From 590f661715c991af40fb2de8b5bfe3b2bf2a606c Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Wed, 24 Apr 2019 12:25:36 -0400
Subject: Revert "Merge branch 'master' of github.com:netblue30/firejail"

This reverts commit 0d42e12f11825f84d6bf6f9c667cd16272a3700c, reversing
changes made to 63efb454a4af0ee5d4905f7cfae193138aef3e15.
---
 etc/android-studio.profile |  44 ++-
 etc/aosp.profile           |  46 ++-
 etc/atom.profile           |  42 ++-
 etc/brackets.profile       |  39 ++-
 etc/clion.profile          |  39 ++-
 etc/code.profile           |  47 ++-
 etc/disable-programs.inc   | 738 ++++++++++++++++++++++++++++++++++++++++++++-
 etc/geany.profile          |  38 ++-
 etc/gedit.profile          |  51 +++-
 etc/git.profile            |  52 +++-
 etc/gitg.profile           |  45 ++-
 etc/github-desktop.profile |  50 ++-
 etc/gnome-builder.profile  |  37 ++-
 etc/idea.sh.profile        |  43 ++-
 etc/meld.profile           |  62 +++-
 etc/webstorm.profile       |  44 ++-
 16 files changed, 1401 insertions(+), 16 deletions(-)

diff --git a/etc/android-studio.profile b/etc/android-studio.profile
index ba54697e1..ff7fb6711 100644
--- a/etc/android-studio.profile
+++ b/etc/android-studio.profile
@@ -1 +1,43 @@
-]0;firejail /usr/bin/meld ./etc/android-studio_LOCAL_29017.profile ./etc/android-studio_BASE_29017.profile ./etc/android-studio_REMOTE_29017.profile 
\ No newline at end of file
+# Firejail profile for android-studio
+# This file is overwritten after every install/update
+# Persistent local customizations
+include android-studio.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.AndroidStudio*
+noblacklist ${HOME}/.android
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+noblacklist ${HOME}/.gradle
+noblacklist ${HOME}/.jack-server
+noblacklist ${HOME}/.jack-settings
+noblacklist ${HOME}/.java
+noblacklist ${HOME}/.local/share/JetBrains
+noblacklist ${HOME}/.ssh
+noblacklist ${HOME}/.tooling
+
+include disable-common.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+include whitelist-var-common.inc
+
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+private-cache
+# private-tmp
+
+# noexec /tmp breaks 'Android Profiler'
+#noexec /tmp
diff --git a/etc/aosp.profile b/etc/aosp.profile
index 98c23139b..bdfefa923 100644
--- a/etc/aosp.profile
+++ b/etc/aosp.profile
@@ -1 +1,45 @@
-]0;firejail /usr/bin/meld ./etc/aosp_LOCAL_29017.profile ./etc/aosp_BASE_29017.profile ./etc/aosp_REMOTE_29017.profile 
\ No newline at end of file
+# Firejail profile for aosp
+# This file is overwritten after every install/update
+# Persistent local customizations
+include aosp.local
+# Persistent global definitions
+include globals.local
+
+
+noblacklist ${HOME}/.android
+noblacklist ${HOME}/.bash_history
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+noblacklist ${HOME}/.gradle
+noblacklist ${HOME}/.jack-server
+noblacklist ${HOME}/.jack-settings
+noblacklist ${HOME}/.java
+noblacklist ${HOME}/.repo_.gitconfig.json
+noblacklist ${HOME}/.repoconfig
+noblacklist ${HOME}/.ssh
+noblacklist ${HOME}/.tooling
+
+include disable-common.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+include whitelist-var-common.inc
+
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+#seccomp
+shell none
+
+private-tmp
diff --git a/etc/atom.profile b/etc/atom.profile
index 7700cc0be..a3c62284c 100644
--- a/etc/atom.profile
+++ b/etc/atom.profile
@@ -1 +1,41 @@
-]0;firejail /usr/bin/meld ./etc/atom_LOCAL_29017.profile ./etc/atom_BASE_29017.profile ./etc/atom_REMOTE_29017.profile 
\ No newline at end of file
+# Firejail profile for atom
+# Description: A hackable text editor for the 21st Century
+# This file is overwritten after every install/update
+# Persistent local customizations
+include atom.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.atom
+noblacklist ${HOME}/.config/Atom
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.cargo/config
+noblacklist ${HOME}/.cargo/registry
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+noblacklist ${HOME}/.pythonrc.py
+
+include disable-common.inc
+include disable-exec.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+caps.drop all
+# net none
+netfilter
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+
+private-cache
+private-dev
+private-tmp
diff --git a/etc/brackets.profile b/etc/brackets.profile
index 6f05e496a..fa0d7e592 100644
--- a/etc/brackets.profile
+++ b/etc/brackets.profile
@@ -1 +1,38 @@
-]0;firejail /usr/bin/meld ./etc/brackets_LOCAL_29017.profile ./etc/brackets_BASE_29017.profile ./etc/brackets_REMOTE_29017.profile 
\ No newline at end of file
+# Firejail profile for brackets
+# This file is overwritten after every install/update
+# Persistent local customizations
+include brackets.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/Brackets
+#noblacklist /opt/brackets/
+#noblacklist /opt/google/
+# Uncomment the the next two lines if you are developing rust.
