From f43382f1e9707b4fd5e63c7bfe881912aa4ee994 Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Sun, 18 Jul 2021 20:39:14 -0300
Subject: [PATCH] Revert "move whitelist/blacklist to allow/deny"

This reverts commit fe0f975f447d59977d90c3226cc8c623b31b20b3.

Note: This only reverts the changes from etc.

The 4 aliases introduced on commit 45f2ba544 are mere, well, aliases.
That is, they fail to address the different usability problems discussed
on [#3447][3447] and in fact only make things more confusing (as has
already been mentioned on [this][4379] and later comments).  The main
reason is that the aliases do not meaningfully map to the original
commands.  For example, the commands from each pair below seem like they
would do the exact same thing:

* `allow` and `nodeny`
* `deny` and `noallow`

Additionally, if these aliases are not the final commands, but only a
test/work-in-progress, then keeping the wide-scale search/replace
changes made on commit fe0f975f4 would only serve to cause confusion, as
users of firejail-git, contributors and downstream projects might start
changing the commands used on their profiles, only to later have to
change them again, potentially to completely different commands.

The sooner this is undone the better, as (besides the above reasons) the
more profile changes there are between the original commit and the
revert, the harder it is to e.g.: `git diff` versions of files across
the following revision ranges: before the commit, after the commit but
before the revert and after the revert.  Note: This is still the case
even if a commit is [ignored by `git blame`][4390].

So let us revert fe0f975f4 and only reapply similar large-scale changes
once we have discussed and settled on better commands.

How the revert was applied: Despite using the auto-generated message
from `git revert`, to ensure correctness and to avoid conflicts the
changes were reverted in different steps: Firstly, revert the files
which can be safely reverted directly ("filestorevert"):

    # Find out which files have been changed on fe0f975f44, but have not
    # been changed afterwards and list them on "filestorevert"
    git show --pretty='' --name-only fe0f975f44 -- etc | LC_ALL=C sort >allfiles
    git diff --name-only fe0f975f44..master -- etc | LC_ALL=C sort >filestoignore
    comm -2 -3 allfiles filestoignore >filestorevert

    # Note: There are 3 extra files on filestoignore because they were
    # added after commit fe0f975f44
    wc -l allfiles filestoignore filestorevert | head -n 3
    #   797 allfiles
    #     8 filestoignore
    #   792 filestorevert

    # Automatically revert files in "filestorevert"
    # See https://stackoverflow.com/a/23401018/10095231
    tr '\n' '\000' <filestorevert | xargs -0 git show fe0f975f44 -- |
    git apply --reverse

    printf 'Total files reverted:\n'
    git diff --name-only | wc -l
    # 792

Secondly, do some search/replace on the rest:

    tr '\n' '\000' <filestoignore | xargs -0 sed -i.bak \
      -e 's/allow  /whitelist /' -e 's/noallow  /nowhitelist /' \
      -e 's/deny  /blacklist /' -e 's/nodeny  /noblacklist /' \
      -e 's/deny-nolog  /blacklist-nolog /'

    find etc -name '*.bak' -print0 | xargs -0 rm

Thirdly, verify the result.  The following command shows the difference
between all the changes in etc from before fe0f975f44 and this commit
(inclusive):

    git diff fe0f975f44~1 -- etc

From the output, it looks like all alias changes are fully reverted and
that the other changes to etc (from after fe0f975f44) remain, so the
revert seems to be done correctly.

[3447]: https://github.com/netblue30/firejail/issues/3447
[4379]: https://github.com/netblue30/firejail/issues/4379#issuecomment-876460222
[4390]: https://github.com/netblue30/firejail/issues/4390
---
 etc/inc/allow-bin-sh.inc                      |    6 +-
 etc/inc/allow-common-devel.inc                |   36 +-
 etc/inc/allow-gjs.inc                         |   16 +-
 etc/inc/allow-java.inc                        |   10 +-
 etc/inc/allow-lua.inc                         |   16 +-
 etc/inc/allow-nodejs.inc                      |    4 +-
 etc/inc/allow-opengl-game.inc                 |    4 +-
 etc/inc/allow-perl.inc                        |   16 +-
 etc/inc/allow-php.inc                         |    6 +-
 etc/inc/allow-python2.inc                     |   10 +-
 etc/inc/allow-python3.inc                     |   12 +-
 etc/inc/allow-ruby.inc                        |    4 +-
 etc/inc/allow-ssh.inc                         |    8 +-
 etc/inc/disable-common.inc                    |  710 +++---
 etc/inc/disable-devel.inc                     |   80 +-
 etc/inc/disable-interpreters.inc              |   84 +-
 etc/inc/disable-passwdmgr.inc                 |   30 +-
 etc/inc/disable-programs.inc                  | 2184 ++++++++---------
 etc/inc/disable-shell.inc                     |   22 +-
 etc/inc/disable-xdg.inc                       |    8 +-
 etc/inc/whitelist-1793-workaround.inc         |   46 +-
 etc/inc/whitelist-common.inc                  |  130 +-
 etc/inc/whitelist-player-common.inc           |   10 +-
 etc/inc/whitelist-runuser-common.inc          |   20 +-
 etc/inc/whitelist-usr-share-common.inc        |  126 +-
 etc/inc/whitelist-var-common.inc              |   18 +-
 etc/profile-a-l/0ad.profile                   |   18 +-
 etc/profile-a-l/2048-qt.profile               |    8 +-
 etc/profile-a-l/Cryptocat.profile             |    2 +-
 etc/profile-a-l/Discord.profile               |    4 +-
 etc/profile-a-l/DiscordCanary.profile         |    4 +-
 etc/profile-a-l/Fritzing.profile              |    4 +-
 etc/profile-a-l/JDownloader.profile           |    6 +-
 etc/profile-a-l/abiword.profile               |    4 +-
 etc/profile-a-l/abrowser.profile              |    8 +-
 etc/profile-a-l/agetpkg.profile               |    6 +-
 etc/profile-a-l/akonadi_control.profile       |   32 +-
 etc/profile-a-l/akregator.profile             |   14 +-
 etc/profile-a-l/alacarte.profile              |   14 +-
 etc/profile-a-l/alienarena.profile            |    6 +-
 etc/profile-a-l/alpine.profile                |   46 +-
 etc/profile-a-l/amarok.profile                |    2 +-
 etc/profile-a-l/amule.profile                 |    6 +-
 etc/profile-a-l/android-studio.profile        |   14 +-
 etc/profile-a-l/anki.profile                  |    8 +-
 etc/profile-a-l/anydesk.profile               |    4 +-
 etc/profile-a-l/aosp.profile                  |   14 +-
 etc/profile-a-l/apostrophe.profile            |   18 +-
 etc/profile-a-l/arch-audit.profile            |    4 +-
 etc/profile-a-l/archaudit-report.profile      |    2 +-
 etc/profile-a-l/archiver-common.profile       |    2 +-
 etc/profile-a-l/ardour5.profile               |   12 +-
 etc/profile-a-l/arduino.profile               |    6 +-
 etc/profile-a-l/aria2c.profile                |   10 +-
 etc/profile-a-l/ark.profile                   |    6 +-
 etc/profile-a-l/arm.profile                   |    4 +-
 etc/profile-a-l/artha.profile                 |   14 +-
 etc/profile-a-l/assogiate.profile             |    4 +-
 etc/profile-a-l/asunder.profile               |   10 +-
 etc/profile-a-l/atom.profile                  |    4 +-
 etc/profile-a-l/atril.profile                 |    6 +-
 etc/profile-a-l/audacious.profile             |    6 +-
 etc/profile-a-l/audacity.profile              |    6 +-
 etc/profile-a-l/audio-recorder.profile        |   10 +-
 etc/profile-a-l/authenticator-rs.profile      |    8 +-
 etc/profile-a-l/authenticator.profile         |    4 +-
 etc/profile-a-l/autokey-common.profile        |    4 +-
 etc/profile-a-l/avidemux.profile              |   12 +-
 etc/profile-a-l/aweather.profile              |    4 +-
 etc/profile-a-l/awesome.profile               |    2 +-
 etc/profile-a-l/ballbuster.profile            |    6 +-
 etc/profile-a-l/baloo_file.profile            |   12 +-
 etc/profile-a-l/balsa.profile                 |   36 +-
 etc/profile-a-l/barrier.profile               |    6 +-
 etc/profile-a-l/basilisk.profile              |    8 +-
 etc/profile-a-l/bcompare.profile              |    4 +-
 etc/profile-a-l/beaker.profile                |    4 +-
 etc/profile-a-l/bibletime.profile             |   20 +-
 etc/profile-a-l/bijiben.profile               |   14 +-
 etc/profile-a-l/bitcoin-qt.profile            |    8 +-
 etc/profile-a-l/bitlbee.profile               |    4 +-
 etc/profile-a-l/bitwarden.profile             |    4 +-
 etc/profile-a-l/blackbox.profile              |    2 +-
 etc/profile-a-l/blender.profile               |    6 +-
 etc/profile-a-l/bless.profile                 |    2 +-
 etc/profile-a-l/blobby.profile                |    6 +-
 etc/profile-a-l/blobwars.profile              |    6 +-
 etc/profile-a-l/bnox.profile                  |    8 +-
 etc/profile-a-l/brackets.profile              |    2 +-
 etc/profile-a-l/brasero.profile               |    2 +-
 etc/profile-a-l/brave.profile                 |   22 +-
 etc/profile-a-l/bzflag.profile                |    4 +-
 etc/profile-a-l/calibre.profile               |    6 +-
 etc/profile-a-l/calligra.profile              |    2 +-
 etc/profile-a-l/calligragemini.profile        |    2 +-
 etc/profile-a-l/calligraplan.profile          |    2 +-
 etc/profile-a-l/calligraplanwork.profile      |    2 +-
 etc/profile-a-l/calligrasheets.profile        |    2 +-
 etc/profile-a-l/calligrastage.profile         |    2 +-
 etc/profile-a-l/calligrawords.profile         |    2 +-
 etc/profile-a-l/cameramonitor.profile         |    2 +-
 etc/profile-a-l/cantata.profile               |    8 +-
 etc/profile-a-l/cargo.profile                 |   10 +-
 etc/profile-a-l/catfish.profile               |    4 +-
 etc/profile-a-l/cawbird.profile               |    2 +-
 etc/profile-a-l/celluloid.profile             |   14 +-
 etc/profile-a-l/checkbashisms.profile         |    4 +-
 etc/profile-a-l/cheese.profile                |   10 +-
 etc/profile-a-l/cherrytree.profile            |    4 +-
 .../chromium-browser-privacy.profile          |   10 +-
 etc/profile-a-l/chromium-common.profile       |   10 +-
 etc/profile-a-l/chromium.profile              |   16 +-
 etc/profile-a-l/cin.profile                   |    2 +-
 etc/profile-a-l/clamav.profile                |    2 +-
 etc/profile-a-l/claws-mail.profile            |    6 +-
 etc/profile-a-l/clawsker.profile              |    4 +-
 etc/profile-a-l/clementine.profile            |    6 +-
 etc/profile-a-l/clion.profile                 |   20 +-
 etc/profile-a-l/clipgrab.profile              |    6 +-
 etc/profile-a-l/clipit.profile                |    8 +-
 etc/profile-a-l/cliqz.profile                 |   12 +-
 etc/profile-a-l/cmus.profile                  |    4 +-
 etc/profile-a-l/code.profile                  |    8 +-
 etc/profile-a-l/colorful.profile              |    6 +-
 .../com.github.bleakgrey.tootle.profile       |    6 +-
 .../com.github.dahenson.agenda.profile        |   12 +-
 .../com.github.johnfactotum.Foliate.profile   |   18 +-
 .../com.github.phase1geo.minder.profile       |   14 +-
 etc/profile-a-l/conkeror.profile              |   22 +-
 etc/profile-a-l/conky.profile                 |    2 +-
 etc/profile-a-l/corebird.profile              |    2 +-
 etc/profile-a-l/cower.profile                 |    4 +-
 etc/profile-a-l/coyim.profile                 |    4 +-
 etc/profile-a-l/cpio.profile                  |    4 +-
 etc/profile-a-l/crawl.profile                 |    4 +-
 etc/profile-a-l/crow.profile                  |    4 +-
 etc/profile-a-l/curl.profile                  |    8 +-
 etc/profile-a-l/cyberfox.profile              |    8 +-
 etc/profile-a-l/d-feet.profile                |    6 +-
 etc/profile-a-l/darktable.profile             |    6 +-
 etc/profile-a-l/dbus-send.profile             |    4 +-
 etc/profile-a-l/dconf-editor.profile          |    2 +-
 etc/profile-a-l/dconf.profile                 |    4 +-
 etc/profile-a-l/ddgtk.profile                 |    4 +-
 etc/profile-a-l/deadbeef.profile              |    4 +-
 etc/profile-a-l/deluge.profile                |    6 +-
 etc/profile-a-l/desktopeditors.profile        |    6 +-
 etc/profile-a-l/devhelp.profile               |    6 +-
 etc/profile-a-l/devilspie.profile             |    6 +-
 etc/profile-a-l/devilspie2.profile            |    8 +-
 etc/profile-a-l/dia.profile                   |    6 +-
 etc/profile-a-l/dig.profile                   |   10 +-
 etc/profile-a-l/digikam.profile               |   12 +-
 etc/profile-a-l/dillo.profile                 |    8 +-
 etc/profile-a-l/dino.profile                  |    6 +-
 etc/profile-a-l/discord-canary.profile        |    4 +-
 etc/profile-a-l/discord-common.profile        |    4 +-
 etc/profile-a-l/discord.profile               |    4 +-
 etc/profile-a-l/display.profile               |    2 +-
 etc/profile-a-l/dnox.profile                  |    8 +-
 etc/profile-a-l/dnscrypt-proxy.profile        |   10 +-
 etc/profile-a-l/dnsmasq.profile               |    8 +-
 etc/profile-a-l/dolphin-emu.profile           |   14 +-
 etc/profile-a-l/dooble.profile                |    6 +-
 etc/profile-a-l/dosbox.profile                |    4 +-
 etc/profile-a-l/dragon.profile                |    8 +-
 etc/profile-a-l/drawio.profile                |    6 +-
 etc/profile-a-l/drill.profile                 |    6 +-
 etc/profile-a-l/dropbox.profile               |   14 +-
 etc/profile-a-l/easystroke.profile            |    4 +-
 etc/profile-a-l/electron-mail.profile         |    6 +-
 etc/profile-a-l/electron.profile              |    2 +-
 etc/profile-a-l/electrum.profile              |    4 +-
 etc/profile-a-l/element-desktop.profile       |    6 +-
 etc/profile-a-l/elinks.profile                |    4 +-
 etc/profile-a-l/emacs.profile                 |    4 +-
 etc/profile-a-l/email-common.profile          |   30 +-
 etc/profile-a-l/enchant.profile               |    6 +-
 etc/profile-a-l/enox.profile                  |    8 +-
 etc/profile-a-l/enpass.profile                |   20 +-
 etc/profile-a-l/eo-common.profile             |    8 +-
 etc/profile-a-l/eog.profile                   |    4 +-
 etc/profile-a-l/eom.profile                   |    4 +-
 etc/profile-a-l/ephemeral.profile             |   10 +-
 etc/profile-a-l/epiphany.profile              |   14 +-
 etc/profile-a-l/equalx.profile                |   18 +-
 etc/profile-a-l/etr.profile                   |   10 +-
 etc/profile-a-l/evince.profile                |   14 +-
 etc/profile-a-l/evolution.profile             |   18 +-
 etc/profile-a-l/exiftool.profile              |    4 +-
 etc/profile-a-l/falkon.profile                |   12 +-
 etc/profile-a-l/fbreader.profile              |    4 +-
 etc/profile-a-l/fdns.profile                  |    8 +-
 etc/profile-a-l/feedreader.profile            |   10 +-
 etc/profile-a-l/ferdi.profile                 |   18 +-
 etc/profile-a-l/fetchmail.profile             |    4 +-
 etc/profile-a-l/ffmpeg.profile                |   10 +-
 etc/profile-a-l/file-roller.profile           |    6 +-
 etc/profile-a-l/file.profile                  |    2 +-
 etc/profile-a-l/filezilla.profile             |    4 +-
 etc/profile-a-l/firedragon.profile            |    8 +-
 etc/profile-a-l/firefox-common-addons.profile |  130 +-
 etc/profile-a-l/firefox-common.profile        |   10 +-
 etc/profile-a-l/firefox-esr.profile           |    2 +-
 etc/profile-a-l/firefox.profile               |   22 +-
 etc/profile-a-l/five-or-more.profile          |    6 +-
 etc/profile-a-l/flameshot.profile             |    8 +-
 etc/profile-a-l/flashpeak-slimjet.profile     |    8 +-
 etc/profile-a-l/flowblade.profile             |    4 +-
 etc/profile-a-l/fluxbox.profile               |    2 +-
 etc/profile-a-l/font-manager.profile          |   10 +-
 etc/profile-a-l/fontforge.profile             |    4 +-
 etc/profile-a-l/fossamail.profile             |   12 +-
 etc/profile-a-l/four-in-a-row.profile         |    2 +-
 etc/profile-a-l/fractal.profile               |    6 +-
 etc/profile-a-l/franz.profile                 |   18 +-
 etc/profile-a-l/freecad.profile               |    4 +-
 etc/profile-a-l/freeciv.profile               |    4 +-
 etc/profile-a-l/freecol.profile               |   18 +-
 etc/profile-a-l/freemind.profile              |    4 +-
 etc/profile-a-l/freetube.profile              |    4 +-
 etc/profile-a-l/frogatto.profile              |    8 +-
 etc/profile-a-l/frozen-bubble.profile         |    4 +-
 etc/profile-a-l/funnyboat.profile             |    8 +-
 etc/profile-a-l/gajim.profile                 |   24 +-
 etc/profile-a-l/galculator.profile            |    4 +-
 etc/profile-a-l/gapplication.profile          |    4 +-
 etc/profile-a-l/gcloud.profile                |    6 +-
 etc/profile-a-l/gconf-editor.profile          |    4 +-
 etc/profile-a-l/gconf.profile                 |   10 +-
 etc/profile-a-l/geany.profile                 |    2 +-
 etc/profile-a-l/geary.profile                 |   36 +-
 etc/profile-a-l/gedit.profile                 |    4 +-
 etc/profile-a-l/geeqie.profile                |    6 +-
 etc/profile-a-l/gfeeds.profile                |   20 +-
 etc/profile-a-l/gget.profile                  |    6 +-
 etc/profile-a-l/ghostwriter.profile           |   16 +-
 etc/profile-a-l/gimp.profile                  |   22 +-
 etc/profile-a-l/gist.profile                  |   10 +-
 etc/profile-a-l/git-cola.profile              |   32 +-
 etc/profile-a-l/git.profile                   |   34 +-
 etc/profile-a-l/gitg.profile                  |   10 +-
 etc/profile-a-l/github-desktop.profile        |    8 +-
 etc/profile-a-l/gitter.profile                |   10 +-
 etc/profile-a-l/gjs.profile                   |    8 +-
 etc/profile-a-l/gl-117.profile                |    6 +-
 etc/profile-a-l/glaxium.profile               |    6 +-
 etc/profile-a-l/globaltime.profile            |    2 +-
 etc/profile-a-l/gmpc.profile                  |   10 +-
 etc/profile-a-l/gnome-2048.profile            |    4 +-
 etc/profile-a-l/gnome-books.profile           |    4 +-
 etc/profile-a-l/gnome-builder.profile         |    8 +-
 etc/profile-a-l/gnome-calendar.profile        |    2 +-
 etc/profile-a-l/gnome-characters.profile      |    2 +-
 etc/profile-a-l/gnome-chess.profile           |    8 +-
 etc/profile-a-l/gnome-clocks.profile          |    4 +-
 etc/profile-a-l/gnome-contacts.profile        |    2 +-
 etc/profile-a-l/gnome-documents.profile       |    4 +-
 etc/profile-a-l/gnome-hexgl.profile           |    2 +-
 etc/profile-a-l/gnome-keyring.profile         |   14 +-
 etc/profile-a-l/gnome-klotski.profile         |    4 +-
 etc/profile-a-l/gnome-latex.profile           |    8 +-
 etc/profile-a-l/gnome-logs.profile            |    2 +-
 etc/profile-a-l/gnome-mahjongg.profile        |    2 +-
 etc/profile-a-l/gnome-maps.profile            |   20 +-
 etc/profile-a-l/gnome-mines.profile           |    6 +-
 etc/profile-a-l/gnome-mplayer.profile         |    6 +-
 etc/profile-a-l/gnome-music.profile           |    4 +-
 etc/profile-a-l/gnome-nettool.profile         |    2 +-
 etc/profile-a-l/gnome-nibbles.profile         |    6 +-
 etc/profile-a-l/gnome-passwordsafe.profile    |   12 +-
 etc/profile-a-l/gnome-photos.profile          |    2 +-
 etc/profile-a-l/gnome-pie.profile             |    2 +-
 etc/profile-a-l/gnome-pomodoro.profile        |    6 +-
 etc/profile-a-l/gnome-recipes.profile         |   10 +-
 etc/profile-a-l/gnome-ring.profile            |    2 +-
 etc/profile-a-l/gnome-robots.profile          |    2 +-
 etc/profile-a-l/gnome-schedule.profile        |   22 +-
 etc/profile-a-l/gnome-screenshot.profile      |    4 +-
 etc/profile-a-l/gnome-sound-recorder.profile  |    4 +-
 etc/profile-a-l/gnome-sudoku.profile          |    4 +-
 etc/profile-a-l/gnome-system-log.profile      |    2 +-
 etc/profile-a-l/gnome-taquin.profile          |    2 +-
 etc/profile-a-l/gnome-todo.profile            |    2 +-
 etc/profile-a-l/gnome-twitch.profile          |    8 +-
 etc/profile-a-l/gnome-weather.profile         |    2 +-
 etc/profile-a-l/gnote.profile                 |   10 +-
 etc/profile-a-l/gnubik.profile                |    2 +-
 etc/profile-a-l/godot.profile                 |    6 +-
 etc/profile-a-l/goobox.profile                |    2 +-
 etc/profile-a-l/google-chrome-beta.profile    |   16 +-
 .../google-chrome-unstable.profile            |   16 +-
 etc/profile-a-l/google-chrome.profile         |   16 +-
 etc/profile-a-l/google-earth.profile          |    8 +-
 .../google-play-music-desktop-player.profile  |    4 +-
 etc/profile-a-l/googler-common.profile        |    8 +-
 etc/profile-a-l/gpa.profile                   |    2 +-
 etc/profile-a-l/gpg-agent.profile             |   16 +-
 etc/profile-a-l/gpg.profile                   |   16 +-
 etc/profile-a-l/gpicview.profile              |    4 +-
 etc/profile-a-l/gpredict.profile              |    4 +-
 etc/profile-a-l/gradio.profile                |    8 +-
 etc/profile-a-l/gramps.profile                |    4 +-
 ...ravity-beams-and-evaporating-stars.profile |    2 +-
 etc/profile-a-l/gthumb.profile                |    6 +-
 etc/profile-a-l/gtk-update-icon-cache.profile |    2 +-
 etc/profile-a-l/gtk2-youtube-viewer.profile   |    4 +-
 etc/profile-a-l/gtk3-youtube-viewer.profile   |    4 +-
 etc/profile-a-l/guayadeque.profile            |    4 +-
 etc/profile-a-l/gummi.profile                 |    4 +-
 etc/profile-a-l/guvcview.profile              |   12 +-
 etc/profile-a-l/gwenview.profile              |   22 +-
 etc/profile-a-l/gzip.profile                  |    2 +-
 etc/profile-a-l/handbrake.profile             |    6 +-
 etc/profile-a-l/hashcat.profile               |    8 +-
 etc/profile-a-l/hasher-common.profile         |    2 +-
 etc/profile-a-l/hedgewars.profile             |    4 +-
 etc/profile-a-l/hexchat.profile               |    4 +-
 etc/profile-a-l/highlight.profile             |    2 +-
 etc/profile-a-l/homebank.profile              |    8 +-
 etc/profile-a-l/host.profile                  |    4 +-
 etc/profile-a-l/hugin.profile                 |    6 +-
 etc/profile-a-l/hyperrogue.profile            |    6 +-
 etc/profile-a-l/i2prouter.profile             |   20 +-
 etc/profile-a-l/i3.profile                    |    2 +-
 etc/profile-a-l/icecat.profile                |    8 +-
 etc/profile-a-l/icedove.profile               |   12 +-
 etc/profile-a-l/idea.sh.profile               |   12 +-
 etc/profile-a-l/imagej.profile                |    2 +-
 etc/profile-a-l/img2txt.profile               |    8 +-
 etc/profile-a-l/impressive.profile            |   10 +-
 etc/profile-a-l/inkscape.profile              |   16 +-
 etc/profile-a-l/inox.profile                  |    8 +-
 etc/profile-a-l/iridium.profile               |    8 +-
 etc/profile-a-l/itch.profile                  |    8 +-
 etc/profile-a-l/jami-gnome.profile            |    8 +-
 etc/profile-a-l/jd-gui.profile                |    2 +-
 etc/profile-a-l/jerry.profile                 |    2 +-
 etc/profile-a-l/jitsi-meet-desktop.profile    |    6 +-
 etc/profile-a-l/jitsi.profile                 |    2 +-
 etc/profile-a-l/jumpnbump.profile             |    6 +-
 etc/profile-a-l/k3b.profile                   |   10 +-
 etc/profile-a-l/kaffeine.profile              |   16 +-
 etc/profile-a-l/kalgebra.profile              |    6 +-
 etc/profile-a-l/karbon.profile                |    2 +-
 etc/profile-a-l/kate.profile                  |   28 +-
 etc/profile-a-l/kazam.profile                 |    8 +-
 etc/profile-a-l/kcalc.profile                 |   16 +-
 etc/profile-a-l/kdenlive.profile              |    8 +-
 etc/profile-a-l/kdiff3.profile                |    8 +-
 etc/profile-a-l/keepass.profile               |   16 +-
 etc/profile-a-l/keepassx.profile              |   10 +-
 etc/profile-a-l/keepassxc.profile             |   30 +-
 etc/profile-a-l/kget.profile                  |   14 +-
 etc/profile-a-l/kid3-qt.profile               |    2 +-
 etc/profile-a-l/kid3.profile                  |    6 +-
 etc/profile-a-l/kino.profile                  |    4 +-
 etc/profile-a-l/kiwix-desktop.profile         |    8 +-
 etc/profile-a-l/klatexformula.profile         |    4 +-
 etc/profile-a-l/klavaro.profile               |    8 +-
 etc/profile-a-l/kmail.profile                 |   42 +-
 etc/profile-a-l/kmplayer.profile              |   10 +-
 etc/profile-a-l/knotes.profile                |    6 +-
 etc/profile-a-l/kodi.profile                  |    8 +-
 etc/profile-a-l/konversation.profile          |   10 +-
 etc/profile-a-l/kopete.profile                |   12 +-
 etc/profile-a-l/krita.profile                 |    8 +-
 etc/profile-a-l/krunner.profile               |    6 +-
 etc/profile-a-l/ktorrent.profile              |   30 +-
 etc/profile-a-l/ktouch.profile                |    8 +-
 etc/profile-a-l/kube.profile                  |   36 +-
 etc/profile-a-l/kwin_x11.profile              |    8 +-
 etc/profile-a-l/kwrite.profile                |   18 +-
 etc/profile-a-l/latex-common.profile          |    2 +-
 etc/profile-a-l/leafpad.profile               |    2 +-
 etc/profile-a-l/less.profile                  |    4 +-
 etc/profile-a-l/librecad.profile              |    6 +-
 etc/profile-a-l/libreoffice.profile           |    6 +-
 etc/profile-a-l/librewolf.profile             |   16 +-
 etc/profile-a-l/liferea.profile               |   14 +-
 etc/profile-a-l/lightsoff.profile             |    2 +-
 etc/profile-a-l/lincity-ng.profile            |    4 +-
 etc/profile-a-l/links-common.profile          |    6 +-
 etc/profile-a-l/links.profile                 |    4 +-
 etc/profile-a-l/links2.profile                |    4 +-
 etc/profile-a-l/linphone.profile              |   18 +-
 etc/profile-a-l/lmms.profile                  |    6 +-
 etc/profile-a-l/lollypop.profile              |    4 +-
 etc/profile-a-l/lugaru.profile                |    8 +-
 etc/profile-a-l/luminance-hdr.profile         |    4 +-
 etc/profile-a-l/lutris.profile                |   34 +-
 etc/profile-a-l/lximage-qt.profile            |    2 +-
 etc/profile-a-l/lxmusic.profile               |    6 +-
 etc/profile-a-l/lynx.profile                  |    4 +-
 etc/profile-a-l/lyx.profile                   |   14 +-
 etc/profile-a-l/sway.profile                  |    4 +-
 etc/profile-m-z/Maelstrom.profile             |    4 +-
 etc/profile-m-z/Mathematica.profile           |   10 +-
 etc/profile-m-z/PCSX2.profile                 |    4 +-
 etc/profile-m-z/QMediathekView.profile        |   26 +-
 etc/profile-m-z/QOwnNotes.profile             |   16 +-
 etc/profile-m-z/Viber.profile                 |    8 +-
 etc/profile-m-z/XMind.profile                 |    6 +-
 etc/profile-m-z/Xephyr.profile                |    2 +-
 etc/profile-m-z/Xvfb.profile                  |    2 +-
 etc/profile-m-z/ZeGrapher.profile             |    4 +-
 etc/profile-m-z/macrofusion.profile           |    4 +-
 etc/profile-m-z/magicor.profile               |    6 +-
 etc/profile-m-z/makepkg.profile               |   18 +-
 etc/profile-m-z/man.profile                   |   18 +-
 etc/profile-m-z/manaplus.profile              |    8 +-
 etc/profile-m-z/marker.profile                |    8 +-
 etc/profile-m-z/masterpdfeditor.profile       |    4 +-
 etc/profile-m-z/mate-calc.profile             |    8 +-
 etc/profile-m-z/mate-dictionary.profile       |    4 +-
 etc/profile-m-z/matrix-mirage.profile         |   12 +-
 etc/profile-m-z/mattermost-desktop.profile    |    4 +-
 etc/profile-m-z/mcabber.profile               |    4 +-
 etc/profile-m-z/mcomix.profile                |    8 +-
 etc/profile-m-z/mdr.profile                   |    4 +-
 etc/profile-m-z/mediainfo.profile             |    2 +-
 etc/profile-m-z/mediathekview.profile         |   20 +-
 etc/profile-m-z/megaglest.profile             |    8 +-
 etc/profile-m-z/meld.profile                  |   14 +-
 etc/profile-m-z/mendeleydesktop.profile       |   14 +-
 etc/profile-m-z/menulibre.profile             |   14 +-
 etc/profile-m-z/meteo-qt.profile              |    8 +-
 etc/profile-m-z/microsoft-edge-beta.profile   |    8 +-
 etc/profile-m-z/microsoft-edge-dev.profile    |    8 +-
 etc/profile-m-z/midori.profile                |   38 +-
 etc/profile-m-z/min.profile                   |    4 +-
 etc/profile-m-z/mindless.profile              |    2 +-
 etc/profile-m-z/minecraft-launcher.profile    |    4 +-
 etc/profile-m-z/minetest.profile              |   12 +-
 etc/profile-m-z/minitube.profile              |   18 +-
 etc/profile-m-z/mirage.profile                |   16 +-
 etc/profile-m-z/mirrormagic.profile           |    6 +-
 etc/profile-m-z/mocp.profile                  |    4 +-
 etc/profile-m-z/mousepad.profile              |    2 +-
 etc/profile-m-z/mp3splt-gtk.profile           |    2 +-
 etc/profile-m-z/mp3splt.profile               |    4 +-
 etc/profile-m-z/mpDris2.profile               |    8 +-
 etc/profile-m-z/mpd.profile                   |    8 +-
 etc/profile-m-z/mpg123.profile                |    2 +-
 etc/profile-m-z/mplayer.profile               |    4 +-
 etc/profile-m-z/mpsyt.profile                 |   28 +-
 etc/profile-m-z/mpv.profile                   |   20 +-
 etc/profile-m-z/mrrescue.profile              |    8 +-
 etc/profile-m-z/ms-excel.profile              |    2 +-
 etc/profile-m-z/ms-office.profile             |    4 +-
 etc/profile-m-z/ms-onenote.profile            |    2 +-
 etc/profile-m-z/ms-outlook.profile            |    2 +-
 etc/profile-m-z/ms-powerpoint.profile         |    2 +-
 etc/profile-m-z/ms-skype.profile              |    2 +-
 etc/profile-m-z/ms-word.profile               |    2 +-
 etc/profile-m-z/mtpaint.profile               |    2 +-
 etc/profile-m-z/multimc5.profile              |   12 +-
 etc/profile-m-z/mumble.profile                |   12 +-
 etc/profile-m-z/mupdf-gl.profile              |    2 +-
 etc/profile-m-z/mupdf.profile                 |    2 +-
 etc/profile-m-z/mupen64plus.profile           |    8 +-
 etc/profile-m-z/musescore.profile             |   12 +-
 etc/profile-m-z/musictube.profile             |   14 +-
 etc/profile-m-z/musixmatch.profile            |    2 +-
 etc/profile-m-z/mutt.profile                  |  120 +-
 etc/profile-m-z/mypaint.profile               |    8 +-
 etc/profile-m-z/nano.profile                  |    8 +-
 etc/profile-m-z/natron.profile                |    6 +-
 etc/profile-m-z/ncdu.profile                  |    2 +-
 etc/profile-m-z/neochat.profile               |   18 +-
 etc/profile-m-z/neomutt.profile               |  128 +-
 etc/profile-m-z/netactview.profile            |    6 +-
 etc/profile-m-z/nethack-vultures.profile      |    6 +-
 etc/profile-m-z/nethack.profile               |    4 +-
 etc/profile-m-z/netsurf.profile               |   10 +-
 etc/profile-m-z/neverball.profile             |    6 +-
 etc/profile-m-z/newsbeuter.profile            |   14 +-
 etc/profile-m-z/newsboat.profile              |   24 +-
 etc/profile-m-z/newsflash.profile             |   12 +-
 etc/profile-m-z/nextcloud.profile             |   12 +-
 etc/profile-m-z/nheko.profile                 |   14 +-
 etc/profile-m-z/nicotine.profile              |    8 +-
 etc/profile-m-z/nitroshare.profile            |    4 +-
 etc/profile-m-z/nodejs-common.profile         |   26 +-
 etc/profile-m-z/nomacs.profile                |    8 +-
 etc/profile-m-z/notify-send.profile           |    2 +-
 etc/profile-m-z/nslookup.profile              |    8 +-
 etc/profile-m-z/nuclear.profile               |    4 +-
 etc/profile-m-z/nylas.profile                 |   10 +-
 etc/profile-m-z/nyx.profile                   |    4 +-
 etc/profile-m-z/obs.profile                   |    8 +-
 etc/profile-m-z/ocenaudio.profile             |    6 +-
 etc/profile-m-z/odt2txt.profile               |    4 +-
 etc/profile-m-z/okular.profile                |   42 +-
 etc/profile-m-z/onboard.profile               |    6 +-
 etc/profile-m-z/onionshare-gui.profile        |    2 +-
 etc/profile-m-z/open-invaders.profile         |    4 +-
 etc/profile-m-z/openarena.profile             |    6 +-
 etc/profile-m-z/openbox.profile               |    2 +-
 etc/profile-m-z/opencity.profile              |    4 +-
 etc/profile-m-z/openclonk.profile             |    4 +-
 etc/profile-m-z/openmw.profile                |   10 +-
 etc/profile-m-z/openshot.profile              |    8 +-
 etc/profile-m-z/openttd.profile               |    4 +-
 etc/profile-m-z/opera-beta.profile            |    8 +-
 etc/profile-m-z/opera.profile                 |   12 +-
 etc/profile-m-z/orage.profile                 |    4 +-
 etc/profile-m-z/ostrichriders.profile         |    6 +-
 etc/profile-m-z/otter-browser.profile         |   20 +-
 etc/profile-m-z/palemoon.profile              |    8 +-
 etc/profile-m-z/pandoc.profile                |    4 +-
 etc/profile-m-z/parole.profile                |    4 +-
 etc/profile-m-z/patch.profile                 |    4 +-
 etc/profile-m-z/pavucontrol-qt.profile        |    4 +-
 etc/profile-m-z/pavucontrol.profile           |    6 +-
 etc/profile-m-z/pcsxr.profile                 |    4 +-
 etc/profile-m-z/pdfchain.profile              |    2 +-
 etc/profile-m-z/pdfmod.profile                |    6 +-
 etc/profile-m-z/pdfsam.profile                |    2 +-
 etc/profile-m-z/pdftotext.profile             |   10 +-
 etc/profile-m-z/peek.profile                  |    6 +-
 etc/profile-m-z/penguin-command.profile       |    4 +-
 etc/profile-m-z/photoflare.profile            |    2 +-
 etc/profile-m-z/picard.profile                |    6 +-
 etc/profile-m-z/pidgin.profile                |    8 +-
 etc/profile-m-z/pinball.profile               |    8 +-
 etc/profile-m-z/ping.profile                  |    4 +-
 etc/profile-m-z/pingus.profile                |    8 +-
 etc/profile-m-z/pinta.profile                 |    6 +-
 etc/profile-m-z/pioneer.profile               |    4 +-
 etc/profile-m-z/pipe-viewer.profile           |    8 +-
 etc/profile-m-z/pitivi.profile                |    2 +-
 etc/profile-m-z/pix.profile                   |    8 +-
 etc/profile-m-z/pkglog.profile                |    6 +-
 etc/profile-m-z/playonlinux.profile           |    4 +-
 etc/profile-m-z/pluma.profile                 |    4 +-
 etc/profile-m-z/plv.profile                   |    6 +-
 etc/profile-m-z/pngquant.profile              |    4 +-
 etc/profile-m-z/polari.profile                |   12 +-
 etc/profile-m-z/ppsspp.profile                |    6 +-
 etc/profile-m-z/pragha.profile                |    4 +-
 etc/profile-m-z/profanity.profile             |    4 +-
 etc/profile-m-z/psi-plus.profile              |   12 +-
 etc/profile-m-z/psi.profile                   |   24 +-
 etc/profile-m-z/pybitmessage.profile          |    6 +-
 etc/profile-m-z/pycharm-community.profile     |    2 +-
 etc/profile-m-z/pycharm-professional.profile  |    2 +-
 etc/profile-m-z/qbittorrent.profile           |   18 +-
 etc/profile-m-z/qcomicbook.profile            |   10 +-
 etc/profile-m-z/qemu-launcher.profile         |    2 +-
 etc/profile-m-z/qgis.profile                  |   16 +-
 etc/profile-m-z/qlipper.profile               |    2 +-
 etc/profile-m-z/qmmp.profile                  |    4 +-
 etc/profile-m-z/qnapi.profile                 |    6 +-
 etc/profile-m-z/qpdfview.profile              |    6 +-
 etc/profile-m-z/qrencode.profile              |    2 +-
 etc/profile-m-z/qtox.profile                  |    8 +-
 etc/profile-m-z/quadrapassel.profile          |    6 +-
 etc/profile-m-z/quaternion.profile            |   12 +-
 etc/profile-m-z/quiterss.profile              |   20 +-
 etc/profile-m-z/quodlibet.profile             |   18 +-
 etc/profile-m-z/qupzilla.profile              |    8 +-
 etc/profile-m-z/qutebrowser.profile           |   14 +-
 etc/profile-m-z/rambox.profile                |   14 +-
 etc/profile-m-z/redeclipse.profile            |    6 +-
 etc/profile-m-z/redshift.profile              |    8 +-
 etc/profile-m-z/regextester.profile           |    2 +-
 etc/profile-m-z/remmina.profile               |    6 +-
 etc/profile-m-z/rhythmbox.profile             |   14 +-
 etc/profile-m-z/ricochet.profile              |    6 +-
 etc/profile-m-z/riot-web.profile              |    6 +-
 etc/profile-m-z/ripperx.profile               |    4 +-
 etc/profile-m-z/ristretto.profile             |    6 +-
 etc/profile-m-z/rocketchat.profile            |    4 +-
 etc/profile-m-z/rsync-download_only.profile   |    4 +-
 etc/profile-m-z/rtv-addons.profile            |   18 +-
 etc/profile-m-z/rtv.profile                   |   12 +-
 etc/profile-m-z/sayonara.profile              |    4 +-
 etc/profile-m-z/scallion.profile              |    8 +-
 etc/profile-m-z/scorched3d.profile            |    8 +-
 etc/profile-m-z/scorchwentbonkers.profile     |    6 +-
 etc/profile-m-z/scribus.profile               |   36 +-
 etc/profile-m-z/seahorse-adventures.profile   |    4 +-
 etc/profile-m-z/seahorse.profile              |   18 +-
 etc/profile-m-z/seamonkey.profile             |   46 +-
 etc/profile-m-z/server.profile                |    8 +-
 etc/profile-m-z/shellcheck.profile            |    6 +-
 etc/profile-m-z/shortwave.profile             |   10 +-
 etc/profile-m-z/shotcut.profile               |    2 +-
 etc/profile-m-z/shotwell.profile              |   12 +-
 etc/profile-m-z/signal-cli.profile            |    8 +-
 etc/profile-m-z/signal-desktop.profile        |    8 +-
 etc/profile-m-z/simple-scan.profile           |    8 +-
 etc/profile-m-z/simplescreenrecorder.profile  |    6 +-
 etc/profile-m-z/simutrans.profile             |    4 +-
 etc/profile-m-z/skanlite.profile              |    2 +-
 etc/profile-m-z/skypeforlinux.profile         |    2 +-
 etc/profile-m-z/slack.profile                 |    4 +-
 etc/profile-m-z/slashem.profile               |    4 +-
 etc/profile-m-z/smplayer.profile              |   16 +-
 etc/profile-m-z/smtube.profile                |   20 +-
 etc/profile-m-z/smuxi-frontend-gnome.profile  |   14 +-
 etc/profile-m-z/snox.profile                  |    8 +-
 etc/profile-m-z/softmaker-common.profile      |    6 +-
 etc/profile-m-z/sound-juicer.profile          |    4 +-
 etc/profile-m-z/soundconverter.profile        |    8 +-
 etc/profile-m-z/spectacle.profile             |   12 +-
 etc/profile-m-z/spectral.profile              |   10 +-
 .../spectre-meltdown-checker.profile          |    6 +-
 etc/profile-m-z/spotify.profile               |   14 +-
 etc/profile-m-z/sqlitebrowser.profile         |    4 +-
 etc/profile-m-z/ssh-agent.profile             |    4 +-
 etc/profile-m-z/ssh.profile                   |    8 +-
 etc/profile-m-z/standardnotes-desktop.profile |    8 +-
 .../start-tor-browser.desktop.profile         |  126 +-
 etc/profile-m-z/steam.profile                 |  130 +-
 etc/profile-m-z/stellarium.profile            |    8 +-
 etc/profile-m-z/straw-viewer.profile          |    8 +-
 etc/profile-m-z/strawberry.profile            |    8 +-
 etc/profile-m-z/strings.profile               |    2 +-
 etc/profile-m-z/subdownloader.profile         |    4 +-
 etc/profile-m-z/supertux2.profile             |    8 +-
 etc/profile-m-z/supertuxkart.profile          |   18 +-
 etc/profile-m-z/surf.profile                  |    6 +-
 etc/profile-m-z/swell-foop.profile            |    6 +-
 etc/profile-m-z/sylpheed.profile              |    6 +-
 etc/profile-m-z/synfigstudio.profile          |    4 +-
 etc/profile-m-z/sysprof.profile               |   16 +-
 etc/profile-m-z/tar.profile                   |    2 +-
 etc/profile-m-z/tb-starter-wrapper.profile    |    4 +-
 etc/profile-m-z/tcpdump.profile               |    6 +-
 etc/profile-m-z/teams-for-linux.profile       |    4 +-
 etc/profile-m-z/teams.profile                 |    8 +-
 etc/profile-m-z/teamspeak3.profile            |    8 +-
 etc/profile-m-z/teeworlds.profile             |    4 +-
 etc/profile-m-z/telegram.profile              |   10 +-
 etc/profile-m-z/terasology.profile            |    6 +-
 etc/profile-m-z/thunderbird.profile           |   24 +-
 etc/profile-m-z/tilp.profile                  |    2 +-
 etc/profile-m-z/tin.profile                   |   10 +-
 etc/profile-m-z/tmux.profile                  |    6 +-
 etc/profile-m-z/tor-browser-ar.profile        |    4 +-
 etc/profile-m-z/tor-browser-ca.profile        |    4 +-
 etc/profile-m-z/tor-browser-cs.profile        |    4 +-
 etc/profile-m-z/tor-browser-da.profile        |    4 +-
 etc/profile-m-z/tor-browser-de.profile        |    4 +-
 etc/profile-m-z/tor-browser-el.profile        |    4 +-
 etc/profile-m-z/tor-browser-en-us.profile     |    4 +-
 etc/profile-m-z/tor-browser-en.profile        |    4 +-
 etc/profile-m-z/tor-browser-es-es.profile     |    4 +-
 etc/profile-m-z/tor-browser-es.profile        |    4 +-
 etc/profile-m-z/tor-browser-fa.profile        |    4 +-
 etc/profile-m-z/tor-browser-fr.profile        |    4 +-
 etc/profile-m-z/tor-browser-ga-ie.profile     |    4 +-
 etc/profile-m-z/tor-browser-he.profile        |    4 +-
 etc/profile-m-z/tor-browser-hu.profile        |    4 +-
 etc/profile-m-z/tor-browser-id.profile        |    4 +-
 etc/profile-m-z/tor-browser-is.profile        |    4 +-
 etc/profile-m-z/tor-browser-it.profile        |    4 +-
 etc/profile-m-z/tor-browser-ja.profile        |    4 +-
 etc/profile-m-z/tor-browser-ka.profile        |    4 +-
 etc/profile-m-z/tor-browser-ko.profile        |    4 +-
 etc/profile-m-z/tor-browser-nb.profile        |    4 +-
 etc/profile-m-z/tor-browser-nl.profile        |    4 +-
 etc/profile-m-z/tor-browser-pl.profile        |    4 +-
 etc/profile-m-z/tor-browser-pt-br.profile     |    4 +-
 etc/profile-m-z/tor-browser-ru.profile        |    4 +-
 etc/profile-m-z/tor-browser-sv-se.profile     |    4 +-
 etc/profile-m-z/tor-browser-tr.profile        |    4 +-
 etc/profile-m-z/tor-browser-vi.profile        |    4 +-
 etc/profile-m-z/tor-browser-zh-cn.profile     |    4 +-
 etc/profile-m-z/tor-browser-zh-tw.profile     |    4 +-
 etc/profile-m-z/tor-browser.profile           |    4 +-
 etc/profile-m-z/tor-browser_ar.profile        |    4 +-
 etc/profile-m-z/tor-browser_ca.profile        |    4 +-
 etc/profile-m-z/tor-browser_cs.profile        |    4 +-
 etc/profile-m-z/tor-browser_da.profile        |    4 +-
 etc/profile-m-z/tor-browser_de.profile        |    4 +-
 etc/profile-m-z/tor-browser_el.profile        |    4 +-
 etc/profile-m-z/tor-browser_en-US.profile     |    4 +-
 etc/profile-m-z/tor-browser_en.profile        |    4 +-
 etc/profile-m-z/tor-browser_es-ES.profile     |    4 +-
 etc/profile-m-z/tor-browser_es.profile        |    4 +-
 etc/profile-m-z/tor-browser_fa.profile        |    4 +-
 etc/profile-m-z/tor-browser_fr.profile        |    4 +-
 etc/profile-m-z/tor-browser_ga-IE.profile     |    4 +-
 etc/profile-m-z/tor-browser_he.profile        |    4 +-
 etc/profile-m-z/tor-browser_hu.profile        |    4 +-
 etc/profile-m-z/tor-browser_id.profile        |    4 +-
 etc/profile-m-z/tor-browser_is.profile        |    4 +-
 etc/profile-m-z/tor-browser_it.profile        |    4 +-
 etc/profile-m-z/tor-browser_ja.profile        |    4 +-
 etc/profile-m-z/tor-browser_ka.profile        |    4 +-
 etc/profile-m-z/tor-browser_ko.profile        |    4 +-
 etc/profile-m-z/tor-browser_nb.profile        |    4 +-
 etc/profile-m-z/tor-browser_nl.profile        |    4 +-
 etc/profile-m-z/tor-browser_pl.profile        |    4 +-
 etc/profile-m-z/tor-browser_pt-BR.profile     |    4 +-
 etc/profile-m-z/tor-browser_ru.profile        |    4 +-
 etc/profile-m-z/tor-browser_sv-SE.profile     |    4 +-
 etc/profile-m-z/tor-browser_tr.profile        |    4 +-
 etc/profile-m-z/tor-browser_vi.profile        |    4 +-
 etc/profile-m-z/tor-browser_zh-CN.profile     |    4 +-
 etc/profile-m-z/tor-browser_zh-TW.profile     |    4 +-
 etc/profile-m-z/torbrowser-launcher.profile   |   16 +-
 etc/profile-m-z/torcs.profile                 |    8 +-
 etc/profile-m-z/totem.profile                 |   10 +-
 etc/profile-m-z/tracker.profile               |    4 +-
 etc/profile-m-z/transgui.profile              |    6 +-
 etc/profile-m-z/transmission-common.profile   |   10 +-
 etc/profile-m-z/transmission-daemon.profile   |    4 +-
 .../transmission-remote-gtk.profile           |    4 +-
 etc/profile-m-z/tremulous.profile             |    6 +-
 etc/profile-m-z/trojita.profile               |   16 +-
 etc/profile-m-z/truecraft.profile             |    8 +-
 .../ts3client_runscript.sh.profile            |    8 +-
 etc/profile-m-z/tutanota-desktop.profile      |   12 +-
 etc/profile-m-z/tuxguitar.profile             |    6 +-
 etc/profile-m-z/tvbrowser.profile             |   10 +-
 etc/profile-m-z/twitch.profile                |    4 +-
 etc/profile-m-z/uefitool.profile              |    2 +-
 etc/profile-m-z/uget-gtk.profile              |    6 +-
 etc/profile-m-z/unbound.profile               |   12 +-
 etc/profile-m-z/unf.profile                   |    4 +-
 etc/profile-m-z/unknown-horizons.profile      |    6 +-
 etc/profile-m-z/unzip.profile                 |    2 +-
 etc/profile-m-z/utox.profile                  |    8 +-
 etc/profile-m-z/uudeview.profile              |    2 +-
 etc/profile-m-z/uzbl-browser.profile          |   16 +-
 etc/profile-m-z/viewnior.profile              |    8 +-
 etc/profile-m-z/viking.profile                |    6 +-
 etc/profile-m-z/vim.profile                   |    6 +-
 etc/profile-m-z/virtualbox.profile            |   18 +-
 etc/profile-m-z/vivaldi.profile               |   24 +-
 etc/profile-m-z/vlc.profile                   |   16 +-
 etc/profile-m-z/vmware-view.profile           |    8 +-
 etc/profile-m-z/vmware.profile                |    8 +-
 etc/profile-m-z/vscodium.profile              |    2 +-
 etc/profile-m-z/vulturesclaw.profile          |    4 +-
 etc/profile-m-z/vultureseye.profile           |    4 +-
 etc/profile-m-z/vym.profile                   |    2 +-
 etc/profile-m-z/w3m.profile                   |   12 +-
 etc/profile-m-z/warmux.profile                |   14 +-
 etc/profile-m-z/warsow.profile                |   10 +-
 etc/profile-m-z/warzone2100.profile           |    8 +-
 etc/profile-m-z/waterfox.profile              |    8 +-
 etc/profile-m-z/webstorm.profile              |   14 +-
 etc/profile-m-z/webui-aria2.profile           |    2 +-
 etc/profile-m-z/weechat.profile               |    4 +-
 etc/profile-m-z/wesnoth.profile               |   12 +-
 etc/profile-m-z/wget.profile                  |   10 +-
 etc/profile-m-z/whalebird.profile             |    4 +-
 etc/profile-m-z/whois.profile                 |    4 +-
 etc/profile-m-z/widelands.profile             |    4 +-
 etc/profile-m-z/wine.profile                  |   14 +-
 etc/profile-m-z/wire-desktop.profile          |    4 +-
 etc/profile-m-z/wireshark.profile             |    8 +-
 etc/profile-m-z/wordwarvi.profile             |    6 +-
 etc/profile-m-z/wps.profile                   |    6 +-
 etc/profile-m-z/x2goclient.profile            |    4 +-
 etc/profile-m-z/xbill.profile                 |    4 +-
 etc/profile-m-z/xchat.profile                 |    2 +-
 etc/profile-m-z/xed.profile                   |    8 +-
 etc/profile-m-z/xfburn.profile                |    2 +-
 etc/profile-m-z/xfce4-dict.profile            |    2 +-
 etc/profile-m-z/xfce4-mixer.profile           |   10 +-
 etc/profile-m-z/xfce4-notes.profile           |    6 +-
 etc/profile-m-z/xfce4-screenshooter.profile   |    4 +-
 etc/profile-m-z/xiphos.profile                |   10 +-
 etc/profile-m-z/xlinks.profile                |    2 +-
 etc/profile-m-z/xlinks2                       |    2 +-
 etc/profile-m-z/xmms.profile                  |    4 +-
 etc/profile-m-z/xmr-stak.profile              |    2 +-
 etc/profile-m-z/xonotic.profile               |    6 +-
 etc/profile-m-z/xournal.profile               |    6 +-
 etc/profile-m-z/xournalpp.profile             |    8 +-
 etc/profile-m-z/xpdf.profile                  |    4 +-
 etc/profile-m-z/xplayer.profile               |    8 +-
 etc/profile-m-z/xpra.profile                  |    2 +-
 etc/profile-m-z/xreader.profile               |    6 +-
 etc/profile-m-z/xviewer.profile               |    8 +-
 etc/profile-m-z/yandex-browser.profile        |   16 +-
 etc/profile-m-z/yelp.profile                  |   20 +-
 etc/profile-m-z/youtube-dl-gui.profile        |    6 +-
 etc/profile-m-z/youtube-dl.profile            |   14 +-
 etc/profile-m-z/youtube-viewer.profile        |    8 +-
 .../youtube-viewers-common.profile            |    6 +-
 etc/profile-m-z/youtube.profile               |    4 +-
 .../youtubemusic-nativefier.profile           |    4 +-
 etc/profile-m-z/ytmdesktop.profile            |    4 +-
 etc/profile-m-z/zaproxy.profile               |    6 +-
 etc/profile-m-z/zart.profile                  |    4 +-
 etc/profile-m-z/zathura.profile               |   10 +-
 etc/profile-m-z/zcat.profile                  |    2 +-
 etc/profile-m-z/zeal.profile                  |   12 +-
 etc/profile-m-z/zgrep.profile                 |    2 +-
 etc/profile-m-z/zoom.profile                  |   12 +-
 etc/profile-m-z/zulip.profile                 |    6 +-
 798 files changed, 5084 insertions(+), 5084 deletions(-)

