use /etc/firejail/globals.local

Existing users can delete the old disable-more.inc file.

    # rm /usr/local/etc/firejail/disable-more.inc

README.md

@@ -96,9 +96,9 @@ as in the third example above. It will not modify any existing user profiles.
 
 ### Blacklisting
 
-The `firejail.blacklist` variable is used to generate a list of blacklisted
-files and directories at `/usr/local/etc/firejail/disable-more.inc`. This file
-is included in most of the provided security profiles, causing those locations
+The `firejail.blacklist` variable is used to populate
+`/etc/firejail/globals.local` with a list of blacklisted files and directories.
+This file is included by all security profiles, causing the specified locations
 to be inaccessible to jailed programs.
 
 ## MAC Spoofing

roles/firejail/tasks/main.yml

@@ -13,8 +13,14 @@
 - name: Create firejail profile directory
   file: path=/usr/local/etc/firejail state=directory
 
-- name: Push firejail blacklist include
-  template: src=disable-more.inc.j2 dest=/usr/local/etc/firejail/disable-more.inc
+- name: Verify firejail globals file exists
+  file: path=/etc/firejail/globals.local state=touch
+
+- name: Add blacklist to globals
+  lineinfile: dest=/etc/firejail/globals.local
+              state=present
+              line="blacklist {{ item }}"
+  with_items: "{{ firejail.blacklist }}"
 
 - name: Push generic firejail profile
   copy: src=generic.profile dest=/usr/local/etc/firejail/generic.profile

roles/firejail/templates/disable-more.inc.j2

@@ -1,4 +0,0 @@
-# {{ ansible_managed }}
-{% for file in firejail.blacklist %}
-blacklist {{ file }}
-{% endfor %}