+# or put it in your brackets.local
+#noblacklist ${HOME}/.cargo/config
+#noblacklist ${HOME}/.cargo/registry
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+
+include disable-common.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
+shell none
+
+private-cache
+private-dev
diff --git a/etc/clion.profile b/etc/clion.profile
index 29b6116b0..b27d93684 100644
--- a/etc/clion.profile
+++ b/etc/clion.profile
@@ -1 +1,38 @@
-]0;firejail /usr/bin/meld ./etc/clion_LOCAL_29017.profile ./etc/clion_BASE_29017.profile ./etc/clion_REMOTE_29017.profile 
\ No newline at end of file
+# Firejail profile for CLion
+# This file is overwritten after every install/update
+# Persistent local customizations
+include clion.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.CLion*
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+noblacklist ${HOME}/.java
+noblacklist ${HOME}/.local/share/JetBrains
+noblacklist ${HOME}/.ssh
+noblacklist ${HOME}/.tooling
+
+include disable-common.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+private-cache
+private-dev
+# private-tmp
+
+noexec /tmp
diff --git a/etc/code.profile b/etc/code.profile
index 04eb6aff4..16678459e 100644
--- a/etc/code.profile
+++ b/etc/code.profile
@@ -1 +1,46 @@
-]0;firejail /usr/bin/meld ./etc/code_LOCAL_29017.profile ./etc/code_BASE_29017.profile ./etc/code_REMOTE_29017.profile 
\ No newline at end of file
+# Firejail profile for Visual Studio Code
+# This file is overwritten after every install/update
+# Persistent local customizations
+include code.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.cargo/config
+noblacklist ${HOME}/.cargo/registry
+noblacklist ${HOME}/.config/Code
+noblacklist ${HOME}/.config/Code - OSS
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+noblacklist ${HOME}/.pythonrc.py
+noblacklist ${HOME}/.vscode
+noblacklist ${HOME}/.vscode-oss
+
+include disable-common.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+caps.drop all
+net none
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+
+private-cache
+private-dev
+private-tmp
+
+# Disabling noexec ${HOME} for now since it will
+# probably interfere with running some programmes
+# in VS Code
+# noexec ${HOME}
+noexec /tmp
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 874411088..f0d6611ad 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -1 +1,737 @@
-]0;firejail /usr/bin/meld ./etc/disable-programs_LOCAL_29017.inc ./etc/disable-programs_BASE_29017.inc ./etc/disable-programs_REMOTE_29017.inc 
\ No newline at end of file
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include disable-programs.local
+
+blacklist ${HOME}/Arduino
+blacklist ${HOME}/Monero/wallets
+blacklist ${HOME}/Nextcloud/Notes
+blacklist ${HOME}/SoftMaker
+blacklist ${HOME}/Standard Notes Backups
+blacklist ${HOME}/wallet.dat
+blacklist ${HOME}/.*coin
+blacklist ${HOME}/.8pecxstudios
+blacklist ${HOME}/.AndroidStudio*
+blacklist ${HOME}/.Atom
+blacklist ${HOME}/.CLion*
+blacklist ${HOME}/.FBReader
+blacklist ${HOME}/.FontForge
+blacklist ${HOME}/.IdeaIC*
+blacklist ${HOME}/.LuminanceHDR
+blacklist ${HOME}/.Mathematica
+blacklist ${HOME}/.Natron
+blacklist ${HOME}/.PlayOnLinux
+blacklist ${HOME}/.PyCharm*
+blacklist ${HOME}/.Sayonara
+blacklist ${HOME}/.Skype
+blacklist ${HOME}/.Steam
+blacklist ${HOME}/.Steampath
+blacklist ${HOME}/.Steampid
+blacklist ${HOME}/.TelegramDesktop
+blacklist ${HOME}/.ViberPC
+blacklist ${HOME}/.VirtualBox
+blacklist ${HOME}/.VSCodium
+blacklist ${HOME}/.WebStorm*
+blacklist ${HOME}/.Wolfram Research
+blacklist ${HOME}/.ZAP
+blacklist ${HOME}/.aMule
+blacklist ${HOME}/.android
+blacklist ${HOME}/.anydesk
+blacklist ${HOME}/.arduino15
+blacklist ${HOME}/.aria2
+blacklist ${HOME}/.arm
+blacklist ${HOME}/.asunder_album_artist
+blacklist ${HOME}/.asunder_album_genre
+blacklist ${HOME}/.asunder_album_title
+blacklist ${HOME}/.atom
+blacklist ${HOME}/.attic
+blacklist ${HOME}/.audacity-data
+blacklist ${HOME}/.bcast5
+blacklist ${HOME}/.bibletime
+blacklist ${HOME}/.bitcoin
+blacklist ${HOME}/.bogofilter
+blacklist ${HOME}/.bzf
+blacklist ${HOME}/.claws-mail
+blacklist ${HOME}/.cliqz
+blacklist ${HOME}/.clonk
+blacklist ${HOME}/.config/0ad
+blacklist ${HOME}/.config/2048-qt
+blacklist ${HOME}/.config/Atom
+blacklist ${HOME}/.config/Audaciousrc
+blacklist ${HOME}/.config/Authenticator
+blacklist ${HOME}/.config/Beaker Browser
+blacklist ${HOME}/.config/Bitcoin
+blacklist ${HOME}/.config/Brackets
+blacklist ${HOME}/.config/BraveSoftware
+blacklist ${HOME}/.config/Clementine
+blacklist ${HOME}/.config/Code
+blacklist ${HOME}/.config/Code - OSS
+blacklist ${HOME}/.config/Code Industry
+blacklist ${HOME}/.config/Cryptocat
+blacklist ${HOME}/.config/Enox
+blacklist ${HOME}/.config/Franz
+blacklist ${HOME}/.config/FreeCAD
+blacklist ${HOME}/.config/Fritzing
+blacklist ${HOME}/.config/GIMP
+blacklist ${HOME}/.config/GitHub Desktop
+blacklist ${HOME}/.config/Gitter
+blacklist ${HOME}/.config/Google
+blacklist ${HOME}/.config/Google Play Music Desktop Player
+blacklist ${HOME}/.config/Gpredict
+blacklist ${HOME}/.config/INRIA
+blacklist ${HOME}/.config/InSilmaril
+blacklist ${HOME}/.config/Kid3
+blacklist ${HOME}/.config/Luminance
+blacklist ${HOME}/.config/Meltytech
+blacklist ${HOME}/.config/Mendeley Ltd.
+blacklist ${HOME}/.config/Min
+blacklist ${HOME}/.config/Mousepad
+blacklist ${HOME}/.config/Mumble
+blacklist ${HOME}/.config/MusE
+blacklist ${HOME}/.config/MuseScore
+blacklist ${HOME}/.config/MusicBrainz