diff --git a/etc/inc/allow-bin-sh.inc b/etc/inc/allow-bin-sh.inc
index 59cd4087817..d6c295414ed 100644
--- a/etc/inc/allow-bin-sh.inc
+++ b/etc/inc/allow-bin-sh.inc
@@ -2,6 +2,6 @@
 # Persistent customizations should go in a .local file.
 include allow-bin-sh.local
 
-nodeny  ${PATH}/bash
-nodeny  ${PATH}/dash
-nodeny  ${PATH}/sh
+noblacklist ${PATH}/bash
+noblacklist ${PATH}/dash
+noblacklist ${PATH}/sh
diff --git a/etc/inc/allow-common-devel.inc b/etc/inc/allow-common-devel.inc
index 71b1483cd72..011bbe226b8 100644
--- a/etc/inc/allow-common-devel.inc
+++ b/etc/inc/allow-common-devel.inc
@@ -3,29 +3,29 @@
 include allow-common-devel.local
 
 # Git
-nodeny  ${HOME}/.config/git
-nodeny  ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
 
 # Java
-nodeny  ${HOME}/.gradle
-nodeny  ${HOME}/.java
+noblacklist ${HOME}/.gradle
+noblacklist ${HOME}/.java
 
 # Node.js
-nodeny  ${HOME}/.node-gyp
-nodeny  ${HOME}/.npm
-nodeny  ${HOME}/.npmrc
-nodeny  ${HOME}/.nvm
-nodeny  ${HOME}/.yarn
-nodeny  ${HOME}/.yarn-config
-nodeny  ${HOME}/.yarncache
-nodeny  ${HOME}/.yarnrc
+noblacklist ${HOME}/.node-gyp
+noblacklist ${HOME}/.npm
+noblacklist ${HOME}/.npmrc
+noblacklist ${HOME}/.nvm
+noblacklist ${HOME}/.yarn
+noblacklist ${HOME}/.yarn-config
+noblacklist ${HOME}/.yarncache
+noblacklist ${HOME}/.yarnrc
 
 # Python
-nodeny  ${HOME}/.pylint.d
-nodeny  ${HOME}/.python-history
-nodeny  ${HOME}/.python_history
-nodeny  ${HOME}/.pythonhist
+noblacklist ${HOME}/.pylint.d
+noblacklist ${HOME}/.python-history
+noblacklist ${HOME}/.python_history
+noblacklist ${HOME}/.pythonhist
 
 # Rust
-nodeny  ${HOME}/.cargo/*
+noblacklist ${HOME}/.cargo/*
diff --git a/etc/inc/allow-gjs.inc b/etc/inc/allow-gjs.inc
index 2e2490079aa..c1366e09336 100644
--- a/etc/inc/allow-gjs.inc
+++ b/etc/inc/allow-gjs.inc
@@ -2,11 +2,11 @@
 # Persistent customizations should go in a .local file.
 include allow-gjs.local
 
-nodeny  ${PATH}/gjs
-nodeny  ${PATH}/gjs-console
-nodeny  /usr/lib/gjs
-nodeny  /usr/lib/libgjs*
-nodeny  /usr/lib/libmozjs-*
-nodeny  /usr/lib64/gjs
-nodeny  /usr/lib64/libgjs*
-nodeny  /usr/lib64/libmozjs-*
+noblacklist ${PATH}/gjs
+noblacklist ${PATH}/gjs-console
+noblacklist /usr/lib/gjs
+noblacklist /usr/lib/libgjs*
+noblacklist /usr/lib/libmozjs-*
+noblacklist /usr/lib64/gjs
+noblacklist /usr/lib64/libgjs*
+noblacklist /usr/lib64/libmozjs-*
diff --git a/etc/inc/allow-java.inc b/etc/inc/allow-java.inc
index af44f36645e..24d18fb7768 100644
--- a/etc/inc/allow-java.inc
+++ b/etc/inc/allow-java.inc
@@ -2,8 +2,8 @@
 # Persistent customizations should go in a .local file.
 include allow-java.local
 
-nodeny  ${HOME}/.java
-nodeny  ${PATH}/java
-nodeny  /etc/java
-nodeny  /usr/lib/java
-nodeny  /usr/share/java
+noblacklist ${HOME}/.java
+noblacklist ${PATH}/java
+noblacklist /etc/java
+noblacklist /usr/lib/java
+noblacklist /usr/share/java
diff --git a/etc/inc/allow-lua.inc b/etc/inc/allow-lua.inc
index 3d0a1997bfd..9c47e7a3b7b 100644
--- a/etc/inc/allow-lua.inc
+++ b/etc/inc/allow-lua.inc
@@ -2,11 +2,11 @@
 # Persistent customizations should go in a .local file.
 include allow-lua.local
 
-nodeny  ${PATH}/lua*
-nodeny  /usr/include
-nodeny  /usr/lib/liblua*
-nodeny  /usr/lib/lua
-nodeny  /usr/lib64/liblua*
-nodeny  /usr/lib64/lua
-nodeny  /usr/share/lua
-nodeny  /usr/share/lua*
+noblacklist ${PATH}/lua*
+noblacklist /usr/include
+noblacklist /usr/lib/liblua*
+noblacklist /usr/lib/lua
+noblacklist /usr/lib64/liblua*
+noblacklist /usr/lib64/lua
+noblacklist /usr/share/lua
+noblacklist /usr/share/lua*
diff --git a/etc/inc/allow-nodejs.inc b/etc/inc/allow-nodejs.inc
index e915b3866c9..351c94ab86e 100644
--- a/etc/inc/allow-nodejs.inc
+++ b/etc/inc/allow-nodejs.inc
@@ -2,8 +2,8 @@
 # Persistent customizations should go in a .local file.
 include allow-nodejs.local
 
-nodeny  ${PATH}/node
-nodeny  /usr/include/node
+noblacklist ${PATH}/node
+noblacklist /usr/include/node
 
 # Allow python for node-gyp (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/inc/allow-opengl-game.inc b/etc/inc/allow-opengl-game.inc
index 00e35e98362..5d2d6c5c18d 100644
--- a/etc/inc/allow-opengl-game.inc
+++ b/etc/inc/allow-opengl-game.inc
@@ -2,6 +2,6 @@
 # Persistent customizations should go in a .local file.
 include allow-opengl-game.local
 
-nodeny  ${PATH}/bash
-allow  /usr/share/opengl-games-utils/opengl-game-functions.sh
+noblacklist ${PATH}/bash
+whitelist /usr/share/opengl-games-utils/opengl-game-functions.sh
 private-bin basename,bash,cut,glxinfo,grep,head,sed,zenity
diff --git a/etc/inc/allow-perl.inc b/etc/inc/allow-perl.inc
index 134d2723930..5a1952c94e3 100644
--- a/etc/inc/allow-perl.inc
+++ b/etc/inc/allow-perl.inc
@@ -2,11 +2,11 @@
 # Persistent customizations should go in a .local file.
 include allow-perl.local
 
-nodeny  ${PATH}/core_perl
-nodeny  ${PATH}/cpan*
-nodeny  ${PATH}/perl
-nodeny  ${PATH}/site_perl
-nodeny  ${PATH}/vendor_perl
-nodeny  /usr/lib/perl*
-nodeny  /usr/lib64/perl*
-nodeny  /usr/share/perl*
+noblacklist ${PATH}/core_perl
+noblacklist ${PATH}/cpan*
+noblacklist ${PATH}/perl
+noblacklist ${PATH}/site_perl
+noblacklist ${PATH}/vendor_perl
+noblacklist /usr/lib/perl*
+noblacklist /usr/lib64/perl*
+noblacklist /usr/share/perl*
diff --git a/etc/inc/allow-php.inc b/etc/inc/allow-php.inc
index 520c2019ecd..a0950dc2688 100644
--- a/etc/inc/allow-php.inc
+++ b/etc/inc/allow-php.inc
@@ -2,6 +2,6 @@
 # Persistent customizations should go in a .local file.
 include allow-php.local
 
-nodeny  ${PATH}/php*
-nodeny  /usr/lib/php*
-nodeny  /usr/share/php*
+noblacklist ${PATH}/php*
+noblacklist /usr/lib/php*
+noblacklist /usr/share/php*
diff --git a/etc/inc/allow-python2.inc b/etc/inc/allow-python2.inc
index f1830043ad6..b0525e2e18a 100644
--- a/etc/inc/allow-python2.inc
+++ b/etc/inc/allow-python2.inc
@@ -2,8 +2,8 @@
 # Persistent customizations should go in a .local file.
 include allow-python2.local
 
