Add disable-xdg.inc to ~15 profiles

etc/default.profile

@@ -13,6 +13,7 @@ include /etc/firejail/disable-common.inc
 # include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+#include /etc/firejail/disable-xdg.inc
 
 caps.drop all
 # ipc-namespace

etc/dosbox.profile

@@ -6,6 +6,7 @@ include /etc/firejail/dosbox.local
 include /etc/firejail/globals.local
 
 noblacklist ${HOME}/.dosbox
+noblacklist ${DOCUMENTS}
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/gnome-mplayer.profile

@@ -6,12 +6,15 @@ include /etc/firejail/gnome-mplayer.local
 include /etc/firejail/globals.local
 
 noblacklist ${HOME}/.config/gnome-mplayer
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 
 caps.drop all
 nogroups

etc/hugin.profile

@@ -6,12 +6,15 @@ include /etc/firejail/hugin.local
 include /etc/firejail/globals.local
 
 noblacklist ${HOME}/.hugin
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 
 caps.drop all
 net none

etc/img2txt.profile

@@ -5,11 +5,15 @@ include /etc/firejail/img2txt.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
+
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 
 caps.drop all
 net none

etc/kaffeine.profile

@@ -11,12 +11,15 @@ noblacklist ${HOME}/.kde/share/config/kaffeinerc
 noblacklist ${HOME}/.kde4/share/apps/kaffeine
 noblacklist ${HOME}/.kde4/share/config/kaffeinerc
 noblacklist ${HOME}/.local/share/kaffeine
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 
 include /etc/firejail/whitelist-var-common.inc
 

etc/lmms.profile

@@ -6,12 +6,15 @@ include /etc/firejail/lmms.local
 include /etc/firejail/globals.local
 
 noblacklist ${HOME}/.lmmsrc.xml
+noblacklist ${DOCUMENTS}
+noblacklist ${MUSIC}
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 
 caps.drop all
 ipc-namespace

etc/macrofusion.profile

@@ -6,6 +6,7 @@ include /etc/firejail/macrofusion.local
 include /etc/firejail/globals.local
 
 noblacklist ${HOME}/.config/mfusion
+noblacklist ${PICTURES}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 noblacklist ${PATH}/python2*
@@ -18,6 +19,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 
 caps.drop all
 ipc-namespace

etc/mplayer.profile

@@ -6,12 +6,15 @@ include /etc/firejail/mplayer.local
 include /etc/firejail/globals.local
 
 noblacklist ${HOME}/.mplayer
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 
 include /etc/firejail/whitelist-var-common.inc
 

etc/musixmatch.profile

@@ -5,10 +5,13 @@ include /etc/firejail/musixmatch.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
+noblacklist ${MUSIC}
+
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 
 caps.drop all
 ipc-namespace

etc/odt2txt.profile

@@ -5,13 +5,16 @@ include /etc/firejail/odt2txt.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
+noblacklist ${DOCUMENTS}
+
 blacklist /tmp/.X11-unix
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 
 caps.drop all
 net none

etc/pdftotext.profile

@@ -5,13 +5,16 @@ include /etc/firejail/pdftotext.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
+noblacklist ${DOCUMENTS}
+
 blacklist /tmp/.X11-unix
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 
 include /etc/firejail/whitelist-var-common.inc
 

etc/server.profile

@@ -20,6 +20,7 @@ include /etc/firejail/disable-common.inc
 # include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+#include /etc/firejail/disable-xdg.inc
 
 caps
 # ipc-namespace

etc/tuxguitar.profile

@@ -7,6 +7,8 @@ include /etc/firejail/globals.local
 
 noblacklist ${HOME}/.java
 noblacklist ${HOME}/.tuxguitar*
+noblacklist ${DOCUMENTS}
+noblacklist ${MUSIC}
 
 # Allow access to java
 noblacklist ${PATH}/java
@@ -19,6 +21,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 
 include /etc/firejail/whitelist-var-common.inc
 

etc/xmms.profile

@@ -6,12 +6,14 @@ include /etc/firejail/xmms.local
 include /etc/firejail/globals.local
 
 noblacklist ${HOME}/.xmms
+noblacklist ${MUSIC}
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 
 caps.drop all
 netfilter

etc/xplayer.profile

@@ -7,6 +7,8 @@ include /etc/firejail/globals.local
 
 noblacklist ${HOME}/.config/xplayer
 noblacklist ${HOME}/.local/share/xplayer
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 noblacklist ${PATH}/python2*
@@ -19,6 +21,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 
 include /etc/firejail/whitelist-var-common.inc
 

etc/xreader.profile

@@ -7,13 +7,14 @@ include /etc/firejail/globals.local
 
 noblacklist ${HOME}/.cache/xreader
 noblacklist ${HOME}/.config/xreader
-# noblacklist ${HOME}/.local/share
+noblacklist ${DOCUMENTS}
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 
 # Breaks xreader on Mint 18.3
 # include /etc/firejail/whitelist-var-common.inc

etc/zart.profile

@@ -5,11 +5,15 @@ include /etc/firejail/zart.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
+
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 
 caps.drop all
 ipc-namespace