+blacklist ${HOME}/.config/Nathan Osman
+blacklist ${HOME}/.config/Nylas Mail
+blacklist ${HOME}/.config/PBE
+blacklist ${HOME}/.config/Qlipper
+blacklist ${HOME}/.config/QMediathekView
+blacklist ${HOME}/.config/QuiteRss
+blacklist ${HOME}/.config/QuiteRssrc
+blacklist ${HOME}/.config/Rambox
+blacklist ${HOME}/.config/Riot
+blacklist ${HOME}/.config/Rocket.Chat
+blacklist ${HOME}/.config/Signal
+blacklist ${HOME}/.config/Slack
+blacklist ${HOME}/.config/Standard Notes
+blacklist ${HOME}/.config/SubDownloader
+blacklist ${HOME}/.config/Thunar
+blacklist ${HOME}/.config/VirtualBox
+blacklist ${HOME}/.config/Wire
+blacklist ${HOME}/.config/akonadi*
+blacklist ${HOME}/.config/akregatorrc
+blacklist ${HOME}/.config/ardour4
+blacklist ${HOME}/.config/ardour5
+blacklist ${HOME}/.config/arkrc
+blacklist ${HOME}/.config/artha.conf
+blacklist ${HOME}/.config/asunder
+blacklist ${HOME}/.config/atril
+blacklist ${HOME}/.config/audacious
+blacklist ${HOME}/.config/aweather
+blacklist ${HOME}/.config/baloofilerc
+blacklist ${HOME}/.config/baloorc
+blacklist ${HOME}/.config/blender
+blacklist ${HOME}/.config/bless
+blacklist ${HOME}/.config/bnox
+blacklist ${HOME}/.config/borg
+blacklist ${HOME}/.config/brasero
+blacklist ${HOME}/.config/brave
+blacklist ${HOME}/.config/caja
+blacklist ${HOME}/.config/calibre
+blacklist ${HOME}/.config/catfish
+blacklist ${HOME}/.config/celluloid
+blacklist ${HOME}/.config/cherrytree
+blacklist ${HOME}/.config/chromium
+blacklist ${HOME}/.config/chromium-dev
+blacklist ${HOME}/.config/chromium-flags.conf
+blacklist ${HOME}/.config/clipit
+blacklist ${HOME}/.config/cliqz
+blacklist ${HOME}/.config/cmus
+blacklist ${HOME}/.config/corebird
+blacklist ${HOME}/.config/darktable
+blacklist ${HOME}/.config/deadbeef
+blacklist ${HOME}/.config/deluge
+blacklist ${HOME}/.config/devilspie2
+blacklist ${HOME}/.config/digikam
+blacklist ${HOME}/.config/digikamrc
+blacklist ${HOME}/.config/discord
+blacklist ${HOME}/.config/discordcanary
+blacklist ${HOME}/.config/dnox
+blacklist ${HOME}/.config/dolphinrc
+blacklist ${HOME}/.config/dragonplayerrc
+blacklist ${HOME}/.config/d-feet
+blacklist ${HOME}/.config/emaildefaults
+blacklist ${HOME}/.config/emailidentities
+blacklist ${HOME}/.config/enchant
+blacklist ${HOME}/.config/eog
+blacklist ${HOME}/.config/epiphany
+blacklist ${HOME}/.config/evince
+blacklist ${HOME}/.config/evolution
+blacklist ${HOME}/.config/falkon
+blacklist ${HOME}/.config/filezilla
+blacklist ${HOME}/.config/flowblade
+blacklist ${HOME}/.config/font-manager
+blacklist ${HOME}/.config/freecol
+blacklist ${HOME}/.config/gajim
+blacklist ${HOME}/.config/galculator
+blacklist ${HOME}/.config/gconf
+blacklist ${HOME}/.config/geany
+blacklist ${HOME}/.config/gedit
+blacklist ${HOME}/.config/geeqie
+blacklist ${HOME}/.config/ghb
+blacklist ${HOME}/.config/ghostwriter
+blacklist ${HOME}/.config/git
+blacklist ${HOME}/.config/globaltime
+blacklist ${HOME}/.config/gnome-mplayer
+blacklist ${HOME}/.config/gnome-mpv
+blacklist ${HOME}/.config/gnome-pie
+blacklist ${HOME}/.config/google-chrome
+blacklist ${HOME}/.config/google-chrome-beta
+blacklist ${HOME}/.config/google-chrome-unstable
+blacklist ${HOME}/.config/gpicview
+blacklist ${HOME}/.config/gthumb
+blacklist ${HOME}/.config/gwenviewrc
+blacklist ${HOME}/.config/hexchat
+blacklist ${HOME}/.config/inkscape
+blacklist ${HOME}/.config/inox
+blacklist ${HOME}/.config/iridium
+blacklist ${HOME}/.config/itch
+blacklist ${HOME}/.config/jd-gui.cfg
+blacklist ${HOME}/.config/k3brc
+blacklist ${HOME}/.config/kaffeinerc
+blacklist ${HOME}/.config/katemetainfos
+blacklist ${HOME}/.config/katepartrc
+blacklist ${HOME}/.config/katerc
+blacklist ${HOME}/.config/kateschemarc
+blacklist ${HOME}/.config/katesyntaxhighlightingrc
+blacklist ${HOME}/.config/katevirc
+blacklist ${HOME}/.config/kdenliverc
+blacklist ${HOME}/.config/kgetrc
+blacklist ${HOME}/.config/kid3rc
+blacklist ${HOME}/.config/klavaro
+blacklist ${HOME}/.config/klipperrc
+blacklist ${HOME}/.config/kmail2rc
+blacklist ${HOME}/.config/kmailsearchindexingrc
+blacklist ${HOME}/.config/kritarc
+blacklist ${HOME}/.config/kwriterc
+blacklist ${HOME}/.config/kdeconnect
+blacklist ${HOME}/.config/knotesrc
+blacklist ${HOME}/.config/konversationrc
+blacklist ${HOME}/.config/ktorrentrc
+blacklist ${HOME}/.config/leafpad
+blacklist ${HOME}/.config/libreoffice
+blacklist ${HOME}/.config/liferea
+blacklist ${HOME}/.config/lugaru
+blacklist ${HOME}/.config/lximage-qt
+blacklist ${HOME}/.config/mailtransports
+blacklist ${HOME}/.config/mana
+blacklist ${HOME}/.config/mate-calc
+blacklist ${HOME}/.config/mate/eom
+blacklist ${HOME}/.config/mate/mate-dictionary
+blacklist ${HOME}/.config/mfusion
+blacklist ${HOME}/.config/midori
+blacklist ${HOME}/.config/mono
+blacklist ${HOME}/.config/mpd
+blacklist ${HOME}/.config/mpDris2
+blacklist ${HOME}/.config/mps-youtube
+blacklist ${HOME}/.config/mpv
+blacklist ${HOME}/.config/mupen64plus
+blacklist ${HOME}/.config/mypaint
+blacklist ${HOME}/.config/nano
+blacklist ${HOME}/.config/nautilus
+blacklist ${HOME}/.config/nemo
+blacklist ${HOME}/.config/netsurf
+blacklist ${HOME}/.config/nheko
+blacklist ${HOME}/.config/NitroShare
+blacklist ${HOME}/.config/nomacs
+blacklist ${HOME}/.config/obs-studio
+blacklist ${HOME}/.config/okularpartrc
+blacklist ${HOME}/.config/okularrc
+blacklist ${HOME}/.config/onionshare
+blacklist ${HOME}/.config/opera
+blacklist ${HOME}/.config/opera-beta
+blacklist ${HOME}/.config/orage