-nodeny  ${PATH}/python2*
-nodeny  /usr/include/python2*
-nodeny  /usr/lib/python2*
-nodeny  /usr/local/lib/python2*
-nodeny  /usr/share/python2*
+noblacklist ${PATH}/python2*
+noblacklist /usr/include/python2*
+noblacklist /usr/lib/python2*
+noblacklist /usr/local/lib/python2*
+noblacklist /usr/share/python2*
diff --git a/etc/inc/allow-python3.inc b/etc/inc/allow-python3.inc
index e4b6ed1a998..d968886b009 100644
--- a/etc/inc/allow-python3.inc
+++ b/etc/inc/allow-python3.inc
@@ -2,9 +2,9 @@
 # Persistent customizations should go in a .local file.
 include allow-python3.local
 
-nodeny  ${PATH}/python3*
-nodeny  /usr/include/python3*
-nodeny  /usr/lib/python3*
-nodeny  /usr/lib64/python3*
-nodeny  /usr/local/lib/python3*
-nodeny  /usr/share/python3*
+noblacklist ${PATH}/python3*
+noblacklist /usr/include/python3*
+noblacklist /usr/lib/python3*
+noblacklist /usr/lib64/python3*
+noblacklist /usr/local/lib/python3*
+noblacklist /usr/share/python3*
diff --git a/etc/inc/allow-ruby.inc b/etc/inc/allow-ruby.inc
index d949bbc8450..a8c70121902 100644
--- a/etc/inc/allow-ruby.inc
+++ b/etc/inc/allow-ruby.inc
@@ -2,5 +2,5 @@
 # Persistent customizations should go in a .local file.
 include allow-ruby.local
 
-nodeny  ${PATH}/ruby
-nodeny  /usr/lib/ruby
+noblacklist ${PATH}/ruby
+noblacklist /usr/lib/ruby
diff --git a/etc/inc/allow-ssh.inc b/etc/inc/allow-ssh.inc
index 44957bf323d..67c78a4832f 100644
--- a/etc/inc/allow-ssh.inc
+++ b/etc/inc/allow-ssh.inc
@@ -2,7 +2,7 @@
 # Persistent customizations should go in a .local file.
 include allow-ssh.local
 
-nodeny  ${HOME}/.ssh
-nodeny  /etc/ssh
-nodeny  /etc/ssh/ssh_config
-nodeny  /tmp/ssh-*
+noblacklist ${HOME}/.ssh
+noblacklist /etc/ssh
+noblacklist /etc/ssh/ssh_config
+noblacklist /tmp/ssh-*
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index 1283a3a3d32..6df0c49907e 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -5,63 +5,63 @@ include disable-common.local
 # The following block breaks trash functionality in file managers
 #read-only ${HOME}/.local
 #read-write ${HOME}/.local/share
-deny  ${HOME}/.local/share/Trash
+blacklist ${HOME}/.local/share/Trash
 
 # History files in $HOME and clipboard managers
-deny-nolog  ${HOME}/.*_history
-deny-nolog  ${HOME}/.adobe
-deny-nolog  ${HOME}/.cache/greenclip*
-deny-nolog  ${HOME}/.histfile
-deny-nolog  ${HOME}/.history
-deny-nolog  ${HOME}/.kde/share/apps/klipper
-deny-nolog  ${HOME}/.kde4/share/apps/klipper
-deny-nolog  ${HOME}/.local/share/fish/fish_history
-deny-nolog  ${HOME}/.local/share/klipper
-deny-nolog  ${HOME}/.macromedia
-deny-nolog  ${HOME}/.mupdf.history
-deny-nolog  ${HOME}/.python-history
-deny-nolog  ${HOME}/.python_history
-deny-nolog  ${HOME}/.pythonhist
-deny-nolog  ${HOME}/.lesshst
-deny-nolog  ${HOME}/.viminfo
-deny-nolog  /tmp/clipmenu*
+blacklist-nolog ${HOME}/.*_history
+blacklist-nolog ${HOME}/.adobe
+blacklist-nolog ${HOME}/.cache/greenclip*
+blacklist-nolog ${HOME}/.histfile
+blacklist-nolog ${HOME}/.history
+blacklist-nolog ${HOME}/.kde/share/apps/klipper
+blacklist-nolog ${HOME}/.kde4/share/apps/klipper
+blacklist-nolog ${HOME}/.local/share/fish/fish_history
+blacklist-nolog ${HOME}/.local/share/klipper
+blacklist-nolog ${HOME}/.macromedia
+blacklist-nolog ${HOME}/.mupdf.history
+blacklist-nolog ${HOME}/.python-history
+blacklist-nolog ${HOME}/.python_history
+blacklist-nolog ${HOME}/.pythonhist
+blacklist-nolog ${HOME}/.lesshst
+blacklist-nolog ${HOME}/.viminfo
+blacklist-nolog /tmp/clipmenu*
 
 # X11 session autostart
 # blacklist ${HOME}/.xpra - this will kill --x11=xpra cmdline option for all programs
-deny  ${HOME}/.Xsession
-deny  ${HOME}/.blackbox
-deny  ${HOME}/.config/autostart
-deny  ${HOME}/.config/autostart-scripts
-deny  ${HOME}/.config/awesome
-deny  ${HOME}/.config/i3
-deny  ${HOME}/.config/sway
-deny  ${HOME}/.config/lxsession/LXDE/autostart
-deny  ${HOME}/.config/openbox
-deny  ${HOME}/.config/plasma-workspace
-deny  ${HOME}/.config/startupconfig
-deny  ${HOME}/.config/startupconfigkeys
-deny  ${HOME}/.fluxbox
-deny  ${HOME}/.gnomerc
-deny  ${HOME}/.kde/Autostart
-deny  ${HOME}/.kde/env
-deny  ${HOME}/.kde/share/autostart
-deny  ${HOME}/.kde/share/config/startupconfig
-deny  ${HOME}/.kde/share/config/startupconfigkeys
-deny  ${HOME}/.kde/shutdown
-deny  ${HOME}/.kde4/env
-deny  ${HOME}/.kde4/Autostart
-deny  ${HOME}/.kde4/share/autostart
-deny  ${HOME}/.kde4/shutdown
-deny  ${HOME}/.kde4/share/config/startupconfig
-deny  ${HOME}/.kde4/share/config/startupconfigkeys
-deny  ${HOME}/.local/share/autostart
-deny  ${HOME}/.xinitrc
-deny  ${HOME}/.xprofile
-deny  ${HOME}/.xserverrc
-deny  ${HOME}/.xsession
-deny  ${HOME}/.xsessionrc
-deny  /etc/X11/Xsession.d
-deny  /etc/xdg/autostart
+blacklist ${HOME}/.Xsession
+blacklist ${HOME}/.blackbox
+blacklist ${HOME}/.config/autostart
+blacklist ${HOME}/.config/autostart-scripts
+blacklist ${HOME}/.config/awesome
+blacklist ${HOME}/.config/i3
+blacklist ${HOME}/.config/sway
+blacklist ${HOME}/.config/lxsession/LXDE/autostart
+blacklist ${HOME}/.config/openbox
+blacklist ${HOME}/.config/plasma-workspace
+blacklist ${HOME}/.config/startupconfig
+blacklist ${HOME}/.config/startupconfigkeys
+blacklist ${HOME}/.fluxbox
+blacklist ${HOME}/.gnomerc
+blacklist ${HOME}/.kde/Autostart
+blacklist ${HOME}/.kde/env
+blacklist ${HOME}/.kde/share/autostart
+blacklist ${HOME}/.kde/share/config/startupconfig
+blacklist ${HOME}/.kde/share/config/startupconfigkeys
+blacklist ${HOME}/.kde/shutdown
+blacklist ${HOME}/.kde4/env
+blacklist ${HOME}/.kde4/Autostart
+blacklist ${HOME}/.kde4/share/autostart
+blacklist ${HOME}/.kde4/shutdown
+blacklist ${HOME}/.kde4/share/config/startupconfig
+blacklist ${HOME}/.kde4/share/config/startupconfigkeys
+blacklist ${HOME}/.local/share/autostart
+blacklist ${HOME}/.xinitrc
+blacklist ${HOME}/.xprofile
+blacklist ${HOME}/.xserverrc
+blacklist ${HOME}/.xsession
+blacklist ${HOME}/.xsessionrc
+blacklist /etc/X11/Xsession.d
+blacklist /etc/xdg/autostart
 read-only ${HOME}/.Xauthority
 
 # Session manager
@@ -70,46 +70,46 @@ read-only ${HOME}/.Xauthority
 #?HAS_X11: blacklist /tmp/.ICE-unix
 
 # KDE config
-deny  ${HOME}/.cache/konsole
-deny  ${HOME}/.config/khotkeysrc
-deny  ${HOME}/.config/krunnerrc
-deny  ${HOME}/.config/kscreenlockerrc
-deny  ${HOME}/.config/ksslcertificatemanager
-deny  ${HOME}/.config/kwalletrc
-deny  ${HOME}/.config/kwinrc
-deny  ${HOME}/.config/kwinrulesrc
-deny  ${HOME}/.config/plasma-locale-settings.sh
-deny  ${HOME}/.config/plasma-org.kde.plasma.desktop-appletsrc
-deny  ${HOME}/.config/plasmashellrc
-deny  ${HOME}/.config/plasmavaultrc
-deny  ${HOME}/.kde/share/apps/kwin
-deny  ${HOME}/.kde/share/apps/plasma
-deny  ${HOME}/.kde/share/apps/solid
-deny  ${HOME}/.kde/share/config/khotkeysrc
-deny  ${HOME}/.kde/share/config/krunnerrc
-deny  ${HOME}/.kde/share/config/kscreensaverrc
-deny  ${HOME}/.kde/share/config/ksslcertificatemanager
-deny  ${HOME}/.kde/share/config/kwalletrc
-deny  ${HOME}/.kde/share/config/kwinrc
-deny  ${HOME}/.kde/share/config/kwinrulesrc
-deny  ${HOME}/.kde/share/config/plasma-desktop-appletsrc
-deny  ${HOME}/.kde4/share/apps/kwin
-deny  ${HOME}/.kde4/share/apps/plasma
-deny  ${HOME}/.kde4/share/apps/solid
-deny  ${HOME}/.kde4/share/config/khotkeysrc
-deny  ${HOME}/.kde4/share/config/krunnerrc
-deny  ${HOME}/.kde4/share/config/kscreensaverrc
-deny  ${HOME}/.kde4/share/config/ksslcertificatemanager
-deny  ${HOME}/.kde4/share/config/kwalletrc
-deny  ${HOME}/.kde4/share/config/kwinrc
-deny  ${HOME}/.kde4/share/config/kwinrulesrc
-deny  ${HOME}/.kde4/share/config/plasma-desktop-appletsrc
-deny  ${HOME}/.local/share/kglobalaccel
-deny  ${HOME}/.local/share/kwin
-deny  ${HOME}/.local/share/plasma
-deny  ${HOME}/.local/share/plasmashell
-deny  ${HOME}/.local/share/solid
-deny  /tmp/konsole-*.history
+blacklist ${HOME}/.cache/konsole
+blacklist ${HOME}/.config/khotkeysrc
+blacklist ${HOME}/.config/krunnerrc
+blacklist ${HOME}/.config/kscreenlockerrc
+blacklist ${HOME}/.config/ksslcertificatemanager
+blacklist ${HOME}/.config/kwalletrc
+blacklist ${HOME}/.config/kwinrc
+blacklist ${HOME}/.config/kwinrulesrc
+blacklist ${HOME}/.config/plasma-locale-settings.sh
+blacklist ${HOME}/.config/plasma-org.kde.plasma.desktop-appletsrc
+blacklist ${HOME}/.config/plasmashellrc
+blacklist ${HOME}/.config/plasmavaultrc
+blacklist ${HOME}/.kde/share/apps/kwin
+blacklist ${HOME}/.kde/share/apps/plasma
+blacklist ${HOME}/.kde/share/apps/solid
+blacklist ${HOME}/.kde/share/config/khotkeysrc
+blacklist ${HOME}/.kde/share/config/krunnerrc
+blacklist ${HOME}/.kde/share/config/kscreensaverrc
+blacklist ${HOME}/.kde/share/config/ksslcertificatemanager
+blacklist ${HOME}/.kde/share/config/kwalletrc
+blacklist ${HOME}/.kde/share/config/kwinrc
+blacklist ${HOME}/.kde/share/config/kwinrulesrc
+blacklist ${HOME}/.kde/share/config/plasma-desktop-appletsrc
+blacklist ${HOME}/.kde4/share/apps/kwin
+blacklist ${HOME}/.kde4/share/apps/plasma
+blacklist ${HOME}/.kde4/share/apps/solid
+blacklist ${HOME}/.kde4/share/config/khotkeysrc
+blacklist ${HOME}/.kde4/share/config/krunnerrc
+blacklist ${HOME}/.kde4/share/config/kscreensaverrc
+blacklist ${HOME}/.kde4/share/config/ksslcertificatemanager
+blacklist ${HOME}/.kde4/share/config/kwalletrc
+blacklist ${HOME}/.kde4/share/config/kwinrc
+blacklist ${HOME}/.kde4/share/config/kwinrulesrc
+blacklist ${HOME}/.kde4/share/config/plasma-desktop-appletsrc
+blacklist ${HOME}/.local/share/kglobalaccel
+blacklist ${HOME}/.local/share/kwin
+blacklist ${HOME}/.local/share/plasma
+blacklist ${HOME}/.local/share/plasmashell
+blacklist ${HOME}/.local/share/solid
+blacklist /tmp/konsole-*.history
 read-only ${HOME}/.cache/ksycoca5_*
 read-only ${HOME}/.config/*notifyrc
 read-only ${HOME}/.config/kdeglobals
@@ -138,139 +138,139 @@ read-only ${HOME}/.local/share/kservices5
 read-only ${HOME}/.local/share/kssl
 
 # KDE sockets
-deny  ${RUNUSER}/*.slave-socket
-deny  ${RUNUSER}/kdeinit5__*
-deny  ${RUNUSER}/kdesud_*
+blacklist ${RUNUSER}/*.slave-socket
+blacklist ${RUNUSER}/kdeinit5__*
+blacklist ${RUNUSER}/kdesud_*
 # see #3358
 #?HAS_NODBUS: blacklist ${RUNUSER}/ksocket-*
 #?HAS_NODBUS: blacklist /tmp/ksocket-*
 
 # gnome
 # contains extensions, last used times of applications, and notifications
-deny  ${HOME}/.local/share/gnome-shell
+blacklist ${HOME}/.local/share/gnome-shell
 # contains recently used files and serials of static/removable storage
-deny  ${HOME}/.local/share/gvfs-metadata
+blacklist ${HOME}/.local/share/gvfs-metadata
 # no direct modification of dconf database
 read-only ${HOME}/.config/dconf
-deny  ${RUNUSER}/gnome-session-leader-fifo
-deny  ${RUNUSER}/gnome-shell
-deny  ${RUNUSER}/gsconnect
+blacklist ${RUNUSER}/gnome-session-leader-fifo
+blacklist ${RUNUSER}/gnome-shell
+blacklist ${RUNUSER}/gsconnect
 
 # systemd
-deny  ${HOME}/.config/systemd
-deny  ${HOME}/.local/share/systemd
-deny  /var/lib/systemd
-deny  ${PATH}/systemd-run
-deny  ${RUNUSER}/systemd
-deny  ${PATH}/systemctl
-deny  /etc/systemd/system
-deny  /etc/systemd/network
+blacklist ${HOME}/.config/systemd
+blacklist ${HOME}/.local/share/systemd
+blacklist /var/lib/systemd
+blacklist ${PATH}/systemd-run
+blacklist ${RUNUSER}/systemd
+blacklist ${PATH}/systemctl
+blacklist /etc/systemd/system
+blacklist /etc/systemd/network
 # creates problems on Arch where /etc/resolv.conf is a symlink to /var/run/systemd/resolve/resolv.conf
 #blacklist /var/run/systemd
 
 # openrc
-deny  /etc/runlevels/
-deny  /etc/init.d/
-deny  /etc/rc.conf
+blacklist /etc/runlevels/
+blacklist /etc/init.d/
+blacklist /etc/rc.conf
 
 # VirtualBox
-deny  ${HOME}/.VirtualBox
-deny  ${HOME}/.config/VirtualBox
-deny  ${HOME}/VirtualBox VMs
+blacklist ${HOME}/.VirtualBox
+blacklist ${HOME}/.config/VirtualBox
+blacklist ${HOME}/VirtualBox VMs
 
 # GNOME Boxes
-deny  ${HOME}/.config/gnome-boxes
-deny  ${HOME}/.local/share/gnome-boxes
+blacklist ${HOME}/.config/gnome-boxes
+blacklist ${HOME}/.local/share/gnome-boxes
 
 # libvirt
-deny  ${HOME}/.cache/libvirt
-deny  ${HOME}/.config/libvirt
-deny  ${RUNUSER}/libvirt
-deny  /var/cache/libvirt
-deny  /var/lib/libvirt
-deny  /var/log/libvirt
+blacklist ${HOME}/.cache/libvirt
+blacklist ${HOME}/.config/libvirt
+blacklist ${RUNUSER}/libvirt
+blacklist /var/cache/libvirt
+blacklist /var/lib/libvirt
+blacklist /var/log/libvirt
 
 # OCI-Containers / Podman
-deny  ${RUNUSER}/containers
-deny  ${RUNUSER}/crun
-deny  ${RUNUSER}/libpod
-deny  ${RUNUSER}/runc
-deny  ${RUNUSER}/toolbox
+blacklist ${RUNUSER}/containers
+blacklist ${RUNUSER}/crun
+blacklist ${RUNUSER}/libpod
+blacklist ${RUNUSER}/runc
+blacklist ${RUNUSER}/toolbox
 
 # VeraCrypt
-deny  ${HOME}/.VeraCrypt
-deny  ${PATH}/veracrypt
-deny  ${PATH}/veracrypt-uninstall.sh
-deny  /usr/share/applications/veracrypt.*
-deny  /usr/share/pixmaps/veracrypt.*
-deny  /usr/share/veracrypt
+blacklist ${HOME}/.VeraCrypt
+blacklist ${PATH}/veracrypt
+blacklist ${PATH}/veracrypt-uninstall.sh
+blacklist /usr/share/applications/veracrypt.*
+blacklist /usr/share/pixmaps/veracrypt.*
+blacklist /usr/share/veracrypt
 
 # TrueCrypt
-deny  ${HOME}/.TrueCrypt
-deny  ${PATH}/truecrypt
-deny  ${PATH}/truecrypt-uninstall.sh
-deny  /usr/share/applications/truecrypt.*
-deny  /usr/share/pixmaps/truecrypt.*
-deny  /usr/share/truecrypt
+blacklist ${HOME}/.TrueCrypt
+blacklist ${PATH}/truecrypt
+blacklist ${PATH}/truecrypt-uninstall.sh
+blacklist /usr/share/applications/truecrypt.*
+blacklist /usr/share/pixmaps/truecrypt.*
+blacklist /usr/share/truecrypt
 
 # zuluCrypt
-deny  ${HOME}/.zuluCrypt
-deny  ${HOME}/.zuluCrypt-socket
-deny  ${PATH}/zuluCrypt-cli
-deny  ${PATH}/zuluMount-cli
+blacklist ${HOME}/.zuluCrypt
+blacklist ${HOME}/.zuluCrypt-socket
+blacklist ${PATH}/zuluCrypt-cli
+blacklist ${PATH}/zuluMount-cli
 
 # var
-deny  /var/cache/apt
-deny  /var/cache/pacman
-deny  /var/lib/apt
-deny  /var/lib/clamav
-deny  /var/lib/dkms
-deny  /var/lib/mysql/mysql.sock
-deny  /var/lib/mysqld/mysql.sock
-deny  /var/lib/pacman
-deny  /var/lib/upower
+blacklist /var/cache/apt
+blacklist /var/cache/pacman
+blacklist /var/lib/apt
+blacklist /var/lib/clamav
+blacklist /var/lib/dkms
+blacklist /var/lib/mysql/mysql.sock
+blacklist /var/lib/mysqld/mysql.sock
+blacklist /var/lib/pacman
+blacklist /var/lib/upower
 # blacklist /var/log - a virtual /var/log directory (mostly empty) is build up by default for
 # every sandbox, unless --writable-var-log switch is activated
-deny  /var/mail
-deny  /var/opt
-deny  /var/run/acpid.socket
-deny  /var/run/docker.sock
-deny  /var/run/minissdpd.sock
-deny  /var/run/mysql/mysqld.sock
-deny  /var/run/mysqld/mysqld.sock
-deny  /var/run/rpcbind.sock
-deny  /var/run/screens
-deny  /var/spool/anacron
-deny  /var/spool/cron
-deny  /var/spool/mail
+blacklist /var/mail
+blacklist /var/opt
+blacklist /var/run/acpid.socket
+blacklist /var/run/docker.sock
+blacklist /var/run/minissdpd.sock
+blacklist /var/run/mysql/mysqld.sock
+blacklist /var/run/mysqld/mysqld.sock
+blacklist /var/run/rpcbind.sock
+blacklist /var/run/screens
+blacklist /var/spool/anacron
+blacklist /var/spool/cron
+blacklist /var/spool/mail
 
 # etc
-deny  /etc/anacrontab
-deny  /etc/cron*
-deny  /etc/profile.d
-deny  /etc/rc.local
+blacklist /etc/anacrontab
+blacklist /etc/cron*
+blacklist /etc/profile.d
+blacklist /etc/rc.local
 # rc1.d, rc2.d, ...
-deny  /etc/rc?.d
-deny  /etc/kernel*
-deny  /etc/grub*
-deny  /etc/dkms
-deny  /etc/apparmor*
-deny  /etc/selinux
-deny  /etc/modules*
-deny  /etc/logrotate*
-deny  /etc/adduser.conf
+blacklist /etc/rc?.d
+blacklist /etc/kernel*
+blacklist /etc/grub*
+blacklist /etc/dkms
+blacklist /etc/apparmor*
+blacklist /etc/selinux
+blacklist /etc/modules*
+blacklist /etc/logrotate*
+blacklist /etc/adduser.conf
 
 # hide config for various intrusion detection systems
-deny  /etc/rkhunter.conf
-deny  /var/lib/rkhunter
-deny  /etc/chkrootkit.conf
-deny  /etc/lynis
-deny  /etc/aide
-deny  /etc/logcheck
-deny  /etc/tripwire
-deny  /etc/snort
-deny  /etc/fail2ban.conf
-deny  /etc/suricata
+blacklist /etc/rkhunter.conf
+blacklist /var/lib/rkhunter
+blacklist /etc/chkrootkit.conf
+blacklist /etc/lynis
+blacklist /etc/aide
+blacklist /etc/logcheck
+blacklist /etc/tripwire
+blacklist /etc/snort
+blacklist /etc/fail2ban.conf
+blacklist /etc/suricata
 
 # Startup files
 read-only ${HOME}/.antigen
@@ -307,13 +307,13 @@ read-only ${HOME}/.zshrc
 read-only ${HOME}/.zshrc.local
 
 # Remote access
-deny  ${HOME}/.rhosts
-deny  ${HOME}/.shosts
-deny  ${HOME}/.ssh/authorized_keys
-deny  ${HOME}/.ssh/authorized_keys2
-deny  ${HOME}/.ssh/environment
-deny  ${HOME}/.ssh/rc
-deny  /etc/hosts.equiv
+blacklist ${HOME}/.rhosts
+blacklist ${HOME}/.shosts
+blacklist ${HOME}/.ssh/authorized_keys
+blacklist ${HOME}/.ssh/authorized_keys2
+blacklist ${HOME}/.ssh/environment
+blacklist ${HOME}/.ssh/rc
+blacklist /etc/hosts.equiv
 read-only ${HOME}/.ssh/config
 read-only ${HOME}/.ssh/config.d
 
@@ -374,200 +374,200 @@ read-only ${HOME}/.local/share/mime
 read-only ${HOME}/.local/share/thumbnailers
 
 # prevent access to ssh-agent
-deny  /tmp/ssh-*
+blacklist /tmp/ssh-*
 
 # top secret
-deny  ${HOME}/*.kdb
-deny  ${HOME}/*.kdbx
-deny  ${HOME}/*.key
-deny  ${HOME}/.Private
-deny  ${HOME}/.caff
-deny  ${HOME}/.cargo/credentials
-deny  ${HOME}/.cargo/credentials.toml
-deny  ${HOME}/.cert
-deny  ${HOME}/.config/keybase
-deny  ${HOME}/.davfs2/secrets
-deny  ${HOME}/.ecryptfs
-deny  ${HOME}/.fetchmailrc
-deny  ${HOME}/.fscrypt
-deny  ${HOME}/.git-credential-cache
-deny  ${HOME}/.git-credentials
-deny  ${HOME}/.gnome2/keyrings
-deny  ${HOME}/.gnupg
-deny  ${HOME}/.config/hub
-deny  ${HOME}/.kde/share/apps/kwallet
-deny  ${HOME}/.kde4/share/apps/kwallet
-deny  ${HOME}/.local/share/keyrings
-deny  ${HOME}/.local/share/kwalletd
-deny  ${HOME}/.local/share/plasma-vault
-deny  ${HOME}/.msmtprc
-deny  ${HOME}/.mutt
-deny  ${HOME}/.muttrc
-deny  ${HOME}/.netrc
-deny  ${HOME}/.nyx
-deny  ${HOME}/.pki
-deny  ${HOME}/.local/share/pki
-deny  ${HOME}/.smbcredentials
-deny  ${HOME}/.ssh
-deny  ${HOME}/.vaults
-deny  /.fscrypt
-deny  /etc/davfs2/secrets
-deny  /etc/group+
-deny  /etc/group-
-deny  /etc/gshadow
-deny  /etc/gshadow+
-deny  /etc/gshadow-
-deny  /etc/passwd+
-deny  /etc/passwd-
-deny  /etc/shadow
-deny  /etc/shadow+
-deny  /etc/shadow-
-deny  /etc/ssh
-deny  /etc/ssh/*
-deny  /home/.ecryptfs
-deny  /home/.fscrypt
-deny  /var/backup
+blacklist ${HOME}/*.kdb
+blacklist ${HOME}/*.kdbx
+blacklist ${HOME}/*.key
+blacklist ${HOME}/.Private
+blacklist ${HOME}/.caff
+blacklist ${HOME}/.cargo/credentials
+blacklist ${HOME}/.cargo/credentials.toml
+blacklist ${HOME}/.cert
+blacklist ${HOME}/.config/keybase
+blacklist ${HOME}/.davfs2/secrets
+blacklist ${HOME}/.ecryptfs
+blacklist ${HOME}/.fetchmailrc
+blacklist ${HOME}/.fscrypt
+blacklist ${HOME}/.git-credential-cache
+blacklist ${HOME}/.git-credentials
+blacklist ${HOME}/.gnome2/keyrings
+blacklist ${HOME}/.gnupg
+blacklist ${HOME}/.config/hub
+blacklist ${HOME}/.kde/share/apps/kwallet
+blacklist ${HOME}/.kde4/share/apps/kwallet
+blacklist ${HOME}/.local/share/keyrings
+blacklist ${HOME}/.local/share/kwalletd
+blacklist ${HOME}/.local/share/plasma-vault
+blacklist ${HOME}/.msmtprc
+blacklist ${HOME}/.mutt
+blacklist ${HOME}/.muttrc
+blacklist ${HOME}/.netrc
+blacklist ${HOME}/.nyx
+blacklist ${HOME}/.pki
+blacklist ${HOME}/.local/share/pki
+blacklist ${HOME}/.smbcredentials
+blacklist ${HOME}/.ssh
+blacklist ${HOME}/.vaults
+blacklist /.fscrypt
+blacklist /etc/davfs2/secrets
+blacklist /etc/group+
+blacklist /etc/group-
+blacklist /etc/gshadow
+blacklist /etc/gshadow+
+blacklist /etc/gshadow-
+blacklist /etc/passwd+
+blacklist /etc/passwd-
+blacklist /etc/shadow
+blacklist /etc/shadow+
+blacklist /etc/shadow-
+blacklist /etc/ssh
+blacklist /etc/ssh/*
+blacklist /home/.ecryptfs
+blacklist /home/.fscrypt
+blacklist /var/backup
 
 # cloud provider configuration
-deny  ${HOME}/.aws
-deny  ${HOME}/.boto
-deny  ${HOME}/.config/gcloud
-deny  ${HOME}/.kube
-deny  ${HOME}/.passwd-s3fs
-deny  ${HOME}/.s3cmd
-deny  /etc/boto.cfg
+blacklist ${HOME}/.aws
+blacklist ${HOME}/.boto
+blacklist ${HOME}/.config/gcloud
+blacklist ${HOME}/.kube
+blacklist ${HOME}/.passwd-s3fs
+blacklist ${HOME}/.s3cmd
+blacklist /etc/boto.cfg
 
 # system directories
-deny  /sbin
-deny  /usr/local/sbin
-deny  /usr/sbin
+blacklist /sbin
+blacklist /usr/local/sbin
+blacklist /usr/sbin
 
 # system management
-deny  ${PATH}/at
-deny  ${PATH}/busybox
-deny  ${PATH}/chage
-deny  ${PATH}/chfn
-deny  ${PATH}/chsh
-deny  ${PATH}/crontab
-deny  ${PATH}/evtest
-deny  ${PATH}/expiry
-deny  ${PATH}/fusermount
-deny  ${PATH}/gksu
-deny  ${PATH}/gksudo
-deny  ${PATH}/gpasswd
-deny  ${PATH}/kdesudo
-deny  ${PATH}/ksu
-deny  ${PATH}/mount
-deny  ${PATH}/mount.ecryptfs_private
-deny  ${PATH}/nc
-deny  ${PATH}/ncat
-deny  ${PATH}/nmap
-deny  ${PATH}/newgidmap
-deny  ${PATH}/newgrp
-deny  ${PATH}/newuidmap
-deny  ${PATH}/ntfs-3g
-deny  ${PATH}/pkexec
-deny  ${PATH}/procmail
-deny  ${PATH}/sg
-deny  ${PATH}/strace
-deny  ${PATH}/su
-deny  ${PATH}/sudo
-deny  ${PATH}/tcpdump
-deny  ${PATH}/umount
-deny  ${PATH}/unix_chkpwd
-deny  ${PATH}/xev
-deny  ${PATH}/xinput
+blacklist ${PATH}/at
+blacklist ${PATH}/busybox
+blacklist ${PATH}/chage
+blacklist ${PATH}/chfn
+blacklist ${PATH}/chsh
+blacklist ${PATH}/crontab
+blacklist ${PATH}/evtest
+blacklist ${PATH}/expiry
+blacklist ${PATH}/fusermount
+blacklist ${PATH}/gksu
+blacklist ${PATH}/gksudo
+blacklist ${PATH}/gpasswd
+blacklist ${PATH}/kdesudo
+blacklist ${PATH}/ksu
+blacklist ${PATH}/mount
+blacklist ${PATH}/mount.ecryptfs_private
+blacklist ${PATH}/nc
+blacklist ${PATH}/ncat
+blacklist ${PATH}/nmap
+blacklist ${PATH}/newgidmap
+blacklist ${PATH}/newgrp
+blacklist ${PATH}/newuidmap
+blacklist ${PATH}/ntfs-3g
+blacklist ${PATH}/pkexec
+blacklist ${PATH}/procmail
+blacklist ${PATH}/sg
+blacklist ${PATH}/strace
+blacklist ${PATH}/su
+blacklist ${PATH}/sudo
+blacklist ${PATH}/tcpdump
+blacklist ${PATH}/umount
+blacklist ${PATH}/unix_chkpwd
+blacklist ${PATH}/xev
+blacklist ${PATH}/xinput
 
 # other SUID binaries
-deny  /usr/lib/virtualbox
-deny  /usr/lib64/virtualbox
+blacklist /usr/lib/virtualbox
+blacklist /usr/lib64/virtualbox
 
 # prevent lxterminal connecting to an existing lxterminal session
-deny  /tmp/.lxterminal-socket*
+blacklist /tmp/.lxterminal-socket*
 # prevent tmux connecting to an existing session
-deny  /tmp/tmux-*
+blacklist /tmp/tmux-*
 
