diff --git a/etc/permission-hardening.d/30_default.conf b/etc/permission-hardening.d/30_default.conf
index a4dfb09..2ce2fd0 100644
--- a/etc/permission-hardening.d/30_default.conf
+++ b/etc/permission-hardening.d/30_default.conf
@@ -24,6 +24,11 @@
 /usr/lib/spice-gtk/spice-client-glib-usb-acl-helper whitelist
 /usr/lib/x86_64-linux-gnu/utempter/utempter whitelist
 
+## There is a controversy about firejail but those who choose to install it
+## should be able to use it.
+## https://www.whonix.org/wiki/Dev/Firejail#Security
+/usr/bin/firejail whitelist
+
 ## TODO: research
 ## https://github.com/QubesOS/qubes-core-agent-linux/blob/master/qubes-rpc/qfile-unpacker.c
 /usr/lib/qubes/qfile-unpacker whitelist