+blacklist ${HOME}/.config/org.kde.gwenviewrc
+blacklist ${HOME}/.config/pavucontrol.ini
+blacklist ${HOME}/.config/pcmanfm
+blacklist ${HOME}/.config/pdfmod
+blacklist ${HOME}/.config/Pinta
+blacklist ${HOME}/.config/pitivi
+blacklist ${HOME}/.config/pix
+blacklist ${HOME}/.config/pluma
+blacklist ${HOME}/.config/ppsspp
+blacklist ${HOME}/.config/pragha
+blacklist ${HOME}/.config/psi+
+blacklist ${HOME}/.config/qBittorrent
+blacklist ${HOME}/.config/qBittorrentrc
+blacklist ${HOME}/.config/qpdfview
+blacklist ${HOME}/.config/qupzilla
+blacklist ${HOME}/.config/qutebrowser
+blacklist ${HOME}/.config/ranger
+blacklist ${HOME}/.config/redshift
+blacklist ${HOME}/.config/redshift.conf
+blacklist ${HOME}/.config/remmina
+blacklist ${HOME}/.config/ristretto
+blacklist ${HOME}/.config/scribus
+blacklist ${HOME}/.config/skypeforlinux
+blacklist ${HOME}/.config/slimjet
+blacklist ${HOME}/.config/smplayer
+blacklist ${HOME}/.config/smtube
+blacklist ${HOME}/.config/snox
+blacklist ${HOME}/.config/specialmailcollectionsrc
+blacklist ${HOME}/.config/spotify
+blacklist ${HOME}/.config/supertuxkart
+blacklist ${HOME}/.config/sqlitebrowser
+blacklist ${HOME}/.config/stellarium
+blacklist ${HOME}/.config/synfig
+blacklist ${HOME}/.config/telepathy-account-widgets
+blacklist ${HOME}/.config/torbrowser
+blacklist ${HOME}/.config/totem
+blacklist ${HOME}/.config/tox
+blacklist ${HOME}/.config/transgui
+blacklist ${HOME}/.config/truecraft
+blacklist ${HOME}/.config/transmission
+blacklist ${HOME}/.config/uGet
+blacklist ${HOME}/.config/uzbl
+blacklist ${HOME}/.config/viewnior
+blacklist ${HOME}/.config/vivaldi
+blacklist ${HOME}/.config/vivaldi-snapshot
+blacklist ${HOME}/.config/vlc
+blacklist ${HOME}/.config/wesnoth
+blacklist ${HOME}/.config/wireshark
+blacklist ${HOME}/.config/xchat
+blacklist ${HOME}/.config/xed
+blacklist ${HOME}/.config/xfburn
+blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc
+blacklist ${HOME}/.config/xfce4/xfce4-notes.rc
+blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
+blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
+blacklist ${HOME}/.config/xfce4-dict
+blacklist ${HOME}/.config/xiaoyong
+blacklist ${HOME}/.config/xmms2
+blacklist ${HOME}/.config/xplayer
+blacklist ${HOME}/.config/xreader
+blacklist ${HOME}/.config/xviewer
+blacklist ${HOME}/.config/yandex-browser
+blacklist ${HOME}/.config/yandex-browser-beta
+blacklist ${HOME}/.config/zathura
+blacklist ${HOME}/.config/zoomus.conf
+blacklist ${HOME}/.conkeror.mozdev.org
+blacklist ${HOME}/.crawl
+blacklist ${HOME}/.curlrc
+blacklist ${HOME}/.dashcore
+blacklist ${HOME}/.devilspie
+blacklist ${HOME}/.dia
+blacklist ${HOME}/.digrc
+blacklist ${HOME}/.dillo
+blacklist ${HOME}/.dooble
+blacklist ${HOME}/.dosbox
+blacklist ${HOME}/.dropbox*
+blacklist ${HOME}/.easystroke
+blacklist ${HOME}/.electron-cache
+blacklist ${HOME}/.electrum*
+blacklist ${HOME}/.elinks
+blacklist ${HOME}/.emacs
+blacklist ${HOME}/.emacs
+blacklist ${HOME}/.emacs.d
+blacklist ${HOME}/.ethereum
+blacklist ${HOME}/.etr
+blacklist ${HOME}/.filezilla
+blacklist ${HOME}/.flowblade
+blacklist ${HOME}/.fltk
+blacklist ${HOME}/.fossamail
+blacklist ${HOME}/.freeciv
+blacklist ${HOME}/.freecol
+blacklist ${HOME}/.freemind
+blacklist ${HOME}/.frozen-bubble
+blacklist ${HOME}/.gimp*
+blacklist ${HOME}/.git-credentials
+blacklist ${HOME}/.git-credential-cache
+blacklist ${HOME}/.gitconfig
+blacklist ${HOME}/.gnome/gnome-schedule
+blacklist ${HOME}/.googleearth/Cache/
+blacklist ${HOME}/.googleearth/Temp/
+blacklist ${HOME}/.googleearth/myplaces.backup.kml
+blacklist ${HOME}/.googleearth/myplaces.kml
+blacklist ${HOME}/.gradle
+blacklist ${HOME}/.gramps
+blacklist ${HOME}/.guayadeque
+blacklist ${HOME}/.hashcat
+blacklist ${HOME}/.hedgewars
+blacklist ${HOME}/.hugin
+blacklist ${HOME}/.icedove
+blacklist ${HOME}/.imagej
+blacklist ${HOME}/.inkscape
+blacklist ${HOME}/.jack-server
+blacklist ${HOME}/.jack-settings
+blacklist ${HOME}/.jak
+blacklist ${HOME}/.java
+blacklist ${HOME}/.jd
+blacklist ${HOME}/.jitsi
+blacklist ${HOME}/.kde/share/apps/digikam
+blacklist ${HOME}/.kde/share/apps/gwenview
+blacklist ${HOME}/.kde/share/apps/kaffeine
+blacklist ${HOME}/.kde/share/apps/kcookiejar
+blacklist ${HOME}/.kde/share/apps/kget
+blacklist ${HOME}/.kde/share/apps/khtml
+blacklist ${HOME}/.kde/share/apps/konqsidebartng
+blacklist ${HOME}/.kde/share/apps/konqueror
+blacklist ${HOME}/.kde/share/apps/kopete
+blacklist ${HOME}/.kde/share/apps/khtml
+blacklist ${HOME}/.kde/share/apps/ktorrent
+blacklist ${HOME}/.kde/share/apps/okular
+blacklist ${HOME}/.kde/share/config/baloofilerc
+blacklist ${HOME}/.kde/share/config/baloorc
+blacklist ${HOME}/.kde/share/config/digikam
+blacklist ${HOME}/.kde/share/config/gwenviewrc
+blacklist ${HOME}/.kde/share/config/k3brc
+blacklist ${HOME}/.kde/share/config/kaffeinerc
+blacklist ${HOME}/.kde/share/config/kcookiejarrc
+blacklist ${HOME}/.kde/share/config/kgetrc
+blacklist ${HOME}/.kde/share/config/khtmlrc
+blacklist ${HOME}/.kde/share/config/klipperrc
+blacklist ${HOME}/.kde/share/config/konq_history
+blacklist ${HOME}/.kde/share/config/konqsidebartngrc
+blacklist ${HOME}/.kde/share/config/konquerorrc
+blacklist ${HOME}/.kde/share/config/konversationrc
+blacklist ${HOME}/.kde/share/config/kopeterc
+blacklist ${HOME}/.kde/share/config/ktorrentrc
+blacklist ${HOME}/.kde/share/config/okularpartrc
+blacklist ${HOME}/.kde/share/config/okularrc
+blacklist ${HOME}/.kde4/share/apps/digikam