 # disable terminals running as server resulting in sandbox escape
-deny  ${PATH}/lxterminal
-deny  ${PATH}/gnome-terminal
-deny  ${PATH}/gnome-terminal.wrapper
-deny  ${PATH}/lilyterm
-deny  ${PATH}/mate-terminal
-deny  ${PATH}/mate-terminal.wrapper
-deny  ${PATH}/pantheon-terminal
-deny  ${PATH}/roxterm
-deny  ${PATH}/roxterm-config
-deny  ${PATH}/terminix
-deny  ${PATH}/tilix
-deny  ${PATH}/urxvtc
-deny  ${PATH}/urxvtcd
-deny  ${PATH}/xfce4-terminal
-deny  ${PATH}/xfce4-terminal.wrapper
+blacklist ${PATH}/lxterminal
+blacklist ${PATH}/gnome-terminal
+blacklist ${PATH}/gnome-terminal.wrapper
+blacklist ${PATH}/lilyterm
+blacklist ${PATH}/mate-terminal
+blacklist ${PATH}/mate-terminal.wrapper
+blacklist ${PATH}/pantheon-terminal
+blacklist ${PATH}/roxterm
+blacklist ${PATH}/roxterm-config
+blacklist ${PATH}/terminix
+blacklist ${PATH}/tilix
+blacklist ${PATH}/urxvtc
+blacklist ${PATH}/urxvtcd
+blacklist ${PATH}/xfce4-terminal
+blacklist ${PATH}/xfce4-terminal.wrapper
 # blacklist ${PATH}/konsole
 # konsole doesn't seem to have this problem - last tested on Ubuntu 16.04
 
 # kernel files
-deny  /initrd*
-deny  /vmlinuz*
+blacklist /initrd*
+blacklist /vmlinuz*
 
 # snapshot files
-deny  /.snapshots
+blacklist /.snapshots
 
 # flatpak
-deny  ${HOME}/.cache/flatpak
-deny  ${HOME}/.config/flatpak
-nodeny  ${HOME}/.local/share/flatpak/exports
+blacklist ${HOME}/.cache/flatpak
+blacklist ${HOME}/.config/flatpak
+noblacklist ${HOME}/.local/share/flatpak/exports
 read-only ${HOME}/.local/share/flatpak/exports
-deny  ${HOME}/.local/share/flatpak/*
-deny  ${HOME}/.var
-deny  ${RUNUSER}/app
-deny  ${RUNUSER}/doc
-deny  ${RUNUSER}/.dbus-proxy
-deny  ${RUNUSER}/.flatpak
-deny  ${RUNUSER}/.flatpak-cache
-deny  ${RUNUSER}/.flatpak-helper
-deny  /usr/share/flatpak
-nodeny  /var/lib/flatpak/exports
-deny  /var/lib/flatpak/*
+blacklist ${HOME}/.local/share/flatpak/*
+blacklist ${HOME}/.var
+blacklist ${RUNUSER}/app
+blacklist ${RUNUSER}/doc
+blacklist ${RUNUSER}/.dbus-proxy
+blacklist ${RUNUSER}/.flatpak
+blacklist ${RUNUSER}/.flatpak-cache
+blacklist ${RUNUSER}/.flatpak-helper
+blacklist /usr/share/flatpak
+noblacklist /var/lib/flatpak/exports
+blacklist /var/lib/flatpak/*
 # most of the time bwrap is SUID binary
-deny  ${PATH}/bwrap
+blacklist ${PATH}/bwrap
 
 # snap
-deny  ${RUNUSER}/snapd-session-agent.socket
+blacklist ${RUNUSER}/snapd-session-agent.socket
 
 # mail directories used by mutt
-deny  ${HOME}/.Mail
-deny  ${HOME}/.mail
-deny  ${HOME}/.signature
-deny  ${HOME}/Mail
-deny  ${HOME}/mail
-deny  ${HOME}/postponed
-deny  ${HOME}/sent
+blacklist ${HOME}/.Mail
+blacklist ${HOME}/.mail
+blacklist ${HOME}/.signature
+blacklist ${HOME}/Mail
+blacklist ${HOME}/mail
+blacklist ${HOME}/postponed
+blacklist ${HOME}/sent
 
 # kernel configuration
-deny  /proc/config.gz
+blacklist /proc/config.gz
 
 # prevent DNS malware attempting to communicate with the server
 # using regular DNS tools
-deny  ${PATH}/dig
-deny  ${PATH}/dlint
-deny  ${PATH}/dns2tcp
-deny  ${PATH}/dnssec-*
-deny  ${PATH}/dnswalk
-deny  ${PATH}/drill
-deny  ${PATH}/host
-deny  ${PATH}/iodine
-deny  ${PATH}/kdig
-deny  ${PATH}/khost
-deny  ${PATH}/knsupdate
-deny  ${PATH}/ldns-*
-deny  ${PATH}/ldnsd
-deny  ${PATH}/nslookup
-deny  ${PATH}/resolvectl
-deny  ${PATH}/unbound-host
+blacklist ${PATH}/dig
+blacklist ${PATH}/dlint
+blacklist ${PATH}/dns2tcp
+blacklist ${PATH}/dnssec-*
+blacklist ${PATH}/dnswalk
+blacklist ${PATH}/drill
+blacklist ${PATH}/host
+blacklist ${PATH}/iodine
+blacklist ${PATH}/kdig
+blacklist ${PATH}/khost
+blacklist ${PATH}/knsupdate
+blacklist ${PATH}/ldns-*
+blacklist ${PATH}/ldnsd
+blacklist ${PATH}/nslookup
+blacklist ${PATH}/resolvectl
+blacklist ${PATH}/unbound-host
 
 # rest of ${RUNUSER}
-deny  ${RUNUSER}/*.lock
-deny  ${RUNUSER}/inaccessible
-deny  ${RUNUSER}/pk-debconf-socket
-deny  ${RUNUSER}/update-notifier.pid
+blacklist ${RUNUSER}/*.lock
+blacklist ${RUNUSER}/inaccessible
+blacklist ${RUNUSER}/pk-debconf-socket
+blacklist ${RUNUSER}/update-notifier.pid
diff --git a/etc/inc/disable-devel.inc b/etc/inc/disable-devel.inc
index a893eb3f37f..e74b1b40b3d 100644
--- a/etc/inc/disable-devel.inc
+++ b/etc/inc/disable-devel.inc
@@ -5,65 +5,65 @@ include disable-devel.local
 # development tools
 
 # clang/llvm
-deny  ${PATH}/clang*
-deny  ${PATH}/lldb*
-deny  ${PATH}/llvm*
+blacklist ${PATH}/clang*
+blacklist ${PATH}/lldb*
+blacklist ${PATH}/llvm*
 # see issue #2106 - it disables hardware acceleration in Firefox on Radeon GPU
 # blacklist /usr/lib/llvm*
 
 # GCC
-deny  ${PATH}/as
-deny  ${PATH}/cc
-deny  ${PATH}/c++*
-deny  ${PATH}/c8*
-deny  ${PATH}/c9*
-deny  ${PATH}/cpp*
-deny  ${PATH}/g++*
-deny  ${PATH}/gcc*
-deny  ${PATH}/gdb
-deny  ${PATH}/ld
-deny  ${PATH}/*-gcc*
-deny  ${PATH}/*-g++*
-deny  ${PATH}/*-gcc*
-deny  ${PATH}/*-g++*
+blacklist ${PATH}/as
+blacklist ${PATH}/cc
+blacklist ${PATH}/c++*
+blacklist ${PATH}/c8*
+blacklist ${PATH}/c9*
+blacklist ${PATH}/cpp*
+blacklist ${PATH}/g++*
+blacklist ${PATH}/gcc*
+blacklist ${PATH}/gdb
+blacklist ${PATH}/ld
+blacklist ${PATH}/*-gcc*
+blacklist ${PATH}/*-g++*
+blacklist ${PATH}/*-gcc*
+blacklist ${PATH}/*-g++*
 # seems to create problems on Gentoo
 #blacklist /usr/lib/gcc
 
 #Go
-deny  ${PATH}/gccgo
-deny  ${PATH}/go
-deny  ${PATH}/gofmt
+blacklist ${PATH}/gccgo
+blacklist ${PATH}/go
+blacklist ${PATH}/gofmt
 
 # Java
-deny  ${PATH}/java
-deny  ${PATH}/javac
-deny  /etc/java
-deny  /usr/lib/java
-deny  /usr/share/java
+blacklist ${PATH}/java
+blacklist ${PATH}/javac
+blacklist /etc/java
+blacklist /usr/lib/java
+blacklist /usr/share/java
 
 #OpenSSL
-deny  ${PATH}/openssl
-deny  ${PATH}/openssl-1.0
+blacklist ${PATH}/openssl
+blacklist ${PATH}/openssl-1.0
 
 #Rust
-deny  ${PATH}/rust-gdb
-deny  ${PATH}/rust-lldb
-deny  ${PATH}/rustc
-deny  ${HOME}/.rustup
+blacklist ${PATH}/rust-gdb
+blacklist ${PATH}/rust-lldb
+blacklist ${PATH}/rustc
+blacklist ${HOME}/.rustup
 
 # tcc - Tiny C Compiler
-deny  ${PATH}/tcc
-deny  ${PATH}/x86_64-tcc
-deny  /usr/lib/tcc
+blacklist ${PATH}/tcc
+blacklist ${PATH}/x86_64-tcc
+blacklist /usr/lib/tcc
 
 # Valgrind
-deny  ${PATH}/valgrind*
-deny  /usr/lib/valgrind
+blacklist ${PATH}/valgrind*
+blacklist /usr/lib/valgrind
 
 
 # Source-Code
 
-deny  /usr/src
-deny  /usr/local/src
-deny  /usr/include
-deny  /usr/local/include
+blacklist /usr/src
+blacklist /usr/local/src
+blacklist /usr/include
+blacklist /usr/local/include
diff --git a/etc/inc/disable-interpreters.inc b/etc/inc/disable-interpreters.inc
index c77d9a490ce..5d8a236fbf8 100644
--- a/etc/inc/disable-interpreters.inc
+++ b/etc/inc/disable-interpreters.inc
@@ -3,66 +3,66 @@
 include disable-interpreters.local
 
 # gjs
-deny  ${PATH}/gjs
-deny  ${PATH}/gjs-console
-deny  /usr/lib/gjs
-deny  /usr/lib/libgjs*
-deny  /usr/lib64/gjs
-deny  /usr/lib64/libgjs*
+blacklist ${PATH}/gjs
+blacklist ${PATH}/gjs-console
+blacklist /usr/lib/gjs
+blacklist /usr/lib/libgjs*
+blacklist /usr/lib64/gjs
+blacklist /usr/lib64/libgjs*
 
 # Lua
-deny  ${PATH}/lua*
-deny  /usr/include/lua*
-deny  /usr/lib/liblua*
-deny  /usr/lib/lua
-deny  /usr/lib64/liblua*
-deny  /usr/lib64/lua
-deny  /usr/share/lua*
+blacklist ${PATH}/lua*
+blacklist /usr/include/lua*
+blacklist /usr/lib/liblua*
+blacklist /usr/lib/lua
+blacklist /usr/lib64/liblua*
+blacklist /usr/lib64/lua
+blacklist /usr/share/lua*
 
 # mozjs
-deny  /usr/lib/libmozjs-*
-deny  /usr/lib64/libmozjs-*
+blacklist /usr/lib/libmozjs-*
+blacklist /usr/lib64/libmozjs-*
 
 # Node.js
-deny  ${PATH}/node
-deny  /usr/include/node
+blacklist ${PATH}/node
+blacklist /usr/include/node
 
 # nvm
-deny  ${HOME}/.nvm
+blacklist ${HOME}/.nvm
 
 # Perl
-deny  ${PATH}/core_perl
-deny  ${PATH}/cpan*
-deny  ${PATH}/perl
-deny  ${PATH}/site_perl
-deny  ${PATH}/vendor_perl
-deny  /usr/lib/perl*
-deny  /usr/lib64/perl*
-deny  /usr/share/perl*
+blacklist ${PATH}/core_perl
+blacklist ${PATH}/cpan*
+blacklist ${PATH}/perl
+blacklist ${PATH}/site_perl
+blacklist ${PATH}/vendor_perl
+blacklist /usr/lib/perl*
+blacklist /usr/lib64/perl*
+blacklist /usr/share/perl*
 
 # PHP
-deny  ${PATH}/php*
-deny  /usr/lib/php*
-deny  /usr/share/php*
+blacklist ${PATH}/php*
+blacklist /usr/lib/php*
+blacklist /usr/share/php*
 
 # Ruby
-deny  ${PATH}/ruby
-deny  /usr/lib/ruby
+blacklist ${PATH}/ruby
+blacklist /usr/lib/ruby
 
 # Programs using python: deluge, firefox addons, filezilla, cherrytree, xchat, hexchat, libreoffice, scribus
 # Python 2
-deny  ${PATH}/python2*
-deny  /usr/include/python2*
-deny  /usr/lib/python2*
-deny  /usr/local/lib/python2*
-deny  /usr/share/python2*
+blacklist ${PATH}/python2*
+blacklist /usr/include/python2*
+blacklist /usr/lib/python2*
+blacklist /usr/local/lib/python2*
+blacklist /usr/share/python2*
 
 # You will want to add noblacklist for python3 stuff in the firefox and/or chromium profiles if you use the Gnome connector (see Issue #2026)
 
 # Python 3
-deny  ${PATH}/python3*
-deny  /usr/include/python3*
-deny  /usr/lib/python3*
-deny  /usr/lib64/python3*
-deny  /usr/local/lib/python3*
-deny  /usr/share/python3*
+blacklist ${PATH}/python3*
+blacklist /usr/include/python3*
+blacklist /usr/lib/python3*
+blacklist /usr/lib64/python3*
+blacklist /usr/local/lib/python3*
+blacklist /usr/share/python3*
diff --git a/etc/inc/disable-passwdmgr.inc b/etc/inc/disable-passwdmgr.inc
index 0a61bc46f7f..3ed9a1b14f9 100644
--- a/etc/inc/disable-passwdmgr.inc
+++ b/etc/inc/disable-passwdmgr.inc
@@ -2,18 +2,18 @@
 # Persistent customizations should go in a .local file.
 include disable-passwdmgr.local
 
-deny  ${HOME}/.config/Bitwarden
-deny  ${HOME}/.config/KeePass
-deny  ${HOME}/.config/keepass
-deny  ${HOME}/.config/keepassx
-deny  ${HOME}/.config/keepassxc
-deny  ${HOME}/.config/KeePassXCrc
-deny  ${HOME}/.config/Sinew Software Systems
-deny  ${HOME}/.fpm
-deny  ${HOME}/.keepass
-deny  ${HOME}/.keepassx
-deny  ${HOME}/.keepassxc
-deny  ${HOME}/.lastpass
-deny  ${HOME}/.local/share/KeePass
-deny  ${HOME}/.local/share/keepass
-deny  ${HOME}/.password-store
+blacklist ${HOME}/.config/Bitwarden
+blacklist ${HOME}/.config/KeePass
+blacklist ${HOME}/.config/keepass
+blacklist ${HOME}/.config/keepassx
+blacklist ${HOME}/.config/keepassxc
+blacklist ${HOME}/.config/KeePassXCrc
+blacklist ${HOME}/.config/Sinew Software Systems
+blacklist ${HOME}/.fpm
+blacklist ${HOME}/.keepass
+blacklist ${HOME}/.keepassx
+blacklist ${HOME}/.keepassxc
+blacklist ${HOME}/.lastpass
+blacklist ${HOME}/.local/share/KeePass
+blacklist ${HOME}/.local/share/keepass
+blacklist ${HOME}/.password-store
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 5fe2f8c28ef..fd907034fbc 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -2,1097 +2,1097 @@
 # Persistent customizations should go in a .local file.
 include disable-programs.local
 
