface defined by a \-\-net option. A
 default gateway is assigned by default.
@@ -2235,7 +2284,7 @@ $ firejail --tunnel firefox
 .br
 .TP
 \fB\-\-version
-Print program version and exit.
+Print program version/compile time support and exit.
 .br
 
 .br
@@ -2245,6 +2294,20 @@ $ firejail \-\-version
 .br
 firejail version 0.9.27
 
+Compile time support:
+    - AppArmor support is enabled
+    - AppImage support is enabled
+    - chroot support is enabled
+    - file and directory whitelisting support is enabled
+    - file transfer support is enabled
+    - firetunnel support is enabled
+    - networking support is enabled
+    - overlayfs support is enabled
+    - private-home support is enabled
+    - seccomp-bpf support is enabled
+    - user namespace support is enabled
+    - X11 sandboxing support is enabled
+.br
 .TP
 \fB\-\-veth-name=name
 Use this name for the interface connected to the bridge for --net=bridge_interface commands,
diff --git a/src/tools/check-caps.sh b/src/tools/check-caps.sh
index 13525677b..34ac5993d 100755
--- a/src/tools/check-caps.sh
+++ b/src/tools/check-caps.sh
@@ -1,4 +1,7 @@
 #!/bin/bash
+# This file is part of Firejail project
+# Copyright (C) 2014-2020 Firejail Authors
+# License GPL v2
 
 if [ $# -eq 0 ]
 then
diff --git a/src/tools/extract_caps.c b/src/tools/extract_caps.c
index 24c2b1bd1..d76749e44 100644
--- a/src/tools/extract_caps.c
+++ b/src/tools/extract_caps.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/tools/extract_errnos.sh b/src/tools/extract_errnos.sh
index 43b225828..286fdd767 100644
--- a/src/tools/extract_errnos.sh
+++ b/src/tools/extract_errnos.sh
@@ -1,3 +1,8 @@
+#!/bin/bash
+# This file is part of Firejail project
+# Copyright (C) 2014-2020 Firejail Authors
+# License GPL v2
+
 echo -e "#include <errno.h>\n#include <attr/xattr.h>" | \
     cpp -dD | \
     grep "^#define E" | \
diff --git a/src/tools/extract_syscalls.c b/src/tools/extract_syscalls.c
index d762d283b..83c2f65f3 100644
--- a/src/tools/extract_syscalls.c
+++ b/src/tools/extract_syscalls.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/tools/mkcoverit.sh b/src/tools/mkcoverit.sh
index d4a68e397..b21418d5c 100755
--- a/src/tools/mkcoverit.sh
+++ b/src/tools/mkcoverit.sh
@@ -1,4 +1,7 @@
 #!/bin/bash
+# This file is part of Firejail project
+# Copyright (C) 2014-2020 Firejail Authors
+# License GPL v2
 
 # unpack firejail archive
 ARCFIREJAIL=`ls *.tar.xz| grep firejail`
diff --git a/src/tools/testuid.c b/src/tools/testuid.c
index 2f85d0252..ad3d2be5f 100644
--- a/src/tools/testuid.c
+++ b/src/tools/testuid.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Firejail Authors
+ * Copyright (C) 2014-2020 Firejail Authors
  *
  * This file is part of firejail project
  *
diff --git a/src/tools/ttytest.c b/src/tools/ttytest.c
index a449bf9ba..beaeb4fbe 100644
--- a/src/tools/ttytest.c
+++ b/src/tools/ttytest.c
@@ -1,3 +1,23 @@
+/*
+ * Copyright (C) 2014-2020 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+
 #define _XOPEN_SOURCE 600
 #include <stdlib.h>
 #include <stdio.h>
diff --git a/src/tools/unixsocket.c b/src/tools/unixsocket.c
index c4302eed3..0987deb7a 100644
--- a/src/tools/unixsocket.c
+++ b/src/tools/unixsocket.c
@@ -1,3 +1,23 @@
+/*
+ * Copyright (C) 2014-2020 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+
 #include <stdio.h>
 #include <sys/types.h>
 #include <sys/socket.h>