+blacklist ${HOME}/.kde4/share/apps/gwenview
+blacklist ${HOME}/.kde4/share/apps/kaffeine
+blacklist ${HOME}/.kde4/share/apps/kcookiejar
+blacklist ${HOME}/.kde4/share/apps/kget
+blacklist ${HOME}/.kde4/share/apps/khtml
+blacklist ${HOME}/.kde4/share/apps/konqueror
+blacklist ${HOME}/.kde4/share/apps/konqsidebartng
+blacklist ${HOME}/.kde4/share/apps/kopete
+blacklist ${HOME}/.kde4/share/apps/ktorrent
+blacklist ${HOME}/.kde4/share/apps/okular
+blacklist ${HOME}/.kde4/share/config/baloorc
+blacklist ${HOME}/.kde4/share/config/baloofilerc
+blacklist ${HOME}/.kde4/share/config/digikam
+blacklist ${HOME}/.kde4/share/config/gwenviewrc
+blacklist ${HOME}/.kde4/share/config/k3brc
+blacklist ${HOME}/.kde4/share/config/kaffeinerc
+blacklist ${HOME}/.kde4/share/config/kcookiejarrc
+blacklist ${HOME}/.kde4/share/config/kgetrc
+blacklist ${HOME}/.kde4/share/config/khtmlrc
+blacklist ${HOME}/.kde4/share/config/klipperrc
+blacklist ${HOME}/.kde4/share/config/konq_history
+blacklist ${HOME}/.kde4/share/config/konqsidebartngrc
+blacklist ${HOME}/.kde4/share/config/konquerorrc
+blacklist ${HOME}/.kde4/share/config/konversationrc
+blacklist ${HOME}/.kde4/share/config/kopeterc
+blacklist ${HOME}/.kde4/share/config/ktorrentrc
+blacklist ${HOME}/.kde4/share/config/okularpartrc
+blacklist ${HOME}/.kde4/share/config/okularrc
+blacklist ${HOME}/.killingfloor
+blacklist ${HOME}/.kino-history
+blacklist ${HOME}/.kinorc
+blacklist ${HOME}/.kodi
+blacklist ${HOME}/.lincity-ng
+blacklist ${HOME}/.linphone-history.db
+blacklist ${HOME}/.linphonerc
+blacklist ${HOME}/.lmmsrc.xml
+blacklist ${HOME}/.local/lib/vivaldi
+blacklist ${HOME}/.local/share/0ad
+blacklist ${HOME}/.local/share/3909/PapersPlease
+blacklist ${HOME}/.local/share/Anki2
+blacklist ${HOME}/.local/share/Empathy
+blacklist ${HOME}/.local/share/JetBrains
+blacklist ${HOME}/.local/share/Mendeley Ltd.
+blacklist ${HOME}/.local/share/Mumble
+blacklist ${HOME}/.local/share/PBE
+blacklist ${HOME}/.local/share/QMediathekView
+blacklist ${HOME}/.local/share/QuiteRss
+blacklist ${HOME}/.local/share/Ricochet
+blacklist ${HOME}/.local/share/Steam
+blacklist ${HOME}/.local/share/SuperHexagon
+blacklist ${HOME}/.local/share/TelegramDesktop
+blacklist ${HOME}/.local/share/Terraria
+blacklist ${HOME}/.local/share/TpLogger
+blacklist ${HOME}/.local/share/akonadi*
+blacklist ${HOME}/.local/share/akregator
+blacklist ${HOME}/.local/share/apps/korganizer
+blacklist ${HOME}/.local/share/aspyr-media
+blacklist ${HOME}/.local/share/baloo
+blacklist ${HOME}/.local/share/bibletime
+blacklist ${HOME}/.local/share/caja-python
+blacklist ${HOME}/.local/share/cdprojektred
+blacklist ${HOME}/.local/share/clipit
+blacklist ${HOME}/.local/share/contacts
+blacklist ${HOME}/.local/share/data/Mendeley Ltd.
+blacklist ${HOME}/.local/share/data/Mumble
+blacklist ${HOME}/.local/share/data/MusE
+blacklist ${HOME}/.local/share/data/MuseScore
+blacklist ${HOME}/.local/share/data/nomacs
+blacklist ${HOME}/.local/share/data/qBittorrent
+blacklist ${HOME}/.local/share/dino
+blacklist ${HOME}/.local/share/dolphin
+blacklist ${HOME}/.local/share/emailidentities
+blacklist ${HOME}/.local/share/epiphany
+blacklist ${HOME}/.local/share/evolution
+blacklist ${HOME}/.local/share/feedreader
+blacklist ${HOME}/.local/share/feral-interactive
+blacklist ${HOME}/.local/share/freecol
+blacklist ${HOME}/.local/share/gajim
+blacklist ${HOME}/.local/share/geary
+blacklist ${HOME}/.local/share/geeqie
+blacklist ${HOME}/.local/share/gitg
+blacklist ${HOME}/.local/share/gnome-2048
+blacklist ${HOME}/.local/share/gnome-chess
+blacklist ${HOME}/.local/share/gnome-music
+blacklist ${HOME}/.local/share/gnome-photos
+blacklist ${HOME}/.local/share/gnome-recipes
+blacklist ${HOME}/.local/share/gnome-ring
+blacklist ${HOME}/.local/share/gnome-twitch
+blacklist ${HOME}/.local/share/gradio
+blacklist ${HOME}/.local/share/gwenview
+blacklist ${HOME}/.local/share/kaffeine
+blacklist ${HOME}/.local/share/kate
+blacklist ${HOME}/.local/share/kdenlive
+blacklist ${HOME}/.local/share/kget
+blacklist ${HOME}/.local/share/klavaro
+blacklist ${HOME}/.local/share/kmail2
+blacklist ${HOME}/.local/share/knotes
+blacklist ${HOME}/.local/share/krita
+blacklist ${HOME}/.local/share/ktorrentrc
+blacklist ${HOME}/.local/share/ktorrent
+blacklist ${HOME}/.local/share/kwrite
+blacklist ${HOME}/.local/share/liferea
+blacklist ${HOME}/.local/share/local-mail
+blacklist ${HOME}/.local/share/lollypop
+blacklist ${HOME}/.local/share/lugaru
+blacklist ${HOME}/.local/share/mana
+blacklist ${HOME}/.local/share/maps-places.json
+blacklist ${HOME}/.local/share/meld
+blacklist ${HOME}/.local/share/midori
+blacklist ${HOME}/.local/share/multimc
+blacklist ${HOME}/.local/share/multimc5
+blacklist ${HOME}/.local/share/mupen64plus
+blacklist ${HOME}/.local/share/mypaint
+blacklist ${HOME}/.local/share/nautilus
+blacklist ${HOME}/.local/share/nautilus-python
+blacklist ${HOME}/.local/share/nemo
+blacklist ${HOME}/.local/share/nemo-python
+blacklist ${HOME}/.local/share/nomacs
+blacklist ${HOME}/.local/share/notes
+blacklist ${HOME}/.local/share/ocenaudio
+blacklist ${HOME}/.local/share/okular
+blacklist ${HOME}/.local/share/orage
+blacklist ${HOME}/.local/share/org.kde.gwenview
+blacklist ${HOME}/.local/share/rhythmbox
+blacklist ${HOME}/.local/share/pix
+blacklist ${HOME}/.local/share/plasma_notes
+blacklist ${HOME}/.local/share/psi+
+blacklist ${HOME}/.local/share/qpdfview
+blacklist ${HOME}/.local/share/qutebrowser
+blacklist ${HOME}/.local/share/remmina