-deny  ${HOME}/.*coin
-deny  ${HOME}/.8pecxstudios
-deny  ${HOME}/.AndroidStudio*
-deny  ${HOME}/.Atom
-deny  ${HOME}/.CLion*
-deny  ${HOME}/.FBReader
-deny  ${HOME}/.FontForge
-deny  ${HOME}/.IdeaIC*
-deny  ${HOME}/.LuminanceHDR
-deny  ${HOME}/.Mathematica
-deny  ${HOME}/.Natron
-deny  ${HOME}/.PlayOnLinux
-deny  ${HOME}/.PyCharm*
-deny  ${HOME}/.Sayonara
-deny  ${HOME}/.Steam
-deny  ${HOME}/.Steampath
-deny  ${HOME}/.Steampid
-deny  ${HOME}/.TelegramDesktop
-deny  ${HOME}/.VSCodium
-deny  ${HOME}/.ViberPC
-deny  ${HOME}/.VirtualBox
-deny  ${HOME}/.WebStorm*
-deny  ${HOME}/.Wolfram Research
-deny  ${HOME}/.ZAP
-deny  ${HOME}/.aMule
-deny  ${HOME}/.abook
-deny  ${HOME}/.addressbook
-deny  ${HOME}/.alpine-smime
-deny  ${HOME}/.android
-deny  ${HOME}/.anydesk
-deny  ${HOME}/.arduino15
-deny  ${HOME}/.aria2
-deny  ${HOME}/.arm
-deny  ${HOME}/.asunder_album_artist
-deny  ${HOME}/.asunder_album_genre
-deny  ${HOME}/.asunder_album_title
-deny  ${HOME}/.atom
-deny  ${HOME}/.attic
-deny  ${HOME}/.audacity-data
-deny  ${HOME}/.avidemux6
-deny  ${HOME}/.ballbuster.hs
-deny  ${HOME}/.balsa
-deny  ${HOME}/.bcast5
-deny  ${HOME}/.bibletime
-deny  ${HOME}/.bitcoin
-deny  ${HOME}/.blobby
-deny  ${HOME}/.bogofilter
-deny  ${HOME}/.bzf
-deny  ${HOME}/.cargo/*
-deny  ${HOME}/.claws-mail
-deny  ${HOME}/.cliqz
-deny  ${HOME}/.clion*
-deny  ${HOME}/.clonk
-deny  ${HOME}/.config/0ad
-deny  ${HOME}/.config/2048-qt
-deny  ${HOME}/.config/Atom
-deny  ${HOME}/.config/Audaciousrc
-deny  ${HOME}/.config/Authenticator
-deny  ${HOME}/.config/Beaker Browser
-deny  ${HOME}/.config/Bitcoin
-deny  ${HOME}/.config/Bitwarden
-deny  ${HOME}/.config/Brackets
-deny  ${HOME}/.config/BraveSoftware
-deny  ${HOME}/.config/Clementine
-deny  ${HOME}/.config/Code
-deny  ${HOME}/.config/Code - OSS
-deny  ${HOME}/.config/Code Industry
-deny  ${HOME}/.config/Cryptocat
-deny  ${HOME}/.config/Debauchee/Barrier.conf
-deny  ${HOME}/.config/Dharkael
-deny  ${HOME}/.config/ENCOM
-deny  ${HOME}/.config/Element
-deny  ${HOME}/.config/Element (Riot)
-deny  ${HOME}/.config/Enox
-deny  ${HOME}/.config/Epic
-deny  ${HOME}/.config/Ferdi
-deny  ${HOME}/.config/Flavio Tordini
-deny  ${HOME}/.config/Franz
-deny  ${HOME}/.config/FreeCAD
-deny  ${HOME}/.config/FreeTube
-deny  ${HOME}/.config/Fritzing
-deny  ${HOME}/.config/GIMP
-deny  ${HOME}/.config/GitHub Desktop
-deny  ${HOME}/.config/Gitter
-deny  ${HOME}/.config/Google
-deny  ${HOME}/.config/Google Play Music Desktop Player
-deny  ${HOME}/.config/Gpredict
-deny  ${HOME}/.config/INRIA
-deny  ${HOME}/.config/InSilmaril
-deny  ${HOME}/.config/Jitsi Meet
-deny  ${HOME}/.config/JetBrains/CLion*
-deny  ${HOME}/.config/KDE/neochat
-deny  ${HOME}/.config/Kid3
-deny  ${HOME}/.config/Kingsoft
-deny  ${HOME}/.config/LibreCAD
-deny  ${HOME}/.config/Loop_Hero
-deny  ${HOME}/.config/Luminance
-deny  ${HOME}/.config/LyX
-deny  ${HOME}/.config/Mattermost
-deny  ${HOME}/.config/Meltytech
-deny  ${HOME}/.config/Mendeley Ltd.
-deny  ${HOME}/.config/Microsoft
-deny  ${HOME}/.config/Min
-deny  ${HOME}/.config/ModTheSpire
-deny  ${HOME}/.config/Mousepad
-deny  ${HOME}/.config/Mumble
-deny  ${HOME}/.config/MusE
-deny  ${HOME}/.config/MuseScore
-deny  ${HOME}/.config/MusicBrainz
-deny  ${HOME}/.config/Nathan Osman
-deny  ${HOME}/.config/Nextcloud
-deny  ${HOME}/.config/NitroShare
-deny  ${HOME}/.config/Nylas Mail
-deny  ${HOME}/.config/PBE
-deny  ${HOME}/.config/PacmanLogViewer
-deny  ${HOME}/.config/PawelStolowski
-deny  ${HOME}/.config/Philipp Schmieder
-deny  ${HOME}/.config/Pinta
-deny  ${HOME}/.config/QGIS
-deny  ${HOME}/.config/QMediathekView
-deny  ${HOME}/.config/Qlipper
-deny  ${HOME}/.config/QuiteRss
-deny  ${HOME}/.config/QuiteRssrc
-deny  ${HOME}/.config/Quotient
-deny  ${HOME}/.config/Rambox
-deny  ${HOME}/.config/Riot
-deny  ${HOME}/.config/Rocket.Chat
-deny  ${HOME}/.config/RogueLegacy
-deny  ${HOME}/.config/RogueLegacyStorageContainer
-deny  ${HOME}/.config/Signal
-deny  ${HOME}/.config/Sinew Software Systems
-deny  ${HOME}/.config/Slack
-deny  ${HOME}/.config/Standard Notes
-deny  ${HOME}/.config/SubDownloader
-deny  ${HOME}/.config/Thunar
-deny  ${HOME}/.config/Twitch
-deny  ${HOME}/.config/Unknown Organization
-deny  ${HOME}/.config/VirtualBox
-deny  ${HOME}/.config/Whalebird
-deny  ${HOME}/.config/Wire
-deny  ${HOME}/.config/Youtube
-deny  ${HOME}/.config/ZeGrapher Project
-deny  ${HOME}/.config/Zeal
-deny  ${HOME}/.config/Zulip
-deny  ${HOME}/.config/aacs
-deny  ${HOME}/.config/abiword
-deny  ${HOME}/.config/agenda
-deny  ${HOME}/.config/akonadi*
-deny  ${HOME}/.config/akregatorrc
-deny  ${HOME}/.config/alacritty
-deny  ${HOME}/.config/ardour4
-deny  ${HOME}/.config/ardour5
-deny  ${HOME}/.config/aria2
-deny  ${HOME}/.config/arkrc
-deny  ${HOME}/.config/artha.conf
-deny  ${HOME}/.config/artha.log
-deny  ${HOME}/.config/asunder
-deny  ${HOME}/.config/atril
-deny  ${HOME}/.config/audacious
-deny  ${HOME}/.config/autokey
-deny  ${HOME}/.config/avidemux3_qt5rc
-deny  ${HOME}/.config/aweather
-deny  ${HOME}/.config/backintime
-deny  ${HOME}/.config/baloofilerc
-deny  ${HOME}/.config/baloorc
-deny  ${HOME}/.config/bcompare
-deny  ${HOME}/.config/blender
-deny  ${HOME}/.config/bless
-deny  ${HOME}/.config/bnox
-deny  ${HOME}/.config/borg
-deny  ${HOME}/.config/brasero
-deny  ${HOME}/.config/brave
-deny  ${HOME}/.config/brave-flags.conf
-deny  ${HOME}/.config/caja
-deny  ${HOME}/.config/calibre
-deny  ${HOME}/.config/cantata
-deny  ${HOME}/.config/catfish
-deny  ${HOME}/.config/cawbird
-deny  ${HOME}/.config/celluloid
-deny  ${HOME}/.config/cherrytree
-deny  ${HOME}/.config/chrome-beta-flags.conf
-deny  ${HOME}/.config/chrome-beta-flags.config
-deny  ${HOME}/.config/chrome-flags.conf
-deny  ${HOME}/.config/chrome-flags.config
-deny  ${HOME}/.config/chrome-unstable-flags.conf
-deny  ${HOME}/.config/chrome-unstable-flags.config
-deny  ${HOME}/.config/chromium
-deny  ${HOME}/.config/chromium-dev
-deny  ${HOME}/.config/chromium-flags.conf
-deny  ${HOME}/.config/clipit
-deny  ${HOME}/.config/cliqz
-deny  ${HOME}/.config/cmus
-deny  ${HOME}/.config/com.github.bleakgrey.tootle
-deny  ${HOME}/.config/corebird
-deny  ${HOME}/.config/cower
-deny  ${HOME}/.config/coyim
-deny  ${HOME}/.config/d-feet
-deny  ${HOME}/.config/darktable
-deny  ${HOME}/.config/deadbeef
-deny  ${HOME}/.config/deluge
-deny  ${HOME}/.config/devilspie2
-deny  ${HOME}/.config/digikam
-deny  ${HOME}/.config/digikamrc
-deny  ${HOME}/.config/discord
-deny  ${HOME}/.config/discordcanary
-deny  ${HOME}/.config/dkl
-deny  ${HOME}/.config/dnox
-deny  ${HOME}/.config/dolphin-emu
-deny  ${HOME}/.config/dolphinrc
-deny  ${HOME}/.config/dragonplayerrc
-deny  ${HOME}/.config/draw.io
-deny  ${HOME}/.config/electron-mail
-deny  ${HOME}/.config/emaildefaults
-deny  ${HOME}/.config/emailidentities
-deny  ${HOME}/.config/emilia
-deny  ${HOME}/.config/enchant
-deny  ${HOME}/.config/eog
-deny  ${HOME}/.config/epiphany
-deny  ${HOME}/.config/equalx
-deny  ${HOME}/.config/evince
-deny  ${HOME}/.config/evolution
-deny  ${HOME}/.config/falkon
-deny  ${HOME}/.config/filezilla
-deny  ${HOME}/.config/flameshot
-deny  ${HOME}/.config/flaska.net
-deny  ${HOME}/.config/flowblade
-deny  ${HOME}/.config/font-manager
-deny  ${HOME}/.config/freecol
-deny  ${HOME}/.config/gajim
-deny  ${HOME}/.config/galculator
-deny  ${HOME}/.config/gconf
-deny  ${HOME}/.config/geany
-deny  ${HOME}/.config/geary
-deny  ${HOME}/.config/gedit
-deny  ${HOME}/.config/geeqie
-deny  ${HOME}/.config/ghb
-deny  ${HOME}/.config/ghostwriter
-deny  ${HOME}/.config/git
-deny  ${HOME}/.config/git-cola
-deny  ${HOME}/.config/glade.conf
-deny  ${HOME}/.config/globaltime
-deny  ${HOME}/.config/gmpc
-deny  ${HOME}/.config/gnome-builder
-deny  ${HOME}/.config/gnome-chess
-deny  ${HOME}/.config/gnome-control-center
-deny  ${HOME}/.config/gnome-initial-setup-done
-deny  ${HOME}/.config/gnome-latex
-deny  ${HOME}/.config/gnome-mplayer
-deny  ${HOME}/.config/gnome-mpv
-deny  ${HOME}/.config/gnome-pie
-deny  ${HOME}/.config/gnome-session
-deny  ${HOME}/.config/gnote
-deny  ${HOME}/.config/godot
-deny  ${HOME}/.config/google-chrome
-deny  ${HOME}/.config/google-chrome-beta
-deny  ${HOME}/.config/google-chrome-unstable
-deny  ${HOME}/.config/gpicview
-deny  ${HOME}/.config/gthumb
-deny  ${HOME}/.config/gummi
-deny  ${HOME}/.config/guvcview2
-deny  ${HOME}/.config/gwenviewrc
-deny  ${HOME}/.config/hexchat
-deny  ${HOME}/.config/homebank
-deny  ${HOME}/.config/i2p
-deny  ${HOME}/.config/inkscape
-deny  ${HOME}/.config/inox
-deny  ${HOME}/.config/iridium
-deny  ${HOME}/.config/itch
-deny  ${HOME}/.config/jami
-deny  ${HOME}/.config/jd-gui.cfg
-deny  ${HOME}/.config/k3brc
-deny  ${HOME}/.config/kaffeinerc
-deny  ${HOME}/.config/kalgebrarc
-deny  ${HOME}/.config/katemetainfos
-deny  ${HOME}/.config/katepartrc
-deny  ${HOME}/.config/katerc
-deny  ${HOME}/.config/kateschemarc
-deny  ${HOME}/.config/katesyntaxhighlightingrc
-deny  ${HOME}/.config/katevirc
-deny  ${HOME}/.config/kazam
-deny  ${HOME}/.config/kdeconnect
-deny  ${HOME}/.config/kdenliverc
-deny  ${HOME}/.config/kdiff3fileitemactionrc
-deny  ${HOME}/.config/kdiff3rc
-deny  ${HOME}/.config/kfindrc
-deny  ${HOME}/.config/kgetrc
-deny  ${HOME}/.config/kid3rc
-deny  ${HOME}/.config/klavaro
-deny  ${HOME}/.config/klipperrc
-deny  ${HOME}/.config/kmail2rc
-deny  ${HOME}/.config/kmailsearchindexingrc
-deny  ${HOME}/.config/kmplayerrc
-deny  ${HOME}/.config/knotesrc
-deny  ${HOME}/.config/konversation.notifyrc
-deny  ${HOME}/.config/konversationrc
-deny  ${HOME}/.config/kritarc
-deny  ${HOME}/.config/ktorrentrc
-deny  ${HOME}/.config/ktouch2rc
-deny  ${HOME}/.config/kube
-deny  ${HOME}/.config/kwriterc
-deny  ${HOME}/.config/leafpad
-deny  ${HOME}/.config/libreoffice
-deny  ${HOME}/.config/liferea
-deny  ${HOME}/.config/linphone
-deny  ${HOME}/.config/lugaru
-deny  ${HOME}/.config/lutris
-deny  ${HOME}/.config/lximage-qt
-deny  ${HOME}/.config/mailtransports
-deny  ${HOME}/.config/mana
-deny  ${HOME}/.config/mate-calc
-deny  ${HOME}/.config/mate/eom
-deny  ${HOME}/.config/mate/mate-dictionary
-deny  ${HOME}/.config/matrix-mirage
-deny  ${HOME}/.config/mcomix
-deny  ${HOME}/.config/meld
-deny  ${HOME}/.config/menulibre.cfg
-deny  ${HOME}/.config/meteo-qt
-deny  ${HOME}/.config/mfusion
-deny  ${HOME}/.config/microsoft-edge-dev
-deny  ${HOME}/.config/midori
-deny  ${HOME}/.config/mirage
-deny  ${HOME}/.config/mono
-deny  ${HOME}/.config/mpDris2
-deny  ${HOME}/.config/mpd
-deny  ${HOME}/.config/mps-youtube
-deny  ${HOME}/.config/mpv
-deny  ${HOME}/.config/mupen64plus
-deny  ${HOME}/.config/mutt
-deny  ${HOME}/.config/mutter
-deny  ${HOME}/.config/mypaint
-deny  ${HOME}/.config/nano
-deny  ${HOME}/.config/nautilus
-deny  ${HOME}/.config/nemo
-deny  ${HOME}/.config/neochat.notifyrc
-deny  ${HOME}/.config/neochatrc
-deny  ${HOME}/.config/neomutt
-deny  ${HOME}/.config/netsurf
-deny  ${HOME}/.config/newsbeuter
-deny  ${HOME}/.config/newsboat
-deny  ${HOME}/.config/newsflash
-deny  ${HOME}/.config/nheko
-deny  ${HOME}/.config/nomacs
-deny  ${HOME}/.config/nuclear
-deny  ${HOME}/.config/obs-studio
-deny  ${HOME}/.config/okularpartrc
-deny  ${HOME}/.config/okularrc
-deny  ${HOME}/.config/onboard
-deny  ${HOME}/.config/onionshare
-deny  ${HOME}/.config/onlyoffice
-deny  ${HOME}/.config/openmw
-deny  ${HOME}/.config/opera
-deny  ${HOME}/.config/opera-beta
-deny  ${HOME}/.config/orage
-deny  ${HOME}/.config/org.gabmus.gfeeds.json
-deny  ${HOME}/.config/org.gabmus.gfeeds.saved_articles
-deny  ${HOME}/.config/org.kde.gwenviewrc
-deny  ${HOME}/.config/otter
-deny  ${HOME}/.config/pavucontrol-qt
-deny  ${HOME}/.config/pavucontrol.ini
-deny  ${HOME}/.config/pcmanfm
-deny  ${HOME}/.config/pdfmod
-deny  ${HOME}/.config/pipe-viewer
-deny  ${HOME}/.config/pitivi
-deny  ${HOME}/.config/pix
-deny  ${HOME}/.config/pluma
-deny  ${HOME}/.config/ppsspp
-deny  ${HOME}/.config/pragha
-deny  ${HOME}/.config/profanity
-deny  ${HOME}/.config/psi
-deny  ${HOME}/.config/psi+
-deny  ${HOME}/.config/qBittorrent
-deny  ${HOME}/.config/qBittorrentrc
-deny  ${HOME}/.config/qnapi.ini
-deny  ${HOME}/.config/qpdfview
-deny  ${HOME}/.config/quodlibet
-deny  ${HOME}/.config/qupzilla
-deny  ${HOME}/.config/qutebrowser
-deny  ${HOME}/.config/ranger
-deny  ${HOME}/.config/redshift
-deny  ${HOME}/.config/redshift.conf
-deny  ${HOME}/.config/remmina
-deny  ${HOME}/.config/ristretto
-deny  ${HOME}/.config/rtv
-deny  ${HOME}/.config/scribus
-deny  ${HOME}/.config/scribusrc
-deny  ${HOME}/.config/sinew.in
-deny  ${HOME}/.config/sink
-deny  ${HOME}/.config/skypeforlinux
-deny  ${HOME}/.config/slimjet
-deny  ${HOME}/.config/smplayer
-deny  ${HOME}/.config/smtube
-deny  ${HOME}/.config/smuxi
-deny  ${HOME}/.config/snox
-deny  ${HOME}/.config/sound-juicer
-deny  ${HOME}/.config/specialmailcollectionsrc
-deny  ${HOME}/.config/spectaclerc
-deny  ${HOME}/.config/spotify
-deny  ${HOME}/.config/sqlitebrowser
-deny  ${HOME}/.config/stellarium
-deny  ${HOME}/.config/straw-viewer
-deny  ${HOME}/.config/strawberry
-deny  ${HOME}/.config/supertuxkart
-deny  ${HOME}/.config/synfig
-deny  ${HOME}/.config/teams
-deny  ${HOME}/.config/teams-for-linux
-deny  ${HOME}/.config/telepathy-account-widgets
-deny  ${HOME}/.config/torbrowser
-deny  ${HOME}/.config/totem
-deny  ${HOME}/.config/tox
-deny  ${HOME}/.config/transgui
-deny  ${HOME}/.config/transmission
-deny  ${HOME}/.config/truecraft
-deny  ${HOME}/.config/tuta_integration
-deny  ${HOME}/.config/tutanota-desktop
-deny  ${HOME}/.config/tvbrowser
-deny  ${HOME}/.config/uGet
-deny  ${HOME}/.config/ungoogled-chromium
-deny  ${HOME}/.config/uzbl
-deny  ${HOME}/.config/viewnior
-deny  ${HOME}/.config/vivaldi
-deny  ${HOME}/.config/vivaldi-snapshot
-deny  ${HOME}/.config/vlc
-deny  ${HOME}/.config/wesnoth
-deny  ${HOME}/.config/wireshark
-deny  ${HOME}/.config/wormux
-deny  ${HOME}/.config/xchat
-deny  ${HOME}/.config/xed
-deny  ${HOME}/.config/xfburn
-deny  ${HOME}/.config/xfce4-dict
-deny  ${HOME}/.config/xfce4/xfce4-notes.gtkrc
-deny  ${HOME}/.config/xfce4/xfce4-notes.rc
-deny  ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
-deny  ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
-deny  ${HOME}/.config/xiaoyong
-deny  ${HOME}/.config/xmms2
-deny  ${HOME}/.config/xplayer
-deny  ${HOME}/.config/xreader
-deny  ${HOME}/.config/xviewer
-deny  ${HOME}/.config/yandex-browser
-deny  ${HOME}/.config/yandex-browser-beta
-deny  ${HOME}/.config/yelp
-deny  ${HOME}/.config/youtube-dl
-deny  ${HOME}/.config/youtube-dlg
-deny  ${HOME}/.config/youtube-music-desktop-app
-deny  ${HOME}/.config/youtube-viewer
-deny  ${HOME}/.config/youtubemusic-nativefier-040164
-deny  ${HOME}/.config/zathura
-deny  ${HOME}/.config/zoomus.conf
-deny  ${HOME}/.conkeror.mozdev.org
-deny  ${HOME}/.crawl
-deny  ${HOME}/.cups
-deny  ${HOME}/.curl-hsts
-deny  ${HOME}/.curlrc
-deny  ${HOME}/.dashcore
-deny  ${HOME}/.devilspie
-deny  ${HOME}/.dia
-deny  ${HOME}/.digrc
-deny  ${HOME}/.dillo
-deny  ${HOME}/.dooble
-deny  ${HOME}/.dosbox
-deny  ${HOME}/.dropbox*
-deny  ${HOME}/.easystroke
-deny  ${HOME}/.electron-cache
-deny  ${HOME}/.electrum*
-deny  ${HOME}/.elinks
-deny  ${HOME}/.emacs
-deny  ${HOME}/.emacs.d
-deny  ${HOME}/.equalx
-deny  ${HOME}/.ethereum
-deny  ${HOME}/.etr
-deny  ${HOME}/.filezilla
-deny  ${HOME}/.firedragon
-deny  ${HOME}/.flowblade
-deny  ${HOME}/.fltk
-deny  ${HOME}/.fossamail
-deny  ${HOME}/.freeciv
-deny  ${HOME}/.freecol
-deny  ${HOME}/.freemind
-deny  ${HOME}/.frogatto
-deny  ${HOME}/.frozen-bubble
-deny  ${HOME}/.funnyboat
-deny  ${HOME}/.gimp*
-deny  ${HOME}/.gist
-deny  ${HOME}/.gitconfig
-deny  ${HOME}/.gl-117
-deny  ${HOME}/.glaxiumrc
-deny  ${HOME}/.gnome/gnome-schedule
-deny  ${HOME}/.googleearth
-deny  ${HOME}/.gradle
-deny  ${HOME}/.gramps
-deny  ${HOME}/.guayadeque
-deny  ${HOME}/.hashcat
-deny  ${HOME}/.hedgewars
-deny  ${HOME}/.hex-a-hop
-deny  ${HOME}/.hugin
-deny  ${HOME}/.i2p
-deny  ${HOME}/.icedove
-deny  ${HOME}/.imagej
-deny  ${HOME}/.inkscape
-deny  ${HOME}/.itch
-deny  ${HOME}/.jack-server
-deny  ${HOME}/.jack-settings
-deny  ${HOME}/.jak
-deny  ${HOME}/.java
-deny  ${HOME}/.jd
-deny  ${HOME}/.jitsi
-deny  ${HOME}/.jumpnbump
-deny  ${HOME}/.kde/share/apps/digikam
-deny  ${HOME}/.kde/share/apps/gwenview
-deny  ${HOME}/.kde/share/apps/kaffeine
-deny  ${HOME}/.kde/share/apps/kcookiejar
-deny  ${HOME}/.kde/share/apps/kget
-deny  ${HOME}/.kde/share/apps/khtml
-deny  ${HOME}/.kde/share/apps/klatexformula
-deny  ${HOME}/.kde/share/apps/konqsidebartng
-deny  ${HOME}/.kde/share/apps/konqueror
-deny  ${HOME}/.kde/share/apps/kopete
-deny  ${HOME}/.kde/share/apps/ktorrent
-deny  ${HOME}/.kde/share/apps/okular
-deny  ${HOME}/.kde/share/config/baloofilerc
-deny  ${HOME}/.kde/share/config/baloorc
-deny  ${HOME}/.kde/share/config/digikam
-deny  ${HOME}/.kde/share/config/gwenviewrc
-deny  ${HOME}/.kde/share/config/k3brc
-deny  ${HOME}/.kde/share/config/kaffeinerc
-deny  ${HOME}/.kde/share/config/kcookiejarrc
-deny  ${HOME}/.kde/share/config/kfindrc
-deny  ${HOME}/.kde/share/config/kgetrc
-deny  ${HOME}/.kde/share/config/khtmlrc
-deny  ${HOME}/.kde/share/config/klipperrc
-deny  ${HOME}/.kde/share/config/kmplayerrc
-deny  ${HOME}/.kde/share/config/konq_history
-deny  ${HOME}/.kde/share/config/konqsidebartngrc
-deny  ${HOME}/.kde/share/config/konquerorrc
-deny  ${HOME}/.kde/share/config/konversationrc
-deny  ${HOME}/.kde/share/config/kopeterc
-deny  ${HOME}/.kde/share/config/ktorrentrc
-deny  ${HOME}/.kde/share/config/okularpartrc
-deny  ${HOME}/.kde/share/config/okularrc
-deny  ${HOME}/.kde4/share/apps/digikam
-deny  ${HOME}/.kde4/share/apps/gwenview
-deny  ${HOME}/.kde4/share/apps/kaffeine
-deny  ${HOME}/.kde4/share/apps/kcookiejar
-deny  ${HOME}/.kde4/share/apps/kget
-deny  ${HOME}/.kde4/share/apps/khtml
-deny  ${HOME}/.kde4/share/apps/konqsidebartng
-deny  ${HOME}/.kde4/share/apps/konqueror
-deny  ${HOME}/.kde4/share/apps/kopete
-deny  ${HOME}/.kde4/share/apps/ktorrent
-deny  ${HOME}/.kde4/share/apps/okular
-deny  ${HOME}/.kde4/share/config/baloofilerc
-deny  ${HOME}/.kde4/share/config/baloorc
-deny  ${HOME}/.kde4/share/config/digikam
-deny  ${HOME}/.kde4/share/config/gwenviewrc
-deny  ${HOME}/.kde4/share/config/k3brc
-deny  ${HOME}/.kde4/share/config/kaffeinerc
-deny  ${HOME}/.kde4/share/config/kcookiejarrc
-deny  ${HOME}/.kde4/share/config/kfindrc
-deny  ${HOME}/.kde4/share/config/kgetrc
-deny  ${HOME}/.kde4/share/config/khtmlrc
-deny  ${HOME}/.kde4/share/config/klipperrc
-deny  ${HOME}/.kde4/share/config/konq_history
-deny  ${HOME}/.kde4/share/config/konqsidebartngrc
-deny  ${HOME}/.kde4/share/config/konquerorrc
-deny  ${HOME}/.kde4/share/config/konversationrc
-deny  ${HOME}/.kde4/share/config/kopeterc
-deny  ${HOME}/.kde4/share/config/ktorrentrc
-deny  ${HOME}/.kde4/share/config/okularpartrc
-deny  ${HOME}/.kde4/share/config/okularrc
-deny  ${HOME}/.killingfloor
-deny  ${HOME}/.kingsoft
-deny  ${HOME}/.kino-history
-deny  ${HOME}/.kinorc
-deny  ${HOME}/.klatexformula
-deny  ${HOME}/.klei
-deny  ${HOME}/.kodi
-deny  ${HOME}/.librewolf
-deny  ${HOME}/.lincity-ng
-deny  ${HOME}/.links
-deny  ${HOME}/.links2
-deny  ${HOME}/.linphone-history.db
-deny  ${HOME}/.linphonerc
-deny  ${HOME}/.lmmsrc.xml
-deny  ${HOME}/.local/lib/vivaldi
-deny  ${HOME}/.local/share/0ad
-deny  ${HOME}/.local/share/3909/PapersPlease
-deny  ${HOME}/.local/share/Anki2
-deny  ${HOME}/.local/share/Dredmor
-deny  ${HOME}/.local/share/Empathy
-deny  ${HOME}/.local/share/Enpass
-deny  ${HOME}/.local/share/FasterThanLight
-deny  ${HOME}/.local/share/Flavio Tordini
-deny  ${HOME}/.local/share/IntoTheBreach
-deny  ${HOME}/.local/share/JetBrains
-deny  ${HOME}/.local/share/KDE/neochat
-deny  ${HOME}/.local/share/Kingsoft
-deny  ${HOME}/.local/share/LibreCAD
-deny  ${HOME}/.local/share/Mendeley Ltd.
-deny  ${HOME}/.local/share/Mumble
-deny  ${HOME}/.local/share/Nextcloud
-deny  ${HOME}/.local/share/PBE
-deny  ${HOME}/.local/share/Paradox Interactive
-deny  ${HOME}/.local/share/PawelStolowski
-deny  ${HOME}/.local/share/PillarsOfEternity
-deny  ${HOME}/.local/share/Psi
-deny  ${HOME}/.local/share/QGIS
-deny  ${HOME}/.local/share/QMediathekView
-deny  ${HOME}/.local/share/QuiteRss
-deny  ${HOME}/.local/share/Ricochet
-deny  ${HOME}/.local/share/RogueLegacy
-deny  ${HOME}/.local/share/RogueLegacyStorageContainer
-deny  ${HOME}/.local/share/Shortwave
-deny  ${HOME}/.local/share/Steam
-deny  ${HOME}/.local/share/SteamWorld Dig 2
-deny  ${HOME}/.local/share/SteamWorldDig
-deny  ${HOME}/.local/share/SuperHexagon
-deny  ${HOME}/.local/share/TelegramDesktop
-deny  ${HOME}/.local/share/Terraria
-deny  ${HOME}/.local/share/TpLogger
-deny  ${HOME}/.local/share/Zeal
-deny  ${HOME}/.local/share/agenda
-deny  ${HOME}/.local/share/akonadi*
-deny  ${HOME}/.local/share/akregator
-deny  ${HOME}/.local/share/apps/korganizer
-deny  ${HOME}/.local/share/aspyr-media
-deny  ${HOME}/.local/share/authenticator-rs
-deny  ${HOME}/.local/share/autokey
-deny  ${HOME}/.local/share/backintime
-deny  ${HOME}/.local/share/baloo
-deny  ${HOME}/.local/share/barrier
-deny  ${HOME}/.local/share/bibletime
-deny  ${HOME}/.local/share/bijiben
-deny  ${HOME}/.local/share/bohemiainteractive
-deny  ${HOME}/.local/share/caja-python
-deny  ${HOME}/.local/share/calligragemini
-deny  ${HOME}/.local/share/cantata
-deny  ${HOME}/.local/share/cdprojektred
-deny  ${HOME}/.local/share/clipit
-deny  ${HOME}/.local/share/com.github.johnfactotum.Foliate
-deny  ${HOME}/.local/share/contacts
-deny  ${HOME}/.local/share/cor-games
-deny  ${HOME}/.local/share/data/Mendeley Ltd.
-deny  ${HOME}/.local/share/data/Mumble
-deny  ${HOME}/.local/share/data/MusE
-deny  ${HOME}/.local/share/data/MuseScore
-deny  ${HOME}/.local/share/data/nomacs
-deny  ${HOME}/.local/share/data/qBittorrent
-deny  ${HOME}/.local/share/dino
-deny  ${HOME}/.local/share/dolphin
-deny  ${HOME}/.local/share/dolphin-emu
-deny  ${HOME}/.local/share/emailidentities
-deny  ${HOME}/.local/share/epiphany
-deny  ${HOME}/.local/share/evolution
-deny  ${HOME}/.local/share/feedreader
-deny  ${HOME}/.local/share/feral-interactive
-deny  ${HOME}/.local/share/five-or-more
-deny  ${HOME}/.local/share/freecol
-deny  ${HOME}/.local/share/gajim
-deny  ${HOME}/.local/share/geary
-deny  ${HOME}/.local/share/geeqie
-deny  ${HOME}/.local/share/ghostwriter
-deny  ${HOME}/.local/share/gitg
-deny  ${HOME}/.local/share/gnome-2048
-deny  ${HOME}/.local/share/gnome-boxes
-deny  ${HOME}/.local/share/gnome-builder
-deny  ${HOME}/.local/share/gnome-chess
-deny  ${HOME}/.local/share/gnome-klotski
-deny  ${HOME}/.local/share/gnome-latex
-deny  ${HOME}/.local/share/gnome-mines
-deny  ${HOME}/.local/share/gnome-music
-deny  ${HOME}/.local/share/gnome-nibbles
-deny  ${HOME}/.local/share/gnome-photos
-deny  ${HOME}/.local/share/gnome-pomodoro
-deny  ${HOME}/.local/share/gnome-recipes
-deny  ${HOME}/.local/share/gnome-ring
-deny  ${HOME}/.local/share/gnome-sudoku
-deny  ${HOME}/.local/share/gnome-twitch
-deny  ${HOME}/.local/share/gnote
-deny  ${HOME}/.local/share/godot
-deny  ${HOME}/.local/share/gradio
-deny  ${HOME}/.local/share/gwenview
-deny  ${HOME}/.local/share/i2p
-deny  ${HOME}/.local/share/jami
-deny  ${HOME}/.local/share/kaffeine
-deny  ${HOME}/.local/share/kalgebra
-deny  ${HOME}/.local/share/kate
-deny  ${HOME}/.local/share/kdenlive
-deny  ${HOME}/.local/share/kget
-deny  ${HOME}/.local/share/kiwix
-deny  ${HOME}/.local/share/kiwix-desktop
-deny  ${HOME}/.local/share/klavaro
-deny  ${HOME}/.local/share/kmail2
-deny  ${HOME}/.local/share/kmplayer
-deny  ${HOME}/.local/share/knotes
-deny  ${HOME}/.local/share/krita
-deny  ${HOME}/.local/share/ktorrent
-deny  ${HOME}/.local/share/ktorrentrc
-deny  ${HOME}/.local/share/ktouch
-deny  ${HOME}/.local/share/kube
-deny  ${HOME}/.local/share/kwrite
-deny  ${HOME}/.local/share/kxmlgui5/*
-deny  ${HOME}/.local/share/liferea
-deny  ${HOME}/.local/share/linphone
-deny  ${HOME}/.local/share/local-mail
-deny  ${HOME}/.local/share/lollypop
-deny  ${HOME}/.local/share/love
-deny  ${HOME}/.local/share/lugaru
-deny  ${HOME}/.local/share/lutris
-deny  ${HOME}/.local/share/man
-deny  ${HOME}/.local/share/mana
-deny  ${HOME}/.local/share/maps-places.json
-deny  ${HOME}/.local/share/matrix-mirage
-deny  ${HOME}/.local/share/mcomix
-deny  ${HOME}/.local/share/meld
-deny  ${HOME}/.local/share/midori
-deny  ${HOME}/.local/share/minder
-deny  ${HOME}/.local/share/mirage
-deny  ${HOME}/.local/share/multimc
-deny  ${HOME}/.local/share/multimc5
-deny  ${HOME}/.local/share/mupen64plus
-deny  ${HOME}/.local/share/mypaint
-deny  ${HOME}/.local/share/nautilus
-deny  ${HOME}/.local/share/nautilus-python
-deny  ${HOME}/.local/share/nemo
-deny  ${HOME}/.local/share/nemo-python
-deny  ${HOME}/.local/share/news-flash
-deny  ${HOME}/.local/share/newsbeuter
-deny  ${HOME}/.local/share/newsboat
-deny  ${HOME}/.local/share/nheko
-deny  ${HOME}/.local/share/nomacs
-deny  ${HOME}/.local/share/notes
-deny  ${HOME}/.local/share/ocenaudio
-deny  ${HOME}/.local/share/okular
-deny  ${HOME}/.local/share/onlyoffice
-deny  ${HOME}/.local/share/openmw
-deny  ${HOME}/.local/share/orage
-deny  ${HOME}/.local/share/org.kde.gwenview
-deny  ${HOME}/.local/share/pix
-deny  ${HOME}/.local/share/plasma_notes
-deny  ${HOME}/.local/share/profanity
-deny  ${HOME}/.local/share/psi
-deny  ${HOME}/.local/share/psi+
-deny  ${HOME}/.local/share/qpdfview
-deny  ${HOME}/.local/share/quadrapassel
-deny  ${HOME}/.local/share/qutebrowser
-deny  ${HOME}/.local/share/remmina
-deny  ${HOME}/.local/share/rhythmbox
-deny  ${HOME}/.local/share/rtv
-deny  ${HOME}/.local/share/scribus
-deny  ${HOME}/.local/share/shotwell
-deny  ${HOME}/.local/share/signal-cli
-deny  ${HOME}/.local/share/sink
-deny  ${HOME}/.local/share/smuxi
-deny  ${HOME}/.local/share/spotify
-deny  ${HOME}/.local/share/steam
-deny  ${HOME}/.local/share/strawberry
-deny  ${HOME}/.local/share/supertux2
-deny  ${HOME}/.local/share/supertuxkart
-deny  ${HOME}/.local/share/swell-foop
-deny  ${HOME}/.local/share/telepathy
-deny  ${HOME}/.local/share/terasology
-deny  ${HOME}/.local/share/torbrowser
-deny  ${HOME}/.local/share/totem
-deny  ${HOME}/.local/share/uzbl
-deny  ${HOME}/.local/share/vlc
-deny  ${HOME}/.local/share/vpltd
-deny  ${HOME}/.local/share/vulkan
-deny  ${HOME}/.local/share/warsow-2.1
-deny  ${HOME}/.local/share/wesnoth
-deny  ${HOME}/.local/share/wormux
-deny  ${HOME}/.local/share/xplayer
-deny  ${HOME}/.local/share/xreader
-deny  ${HOME}/.local/share/zathura
-deny  ${HOME}/.lv2
-deny  ${HOME}/.lyx
-deny  ${HOME}/.magicor
-deny  ${HOME}/.masterpdfeditor
-deny  ${HOME}/.mbwarband
-deny  ${HOME}/.mcabber
-deny  ${HOME}/.mcabberrc
-deny  ${HOME}/.mediathek3
-deny  ${HOME}/.megaglest
-deny  ${HOME}/.minecraft
-deny  ${HOME}/.minetest
-deny  ${HOME}/.mirrormagic
-deny  ${HOME}/.moc
-deny  ${HOME}/.moonchild productions/basilisk
-deny  ${HOME}/.moonchild productions/pale moon
-deny  ${HOME}/.mozilla
-deny  ${HOME}/.mp3splt-gtk
-deny  ${HOME}/.mpd
-deny  ${HOME}/.mpdconf
-deny  ${HOME}/.mplayer
-deny  ${HOME}/.msmtprc
-deny  ${HOME}/.multimc5
-deny  ${HOME}/.nanorc
-deny  ${HOME}/.netactview
-deny  ${HOME}/.neverball
-deny  ${HOME}/.newsbeuter
-deny  ${HOME}/.newsboat
-deny  ${HOME}/.newsrc
-deny  ${HOME}/.nicotine
-deny  ${HOME}/.node-gyp
-deny  ${HOME}/.npm
-deny  ${HOME}/.npmrc
-deny  ${HOME}/.nv
-deny  ${HOME}/.nvm
-deny  ${HOME}/.nylas-mail
-deny  ${HOME}/.openarena
-deny  ${HOME}/.opencity
-deny  ${HOME}/.openinvaders
-deny  ${HOME}/.openshot
-deny  ${HOME}/.openshot_qt
-deny  ${HOME}/.openttd
-deny  ${HOME}/.opera
-deny  ${HOME}/.opera-beta
-deny  ${HOME}/.ostrichriders
-deny  ${HOME}/.paradoxinteractive
-deny  ${HOME}/.parallelrealities/blobwars
-deny  ${HOME}/.pcsxr
-deny  ${HOME}/.penguin-command
-deny  ${HOME}/.pine-crash
-deny  ${HOME}/.pine-debug1
-deny  ${HOME}/.pine-debug2
-deny  ${HOME}/.pine-debug3
-deny  ${HOME}/.pine-debug4
-deny  ${HOME}/.pine-interrupted-mail
-deny  ${HOME}/.pinerc
-deny  ${HOME}/.pinercex
-deny  ${HOME}/.pingus
-deny  ${HOME}/.pioneer
-deny  ${HOME}/.purple
-deny  ${HOME}/.pylint.d
-deny  ${HOME}/.qemu-launcher
-deny  ${HOME}/.qgis2
-deny  ${HOME}/.qmmp
-deny  ${HOME}/.quodlibet
-deny  ${HOME}/.redeclipse
-deny  ${HOME}/.remmina
-deny  ${HOME}/.repo_.gitconfig.json
-deny  ${HOME}/.repoconfig
-deny  ${HOME}/.retroshare
-deny  ${HOME}/.ripperXrc
-deny  ${HOME}/.scorched3d
-deny  ${HOME}/.scribus
-deny  ${HOME}/.scribusrc
-deny  ${HOME}/.simutrans
-deny  ${HOME}/.smartgit/*/passwords
-deny  ${HOME}/.ssr
-deny  ${HOME}/.steam
-deny  ${HOME}/.steampath
-deny  ${HOME}/.steampid
-deny  ${HOME}/.stellarium
-deny  ${HOME}/.subversion
-deny  ${HOME}/.surf
-deny  ${HOME}/.suve/colorful
-deny  ${HOME}/.swb.ini
-deny  ${HOME}/.sword
-deny  ${HOME}/.sylpheed-2.0
-deny  ${HOME}/.synfig
-deny  ${HOME}/.tb
-deny  ${HOME}/.tconn
-deny  ${HOME}/.teeworlds
-deny  ${HOME}/.texlive20*
-deny  ${HOME}/.thunderbird
-deny  ${HOME}/.tilp
-deny  ${HOME}/.tin
-deny  ${HOME}/.tooling
-deny  ${HOME}/.tor-browser*
-deny  ${HOME}/.torcs
-deny  ${HOME}/.tremulous
-deny  ${HOME}/.ts3client
-deny  ${HOME}/.tuxguitar*
-deny  ${HOME}/.tvbrowser
-deny  ${HOME}/.unknown-horizons
-deny  ${HOME}/.viking
-deny  ${HOME}/.viking-maps
-deny  ${HOME}/.vim
-deny  ${HOME}/.vimrc
-deny  ${HOME}/.vmware
-deny  ${HOME}/.vscode
-deny  ${HOME}/.vscode-oss
-deny  ${HOME}/.vst
-deny  ${HOME}/.vultures
-deny  ${HOME}/.w3m
-deny  ${HOME}/.warzone2100-3.*
-deny  ${HOME}/.waterfox
-deny  ${HOME}/.weechat
-deny  ${HOME}/.wget-hsts
-deny  ${HOME}/.wgetrc
-deny  ${HOME}/.widelands
-deny  ${HOME}/.wine
-deny  ${HOME}/.wine64
-deny  ${HOME}/.wireshark
-deny  ${HOME}/.wordwarvi
-deny  ${HOME}/.wormux
-deny  ${HOME}/.xiphos
-deny  ${HOME}/.xmind
-deny  ${HOME}/.xmms
-deny  ${HOME}/.xmr-stak
-deny  ${HOME}/.xonotic
-deny  ${HOME}/.xournalpp
-deny  ${HOME}/.xpdfrc
-deny  ${HOME}/.yarn
-deny  ${HOME}/.yarn-config
-deny  ${HOME}/.yarncache
-deny  ${HOME}/.yarnrc
-deny  ${HOME}/.zoom
-deny  ${HOME}/Arduino
-deny  ${HOME}/Monero/wallets
-deny  ${HOME}/Nextcloud
-deny  ${HOME}/Nextcloud/Notes
-deny  ${HOME}/SoftMaker
-deny  ${HOME}/Standard Notes Backups
-deny  ${HOME}/TeamSpeak3-Client-linux_amd64
-deny  ${HOME}/TeamSpeak3-Client-linux_x86
-deny  ${HOME}/hyperrogue.ini
-deny  ${HOME}/i2p
-deny  ${HOME}/mps
-deny  ${HOME}/wallet.dat
-deny  /tmp/.wine-*
-deny  /tmp/akonadi-*
-deny  /var/games/nethack
-deny  /var/games/slashem
-deny  /var/games/vulturesclaw
-deny  /var/games/vultureseye
-deny  /var/lib/games/Maelstrom-Scores
+blacklist ${HOME}/.*coin
+blacklist ${HOME}/.8pecxstudios
+blacklist ${HOME}/.AndroidStudio*
+blacklist ${HOME}/.Atom
+blacklist ${HOME}/.CLion*
+blacklist ${HOME}/.FBReader
+blacklist ${HOME}/.FontForge
+blacklist ${HOME}/.IdeaIC*
+blacklist ${HOME}/.LuminanceHDR
+blacklist ${HOME}/.Mathematica
+blacklist ${HOME}/.Natron
+blacklist ${HOME}/.PlayOnLinux
+blacklist ${HOME}/.PyCharm*
+blacklist ${HOME}/.Sayonara
+blacklist ${HOME}/.Steam
+blacklist ${HOME}/.Steampath
+blacklist ${HOME}/.Steampid
+blacklist ${HOME}/.TelegramDesktop
+blacklist ${HOME}/.VSCodium
+blacklist ${HOME}/.ViberPC
+blacklist ${HOME}/.VirtualBox
+blacklist ${HOME}/.WebStorm*
+blacklist ${HOME}/.Wolfram Research
+blacklist ${HOME}/.ZAP
+blacklist ${HOME}/.aMule
+blacklist ${HOME}/.abook
+blacklist ${HOME}/.addressbook
+blacklist ${HOME}/.alpine-smime
+blacklist ${HOME}/.android
+blacklist ${HOME}/.anydesk
+blacklist ${HOME}/.arduino15
+blacklist ${HOME}/.aria2
+blacklist ${HOME}/.arm
+blacklist ${HOME}/.asunder_album_artist
+blacklist ${HOME}/.asunder_album_genre
+blacklist ${HOME}/.asunder_album_title
+blacklist ${HOME}/.atom
+blacklist ${HOME}/.attic
+blacklist ${HOME}/.audacity-data
+blacklist ${HOME}/.avidemux6
+blacklist ${HOME}/.ballbuster.hs
+blacklist ${HOME}/.balsa
+blacklist ${HOME}/.bcast5
+blacklist ${HOME}/.bibletime
+blacklist ${HOME}/.bitcoin
+blacklist ${HOME}/.blobby
+blacklist ${HOME}/.bogofilter
+blacklist ${HOME}/.bzf
+blacklist ${HOME}/.cargo/*
+blacklist ${HOME}/.claws-mail
+blacklist ${HOME}/.cliqz
+blacklist ${HOME}/.clion*
+blacklist ${HOME}/.clonk
+blacklist ${HOME}/.config/0ad
+blacklist ${HOME}/.config/2048-qt
+blacklist ${HOME}/.config/Atom
+blacklist ${HOME}/.config/Audaciousrc
+blacklist ${HOME}/.config/Authenticator
+blacklist ${HOME}/.config/Beaker Browser
+blacklist ${HOME}/.config/Bitcoin
+blacklist ${HOME}/.config/Bitwarden
+blacklist ${HOME}/.config/Brackets
+blacklist ${HOME}/.config/BraveSoftware
+blacklist ${HOME}/.config/Clementine
+blacklist ${HOME}/.config/Code
+blacklist ${HOME}/.config/Code - OSS
+blacklist ${HOME}/.config/Code Industry
+blacklist ${HOME}/.config/Cryptocat
+blacklist ${HOME}/.config/Debauchee/Barrier.conf
+blacklist ${HOME}/.config/Dharkael
+blacklist ${HOME}/.config/ENCOM
+blacklist ${HOME}/.config/Element
+blacklist ${HOME}/.config/Element (Riot)
+blacklist ${HOME}/.config/Enox
+blacklist ${HOME}/.config/Epic
+blacklist ${HOME}/.config/Ferdi
+blacklist ${HOME}/.config/Flavio Tordini
+blacklist ${HOME}/.config/Franz
+blacklist ${HOME}/.config/FreeCAD
+blacklist ${HOME}/.config/FreeTube
+blacklist ${HOME}/.config/Fritzing
+blacklist ${HOME}/.config/GIMP
+blacklist ${HOME}/.config/GitHub Desktop
+blacklist ${HOME}/.config/Gitter
+blacklist ${HOME}/.config/Google
+blacklist ${HOME}/.config/Google Play Music Desktop Player
+blacklist ${HOME}/.config/Gpredict
+blacklist ${HOME}/.config/INRIA
+blacklist ${HOME}/.config/InSilmaril
+blacklist ${HOME}/.config/Jitsi Meet
+blacklist ${HOME}/.config/JetBrains/CLion*
+blacklist ${HOME}/.config/KDE/neochat
+blacklist ${HOME}/.config/Kid3
+blacklist ${HOME}/.config/Kingsoft
+blacklist ${HOME}/.config/LibreCAD
+blacklist ${HOME}/.config/Loop_Hero
+blacklist ${HOME}/.config/Luminance
+blacklist ${HOME}/.config/LyX
+blacklist ${HOME}/.config/Mattermost
+blacklist ${HOME}/.config/Meltytech
+blacklist ${HOME}/.config/Mendeley Ltd.
+blacklist ${HOME}/.config/Microsoft
+blacklist ${HOME}/.config/Min
+blacklist ${HOME}/.config/ModTheSpire
+blacklist ${HOME}/.config/Mousepad
+blacklist ${HOME}/.config/Mumble
+blacklist ${HOME}/.config/MusE
+blacklist ${HOME}/.config/MuseScore
+blacklist ${HOME}/.config/MusicBrainz
+blacklist ${HOME}/.config/Nathan Osman
+blacklist ${HOME}/.config/Nextcloud
+blacklist ${HOME}/.config/NitroShare
+blacklist ${HOME}/.config/Nylas Mail
+blacklist ${HOME}/.config/PBE
+blacklist ${HOME}/.config/PacmanLogViewer
+blacklist ${HOME}/.config/PawelStolowski
+blacklist ${HOME}/.config/Philipp Schmieder
+blacklist ${HOME}/.config/Pinta
+blacklist ${HOME}/.config/QGIS
+blacklist ${HOME}/.config/QMediathekView
+blacklist ${HOME}/.config/Qlipper
+blacklist ${HOME}/.config/QuiteRss
+blacklist ${HOME}/.config/QuiteRssrc
+blacklist ${HOME}/.config/Quotient
+blacklist ${HOME}/.config/Rambox
+blacklist ${HOME}/.config/Riot
+blacklist ${HOME}/.config/Rocket.Chat
+blacklist ${HOME}/.config/RogueLegacy
+blacklist ${HOME}/.config/RogueLegacyStorageContainer
+blacklist ${HOME}/.config/Signal
+blacklist ${HOME}/.config/Sinew Software Systems
+blacklist ${HOME}/.config/Slack
+blacklist ${HOME}/.config/Standard Notes
+blacklist ${HOME}/.config/SubDownloader
+blacklist ${HOME}/.config/Thunar
+blacklist ${HOME}/.config/Twitch
+blacklist ${HOME}/.config/Unknown Organization
+blacklist ${HOME}/.config/VirtualBox
+blacklist ${HOME}/.config/Whalebird
+blacklist ${HOME}/.config/Wire
+blacklist ${HOME}/.config/Youtube
+blacklist ${HOME}/.config/ZeGrapher Project
+blacklist ${HOME}/.config/Zeal
+blacklist ${HOME}/.config/Zulip
+blacklist ${HOME}/.config/aacs
+blacklist ${HOME}/.config/abiword
+blacklist ${HOME}/.config/agenda
+blacklist ${HOME}/.config/akonadi*
+blacklist ${HOME}/.config/akregatorrc
+blacklist ${HOME}/.config/alacritty
+blacklist ${HOME}/.config/ardour4
+blacklist ${HOME}/.config/ardour5
+blacklist ${HOME}/.config/aria2
+blacklist ${HOME}/.config/arkrc
+blacklist ${HOME}/.config/artha.conf
+blacklist ${HOME}/.config/artha.log
+blacklist ${HOME}/.config/asunder
+blacklist ${HOME}/.config/atril
+blacklist ${HOME}/.config/audacious
+blacklist ${HOME}/.config/autokey
+blacklist ${HOME}/.config/avidemux3_qt5rc
+blacklist ${HOME}/.config/aweather
+blacklist ${HOME}/.config/backintime
+blacklist ${HOME}/.config/baloofilerc
+blacklist ${HOME}/.config/baloorc
+blacklist ${HOME}/.config/bcompare
+blacklist ${HOME}/.config/blender
+blacklist ${HOME}/.config/bless
+blacklist ${HOME}/.config/bnox
+blacklist ${HOME}/.config/borg
+blacklist ${HOME}/.config/brasero
+blacklist ${HOME}/.config/brave
+blacklist ${HOME}/.config/brave-flags.conf
+blacklist ${HOME}/.config/caja
+blacklist ${HOME}/.config/calibre
+blacklist ${HOME}/.config/cantata
+blacklist ${HOME}/.config/catfish
+blacklist ${HOME}/.config/cawbird
+blacklist ${HOME}/.config/celluloid
+blacklist ${HOME}/.config/cherrytree
+blacklist ${HOME}/.config/chrome-beta-flags.conf
+blacklist ${HOME}/.config/chrome-beta-flags.config
+blacklist ${HOME}/.config/chrome-flags.conf
+blacklist ${HOME}/.config/chrome-flags.config
+blacklist ${HOME}/.config/chrome-unstable-flags.conf
+blacklist ${HOME}/.config/chrome-unstable-flags.config
+blacklist ${HOME}/.config/chromium
+blacklist ${HOME}/.config/chromium-dev
+blacklist ${HOME}/.config/chromium-flags.conf
+blacklist ${HOME}/.config/clipit
+blacklist ${HOME}/.config/cliqz
+blacklist ${HOME}/.config/cmus
+blacklist ${HOME}/.config/com.github.bleakgrey.tootle
+blacklist ${HOME}/.config/corebird
+blacklist ${HOME}/.config/cower
+blacklist ${HOME}/.config/coyim
+blacklist ${HOME}/.config/d-feet
+blacklist ${HOME}/.config/darktable
+blacklist ${HOME}/.config/deadbeef
+blacklist ${HOME}/.config/deluge
+blacklist ${HOME}/.config/devilspie2
+blacklist ${HOME}/.config/digikam
+blacklist ${HOME}/.config/digikamrc
+blacklist ${HOME}/.config/discord
+blacklist ${HOME}/.config/discordcanary
+blacklist ${HOME}/.config/dkl
+blacklist ${HOME}/.config/dnox
+blacklist ${HOME}/.config/dolphin-emu
+blacklist ${HOME}/.config/dolphinrc
+blacklist ${HOME}/.config/dragonplayerrc
+blacklist ${HOME}/.config/draw.io
+blacklist ${HOME}/.config/electron-mail
+blacklist ${HOME}/.config/emaildefaults
+blacklist ${HOME}/.config/emailidentities
+blacklist ${HOME}/.config/emilia
+blacklist ${HOME}/.config/enchant
+blacklist ${HOME}/.config/eog
+blacklist ${HOME}/.config/epiphany
+blacklist ${HOME}/.config/equalx
+blacklist ${HOME}/.config/evince
+blacklist ${HOME}/.config/evolution
+blacklist ${HOME}/.config/falkon
+blacklist ${HOME}/.config/filezilla
+blacklist ${HOME}/.config/flameshot
+blacklist ${HOME}/.config/flaska.net
+blacklist ${HOME}/.config/flowblade
+blacklist ${HOME}/.config/font-manager
+blacklist ${HOME}/.config/freecol
+blacklist ${HOME}/.config/gajim
+blacklist ${HOME}/.config/galculator
+blacklist ${HOME}/.config/gconf
+blacklist ${HOME}/.config/geany
+blacklist ${HOME}/.config/geary
+blacklist ${HOME}/.config/gedit
+blacklist ${HOME}/.config/geeqie
+blacklist ${HOME}/.config/ghb
+blacklist ${HOME}/.config/ghostwriter
+blacklist ${HOME}/.config/git
+blacklist ${HOME}/.config/git-cola
+blacklist ${HOME}/.config/glade.conf
+blacklist ${HOME}/.config/globaltime
+blacklist ${HOME}/.config/gmpc
+blacklist ${HOME}/.config/gnome-builder
+blacklist ${HOME}/.config/gnome-chess
+blacklist ${HOME}/.config/gnome-control-center
+blacklist ${HOME}/.config/gnome-initial-setup-done
+blacklist ${HOME}/.config/gnome-latex
+blacklist ${HOME}/.config/gnome-mplayer
+blacklist ${HOME}/.config/gnome-mpv
+blacklist ${HOME}/.config/gnome-pie
+blacklist ${HOME}/.config/gnome-session
+blacklist ${HOME}/.config/gnote
+blacklist ${HOME}/.config/godot
+blacklist ${HOME}/.config/google-chrome
+blacklist ${HOME}/.config/google-chrome-beta
+blacklist ${HOME}/.config/google-chrome-unstable
+blacklist ${HOME}/.config/gpicview
+blacklist ${HOME}/.config/gthumb
+blacklist ${HOME}/.config/gummi
+blacklist ${HOME}/.config/guvcview2
+blacklist ${HOME}/.config/gwenviewrc
+blacklist ${HOME}/.config/hexchat
+blacklist ${HOME}/.config/homebank
+blacklist ${HOME}/.config/i2p
+blacklist ${HOME}/.config/inkscape
+blacklist ${HOME}/.config/inox
+blacklist ${HOME}/.config/iridium
+blacklist ${HOME}/.config/itch
+blacklist ${HOME}/.config/jami
+blacklist ${HOME}/.config/jd-gui.cfg
+blacklist ${HOME}/.config/k3brc
+blacklist ${HOME}/.config/kaffeinerc
+blacklist ${HOME}/.config/kalgebrarc
+blacklist ${HOME}/.config/katemetainfos
+blacklist ${HOME}/.config/katepartrc
+blacklist ${HOME}/.config/katerc
+blacklist ${HOME}/.config/kateschemarc
+blacklist ${HOME}/.config/katesyntaxhighlightingrc
+blacklist ${HOME}/.config/katevirc
+blacklist ${HOME}/.config/kazam
+blacklist ${HOME}/.config/kdeconnect
+blacklist ${HOME}/.config/kdenliverc
+blacklist ${HOME}/.config/kdiff3fileitemactionrc
+blacklist ${HOME}/.config/kdiff3rc
+blacklist ${HOME}/.config/kfindrc
+blacklist ${HOME}/.config/kgetrc
+blacklist ${HOME}/.config/kid3rc
+blacklist ${HOME}/.config/klavaro
+blacklist ${HOME}/.config/klipperrc
+blacklist ${HOME}/.config/kmail2rc
+blacklist ${HOME}/.config/kmailsearchindexingrc
+blacklist ${HOME}/.config/kmplayerrc
+blacklist ${HOME}/.config/knotesrc
+blacklist ${HOME}/.config/konversation.notifyrc
+blacklist ${HOME}/.config/konversationrc
+blacklist ${HOME}/.config/kritarc
+blacklist ${HOME}/.config/ktorrentrc
+blacklist ${HOME}/.config/ktouch2rc
+blacklist ${HOME}/.config/kube
+blacklist ${HOME}/.config/kwriterc
+blacklist ${HOME}/.config/leafpad
+blacklist ${HOME}/.config/libreoffice
+blacklist ${HOME}/.config/liferea
+blacklist ${HOME}/.config/linphone
+blacklist ${HOME}/.config/lugaru
+blacklist ${HOME}/.config/lutris
+blacklist ${HOME}/.config/lximage-qt
+blacklist ${HOME}/.config/mailtransports
+blacklist ${HOME}/.config/mana
+blacklist ${HOME}/.config/mate-calc
+blacklist ${HOME}/.config/mate/eom
+blacklist ${HOME}/.config/mate/mate-dictionary
+blacklist ${HOME}/.config/matrix-mirage
+blacklist ${HOME}/.config/mcomix
+blacklist ${HOME}/.config/meld
+blacklist ${HOME}/.config/menulibre.cfg
+blacklist ${HOME}/.config/meteo-qt
+blacklist ${HOME}/.config/mfusion
+blacklist ${HOME}/.config/microsoft-edge-dev
+blacklist ${HOME}/.config/midori
+blacklist ${HOME}/.config/mirage
+blacklist ${HOME}/.config/mono
+blacklist ${HOME}/.config/mpDris2
+blacklist ${HOME}/.config/mpd
+blacklist ${HOME}/.config/mps-youtube
+blacklist ${HOME}/.config/mpv
+blacklist ${HOME}/.config/mupen64plus
+blacklist ${HOME}/.config/mutt
+blacklist ${HOME}/.config/mutter
+blacklist ${HOME}/.config/mypaint
+blacklist ${HOME}/.config/nano
+blacklist ${HOME}/.config/nautilus
+blacklist ${HOME}/.config/nemo
+blacklist ${HOME}/.config/neochat.notifyrc
+blacklist ${HOME}/.config/neochatrc
+blacklist ${HOME}/.config/neomutt
+blacklist ${HOME}/.config/netsurf
+blacklist ${HOME}/.config/newsbeuter
+blacklist ${HOME}/.config/newsboat
+blacklist ${HOME}/.config/newsflash
+blacklist ${HOME}/.config/nheko
+blacklist ${HOME}/.config/nomacs
+blacklist ${HOME}/.config/nuclear
+blacklist ${HOME}/.config/obs-studio
+blacklist ${HOME}/.config/okularpartrc
+blacklist ${HOME}/.config/okularrc
+blacklist ${HOME}/.config/onboard
+blacklist ${HOME}/.config/onionshare
+blacklist ${HOME}/.config/onlyoffice
+blacklist ${HOME}/.config/openmw
+blacklist ${HOME}/.config/opera
+blacklist ${HOME}/.config/opera-beta
+blacklist ${HOME}/.config/orage
+blacklist ${HOME}/.config/org.gabmus.gfeeds.json
+blacklist ${HOME}/.config/org.gabmus.gfeeds.saved_articles
+blacklist ${HOME}/.config/org.kde.gwenviewrc
+blacklist ${HOME}/.config/otter
+blacklist ${HOME}/.config/pavucontrol-qt
+blacklist ${HOME}/.config/pavucontrol.ini
+blacklist ${HOME}/.config/pcmanfm
+blacklist ${HOME}/.config/pdfmod
+blacklist ${HOME}/.config/pipe-viewer
+blacklist ${HOME}/.config/pitivi
+blacklist ${HOME}/.config/pix
+blacklist ${HOME}/.config/pluma
+blacklist ${HOME}/.config/ppsspp
+blacklist ${HOME}/.config/pragha
+blacklist ${HOME}/.config/profanity
+blacklist ${HOME}/.config/psi
+blacklist ${HOME}/.config/psi+
+blacklist ${HOME}/.config/qBittorrent
+blacklist ${HOME}/.config/qBittorrentrc
+blacklist ${HOME}/.config/qnapi.ini
+blacklist ${HOME}/.config/qpdfview
+blacklist ${HOME}/.config/quodlibet
+blacklist ${HOME}/.config/qupzilla
+blacklist ${HOME}/.config/qutebrowser
+blacklist ${HOME}/.config/ranger
+blacklist ${HOME}/.config/redshift
+blacklist ${HOME}/.config/redshift.conf
+blacklist ${HOME}/.config/remmina
+blacklist ${HOME}/.config/ristretto
+blacklist ${HOME}/.config/rtv
+blacklist ${HOME}/.config/scribus
+blacklist ${HOME}/.config/scribusrc
+blacklist ${HOME}/.config/sinew.in
+blacklist ${HOME}/.config/sink
+blacklist ${HOME}/.config/skypeforlinux
+blacklist ${HOME}/.config/slimjet
+blacklist ${HOME}/.config/smplayer
+blacklist ${HOME}/.config/smtube
+blacklist ${HOME}/.config/smuxi
+blacklist ${HOME}/.config/snox
+blacklist ${HOME}/.config/sound-juicer
+blacklist ${HOME}/.config/specialmailcollectionsrc
+blacklist ${HOME}/.config/spectaclerc
+blacklist ${HOME}/.config/spotify
+blacklist ${HOME}/.config/sqlitebrowser
+blacklist ${HOME}/.config/stellarium
+blacklist ${HOME}/.config/straw-viewer
+blacklist ${HOME}/.config/strawberry
+blacklist ${HOME}/.config/supertuxkart
+blacklist ${HOME}/.config/synfig
+blacklist ${HOME}/.config/teams
+blacklist ${HOME}/.config/teams-for-linux
+blacklist ${HOME}/.config/telepathy-account-widgets
+blacklist ${HOME}/.config/torbrowser
+blacklist ${HOME}/.config/totem
+blacklist ${HOME}/.config/tox
+blacklist ${HOME}/.config/transgui
+blacklist ${HOME}/.config/transmission
+blacklist ${HOME}/.config/truecraft
+blacklist ${HOME}/.config/tuta_integration
+blacklist ${HOME}/.config/tutanota-desktop
+blacklist ${HOME}/.config/tvbrowser
+blacklist ${HOME}/.config/uGet
+blacklist ${HOME}/.config/ungoogled-chromium
+blacklist ${HOME}/.config/uzbl
+blacklist ${HOME}/.config/viewnior
+blacklist ${HOME}/.config/vivaldi
+blacklist ${HOME}/.config/vivaldi-snapshot
+blacklist ${HOME}/.config/vlc
+blacklist ${HOME}/.config/wesnoth
+blacklist ${HOME}/.config/wireshark
+blacklist ${HOME}/.config/wormux
+blacklist ${HOME}/.config/xchat
+blacklist ${HOME}/.config/xed
+blacklist ${HOME}/.config/xfburn
+blacklist ${HOME}/.config/xfce4-dict
+blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc
+blacklist ${HOME}/.config/xfce4/xfce4-notes.rc
+blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
+blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
+blacklist ${HOME}/.config/xiaoyong
+blacklist ${HOME}/.config/xmms2
+blacklist ${HOME}/.config/xplayer
+blacklist ${HOME}/.config/xreader
+blacklist ${HOME}/.config/xviewer
+blacklist ${HOME}/.config/yandex-browser
+blacklist ${HOME}/.config/yandex-browser-beta
+blacklist ${HOME}/.config/yelp
+blacklist ${HOME}/.config/youtube-dl
+blacklist ${HOME}/.config/youtube-dlg
+blacklist ${HOME}/.config/youtube-music-desktop-app
+blacklist ${HOME}/.config/youtube-viewer
+blacklist ${HOME}/.config/youtubemusic-nativefier-040164
+blacklist ${HOME}/.config/zathura
+blacklist ${HOME}/.config/zoomus.conf
+blacklist ${HOME}/.conkeror.mozdev.org
+blacklist ${HOME}/.crawl
+blacklist ${HOME}/.cups
+blacklist ${HOME}/.curl-hsts
+blacklist ${HOME}/.curlrc
+blacklist ${HOME}/.dashcore
+blacklist ${HOME}/.devilspie
+blacklist ${HOME}/.dia
+blacklist ${HOME}/.digrc
+blacklist ${HOME}/.dillo
+blacklist ${HOME}/.dooble
+blacklist ${HOME}/.dosbox
+blacklist ${HOME}/.dropbox*
+blacklist ${HOME}/.easystroke
+blacklist ${HOME}/.electron-cache
+blacklist ${HOME}/.electrum*
+blacklist ${HOME}/.elinks
+blacklist ${HOME}/.emacs
+blacklist ${HOME}/.emacs.d
+blacklist ${HOME}/.equalx
+blacklist ${HOME}/.ethereum
+blacklist ${HOME}/.etr
+blacklist ${HOME}/.filezilla
+blacklist ${HOME}/.firedragon
+blacklist ${HOME}/.flowblade
+blacklist ${HOME}/.fltk
+blacklist ${HOME}/.fossamail
+blacklist ${HOME}/.freeciv
+blacklist ${HOME}/.freecol
+blacklist ${HOME}/.freemind
+blacklist ${HOME}/.frogatto
+blacklist ${HOME}/.frozen-bubble
+blacklist ${HOME}/.funnyboat
+blacklist ${HOME}/.gimp*
+blacklist ${HOME}/.gist
+blacklist ${HOME}/.gitconfig
+blacklist ${HOME}/.gl-117
+blacklist ${HOME}/.glaxiumrc
+blacklist ${HOME}/.gnome/gnome-schedule
+blacklist ${HOME}/.googleearth
+blacklist ${HOME}/.gradle
+blacklist ${HOME}/.gramps
+blacklist ${HOME}/.guayadeque
+blacklist ${HOME}/.hashcat
+blacklist ${HOME}/.hedgewars
+blacklist ${HOME}/.hex-a-hop
+blacklist ${HOME}/.hugin
+blacklist ${HOME}/.i2p
+blacklist ${HOME}/.icedove
+blacklist ${HOME}/.imagej
+blacklist ${HOME}/.inkscape
+blacklist ${HOME}/.itch
+blacklist ${HOME}/.jack-server
+blacklist ${HOME}/.jack-settings
+blacklist ${HOME}/.jak
+blacklist ${HOME}/.java
+blacklist ${HOME}/.jd
+blacklist ${HOME}/.jitsi
+blacklist ${HOME}/.jumpnbump
+blacklist ${HOME}/.kde/share/apps/digikam
+blacklist ${HOME}/.kde/share/apps/gwenview
+blacklist ${HOME}/.kde/share/apps/kaffeine
+blacklist ${HOME}/.kde/share/apps/kcookiejar
+blacklist ${HOME}/.kde/share/apps/kget
+blacklist ${HOME}/.kde/share/apps/khtml
+blacklist ${HOME}/.kde/share/apps/klatexformula
+blacklist ${HOME}/.kde/share/apps/konqsidebartng
+blacklist ${HOME}/.kde/share/apps/konqueror
+blacklist ${HOME}/.kde/share/apps/kopete
+blacklist ${HOME}/.kde/share/apps/ktorrent
+blacklist ${HOME}/.kde/share/apps/okular
+blacklist ${HOME}/.kde/share/config/baloofilerc
+blacklist ${HOME}/.kde/share/config/baloorc
+blacklist ${HOME}/.kde/share/config/digikam
+blacklist ${HOME}/.kde/share/config/gwenviewrc
+blacklist ${HOME}/.kde/share/config/k3brc
+blacklist ${HOME}/.kde/share/config/kaffeinerc
+blacklist ${HOME}/.kde/share/config/kcookiejarrc
+blacklist ${HOME}/.kde/share/config/kfindrc
+blacklist ${HOME}/.kde/share/config/kgetrc
+blacklist ${HOME}/.kde/share/config/khtmlrc
+blacklist ${HOME}/.kde/share/config/klipperrc
+blacklist ${HOME}/.kde/share/config/kmplayerrc
+blacklist ${HOME}/.kde/share/config/konq_history
+blacklist ${HOME}/.kde/share/config/konqsidebartngrc
+blacklist ${HOME}/.kde/share/config/konquerorrc
+blacklist ${HOME}/.kde/share/config/konversationrc
+blacklist ${HOME}/.kde/share/config/kopeterc
+blacklist ${HOME}/.kde/share/config/ktorrentrc
+blacklist ${HOME}/.kde/share/config/okularpartrc
+blacklist ${HOME}/.kde/share/config/okularrc
+blacklist ${HOME}/.kde4/share/apps/digikam
+blacklist ${HOME}/.kde4/share/apps/gwenview
+blacklist ${HOME}/.kde4/share/apps/kaffeine
+blacklist ${HOME}/.kde4/share/apps/kcookiejar
+blacklist ${HOME}/.kde4/share/apps/kget
+blacklist ${HOME}/.kde4/share/apps/khtml
+blacklist ${HOME}/.kde4/share/apps/konqsidebartng
+blacklist ${HOME}/.kde4/share/apps/konqueror
+blacklist ${HOME}/.kde4/share/apps/kopete
+blacklist ${HOME}/.kde4/share/apps/ktorrent
+blacklist ${HOME}/.kde4/share/apps/okular
+blacklist ${HOME}/.kde4/share/config/baloofilerc
+blacklist ${HOME}/.kde4/share/config/baloorc
+blacklist ${HOME}/.kde4/share/config/digikam
+blacklist ${HOME}/.kde4/share/config/gwenviewrc
+blacklist ${HOME}/.kde4/share/config/k3brc
+blacklist ${HOME}/.kde4/share/config/kaffeinerc
+blacklist ${HOME}/.kde4/share/config/kcookiejarrc
+blacklist ${HOME}/.kde4/share/config/kfindrc
+blacklist ${HOME}/.kde4/share/config/kgetrc
+blacklist ${HOME}/.kde4/share/config/khtmlrc
+blacklist ${HOME}/.kde4/share/config/klipperrc
+blacklist ${HOME}/.kde4/share/config/konq_history
+blacklist ${HOME}/.kde4/share/config/konqsidebartngrc
+blacklist ${HOME}/.kde4/share/config/konquerorrc
+blacklist ${HOME}/.kde4/share/config/konversationrc
+blacklist ${HOME}/.kde4/share/config/kopeterc
+blacklist ${HOME}/.kde4/share/config/ktorrentrc
+blacklist ${HOME}/.kde4/share/config/okularpartrc
+blacklist ${HOME}/.kde4/share/config/okularrc
+blacklist ${HOME}/.killingfloor
+blacklist ${HOME}/.kingsoft
+blacklist ${HOME}/.kino-history
+blacklist ${HOME}/.kinorc
+blacklist ${HOME}/.klatexformula
+blacklist ${HOME}/.klei
+blacklist ${HOME}/.kodi
+blacklist ${HOME}/.librewolf
+blacklist ${HOME}/.lincity-ng
+blacklist ${HOME}/.links
+blacklist ${HOME}/.links2
+blacklist ${HOME}/.linphone-history.db
+blacklist ${HOME}/.linphonerc
+blacklist ${HOME}/.lmmsrc.xml
+blacklist ${HOME}/.local/lib/vivaldi
+blacklist ${HOME}/.local/share/0ad
+blacklist ${HOME}/.local/share/3909/PapersPlease
+blacklist ${HOME}/.local/share/Anki2
+blacklist ${HOME}/.local/share/Dredmor
+blacklist ${HOME}/.local/share/Empathy
+blacklist ${HOME}/.local/share/Enpass
+blacklist ${HOME}/.local/share/FasterThanLight
+blacklist ${HOME}/.local/share/Flavio Tordini
+blacklist ${HOME}/.local/share/IntoTheBreach
+blacklist ${HOME}/.local/share/JetBrains
+blacklist ${HOME}/.local/share/KDE/neochat
+blacklist ${HOME}/.local/share/Kingsoft
+blacklist ${HOME}/.local/share/LibreCAD
+blacklist ${HOME}/.local/share/Mendeley Ltd.
+blacklist ${HOME}/.local/share/Mumble
+blacklist ${HOME}/.local/share/Nextcloud
+blacklist ${HOME}/.local/share/PBE
+blacklist ${HOME}/.local/share/Paradox Interactive
+blacklist ${HOME}/.local/share/PawelStolowski
+blacklist ${HOME}/.local/share/PillarsOfEternity
+blacklist ${HOME}/.local/share/Psi
+blacklist ${HOME}/.local/share/QGIS
+blacklist ${HOME}/.local/share/QMediathekView
+blacklist ${HOME}/.local/share/QuiteRss
+blacklist ${HOME}/.local/share/Ricochet
+blacklist ${HOME}/.local/share/RogueLegacy
+blacklist ${HOME}/.local/share/RogueLegacyStorageContainer
+blacklist ${HOME}/.local/share/Shortwave
+blacklist ${HOME}/.local/share/Steam
+blacklist ${HOME}/.local/share/SteamWorld Dig 2
+blacklist ${HOME}/.local/share/SteamWorldDig
+blacklist ${HOME}/.local/share/SuperHexagon
+blacklist ${HOME}/.local/share/TelegramDesktop
+blacklist ${HOME}/.local/share/Terraria
+blacklist ${HOME}/.local/share/TpLogger
+blacklist ${HOME}/.local/share/Zeal
+blacklist ${HOME}/.local/share/agenda
+blacklist ${HOME}/.local/share/akonadi*
+blacklist ${HOME}/.local/share/akregator
+blacklist ${HOME}/.local/share/apps/korganizer
+blacklist ${HOME}/.local/share/aspyr-media
+blacklist ${HOME}/.local/share/authenticator-rs
+blacklist ${HOME}/.local/share/autokey
+blacklist ${HOME}/.local/share/backintime
+blacklist ${HOME}/.local/share/baloo
+blacklist ${HOME}/.local/share/barrier
+blacklist ${HOME}/.local/share/bibletime
+blacklist ${HOME}/.local/share/bijiben
+blacklist ${HOME}/.local/share/bohemiainteractive
+blacklist ${HOME}/.local/share/caja-python
+blacklist ${HOME}/.local/share/calligragemini
+blacklist ${HOME}/.local/share/cantata
+blacklist ${HOME}/.local/share/cdprojektred
+blacklist ${HOME}/.local/share/clipit
+blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate
+blacklist ${HOME}/.local/share/contacts
+blacklist ${HOME}/.local/share/cor-games
+blacklist ${HOME}/.local/share/data/Mendeley Ltd.
+blacklist ${HOME}/.local/share/data/Mumble
+blacklist ${HOME}/.local/share/data/MusE
+blacklist ${HOME}/.local/share/data/MuseScore
+blacklist ${HOME}/.local/share/data/nomacs
+blacklist ${HOME}/.local/share/data/qBittorrent
+blacklist ${HOME}/.local/share/dino
+blacklist ${HOME}/.local/share/dolphin
+blacklist ${HOME}/.local/share/dolphin-emu
+blacklist ${HOME}/.local/share/emailidentities
+blacklist ${HOME}/.local/share/epiphany
+blacklist ${HOME}/.local/share/evolution
+blacklist ${HOME}/.local/share/feedreader
+blacklist ${HOME}/.local/share/feral-interactive
+blacklist ${HOME}/.local/share/five-or-more
+blacklist ${HOME}/.local/share/freecol
+blacklist ${HOME}/.local/share/gajim
+blacklist ${HOME}/.local/share/geary
+blacklist ${HOME}/.local/share/geeqie
+blacklist ${HOME}/.local/share/ghostwriter
+blacklist ${HOME}/.local/share/gitg
+blacklist ${HOME}/.local/share/gnome-2048
+blacklist ${HOME}/.local/share/gnome-boxes
+blacklist ${HOME}/.local/share/gnome-builder
+blacklist ${HOME}/.local/share/gnome-chess
+blacklist ${HOME}/.local/share/gnome-klotski
+blacklist ${HOME}/.local/share/gnome-latex
+blacklist ${HOME}/.local/share/gnome-mines
+blacklist ${HOME}/.local/share/gnome-music
+blacklist ${HOME}/.local/share/gnome-nibbles
+blacklist ${HOME}/.local/share/gnome-photos
+blacklist ${HOME}/.local/share/gnome-pomodoro
+blacklist ${HOME}/.local/share/gnome-recipes
+blacklist ${HOME}/.local/share/gnome-ring
+blacklist ${HOME}/.local/share/gnome-sudoku
+blacklist ${HOME}/.local/share/gnome-twitch
+blacklist ${HOME}/.local/share/gnote
+blacklist ${HOME}/.local/share/godot
+blacklist ${HOME}/.local/share/gradio
+blacklist ${HOME}/.local/share/gwenview
+blacklist ${HOME}/.local/share/i2p
+blacklist ${HOME}/.local/share/jami
+blacklist ${HOME}/.local/share/kaffeine
+blacklist ${HOME}/.local/share/kalgebra
+blacklist ${HOME}/.local/share/kate
+blacklist ${HOME}/.local/share/kdenlive
+blacklist ${HOME}/.local/share/kget
+blacklist ${HOME}/.local/share/kiwix
+blacklist ${HOME}/.local/share/kiwix-desktop
+blacklist ${HOME}/.local/share/klavaro
+blacklist ${HOME}/.local/share/kmail2
+blacklist ${HOME}/.local/share/kmplayer
+blacklist ${HOME}/.local/share/knotes
+blacklist ${HOME}/.local/share/krita
+blacklist ${HOME}/.local/share/ktorrent
+blacklist ${HOME}/.local/share/ktorrentrc
+blacklist ${HOME}/.local/share/ktouch
+blacklist ${HOME}/.local/share/kube
+blacklist ${HOME}/.local/share/kwrite
+blacklist ${HOME}/.local/share/kxmlgui5/*
+blacklist ${HOME}/.local/share/liferea
+blacklist ${HOME}/.local/share/linphone
+blacklist ${HOME}/.local/share/local-mail
+blacklist ${HOME}/.local/share/lollypop
+blacklist ${HOME}/.local/share/love
+blacklist ${HOME}/.local/share/lugaru
+blacklist ${HOME}/.local/share/lutris
+blacklist ${HOME}/.local/share/man
+blacklist ${HOME}/.local/share/mana
+blacklist ${HOME}/.local/share/maps-places.json
+blacklist ${HOME}/.local/share/matrix-mirage
+blacklist ${HOME}/.local/share/mcomix
+blacklist ${HOME}/.local/share/meld
+blacklist ${HOME}/.local/share/midori
+blacklist ${HOME}/.local/share/minder
+blacklist ${HOME}/.local/share/mirage
+blacklist ${HOME}/.local/share/multimc
+blacklist ${HOME}/.local/share/multimc5
+blacklist ${HOME}/.local/share/mupen64plus
+blacklist ${HOME}/.local/share/mypaint
+blacklist ${HOME}/.local/share/nautilus
+blacklist ${HOME}/.local/share/nautilus-python
+blacklist ${HOME}/.local/share/nemo
+blacklist ${HOME}/.local/share/nemo-python
+blacklist ${HOME}/.local/share/news-flash
+blacklist ${HOME}/.local/share/newsbeuter
+blacklist ${HOME}/.local/share/newsboat
+blacklist ${HOME}/.local/share/nheko
+blacklist ${HOME}/.local/share/nomacs
+blacklist ${HOME}/.local/share/notes
+blacklist ${HOME}/.local/share/ocenaudio
+blacklist ${HOME}/.local/share/okular
+blacklist ${HOME}/.local/share/onlyoffice
+blacklist ${HOME}/.local/share/openmw
+blacklist ${HOME}/.local/share/orage
+blacklist ${HOME}/.local/share/org.kde.gwenview
+blacklist ${HOME}/.local/share/pix
+blacklist ${HOME}/.local/share/plasma_notes
+blacklist ${HOME}/.local/share/profanity
+blacklist ${HOME}/.local/share/psi
+blacklist ${HOME}/.local/share/psi+
+blacklist ${HOME}/.local/share/qpdfview
+blacklist ${HOME}/.local/share/quadrapassel
+blacklist ${HOME}/.local/share/qutebrowser
+blacklist ${HOME}/.local/share/remmina
+blacklist ${HOME}/.local/share/rhythmbox
+blacklist ${HOME}/.local/share/rtv
+blacklist ${HOME}/.local/share/scribus
+blacklist ${HOME}/.local/share/shotwell
+blacklist ${HOME}/.local/share/signal-cli
+blacklist ${HOME}/.local/share/sink
+blacklist ${HOME}/.local/share/smuxi
+blacklist ${HOME}/.local/share/spotify
+blacklist ${HOME}/.local/share/steam
+blacklist ${HOME}/.local/share/strawberry
+blacklist ${HOME}/.local/share/supertux2
+blacklist ${HOME}/.local/share/supertuxkart
+blacklist ${HOME}/.local/share/swell-foop
+blacklist ${HOME}/.local/share/telepathy
+blacklist ${HOME}/.local/share/terasology
+blacklist ${HOME}/.local/share/torbrowser
+blacklist ${HOME}/.local/share/totem
+blacklist ${HOME}/.local/share/uzbl
+blacklist ${HOME}/.local/share/vlc
+blacklist ${HOME}/.local/share/vpltd
+blacklist ${HOME}/.local/share/vulkan
+blacklist ${HOME}/.local/share/warsow-2.1
+blacklist ${HOME}/.local/share/wesnoth
+blacklist ${HOME}/.local/share/wormux
+blacklist ${HOME}/.local/share/xplayer
+blacklist ${HOME}/.local/share/xreader
+blacklist ${HOME}/.local/share/zathura
+blacklist ${HOME}/.lv2
+blacklist ${HOME}/.lyx
+blacklist ${HOME}/.magicor
+blacklist ${HOME}/.masterpdfeditor
+blacklist ${HOME}/.mbwarband
+blacklist ${HOME}/.mcabber
+blacklist ${HOME}/.mcabberrc
+blacklist ${HOME}/.mediathek3
+blacklist ${HOME}/.megaglest
+blacklist ${HOME}/.minecraft
+blacklist ${HOME}/.minetest
+blacklist ${HOME}/.mirrormagic
+blacklist ${HOME}/.moc
+blacklist ${HOME}/.moonchild productions/basilisk
+blacklist ${HOME}/.moonchild productions/pale moon
+blacklist ${HOME}/.mozilla
+blacklist ${HOME}/.mp3splt-gtk
+blacklist ${HOME}/.mpd
+blacklist ${HOME}/.mpdconf
+blacklist ${HOME}/.mplayer
+blacklist ${HOME}/.msmtprc
+blacklist ${HOME}/.multimc5
+blacklist ${HOME}/.nanorc
+blacklist ${HOME}/.netactview
+blacklist ${HOME}/.neverball
+blacklist ${HOME}/.newsbeuter
+blacklist ${HOME}/.newsboat
+blacklist ${HOME}/.newsrc
+blacklist ${HOME}/.nicotine
+blacklist ${HOME}/.node-gyp
+blacklist ${HOME}/.npm
+blacklist ${HOME}/.npmrc
+blacklist ${HOME}/.nv
+blacklist ${HOME}/.nvm
+blacklist ${HOME}/.nylas-mail
+blacklist ${HOME}/.openarena
+blacklist ${HOME}/.opencity
+blacklist ${HOME}/.openinvaders
+blacklist ${HOME}/.openshot
+blacklist ${HOME}/.openshot_qt
+blacklist ${HOME}/.openttd
+blacklist ${HOME}/.opera
+blacklist ${HOME}/.opera-beta
+blacklist ${HOME}/.ostrichriders
+blacklist ${HOME}/.paradoxinteractive
+blacklist ${HOME}/.parallelrealities/blobwars
+blacklist ${HOME}/.pcsxr
+blacklist ${HOME}/.penguin-command
+blacklist ${HOME}/.pine-crash
+blacklist ${HOME}/.pine-debug1
+blacklist ${HOME}/.pine-debug2
+blacklist ${HOME}/.pine-debug3
+blacklist ${HOME}/.pine-debug4
+blacklist ${HOME}/.pine-interrupted-mail
+blacklist ${HOME}/.pinerc
+blacklist ${HOME}/.pinercex
+blacklist ${HOME}/.pingus
+blacklist ${HOME}/.pioneer
+blacklist ${HOME}/.purple
+blacklist ${HOME}/.pylint.d
+blacklist ${HOME}/.qemu-launcher
+blacklist ${HOME}/.qgis2
+blacklist ${HOME}/.qmmp
+blacklist ${HOME}/.quodlibet
+blacklist ${HOME}/.redeclipse
+blacklist ${HOME}/.remmina
+blacklist ${HOME}/.repo_.gitconfig.json
+blacklist ${HOME}/.repoconfig
+blacklist ${HOME}/.retroshare
+blacklist ${HOME}/.ripperXrc
+blacklist ${HOME}/.scorched3d
+blacklist ${HOME}/.scribus
+blacklist ${HOME}/.scribusrc
+blacklist ${HOME}/.simutrans
+blacklist ${HOME}/.smartgit/*/passwords
+blacklist ${HOME}/.ssr
+blacklist ${HOME}/.steam
+blacklist ${HOME}/.steampath
+blacklist ${HOME}/.steampid
+blacklist ${HOME}/.stellarium
+blacklist ${HOME}/.subversion
+blacklist ${HOME}/.surf
+blacklist ${HOME}/.suve/colorful
+blacklist ${HOME}/.swb.ini
+blacklist ${HOME}/.sword
+blacklist ${HOME}/.sylpheed-2.0
+blacklist ${HOME}/.synfig
+blacklist ${HOME}/.tb
+blacklist ${HOME}/.tconn
+blacklist ${HOME}/.teeworlds
+blacklist ${HOME}/.texlive20*
+blacklist ${HOME}/.thunderbird
+blacklist ${HOME}/.tilp
+blacklist ${HOME}/.tin
+blacklist ${HOME}/.tooling
+blacklist ${HOME}/.tor-browser*
+blacklist ${HOME}/.torcs
+blacklist ${HOME}/.tremulous
+blacklist ${HOME}/.ts3client
+blacklist ${HOME}/.tuxguitar*
+blacklist ${HOME}/.tvbrowser
+blacklist ${HOME}/.unknown-horizons
+blacklist ${HOME}/.viking
+blacklist ${HOME}/.viking-maps
+blacklist ${HOME}/.vim
+blacklist ${HOME}/.vimrc
+blacklist ${HOME}/.vmware
+blacklist ${HOME}/.vscode
+blacklist ${HOME}/.vscode-oss
+blacklist ${HOME}/.vst
+blacklist ${HOME}/.vultures
+blacklist ${HOME}/.w3m
+blacklist ${HOME}/.warzone2100-3.*
+blacklist ${HOME}/.waterfox
+blacklist ${HOME}/.weechat
+blacklist ${HOME}/.wget-hsts
+blacklist ${HOME}/.wgetrc
+blacklist ${HOME}/.widelands
+blacklist ${HOME}/.wine
+blacklist ${HOME}/.wine64
+blacklist ${HOME}/.wireshark
+blacklist ${HOME}/.wordwarvi
+blacklist ${HOME}/.wormux
+blacklist ${HOME}/.xiphos
+blacklist ${HOME}/.xmind
+blacklist ${HOME}/.xmms
+blacklist ${HOME}/.xmr-stak
+blacklist ${HOME}/.xonotic
+blacklist ${HOME}/.xournalpp
+blacklist ${HOME}/.xpdfrc
+blacklist ${HOME}/.yarn
+blacklist ${HOME}/.yarn-config
+blacklist ${HOME}/.yarncache
+blacklist ${HOME}/.yarnrc
+blacklist ${HOME}/.zoom
+blacklist ${HOME}/Arduino
+blacklist ${HOME}/Monero/wallets
+blacklist ${HOME}/Nextcloud
+blacklist ${HOME}/Nextcloud/Notes
+blacklist ${HOME}/SoftMaker
+blacklist ${HOME}/Standard Notes Backups
+blacklist ${HOME}/TeamSpeak3-Client-linux_amd64
+blacklist ${HOME}/TeamSpeak3-Client-linux_x86
+blacklist ${HOME}/hyperrogue.ini
+blacklist ${HOME}/i2p
+blacklist ${HOME}/mps
+blacklist ${HOME}/wallet.dat
+blacklist /tmp/.wine-*
+blacklist /tmp/akonadi-*
+blacklist /var/games/nethack
+blacklist /var/games/slashem
+blacklist /var/games/vulturesclaw
+blacklist /var/games/vultureseye
+blacklist /var/lib/games/Maelstrom-Scores
 
 # ${HOME}/.cache directory
-deny  ${HOME}/.cache/0ad
-deny  ${HOME}/.cache/8pecxstudios
-deny  ${HOME}/.cache/Authenticator
-deny  ${HOME}/.cache/BraveSoftware
-deny  ${HOME}/.cache/Clementine
-deny  ${HOME}/.cache/ENCOM/Spectral
-deny  ${HOME}/.cache/Enox
-deny  ${HOME}/.cache/Enpass
-deny  ${HOME}/.cache/Ferdi
-deny  ${HOME}/.cache/Flavio Tordini
-deny  ${HOME}/.cache/Franz
-deny  ${HOME}/.cache/INRIA
-deny  ${HOME}/.cache/INRIA/Natron
-deny  ${HOME}/.cache/KDE/neochat
-deny  ${HOME}/.cache/Mendeley Ltd.
-deny  ${HOME}/.cache/MusicBrainz
-deny  ${HOME}/.cache/NewsFlashGTK
-deny  ${HOME}/.cache/Otter
-deny  ${HOME}/.cache/PawelStolowski
-deny  ${HOME}/.cache/Psi
-deny  ${HOME}/.cache/QuiteRss
-deny  ${HOME}/.cache/Quotient/quaternion
-deny  ${HOME}/.cache/Shortwave
-deny  ${HOME}/.cache/Tox
-deny  ${HOME}/.cache/Zeal
-deny  ${HOME}/.cache/agenda
-deny  ${HOME}/.cache/akonadi*
-deny  ${HOME}/.cache/atril
-deny  ${HOME}/.cache/attic
-deny  ${HOME}/.cache/babl
-deny  ${HOME}/.cache/bnox
-deny  ${HOME}/.cache/borg
-deny  ${HOME}/.cache/calibre
-deny  ${HOME}/.cache/cantata
-deny  ${HOME}/.cache/champlain
-deny  ${HOME}/.cache/chromium
-deny  ${HOME}/.cache/chromium-dev
-deny  ${HOME}/.cache/cliqz
-deny  ${HOME}/.cache/com.github.johnfactotum.Foliate
-deny  ${HOME}/.cache/darktable
-deny  ${HOME}/.cache/deja-dup
-deny  ${HOME}/.cache/discover
-deny  ${HOME}/.cache/dnox
-deny  ${HOME}/.cache/dolphin
-deny  ${HOME}/.cache/dolphin-emu
-deny  ${HOME}/.cache/ephemeral
-deny  ${HOME}/.cache/epiphany
-deny  ${HOME}/.cache/evolution
-deny  ${HOME}/.cache/falkon
-deny  ${HOME}/.cache/feedreader
-deny  ${HOME}/.cache/firedragon
-deny  ${HOME}/.cache/flaska.net/trojita
-deny  ${HOME}/.cache/folks
-deny  ${HOME}/.cache/font-manager
-deny  ${HOME}/.cache/fossamail
-deny  ${HOME}/.cache/fractal
-deny  ${HOME}/.cache/freecol
-deny  ${HOME}/.cache/gajim
-deny  ${HOME}/.cache/geary
-deny  ${HOME}/.cache/geeqie
-deny  ${HOME}/.cache/gegl-0.4
-deny  ${HOME}/.cache/gfeeds
-deny  ${HOME}/.cache/gimp
-deny  ${HOME}/.cache/gnome-boxes
-deny  ${HOME}/.cache/gnome-builder
-deny  ${HOME}/.cache/gnome-control-center
-deny  ${HOME}/.cache/gnome-recipes
-deny  ${HOME}/.cache/gnome-screenshot
-deny  ${HOME}/.cache/gnome-software
-deny  ${HOME}/.cache/gnome-twitch
-deny  ${HOME}/.cache/godot
-deny  ${HOME}/.cache/google-chrome
-deny  ${HOME}/.cache/google-chrome-beta
-deny  ${HOME}/.cache/google-chrome-unstable
-deny  ${HOME}/.cache/gradio
-deny  ${HOME}/.cache/gummi
-deny  ${HOME}/.cache/icedove
-deny  ${HOME}/.cache/inkscape
-deny  ${HOME}/.cache/inox
-deny  ${HOME}/.cache/iridium
-deny  ${HOME}/.cache/JetBrains/CLion*
-deny  ${HOME}/.cache/kcmshell5
-deny  ${HOME}/.cache/kdenlive
-deny  ${HOME}/.cache/keepassxc
-deny  ${HOME}/.cache/kfind
-deny  ${HOME}/.cache/kinfocenter
-deny  ${HOME}/.cache/kmail2
-deny  ${HOME}/.cache/krunner
-deny  ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite*
-deny  ${HOME}/.cache/kscreenlocker_greet
-deny  ${HOME}/.cache/ksmserver-logout-greeter
-deny  ${HOME}/.cache/ksplashqml
-deny  ${HOME}/.cache/kube
-deny  ${HOME}/.cache/kwin
-deny  ${HOME}/.cache/libgweather
-deny  ${HOME}/.cache/librewolf
-deny  ${HOME}/.cache/liferea
-deny  ${HOME}/.cache/lutris
-deny  ${HOME}/.cache/marker
-deny  ${HOME}/.cache/matrix-mirage
-deny  ${HOME}/.cache/microsoft-edge-dev
-deny  ${HOME}/.cache/midori
-deny  ${HOME}/.cache/minetest
-deny  ${HOME}/.cache/mirage
-deny  ${HOME}/.cache/moonchild productions/basilisk
-deny  ${HOME}/.cache/moonchild productions/pale moon
-deny  ${HOME}/.cache/mozilla
-deny  ${HOME}/.cache/ms-excel-online
-deny  ${HOME}/.cache/ms-office-online
-deny  ${HOME}/.cache/ms-onenote-online
-deny  ${HOME}/.cache/ms-outlook-online
-deny  ${HOME}/.cache/ms-powerpoint-online
-deny  ${HOME}/.cache/ms-skype-online
-deny  ${HOME}/.cache/ms-word-online
-deny  ${HOME}/.cache/mutt
-deny  ${HOME}/.cache/mypaint
-deny  ${HOME}/.cache/netsurf
-deny  ${HOME}/.cache/nheko
-deny  ${HOME}/.cache/okular
-deny  ${HOME}/.cache/opera
-deny  ${HOME}/.cache/opera-beta
-deny  ${HOME}/.cache/org.gabmus.gfeeds
-deny  ${HOME}/.cache/org.gnome.Books
-deny  ${HOME}/.cache/org.gnome.Maps
-deny  ${HOME}/.cache/pdfmod
-deny  ${HOME}/.cache/peek
-deny  ${HOME}/.cache/pip
-deny  ${HOME}/.cache/pipe-viewer
-deny  ${HOME}/.cache/plasmashell
-deny  ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite*
-deny  ${HOME}/.cache/psi
-deny  ${HOME}/.cache/qBittorrent
-deny  ${HOME}/.cache/quodlibet
-deny  ${HOME}/.cache/qupzilla
-deny  ${HOME}/.cache/qutebrowser
-deny  ${HOME}/.cache/rhythmbox
-deny  ${HOME}/.cache/shotwell
-deny  ${HOME}/.cache/simple-scan
-deny  ${HOME}/.cache/slimjet
-deny  ${HOME}/.cache/smuxi
-deny  ${HOME}/.cache/snox
-deny  ${HOME}/.cache/spotify
-deny  ${HOME}/.cache/straw-viewer
-deny  ${HOME}/.cache/strawberry
-deny  ${HOME}/.cache/supertuxkart
-deny  ${HOME}/.cache/systemsettings
-deny  ${HOME}/.cache/telepathy
-deny  ${HOME}/.cache/thunderbird
-deny  ${HOME}/.cache/torbrowser
-deny  ${HOME}/.cache/transmission
-deny  ${HOME}/.cache/ungoogled-chromium
-deny  ${HOME}/.cache/vivaldi
-deny  ${HOME}/.cache/vivaldi-snapshot
-deny  ${HOME}/.cache/vlc
-deny  ${HOME}/.cache/vmware
-deny  ${HOME}/.cache/warsow-2.1
-deny  ${HOME}/.cache/waterfox
-deny  ${HOME}/.cache/wesnoth
-deny  ${HOME}/.cache/winetricks
-deny  ${HOME}/.cache/xmms2
-deny  ${HOME}/.cache/xreader
-deny  ${HOME}/.cache/yandex-browser
-deny  ${HOME}/.cache/yandex-browser-beta
-deny  ${HOME}/.cache/youtube-dl
-deny  ${HOME}/.cache/youtube-viewer
+blacklist ${HOME}/.cache/0ad
+blacklist ${HOME}/.cache/8pecxstudios
+blacklist ${HOME}/.cache/Authenticator
+blacklist ${HOME}/.cache/BraveSoftware
+blacklist ${HOME}/.cache/Clementine
+blacklist ${HOME}/.cache/ENCOM/Spectral
+blacklist ${HOME}/.cache/Enox
+blacklist ${HOME}/.cache/Enpass
+blacklist ${HOME}/.cache/Ferdi
+blacklist ${HOME}/.cache/Flavio Tordini
+blacklist ${HOME}/.cache/Franz
+blacklist ${HOME}/.cache/INRIA
+blacklist ${HOME}/.cache/INRIA/Natron
+blacklist ${HOME}/.cache/KDE/neochat
+blacklist ${HOME}/.cache/Mendeley Ltd.
+blacklist ${HOME}/.cache/MusicBrainz
+blacklist ${HOME}/.cache/NewsFlashGTK
+blacklist ${HOME}/.cache/Otter
+blacklist ${HOME}/.cache/PawelStolowski
+blacklist ${HOME}/.cache/Psi
+blacklist ${HOME}/.cache/QuiteRss
+blacklist ${HOME}/.cache/Quotient/quaternion
+blacklist ${HOME}/.cache/Shortwave
+blacklist ${HOME}/.cache/Tox
+blacklist ${HOME}/.cache/Zeal
+blacklist ${HOME}/.cache/agenda
+blacklist ${HOME}/.cache/akonadi*
+blacklist ${HOME}/.cache/atril
+blacklist ${HOME}/.cache/attic
+blacklist ${HOME}/.cache/babl
+blacklist ${HOME}/.cache/bnox
+blacklist ${HOME}/.cache/borg
+blacklist ${HOME}/.cache/calibre
+blacklist ${HOME}/.cache/cantata
+blacklist ${HOME}/.cache/champlain
+blacklist ${HOME}/.cache/chromium
+blacklist ${HOME}/.cache/chromium-dev
+blacklist ${HOME}/.cache/cliqz
+blacklist ${HOME}/.cache/com.github.johnfactotum.Foliate
+blacklist ${HOME}/.cache/darktable
+blacklist ${HOME}/.cache/deja-dup
+blacklist ${HOME}/.cache/discover
+blacklist ${HOME}/.cache/dnox
+blacklist ${HOME}/.cache/dolphin
+blacklist ${HOME}/.cache/dolphin-emu
+blacklist ${HOME}/.cache/ephemeral
+blacklist ${HOME}/.cache/epiphany
+blacklist ${HOME}/.cache/evolution
+blacklist ${HOME}/.cache/falkon
+blacklist ${HOME}/.cache/feedreader
+blacklist ${HOME}/.cache/firedragon
+blacklist ${HOME}/.cache/flaska.net/trojita
+blacklist ${HOME}/.cache/folks
+blacklist ${HOME}/.cache/font-manager
+blacklist ${HOME}/.cache/fossamail
+blacklist ${HOME}/.cache/fractal
+blacklist ${HOME}/.cache/freecol
+blacklist ${HOME}/.cache/gajim
+blacklist ${HOME}/.cache/geary
+blacklist ${HOME}/.cache/geeqie
+blacklist ${HOME}/.cache/gegl-0.4
+blacklist ${HOME}/.cache/gfeeds
+blacklist ${HOME}/.cache/gimp
+blacklist ${HOME}/.cache/gnome-boxes
+blacklist ${HOME}/.cache/gnome-builder
+blacklist ${HOME}/.cache/gnome-control-center
+blacklist ${HOME}/.cache/gnome-recipes
+blacklist ${HOME}/.cache/gnome-screenshot
+blacklist ${HOME}/.cache/gnome-software
+blacklist ${HOME}/.cache/gnome-twitch
+blacklist ${HOME}/.cache/godot
+blacklist ${HOME}/.cache/google-chrome
+blacklist ${HOME}/.cache/google-chrome-beta
+blacklist ${HOME}/.cache/google-chrome-unstable
+blacklist ${HOME}/.cache/gradio
+blacklist ${HOME}/.cache/gummi
+blacklist ${HOME}/.cache/icedove
+blacklist ${HOME}/.cache/inkscape
+blacklist ${HOME}/.cache/inox
+blacklist ${HOME}/.cache/iridium
+blacklist ${HOME}/.cache/JetBrains/CLion*
+blacklist ${HOME}/.cache/kcmshell5
+blacklist ${HOME}/.cache/kdenlive
+blacklist ${HOME}/.cache/keepassxc
+blacklist ${HOME}/.cache/kfind
+blacklist ${HOME}/.cache/kinfocenter
+blacklist ${HOME}/.cache/kmail2
+blacklist ${HOME}/.cache/krunner
+blacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite*
+blacklist ${HOME}/.cache/kscreenlocker_greet
+blacklist ${HOME}/.cache/ksmserver-logout-greeter
+blacklist ${HOME}/.cache/ksplashqml
+blacklist ${HOME}/.cache/kube
+blacklist ${HOME}/.cache/kwin
+blacklist ${HOME}/.cache/libgweather
+blacklist ${HOME}/.cache/librewolf
+blacklist ${HOME}/.cache/liferea
+blacklist ${HOME}/.cache/lutris
+blacklist ${HOME}/.cache/marker
+blacklist ${HOME}/.cache/matrix-mirage
+blacklist ${HOME}/.cache/microsoft-edge-dev
+blacklist ${HOME}/.cache/midori
+blacklist ${HOME}/.cache/minetest
+blacklist ${HOME}/.cache/mirage
+blacklist ${HOME}/.cache/moonchild productions/basilisk
+blacklist ${HOME}/.cache/moonchild productions/pale moon
+blacklist ${HOME}/.cache/mozilla
+blacklist ${HOME}/.cache/ms-excel-online
+blacklist ${HOME}/.cache/ms-office-online
+blacklist ${HOME}/.cache/ms-onenote-online
+blacklist ${HOME}/.cache/ms-outlook-online
+blacklist ${HOME}/.cache/ms-powerpoint-online
+blacklist ${HOME}/.cache/ms-skype-online
+blacklist ${HOME}/.cache/ms-word-online
+blacklist ${HOME}/.cache/mutt
+blacklist ${HOME}/.cache/mypaint
+blacklist ${HOME}/.cache/netsurf
+blacklist ${HOME}/.cache/nheko
+blacklist ${HOME}/.cache/okular
+blacklist ${HOME}/.cache/opera
+blacklist ${HOME}/.cache/opera-beta
+blacklist ${HOME}/.cache/org.gabmus.gfeeds
+blacklist ${HOME}/.cache/org.gnome.Books
+blacklist ${HOME}/.cache/org.gnome.Maps
+blacklist ${HOME}/.cache/pdfmod
+blacklist ${HOME}/.cache/peek
+blacklist ${HOME}/.cache/pip
+blacklist ${HOME}/.cache/pipe-viewer
+blacklist ${HOME}/.cache/plasmashell
+blacklist ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite*
+blacklist ${HOME}/.cache/psi
+blacklist ${HOME}/.cache/qBittorrent
+blacklist ${HOME}/.cache/quodlibet
+blacklist ${HOME}/.cache/qupzilla
+blacklist ${HOME}/.cache/qutebrowser
+blacklist ${HOME}/.cache/rhythmbox
+blacklist ${HOME}/.cache/shotwell
+blacklist ${HOME}/.cache/simple-scan
+blacklist ${HOME}/.cache/slimjet
+blacklist ${HOME}/.cache/smuxi
+blacklist ${HOME}/.cache/snox
+blacklist ${HOME}/.cache/spotify
+blacklist ${HOME}/.cache/straw-viewer
+blacklist ${HOME}/.cache/strawberry
+blacklist ${HOME}/.cache/supertuxkart
+blacklist ${HOME}/.cache/systemsettings
+blacklist ${HOME}/.cache/telepathy
+blacklist ${HOME}/.cache/thunderbird
+blacklist ${HOME}/.cache/torbrowser
+blacklist ${HOME}/.cache/transmission
+blacklist ${HOME}/.cache/ungoogled-chromium
+blacklist ${HOME}/.cache/vivaldi
+blacklist ${HOME}/.cache/vivaldi-snapshot
+blacklist ${HOME}/.cache/vlc
+blacklist ${HOME}/.cache/vmware
+blacklist ${HOME}/.cache/warsow-2.1
+blacklist ${HOME}/.cache/waterfox
+blacklist ${HOME}/.cache/wesnoth
+blacklist ${HOME}/.cache/winetricks
+blacklist ${HOME}/.cache/xmms2
+blacklist ${HOME}/.cache/xreader
+blacklist ${HOME}/.cache/yandex-browser
+blacklist ${HOME}/.cache/yandex-browser-beta
+blacklist ${HOME}/.cache/youtube-dl
+blacklist ${HOME}/.cache/youtube-viewer
diff --git a/etc/inc/disable-shell.inc b/etc/inc/disable-shell.inc
index da6fb31a38e..8274b021597 100644
--- a/etc/inc/disable-shell.inc
+++ b/etc/inc/disable-shell.inc
@@ -2,14 +2,14 @@
 # Persistent customizations should go in a .local file.
 include disable-shell.local
 