+blacklist ${HOME}/.local/share/scribus
+blacklist ${HOME}/.local/share/spotify
+blacklist ${HOME}/.local/share/steam
+blacklist ${HOME}/.local/share/supertux2
+blacklist ${HOME}/.local/share/supertuxkart
+blacklist ${HOME}/.local/share/telepathy
+blacklist ${HOME}/.local/share/terasology
+blacklist ${HOME}/.local/share/torbrowser
+blacklist ${HOME}/.local/share/totem
+blacklist ${HOME}/.local/share/uzbl
+blacklist ${HOME}/.local/share/vlc
+blacklist ${HOME}/.local/share/vpltd
+blacklist ${HOME}/.local/share/vulkan
+blacklist ${HOME}/.local/share/warsow-2.1
+blacklist ${HOME}/.local/share/wesnoth
+blacklist ${HOME}/.local/share/xplayer
+blacklist ${HOME}/.local/share/xreader
+blacklist ${HOME}/.local/share/zathura
+blacklist ${HOME}/.lv2
+blacklist ${HOME}/.masterpdfeditor
+blacklist ${HOME}/.mcabber
+blacklist ${HOME}/.mcabberrc
+blacklist ${HOME}/.mediathek3
+blacklist ${HOME}/.megaglest
+blacklist ${HOME}/.minetest
+blacklist ${HOME}/.moonchild productions/basilisk
+blacklist ${HOME}/.moonchild productions/pale moon
+blacklist ${HOME}/.mozilla
+blacklist ${HOME}/.mpd
+blacklist ${HOME}/.mpdconf
+blacklist ${HOME}/.mplayer
+blacklist ${HOME}/.msmtprc
+blacklist ${HOME}/.multimc5
+blacklist ${HOME}/.nanorc
+blacklist ${HOME}/.netactview
+blacklist ${HOME}/.neverball
+blacklist ${HOME}/.newsboat
+blacklist ${HOME}/.nv
+blacklist ${HOME}/.nylas-mail
+blacklist ${HOME}/.opencity
+blacklist ${HOME}/.openinvaders
+blacklist ${HOME}/.openshot
+blacklist ${HOME}/.openshot_qt
+blacklist ${HOME}/.openttd
+blacklist ${HOME}/.opera
+blacklist ${HOME}/.opera-beta
+blacklist ${HOME}/.ostrichriders
+blacklist ${HOME}/.pingus
+blacklist ${HOME}/.pioneer
+blacklist ${HOME}/.purple
+blacklist ${HOME}/.qemu-launcher
+blacklist ${HOME}/.qmmp
+blacklist ${HOME}/.quodlibet
+blacklist ${HOME}/.redeclipse
+blacklist ${HOME}/.remmina
+blacklist ${HOME}/.repo_.gitconfig.json
+blacklist ${HOME}/.repoconfig
+blacklist ${HOME}/.retroshare
+blacklist ${HOME}/.scorched3d
+blacklist ${HOME}/.scribus
+blacklist ${HOME}/.scribusrc
+blacklist ${HOME}/.simutrans
+blacklist ${HOME}/.smartgit/*/passwords
+blacklist ${HOME}/.steam
+blacklist ${HOME}/.steampath
+blacklist ${HOME}/.steampid
+blacklist ${HOME}/.stellarium
+blacklist ${HOME}/.subversion
+blacklist ${HOME}/.surf
+blacklist ${HOME}/.sword
+blacklist ${HOME}/.sylpheed-2.0
+blacklist ${HOME}/.synfig
+blacklist ${HOME}/.tconn
+blacklist ${HOME}/.teeworlds
+blacklist ${HOME}/.thunderbird
+blacklist ${HOME}/.tilp
+blacklist ${HOME}/.tooling
+blacklist ${HOME}/.tor-browser-*
+blacklist ${HOME}/.tor-browser_*
+blacklist ${HOME}/.torcs
+blacklist ${HOME}/.tremulous
+blacklist ${HOME}/.ts3client
+blacklist ${HOME}/.tuxguitar*
+blacklist ${HOME}/.unknown-horizons
+blacklist ${HOME}/.viking
+blacklist ${HOME}/.viking-maps
+blacklist ${HOME}/.vscode
+blacklist ${HOME}/.vscode-oss
+blacklist ${HOME}/.vst
+blacklist ${HOME}/.vultures
+blacklist ${HOME}/.w3m
+blacklist ${HOME}/.warzone2100-3.*
+blacklist ${HOME}/.waterfox
+blacklist ${HOME}/.weechat
+blacklist ${HOME}/.wget-hsts
+blacklist ${HOME}/.wgetrc
+blacklist ${HOME}/.widelands
+blacklist ${HOME}/.wine
+blacklist ${HOME}/.wireshark
+blacklist ${HOME}/.wine64
+blacklist ${HOME}/.xiphos
+blacklist ${HOME}/.xmind
+blacklist ${HOME}/.xmms
+blacklist ${HOME}/.xmr-stak
+blacklist ${HOME}/.xonotic
+blacklist ${HOME}/.xpdfrc
+blacklist ${HOME}/.zoom
+blacklist /tmp/akonadi-*
+blacklist /tmp/ssh-*
+
+# ${HOME}/.cache directory
+blacklist ${HOME}/.cache/0ad
+blacklist ${HOME}/.cache/8pecxstudios
+blacklist ${HOME}/.cache/Authenticator
+blacklist ${HOME}/.cache/Clementine
+blacklist ${HOME}/.cache/Enox
+blacklist ${HOME}/.cache/Franz
+blacklist ${HOME}/.cache/INRIA
+blacklist ${HOME}/.cache/MusicBrainz
+blacklist ${HOME}/.cache/QuiteRss
+blacklist ${HOME}/.cache/akonadi*
+blacklist ${HOME}/.cache/atril
+blacklist ${HOME}/.cache/attic
+blacklist ${HOME}/.cache/bnox
+blacklist ${HOME}/.cache/borg
+blacklist ${HOME}/.cache/calibre
+blacklist ${HOME}/.cache/champlain
+blacklist ${HOME}/.cache/chromium
+blacklist ${HOME}/.cache/chromium-dev
+blacklist ${HOME}/.cache/cliqz
+blacklist ${HOME}/.cache/darktable
+blacklist ${HOME}/.cache/discover
+blacklist ${HOME}/.cache/dnox
+blacklist ${HOME}/.cache/dolphin
+blacklist ${HOME}/.cache/epiphany
+blacklist ${HOME}/.cache/evolution
+blacklist ${HOME}/.cache/falkon
+blacklist ${HOME}/.cache/feedreader
+blacklist ${HOME}/.cache/font-manager
+blacklist ${HOME}/.cache/fossamail
+blacklist ${HOME}/.cache/freecol
+blacklist ${HOME}/.cache/gajim
+blacklist ${HOME}/.cache/geeqie
+blacklist ${HOME}/.cache/google-chrome
+blacklist ${HOME}/.cache/google-chrome-beta
+blacklist ${HOME}/.cache/google-chrome-unstable
+blacklist ${HOME}/.cache/gnome-recipes
+blacklist ${HOME}/.cache/gnome-twitch
+blacklist ${HOME}/.cache/gradio
+blacklist ${HOME}/.cache/icedove
+blacklist ${HOME}/.cache/INRIA/Natron
+blacklist ${HOME}/.cache/inkscape
+blacklist ${HOME}/.cache/inox
+blacklist ${HOME}/.cache/iridium
+blacklist ${HOME}/.cache/kdenlive
+blacklist ${HOME}/.cache/kinfocenter
+blacklist ${HOME}/.cache/kmail2
+blacklist ${HOME}/.cache/krunner
+blacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite*
+blacklist ${HOME}/.cache/kscreenlocker_greet
+blacklist ${HOME}/.cache/ksmserver-logout-greeter
+blacklist ${HOME}/.cache/ksplashqml
+blacklist ${HOME}/.cache/kwin
+blacklist ${HOME}/.cache/libgweather
+blacklist ${HOME}/.cache/liferea
+blacklist ${HOME}/.cache/Mendeley Ltd.