-deny  ${PATH}/bash
-deny  ${PATH}/csh
-deny  ${PATH}/dash
-deny  ${PATH}/fish
-deny  ${PATH}/ksh
-deny  ${PATH}/mksh
-deny  ${PATH}/oksh
-deny  ${PATH}/sh
-deny  ${PATH}/tclsh
-deny  ${PATH}/tcsh
-deny  ${PATH}/zsh
+blacklist ${PATH}/bash
+blacklist ${PATH}/csh
+blacklist ${PATH}/dash
+blacklist ${PATH}/fish
+blacklist ${PATH}/ksh
+blacklist ${PATH}/mksh
+blacklist ${PATH}/oksh
+blacklist ${PATH}/sh
+blacklist ${PATH}/tclsh
+blacklist ${PATH}/tcsh
+blacklist ${PATH}/zsh
diff --git a/etc/inc/disable-xdg.inc b/etc/inc/disable-xdg.inc
index 32aa8c7f6bd..22acf272d8b 100644
--- a/etc/inc/disable-xdg.inc
+++ b/etc/inc/disable-xdg.inc
@@ -2,10 +2,10 @@
 # Persistent customizations should go in a .local file.
 include disable-xdg.local
 
-deny  ${DOCUMENTS}
-deny  ${MUSIC}
-deny  ${PICTURES}
-deny  ${VIDEOS}
+blacklist ${DOCUMENTS}
+blacklist ${MUSIC}
+blacklist ${PICTURES}
+blacklist ${VIDEOS}
 
 # The following should be considered catch-all directories
 #blacklist ${DESKTOP}
diff --git a/etc/inc/whitelist-1793-workaround.inc b/etc/inc/whitelist-1793-workaround.inc
index 06a424440d1..862837f1233 100644
--- a/etc/inc/whitelist-1793-workaround.inc
+++ b/etc/inc/whitelist-1793-workaround.inc
@@ -3,27 +3,27 @@
 include whitelist-1793-workaround.local
 # This works around bug 1793, and allows whitelisting to be used for some KDE applications.
 