+blacklist ${HOME}/.cache/midori
+blacklist ${HOME}/.cache/moonchild productions/basilisk
+blacklist ${HOME}/.cache/moonchild productions/pale moon
+blacklist ${HOME}/.cache/mozilla
+blacklist ${HOME}/.cache/ms-excel-online
+blacklist ${HOME}/.cache/ms-office-online
+blacklist ${HOME}/.cache/ms-onenote-online
+blacklist ${HOME}/.cache/ms-outlook-online
+blacklist ${HOME}/.cache/ms-powerpoint-online
+blacklist ${HOME}/.cache/ms-skype-online
+blacklist ${HOME}/.cache/ms-word-online
+blacklist ${HOME}/.cache/mutt
+blacklist ${HOME}/.cache/mypaint
+blacklist ${HOME}/.cache/nheko/nheko
+blacklist ${HOME}/.cache/netsurf
+blacklist ${HOME}/.cache/okular
+blacklist ${HOME}/.cache/opera
+blacklist ${HOME}/.cache/opera-beta
+blacklist ${HOME}/.cache/org.gnome.Books
+blacklist ${HOME}/.cache/pdfmod
+blacklist ${HOME}/.cache/peek
+blacklist ${HOME}/.cache/plasmashell
+blacklist ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite*
+blacklist ${HOME}/.cache/qBittorrent
+blacklist ${HOME}/.cache/qupzilla
+blacklist ${HOME}/.cache/qutebrowser
+blacklist ${HOME}/.cache/simple-scan
+blacklist ${HOME}/.cache/slimjet
+blacklist ${HOME}/.cache/snox
+blacklist ${HOME}/.cache/spotify
+blacklist ${HOME}/.cache/supertuxkart
+blacklist ${HOME}/.cache/systemsettings
+blacklist ${HOME}/.cache/telepathy
+blacklist ${HOME}/.cache/thunderbird
+blacklist ${HOME}/.cache/torbrowser
+blacklist ${HOME}/.cache/transmission
+blacklist ${HOME}/.cache/vivaldi
+blacklist ${HOME}/.cache/vivaldi-snapshot
+blacklist ${HOME}/.cache/vlc
+blacklist ${HOME}/.cache/warsow-2.1
+blacklist ${HOME}/.cache/waterfox
+blacklist ${HOME}/.cache/wesnoth
+blacklist ${HOME}/.cache/xmms2
+blacklist ${HOME}/.cache/xreader
+blacklist ${HOME}/.cache/yandex-browser
+blacklist ${HOME}/.cache/yandex-browser-beta
+
+blacklist /var/games/nethack
+blacklist /var/games/slashem
+blacklist /var/games/vulturesclaw
+blacklist /var/games/vultureseye
+blacklist /var/lib/games/Maelstrom-Scores
diff --git a/etc/geany.profile b/etc/geany.profile
index 5547477fc..b9c0da12e 100644
--- a/etc/geany.profile
+++ b/etc/geany.profile
@@ -1 +1,37 @@
-]0;firejail /usr/bin/meld ./etc/geany_LOCAL_29017.profile ./etc/geany_BASE_29017.profile ./etc/geany_REMOTE_29017.profile 
\ No newline at end of file
+# Firejail profile for geany
+# Description: Fast and lightweight IDE
+# This file is overwritten after every install/update
+# Persistent local customizations
+include geany.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/geany
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+noblacklist ${HOME}/.python-history
+noblacklist ${HOME}/.pythonrc.py
+
+include disable-common.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+caps.drop all
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+private-cache
+private-dev
+private-tmp
diff --git a/etc/gedit.profile b/etc/gedit.profile
index f1e78ca95..ca2cf6e92 100644
--- a/etc/gedit.profile
+++ b/etc/gedit.profile
@@ -1 +1,50 @@
-]0;firejail /usr/bin/meld ./etc/gedit_LOCAL_29017.profile ./etc/gedit_BASE_29017.profile ./etc/gedit_REMOTE_29017.profile 
\ No newline at end of file
+# Firejail profile for gedit
+# Description: Official text editor of the GNOME desktop environment
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gedit.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/enchant
+noblacklist ${HOME}/.config/gedit
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+noblacklist ${HOME}/.python-history
+noblacklist ${HOME}/.pythonrc.py
+
+include disable-common.inc
+# include disable-devel.inc
+include disable-exec.inc
+# include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+include whitelist-var-common.inc
+
+# apparmor - makes settings immutable
+caps.drop all
+machine-id
+# net none - makes settings immutable
+no3d
+# nodbus - makes settings immutable
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+# private-bin gedit
+private-dev
+# private-etc alternatives,fonts
+private-lib /usr/bin/gedit,libtinfo.so.*,libreadline.so.*,gedit,libgspell-1.so.*,gconv,aspell
+private-tmp
+
diff --git a/etc/git.profile b/etc/git.profile
index bdfdb4c41..0eb69faed 100644
--- a/etc/git.profile
+++ b/etc/git.profile
@@ -1 +1,51 @@
-]0;firejail /usr/bin/meld ./etc/git_LOCAL_29017.profile ./etc/git_BASE_29017.profile ./etc/git_REMOTE_29017.profile 
\ No newline at end of file
+# Firejail profile for git
+# Description: Fast, scalable, distributed revision control system
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include git.local
+# Persistent global definitions
+include globals.local
+
+blacklist /tmp/.X11-unix
+
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.config/nano
+noblacklist ${HOME}/.emacs
+noblacklist ${HOME}/.emacs.d
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.nanorc
+noblacklist ${HOME}/.oh-my-zsh
+noblacklist ${HOME}/.ssh
+noblacklist ${HOME}/.vim
+noblacklist ${HOME}/.viminfo
+
+include disable-common.inc
+include disable-exec.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+private-cache
+private-dev
+
+memory-deny-write-execute
diff --git a/etc/gitg.profile b/etc/gitg.profile
index 7e48cedf7..656d5cfd8 100644
--- a/etc/gitg.profile
+++ b/etc/gitg.profile
@@ -1 +1,44 @@
-]0;firejail /usr/bin/meld ./etc/gitg_LOCAL_29017.profile ./etc/gitg_BASE_29017.profile ./etc/gitg_REMOTE_29017.profile 
\ No newline at end of file
+# Firejail profile for gitg
+# Description: Git repository viewer
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gitg.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+noblacklist ${HOME}/.local/share/gitg
+noblacklist ${HOME}/.ssh
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+include whitelist-var-common.inc
+
+caps.drop all
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+private-bin gitg,git,ssh
+private-cache
+private-dev
+private-tmp
+
+# mdwe breaks diff in older versions
+#memory-deny-write-execute
diff --git a/etc/github-desktop.profile b/etc/github-desktop.profile
index 061b44c42..4a969f9ad 100644
--- a/etc/github-desktop.profile
+++ b/etc/github-desktop.profile
@@ -1 +1,49 @@
-]0;firejail /usr/bin/meld ./etc/github-desktop_LOCAL_29017.profile ./etc/github-desktop_BASE_29017.profile ./etc/github-desktop_REMOTE_29017.profile 
\ No newline at end of file
+# Firejail profile for github-desktop
+# Description: Extend your GitHub workflow beyond your browser with GitHub Desktop
+# This file is overwritten after every install/update
+# Persistent local customizations
+include github-desktop.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/GitHub Desktop
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+
+include disable-common.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+
+caps.drop all
+netfilter
+# no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+
+# Note: On debian-based distributions the binary might be located in
+# /opt/GitHub Desktop/github-desktop, and therefore not be in PATH.
+# If that's the case you can start GitHub Desktop with firejail via
+# `firejail "/opt/GitHub Desktop/github-desktop"`.
+
+disable-mnt
+# private-bin github-desktop
+private-cache
+?HAS_APPIMAGE: ignore private-dev
+private-dev
+# private-etc alternatives
+# private-lib
+private-tmp
+
+# memory-deny-write-execute
diff --git a/etc/gnome-builder.profile b/etc/gnome-builder.profile
index 09164ad4e..c2459e6ee 100644
--- a/etc/gnome-builder.profile
+++ b/etc/gnome-builder.profile
@@ -1 +1,36 @@
-]0;firejail /usr/bin/meld ./etc/gnome-builder_LOCAL_29017.profile ./etc/gnome-builder_BASE_29017.profile ./etc/gnome-builder_REMOTE_29017.profile 
\ No newline at end of file
+# Firejail profile for gnome-builder
+# Description: IDE for GNOME
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gnome-builder.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.cargo/config
+noblacklist ${HOME}/.cargo/registry
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+noblacklist ${HOME}/.python-history
+noblacklist ${HOME}/.pythonrc.py
+
+include disable-common.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+caps.drop all
+ipc-namespace
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+private-cache
+private-dev
diff --git a/etc/idea.sh.profile b/etc/idea.sh.profile
index 467265b79..4f3047e08 100644
--- a/etc/idea.sh.profile
+++ b/etc/idea.sh.profile
@@ -1 +1,42 @@
-]0;firejail /usr/bin/meld ./etc/idea.sh_LOCAL_29017.profile ./etc/idea.sh_BASE_29017.profile ./etc/idea.sh_REMOTE_29017.profile 
\ No newline at end of file
+# Firejail profile for idea.sh
+# This file is overwritten after every install/update
+# Persistent local customizations
+include idea.sh.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.IdeaIC*
+noblacklist ${HOME}/.android
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+noblacklist ${HOME}/.gradle
+noblacklist ${HOME}/.jack-server
+noblacklist ${HOME}/.jack-settings
+noblacklist ${HOME}/.java
+noblacklist ${HOME}/.local/share/JetBrains
+noblacklist ${HOME}/.ssh
+noblacklist ${HOME}/.tooling
+
+include disable-common.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+private-cache
+private-dev
+# private-tmp
+
+noexec /tmp
diff --git a/etc/meld.profile b/etc/meld.profile
index 3d169a471..5e5c86368 100644
--- a/etc/meld.profile
+++ b/etc/meld.profile
@@ -1 +1,61 @@
-]0;firejail /usr/bin/meld ./etc/meld_LOCAL_29017.profile ./etc/meld_BASE_29017.profile ./etc/meld_REMOTE_29017.profile 
\ No newline at end of file
+# Firejail profile for meld
+# Description: Graphical tool to diff and merge files
+# This file is overwritten after every install/update
+# Persistent local customizations
+include meld.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.local/share/meld
+
+# Allow python (blacklisted by disable-interpreters.inc)
+noblacklist ${PATH}/python2*
+noblacklist ${PATH}/python3*
+noblacklist /usr/lib/python2*
+noblacklist /usr/lib/python3*
+noblacklist /usr/local/lib/python2*
+noblacklist /usr/local/lib/python3*
+
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+noblacklist ${HOME}/.ssh
+noblacklist ${HOME}/.subversion
+
+# Uncomment the next line if you don't need to compare files in disable-common.inc.
+#include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+# Uncomment the next line if you don't need to compare files in disable-programs.inc.
+#include disable-programs.inc
+
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+
+private-bin bzr,cvs,git,hg,meld,python*,svn
+private-cache
+private-dev
+# Uncomment the next line if you don't need to compare in /etc.
+#private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,pki,resolv.conf,ssl,subversion
+private-tmp
+
diff --git a/etc/webstorm.profile b/etc/webstorm.profile
index ad8173c6f..b97ea8d2f 100644
--- a/etc/webstorm.profile
+++ b/etc/webstorm.profile
@@ -1 +1,43 @@
-]0;firejail /usr/bin/meld ./etc/webstorm_LOCAL_29017.profile ./etc/webstorm_BASE_29017.profile ./etc/webstorm_REMOTE_29017.profile 
\ No newline at end of file
+# Firejail profile for WebStorm
+# This file is overwritten after every install/update
+# Persistent local customizations
+include webstorm.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.WebStorm*
+noblacklist ${HOME}/.android
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+noblacklist ${HOME}/.gradle
+noblacklist ${HOME}/.java
+noblacklist ${HOME}/.local/share/JetBrains
+noblacklist ${HOME}/.ssh
+noblacklist ${HOME}/.tooling
+
+noblacklist ${PATH}/node
+noblacklist ${HOME}/.nvm
+
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+private-cache
+private-dev
+private-tmp
-- 
cgit v1.2.3-54-g00ecf