-nodeny  ${HOME}/.config/ibus
-nodeny  ${HOME}/.config/mimeapps.list
-nodeny  ${HOME}/.config/pkcs11
-nodeny  ${HOME}/.config/user-dirs.dirs
-nodeny  ${HOME}/.config/user-dirs.locale
-nodeny  ${HOME}/.config/dconf
-nodeny  ${HOME}/.config/fontconfig
-nodeny  ${HOME}/.config/gtk-2.0
-nodeny  ${HOME}/.config/gtk-3.0
-nodeny  ${HOME}/.config/gtk-4.0
-nodeny  ${HOME}/.config/gtkrc
-nodeny  ${HOME}/.config/gtkrc-2.0
-nodeny  ${HOME}/.config/Kvantum
-nodeny  ${HOME}/.config/Trolltech.conf
-nodeny  ${HOME}/.config/QtProject.conf
-nodeny  ${HOME}/.config/kdeglobals
-nodeny  ${HOME}/.config/kio_httprc
-nodeny  ${HOME}/.config/kioslaverc
-nodeny  ${HOME}/.config/ksslcablacklist
-nodeny  ${HOME}/.config/qt5ct
-nodeny  ${HOME}/.config/qtcurve
+noblacklist ${HOME}/.config/ibus
+noblacklist ${HOME}/.config/mimeapps.list
+noblacklist ${HOME}/.config/pkcs11
+noblacklist ${HOME}/.config/user-dirs.dirs
+noblacklist ${HOME}/.config/user-dirs.locale
+noblacklist ${HOME}/.config/dconf
+noblacklist ${HOME}/.config/fontconfig
+noblacklist ${HOME}/.config/gtk-2.0
+noblacklist ${HOME}/.config/gtk-3.0
+noblacklist ${HOME}/.config/gtk-4.0
+noblacklist ${HOME}/.config/gtkrc
+noblacklist ${HOME}/.config/gtkrc-2.0
+noblacklist ${HOME}/.config/Kvantum
+noblacklist ${HOME}/.config/Trolltech.conf
+noblacklist ${HOME}/.config/QtProject.conf
+noblacklist ${HOME}/.config/kdeglobals
+noblacklist ${HOME}/.config/kio_httprc
+noblacklist ${HOME}/.config/kioslaverc
+noblacklist ${HOME}/.config/ksslcablacklist
+noblacklist ${HOME}/.config/qt5ct
+noblacklist ${HOME}/.config/qtcurve
 
-deny  ${HOME}/.config/*
-allow  ${HOME}/.config
+blacklist ${HOME}/.config/*
+whitelist ${HOME}/.config
diff --git a/etc/inc/whitelist-common.inc b/etc/inc/whitelist-common.inc
index 11070e3724c..fedfb2bc2a1 100644
--- a/etc/inc/whitelist-common.inc
+++ b/etc/inc/whitelist-common.inc
@@ -4,82 +4,82 @@ include whitelist-common.local
 
 # common whitelist for all profiles
 
-allow  ${HOME}/.XCompose
-allow  ${HOME}/.alsaequal.bin
-allow  ${HOME}/.asoundrc
-allow  ${HOME}/.config/ibus
-allow  ${HOME}/.config/mimeapps.list
-allow  ${HOME}/.config/pkcs11
+whitelist ${HOME}/.XCompose
+whitelist ${HOME}/.alsaequal.bin
+whitelist ${HOME}/.asoundrc
+whitelist ${HOME}/.config/ibus
+whitelist ${HOME}/.config/mimeapps.list
+whitelist ${HOME}/.config/pkcs11
 read-only ${HOME}/.config/pkcs11
-allow  ${HOME}/.config/user-dirs.dirs
+whitelist ${HOME}/.config/user-dirs.dirs
 read-only ${HOME}/.config/user-dirs.dirs
-allow  ${HOME}/.config/user-dirs.locale
+whitelist ${HOME}/.config/user-dirs.locale
 read-only ${HOME}/.config/user-dirs.locale
-allow  ${HOME}/.drirc
-allow  ${HOME}/.icons
+whitelist ${HOME}/.drirc
+whitelist ${HOME}/.icons
 ?HAS_APPIMAGE: whitelist ${HOME}/.local/share/appimagekit
-allow  ${HOME}/.local/share/applications
+whitelist ${HOME}/.local/share/applications
 read-only ${HOME}/.local/share/applications
-allow  ${HOME}/.local/share/icons
-allow  ${HOME}/.local/share/mime
-allow  ${HOME}/.mime.types
-allow  ${HOME}/.sndio/cookie
-allow  ${HOME}/.uim.d
+whitelist ${HOME}/.local/share/icons
+whitelist ${HOME}/.local/share/mime
+whitelist ${HOME}/.mime.types
+whitelist ${HOME}/.sndio/cookie
+whitelist ${HOME}/.uim.d
 
 # dconf
 mkdir ${HOME}/.config/dconf
-allow  ${HOME}/.config/dconf
+whitelist ${HOME}/.config/dconf
 
 # fonts
-allow  ${HOME}/.cache/fontconfig
-allow  ${HOME}/.config/fontconfig
-allow  ${HOME}/.fontconfig
-allow  ${HOME}/.fonts
-allow  ${HOME}/.fonts.conf
-allow  ${HOME}/.fonts.conf.d
-allow  ${HOME}/.fonts.d
-allow  ${HOME}/.local/share/fonts
-allow  ${HOME}/.pangorc
+whitelist ${HOME}/.cache/fontconfig
+whitelist ${HOME}/.config/fontconfig
+whitelist ${HOME}/.fontconfig
+whitelist ${HOME}/.fonts
+whitelist ${HOME}/.fonts.conf
+whitelist ${HOME}/.fonts.conf.d
+whitelist ${HOME}/.fonts.d
+whitelist ${HOME}/.local/share/fonts
+whitelist ${HOME}/.pangorc
 
 # gtk
-allow  ${HOME}/.config/gtk-2.0
-allow  ${HOME}/.config/gtk-3.0
-allow  ${HOME}/.config/gtk-4.0
-allow  ${HOME}/.config/gtkrc
-allow  ${HOME}/.config/gtkrc-2.0
-allow  ${HOME}/.gnome2
-allow  ${HOME}/.gnome2-private
-allow  ${HOME}/.gtk-2.0
-allow  ${HOME}/.gtkrc
-allow  ${HOME}/.gtkrc-2.0
-allow  ${HOME}/.kde/share/config/gtkrc
-allow  ${HOME}/.kde/share/config/gtkrc-2.0
-allow  ${HOME}/.kde4/share/config/gtkrc
-allow  ${HOME}/.kde4/share/config/gtkrc-2.0
-allow  ${HOME}/.local/share/themes
-allow  ${HOME}/.themes
+whitelist ${HOME}/.config/gtk-2.0
+whitelist ${HOME}/.config/gtk-3.0
+whitelist ${HOME}/.config/gtk-4.0
+whitelist ${HOME}/.config/gtkrc
+whitelist ${HOME}/.config/gtkrc-2.0
+whitelist ${HOME}/.gnome2
+whitelist ${HOME}/.gnome2-private
+whitelist ${HOME}/.gtk-2.0
+whitelist ${HOME}/.gtkrc
+whitelist ${HOME}/.gtkrc-2.0
+whitelist ${HOME}/.kde/share/config/gtkrc
+whitelist ${HOME}/.kde/share/config/gtkrc-2.0
+whitelist ${HOME}/.kde4/share/config/gtkrc
+whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
+whitelist ${HOME}/.local/share/themes
+whitelist ${HOME}/.themes
 
 # qt/kde
-allow  ${HOME}/.cache/kioexec/krun
-allow  ${HOME}/.config/Kvantum
-allow  ${HOME}/.config/Trolltech.conf
-allow  ${HOME}/.config/QtProject.conf
-allow  ${HOME}/.config/kdeglobals
-allow  ${HOME}/.config/kio_httprc
-allow  ${HOME}/.config/kioslaverc
-allow  ${HOME}/.config/ksslcablacklist
-allow  ${HOME}/.config/qt5ct
-allow  ${HOME}/.config/qtcurve
-allow  ${HOME}/.kde/share/config/kdeglobals
-allow  ${HOME}/.kde/share/config/kio_httprc
-allow  ${HOME}/.kde/share/config/kioslaverc
-allow  ${HOME}/.kde/share/config/ksslcablacklist
-allow  ${HOME}/.kde/share/config/oxygenrc
-allow  ${HOME}/.kde/share/icons
-allow  ${HOME}/.kde4/share/config/kdeglobals
-allow  ${HOME}/.kde4/share/config/kio_httprc
-allow  ${HOME}/.kde4/share/config/kioslaverc
-allow  ${HOME}/.kde4/share/config/ksslcablacklist
-allow  ${HOME}/.kde4/share/config/oxygenrc
-allow  ${HOME}/.kde4/share/icons
-allow  ${HOME}/.local/share/qt5ct
+whitelist ${HOME}/.cache/kioexec/krun
+whitelist ${HOME}/.config/Kvantum
+whitelist ${HOME}/.config/Trolltech.conf
+whitelist ${HOME}/.config/QtProject.conf
+whitelist ${HOME}/.config/kdeglobals
+whitelist ${HOME}/.config/kio_httprc
+whitelist ${HOME}/.config/kioslaverc
+whitelist ${HOME}/.config/ksslcablacklist
+whitelist ${HOME}/.config/qt5ct
+whitelist ${HOME}/.config/qtcurve
+whitelist ${HOME}/.kde/share/config/kdeglobals
+whitelist ${HOME}/.kde/share/config/kio_httprc
+whitelist ${HOME}/.kde/share/config/kioslaverc
+whitelist ${HOME}/.kde/share/config/ksslcablacklist
+whitelist ${HOME}/.kde/share/config/oxygenrc
+whitelist ${HOME}/.kde/share/icons
+whitelist ${HOME}/.kde4/share/config/kdeglobals
+whitelist ${HOME}/.kde4/share/config/kio_httprc
+whitelist ${HOME}/.kde4/share/config/kioslaverc
+whitelist ${HOME}/.kde4/share/config/ksslcablacklist
+whitelist ${HOME}/.kde4/share/config/oxygenrc
+whitelist ${HOME}/.kde4/share/icons
+whitelist ${HOME}/.local/share/qt5ct
diff --git a/etc/inc/whitelist-player-common.inc b/etc/inc/whitelist-player-common.inc
index d6ae8eab633..e5bf3680408 100644
--- a/etc/inc/whitelist-player-common.inc
+++ b/etc/inc/whitelist-player-common.inc
@@ -4,8 +4,8 @@ include whitelist-player-common.local
 
 # common whitelist for all media players
 
-allow  ${DESKTOP}
-allow  ${DOWNLOADS}
-allow  ${MUSIC}
-allow  ${PICTURES}
-allow  ${VIDEOS}
+whitelist ${DESKTOP}
+whitelist ${DOWNLOADS}
+whitelist ${MUSIC}
+whitelist ${PICTURES}
+whitelist ${VIDEOS}
diff --git a/etc/inc/whitelist-runuser-common.inc b/etc/inc/whitelist-runuser-common.inc
index 86e5264b950..48309ffe3b7 100644
--- a/etc/inc/whitelist-runuser-common.inc
+++ b/etc/inc/whitelist-runuser-common.inc
@@ -4,13 +4,13 @@ include whitelist-runuser-common.local
 
 # common ${RUNUSER} (=/run/user/$UID) whitelist for all profiles
 
-allow  ${RUNUSER}/bus
-allow  ${RUNUSER}/dconf
-allow  ${RUNUSER}/gdm/Xauthority
-allow  ${RUNUSER}/ICEauthority
-allow  ${RUNUSER}/.mutter-Xwaylandauth.*
-allow  ${RUNUSER}/pulse/native
-allow  ${RUNUSER}/wayland-0
-allow  ${RUNUSER}/wayland-1
-allow  ${RUNUSER}/xauth_*
-allow  ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
+whitelist ${RUNUSER}/bus
+whitelist ${RUNUSER}/dconf
+whitelist ${RUNUSER}/gdm/Xauthority
+whitelist ${RUNUSER}/ICEauthority
+whitelist ${RUNUSER}/.mutter-Xwaylandauth.*
+whitelist ${RUNUSER}/pulse/native
+whitelist ${RUNUSER}/wayland-0
+whitelist ${RUNUSER}/wayland-1
+whitelist ${RUNUSER}/xauth_*
+whitelist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
diff --git a/etc/inc/whitelist-usr-share-common.inc b/etc/inc/whitelist-usr-share-common.inc
index 64296da157c..fe009793408 100644
--- a/etc/inc/whitelist-usr-share-common.inc
+++ b/etc/inc/whitelist-usr-share-common.inc
@@ -4,66 +4,66 @@ include whitelist-usr-share-common.local
 
 # common /usr/share whitelist for all profiles
 
-allow  /usr/share/alsa
-allow  /usr/share/applications
-allow  /usr/share/ca-certificates
-allow  /usr/share/crypto-policies
-allow  /usr/share/cursors
-allow  /usr/share/dconf
-allow  /usr/share/distro-info
-allow  /usr/share/drirc.d
-allow  /usr/share/enchant
-allow  /usr/share/enchant-2
-allow  /usr/share/file
-allow  /usr/share/fontconfig
-allow  /usr/share/fonts
-allow  /usr/share/fonts-config
-allow  /usr/share/gir-1.0
-allow  /usr/share/gjs-1.0
-allow  /usr/share/glib-2.0
-allow  /usr/share/glvnd
-allow  /usr/share/gtk-2.0
-allow  /usr/share/gtk-3.0
-allow  /usr/share/gtk-engines
-allow  /usr/share/gtksourceview-3.0
-allow  /usr/share/gtksourceview-4
-allow  /usr/share/hunspell
-allow  /usr/share/hwdata
-allow  /usr/share/icons
-allow  /usr/share/icu
-allow  /usr/share/knotifications5
-allow  /usr/share/kservices5
-allow  /usr/share/Kvantum
-allow  /usr/share/kxmlgui5
-allow  /usr/share/libdrm
-allow  /usr/share/libthai
-allow  /usr/share/locale
-allow  /usr/share/mime
-allow  /usr/share/misc
-allow  /usr/share/Modules
-allow  /usr/share/myspell
-allow  /usr/share/p11-kit
-allow  /usr/share/perl
-allow  /usr/share/perl5
-allow  /usr/share/pixmaps
-allow  /usr/share/pki
-allow  /usr/share/plasma
-allow  /usr/share/publicsuffix
-allow  /usr/share/qt
-allow  /usr/share/qt4
-allow  /usr/share/qt5
-allow  /usr/share/qt5ct
-allow  /usr/share/sounds
-allow  /usr/share/tcl8.6
-allow  /usr/share/tcltk
-allow  /usr/share/terminfo
-allow  /usr/share/texlive
-allow  /usr/share/texmf
-allow  /usr/share/themes
-allow  /usr/share/thumbnail.so
-allow  /usr/share/uim
-allow  /usr/share/vulkan
-allow  /usr/share/X11
-allow  /usr/share/xml
-allow  /usr/share/zenity
-allow  /usr/share/zoneinfo
+whitelist /usr/share/alsa
+whitelist /usr/share/applications
+whitelist /usr/share/ca-certificates
+whitelist /usr/share/crypto-policies
+whitelist /usr/share/cursors
+whitelist /usr/share/dconf
+whitelist /usr/share/distro-info
+whitelist /usr/share/drirc.d
+whitelist /usr/share/enchant
+whitelist /usr/share/enchant-2
+whitelist /usr/share/file
+whitelist /usr/share/fontconfig
+whitelist /usr/share/fonts
+whitelist /usr/share/fonts-config
+whitelist /usr/share/gir-1.0
+whitelist /usr/share/gjs-1.0
+whitelist /usr/share/glib-2.0
+whitelist /usr/share/glvnd
+whitelist /usr/share/gtk-2.0
+whitelist /usr/share/gtk-3.0
+whitelist /usr/share/gtk-engines
+whitelist /usr/share/gtksourceview-3.0
+whitelist /usr/share/gtksourceview-4
+whitelist /usr/share/hunspell
+whitelist /usr/share/hwdata
+whitelist /usr/share/icons
+whitelist /usr/share/icu
+whitelist /usr/share/knotifications5
+whitelist /usr/share/kservices5
+whitelist /usr/share/Kvantum
+whitelist /usr/share/kxmlgui5
+whitelist /usr/share/libdrm
+whitelist /usr/share/libthai
+whitelist /usr/share/locale
+whitelist /usr/share/mime
+whitelist /usr/share/misc
+whitelist /usr/share/Modules
+whitelist /usr/share/myspell
+whitelist /usr/share/p11-kit
+whitelist /usr/share/perl
+whitelist /usr/share/perl5
+whitelist /usr/share/pixmaps
+whitelist /usr/share/pki
+whitelist /usr/share/plasma
+whitelist /usr/share/publicsuffix
+whitelist /usr/share/qt
+whitelist /usr/share/qt4
+whitelist /usr/share/qt5
+whitelist /usr/share/qt5ct
+whitelist /usr/share/sounds
+whitelist /usr/share/tcl8.6
+whitelist /usr/share/tcltk
+whitelist /usr/share/terminfo
+whitelist /usr/share/texlive
+whitelist /usr/share/texmf
+whitelist /usr/share/themes
+whitelist /usr/share/thumbnail.so
+whitelist /usr/share/uim
+whitelist /usr/share/vulkan
+whitelist /usr/share/X11
+whitelist /usr/share/xml
+whitelist /usr/share/zenity
+whitelist /usr/share/zoneinfo
diff --git a/etc/inc/whitelist-var-common.inc b/etc/inc/whitelist-var-common.inc
index c449e8905fa..d8ba84ad041 100644
--- a/etc/inc/whitelist-var-common.inc
+++ b/etc/inc/whitelist-var-common.inc
@@ -4,12 +4,12 @@ include whitelist-var-common.local
 
 # common /var whitelist for all profiles
 
-allow  /var/lib/aspell
-allow  /var/lib/ca-certificates
-allow  /var/lib/dbus
-allow  /var/lib/menu-xdg
-allow  /var/lib/uim
-allow  /var/cache/fontconfig
-allow  /var/tmp
-allow  /var/run
-allow  /var/lock
+whitelist /var/lib/aspell
+whitelist /var/lib/ca-certificates
+whitelist /var/lib/dbus
+whitelist /var/lib/menu-xdg
+whitelist /var/lib/uim
+whitelist /var/cache/fontconfig
+whitelist /var/tmp
+whitelist /var/run
+whitelist /var/lock
diff --git a/etc/profile-a-l/0ad.profile b/etc/profile-a-l/0ad.profile
index 6f493fff117..4009853d386 100644
--- a/etc/profile-a-l/0ad.profile
+++ b/etc/profile-a-l/0ad.profile
@@ -6,11 +6,11 @@ include 0ad.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/0ad
-nodeny  ${HOME}/.config/0ad
-nodeny  ${HOME}/.local/share/0ad
+noblacklist ${HOME}/.cache/0ad
+noblacklist ${HOME}/.config/0ad
+noblacklist ${HOME}/.local/share/0ad
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,11 +23,11 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/0ad
 mkdir ${HOME}/.config/0ad
 mkdir ${HOME}/.local/share/0ad
-allow  ${HOME}/.cache/0ad
-allow  ${HOME}/.config/0ad
-allow  ${HOME}/.local/share/0ad
-allow  /usr/share/0ad
-allow  /usr/share/games
+whitelist ${HOME}/.cache/0ad
+whitelist ${HOME}/.config/0ad
+whitelist ${HOME}/.local/share/0ad
+whitelist /usr/share/0ad
+whitelist /usr/share/games
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/2048-qt.profile b/etc/profile-a-l/2048-qt.profile
index 3a7b331a723..1d787cba763 100644
--- a/etc/profile-a-l/2048-qt.profile
+++ b/etc/profile-a-l/2048-qt.profile
@@ -6,8 +6,8 @@ include 2048-qt.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/2048-qt
-nodeny  ${HOME}/.config/xiaoyong
+noblacklist ${HOME}/.config/2048-qt
+noblacklist ${HOME}/.config/xiaoyong
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.config/2048-qt
 mkdir ${HOME}/.config/xiaoyong
-allow  ${HOME}/.config/2048-qt
-allow  ${HOME}/.config/xiaoyong
+whitelist ${HOME}/.config/2048-qt
+whitelist ${HOME}/.config/xiaoyong
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/Cryptocat.profile b/etc/profile-a-l/Cryptocat.profile
index def0ec11188..1d86b0fbf7d 100644
--- a/etc/profile-a-l/Cryptocat.profile
+++ b/etc/profile-a-l/Cryptocat.profile
@@ -5,7 +5,7 @@ include Cryptocat.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Cryptocat
+noblacklist ${HOME}/.config/Cryptocat
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/Discord.profile b/etc/profile-a-l/Discord.profile
index 1d3ae49ca43..3f274b21c5b 100644
--- a/etc/profile-a-l/Discord.profile
+++ b/etc/profile-a-l/Discord.profile
@@ -5,10 +5,10 @@ include Discord.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/discord
+noblacklist ${HOME}/.config/discord
 
 mkdir ${HOME}/.config/discord
-allow  ${HOME}/.config/discord
+whitelist ${HOME}/.config/discord
 
 private-bin Discord
 private-opt Discord
diff --git a/etc/profile-a-l/DiscordCanary.profile b/etc/profile-a-l/DiscordCanary.profile
index 3c85f187b50..d24e73ed8e2 100644
--- a/etc/profile-a-l/DiscordCanary.profile
+++ b/etc/profile-a-l/DiscordCanary.profile
@@ -5,10 +5,10 @@ include DiscordCanary.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/discordcanary
+noblacklist ${HOME}/.config/discordcanary
 
 mkdir ${HOME}/.config/discordcanary
-allow  ${HOME}/.config/discordcanary
+whitelist ${HOME}/.config/discordcanary
 
 private-bin DiscordCanary
 private-opt DiscordCanary
diff --git a/etc/profile-a-l/Fritzing.profile b/etc/profile-a-l/Fritzing.profile
index 8f746581f10..7dc6b5ff0aa 100644
--- a/etc/profile-a-l/Fritzing.profile
+++ b/etc/profile-a-l/Fritzing.profile
@@ -6,8 +6,8 @@ include Fritzing.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Fritzing
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.config/Fritzing
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/JDownloader.profile b/etc/profile-a-l/JDownloader.profile
index 9a00c323042..d10b70796b5 100644
--- a/etc/profile-a-l/JDownloader.profile
+++ b/etc/profile-a-l/JDownloader.profile
@@ -5,7 +5,7 @@ include JDownloader.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.jd
+noblacklist ${HOME}/.jd
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -19,8 +19,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.jd
-allow  ${HOME}/.jd
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.jd
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/abiword.profile b/etc/profile-a-l/abiword.profile
index 2a92c7db454..75da9a9561f 100644
--- a/etc/profile-a-l/abiword.profile
+++ b/etc/profile-a-l/abiword.profile
@@ -6,7 +6,7 @@ include abiword.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/abiword
+noblacklist ${HOME}/.config/abiword
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
 
-allow  /usr/share/abiword-3.0
+whitelist /usr/share/abiword-3.0
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/abrowser.profile b/etc/profile-a-l/abrowser.profile
index 70ddcec20a6..2e6e8f1affa 100644
--- a/etc/profile-a-l/abrowser.profile
+++ b/etc/profile-a-l/abrowser.profile
@@ -5,13 +5,13 @@ include abrowser.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/mozilla
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.mozilla
 
 mkdir ${HOME}/.cache/mozilla/abrowser
 mkdir ${HOME}/.mozilla
-allow  ${HOME}/.cache/mozilla/abrowser
-allow  ${HOME}/.mozilla
+whitelist ${HOME}/.cache/mozilla/abrowser
+whitelist ${HOME}/.mozilla
 
 # private-etc must first be enabled in firefox-common.profile
 #private-etc abrowser
diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile
index d32586c5b90..34f59769e01 100644
--- a/etc/profile-a-l/agetpkg.profile
+++ b/etc/profile-a-l/agetpkg.profile
@@ -7,8 +7,8 @@ include agetpkg.local
 # Persistent global definitions
 include globals.local
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -23,7 +23,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/akonadi_control.profile b/etc/profile-a-l/akonadi_control.profile
index 7b1d1445f06..37fdb38b52a 100644
--- a/etc/profile-a-l/akonadi_control.profile
+++ b/etc/profile-a-l/akonadi_control.profile
@@ -4,22 +4,22 @@ include akonadi_control.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/akonadi*
-nodeny  ${HOME}/.config/akonadi*
-nodeny  ${HOME}/.config/baloorc
-nodeny  ${HOME}/.config/emaildefaults
-nodeny  ${HOME}/.config/emailidentities
-nodeny  ${HOME}/.config/kmail2rc
-nodeny  ${HOME}/.config/mailtransports
-nodeny  ${HOME}/.config/specialmailcollectionsrc
-nodeny  ${HOME}/.local/share/akonadi*
-nodeny  ${HOME}/.local/share/apps/korganizer
-nodeny  ${HOME}/.local/share/contacts
-nodeny  ${HOME}/.local/share/local-mail
-nodeny  ${HOME}/.local/share/notes
-nodeny  /sbin
-nodeny  /tmp/akonadi-*
-nodeny  /usr/sbin
+noblacklist ${HOME}/.cache/akonadi*
+noblacklist ${HOME}/.config/akonadi*
+noblacklist ${HOME}/.config/baloorc
+noblacklist ${HOME}/.config/emaildefaults
+noblacklist ${HOME}/.config/emailidentities
+noblacklist ${HOME}/.config/kmail2rc
+noblacklist ${HOME}/.config/mailtransports
+noblacklist ${HOME}/.config/specialmailcollectionsrc
+noblacklist ${HOME}/.local/share/akonadi*
+noblacklist ${HOME}/.local/share/apps/korganizer
+noblacklist ${HOME}/.local/share/contacts
+noblacklist ${HOME}/.local/share/local-mail
+noblacklist ${HOME}/.local/share/notes
+noblacklist /sbin
+noblacklist /tmp/akonadi-*
+noblacklist /usr/sbin
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/akregator.profile b/etc/profile-a-l/akregator.profile
index b2323547c74..38fcd2dc1a6 100644
--- a/etc/profile-a-l/akregator.profile
+++ b/etc/profile-a-l/akregator.profile
@@ -6,9 +6,9 @@ include akregator.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/akregatorrc
-nodeny  ${HOME}/.local/share/akregator
-nodeny  ${HOME}/.local/share/kxmlgui5/akregator
+noblacklist ${HOME}/.config/akregatorrc
+noblacklist ${HOME}/.local/share/akregator
+noblacklist ${HOME}/.local/share/kxmlgui5/akregator
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,10 +21,10 @@ include disable-shell.inc
 mkfile ${HOME}/.config/akregatorrc
 mkdir ${HOME}/.local/share/akregator
 mkdir ${HOME}/.local/share/kxmlgui5/akregator
-allow  ${HOME}/.config/akregatorrc
-allow  ${HOME}/.local/share/akregator
-allow  ${HOME}/.local/share/kssl
-allow  ${HOME}/.local/share/kxmlgui5/akregator
+whitelist ${HOME}/.config/akregatorrc
+whitelist ${HOME}/.local/share/akregator
+whitelist ${HOME}/.local/share/kssl
+whitelist ${HOME}/.local/share/kxmlgui5/akregator
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/alacarte.profile b/etc/profile-a-l/alacarte.profile
index ca6c8d887b6..4c6d68020dd 100644
--- a/etc/profile-a-l/alacarte.profile
+++ b/etc/profile-a-l/alacarte.profile
@@ -19,13 +19,13 @@ include disable-passwdmgr.inc
 include disable-xdg.inc
 
 # Whitelist your system icon directory,varies by distro
-allow  /usr/share/alacarte
-allow  /usr/share/app-info
-allow  /usr/share/desktop-directories
-allow  /usr/share/icons
-allow  /var/lib/app-info/icons
-allow  /var/lib/flatpak/exports/share/applications
-allow  /var/lib/flatpak/exports/share/icons
+whitelist /usr/share/alacarte
+whitelist /usr/share/app-info
+whitelist /usr/share/desktop-directories
+whitelist /usr/share/icons
+whitelist /var/lib/app-info/icons
+whitelist /var/lib/flatpak/exports/share/applications
+whitelist /var/lib/flatpak/exports/share/icons
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/alienarena.profile b/etc/profile-a-l/alienarena.profile
index 220c3345d3e..81ee6bd46dd 100644
--- a/etc/profile-a-l/alienarena.profile
+++ b/etc/profile-a-l/alienarena.profile
@@ -6,7 +6,7 @@ include alienarena.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/cor-games
+noblacklist ${HOME}/.local/share/cor-games
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/cor-games
-allow  ${HOME}/.local/share/cor-games
-allow  /usr/share/alienarena
+whitelist ${HOME}/.local/share/cor-games
+whitelist /usr/share/alienarena
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile
index 6fa3edfa18a..0b5cf0df0c7 100644
--- a/etc/profile-a-l/alpine.profile
+++ b/etc/profile-a-l/alpine.profile
@@ -10,28 +10,28 @@ include globals.local
 # Workaround for bug https://github.com/netblue30/firejail/issues/2747
 # firejail --private-bin=sh --include='${CFG}/allow-bin-sh.inc' --profile=alpine sh -c '(alpine)'
 
-nodeny  /var/mail
-nodeny  /var/spool/mail
-nodeny  ${DOCUMENTS}
-nodeny  ${HOME}/.addressbook
-nodeny  ${HOME}/.alpine-smime
-nodeny  ${HOME}/.mailcap
-nodeny  ${HOME}/.mh_profile
-nodeny  ${HOME}/.mime.types
-nodeny  ${HOME}/.newsrc
-nodeny  ${HOME}/.pine-crash
-nodeny  ${HOME}/.pine-debug1
-nodeny  ${HOME}/.pine-debug2
-nodeny  ${HOME}/.pine-debug3
-nodeny  ${HOME}/.pine-debug4
-nodeny  ${HOME}/.pine-interrupted-mail
-nodeny  ${HOME}/.pinerc
-nodeny  ${HOME}/.pinercex
-nodeny  ${HOME}/.signature
-nodeny  ${HOME}/mail
+noblacklist /var/mail
+noblacklist /var/spool/mail
+noblacklist ${DOCUMENTS}
+noblacklist ${HOME}/.addressbook
+noblacklist ${HOME}/.alpine-smime
+noblacklist ${HOME}/.mailcap
+noblacklist ${HOME}/.mh_profile
+noblacklist ${HOME}/.mime.types
+noblacklist ${HOME}/.newsrc
+noblacklist ${HOME}/.pine-crash
+noblacklist ${HOME}/.pine-debug1
+noblacklist ${HOME}/.pine-debug2
+noblacklist ${HOME}/.pine-debug3
+noblacklist ${HOME}/.pine-debug4
+noblacklist ${HOME}/.pine-interrupted-mail
+noblacklist ${HOME}/.pinerc
+noblacklist ${HOME}/.pinercex
+noblacklist ${HOME}/.signature
+noblacklist ${HOME}/mail
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -60,8 +60,8 @@ include disable-xdg.inc
 #whitelist ${HOME}/.pine-debug4
 #whitelist ${HOME}/.signature
 #whitelist ${HOME}/mail
-allow  /var/mail
-allow  /var/spool/mail
+whitelist /var/mail
+whitelist /var/spool/mail
 #include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/amarok.profile b/etc/profile-a-l/amarok.profile
index 03aba36e4fa..a7caddc4cbe 100644
--- a/etc/profile-a-l/amarok.profile
+++ b/etc/profile-a-l/amarok.profile
@@ -6,7 +6,7 @@ include amarok.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/amule.profile b/etc/profile-a-l/amule.profile
index 00039a7e9c4..e3c4164ee56 100644
--- a/etc/profile-a-l/amule.profile
+++ b/etc/profile-a-l/amule.profile
@@ -6,7 +6,7 @@ include amule.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.aMule
+noblacklist ${HOME}/.aMule
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.aMule
-allow  ${DOWNLOADS}
-allow  ${HOME}/.aMule
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.aMule
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/android-studio.profile b/etc/profile-a-l/android-studio.profile
index 5bf6ed773c3..5a21744cfb9 100644
--- a/etc/profile-a-l/android-studio.profile
+++ b/etc/profile-a-l/android-studio.profile
@@ -5,13 +5,13 @@ include android-studio.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Google
-nodeny  ${HOME}/.AndroidStudio*
-nodeny  ${HOME}/.android
-nodeny  ${HOME}/.jack-server
-nodeny  ${HOME}/.jack-settings
-nodeny  ${HOME}/.local/share/JetBrains
-nodeny  ${HOME}/.tooling
+noblacklist ${HOME}/.config/Google
+noblacklist ${HOME}/.AndroidStudio*
+noblacklist ${HOME}/.android
+noblacklist ${HOME}/.jack-server
+noblacklist ${HOME}/.jack-settings
+noblacklist ${HOME}/.local/share/JetBrains
+noblacklist ${HOME}/.tooling
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/anki.profile b/etc/profile-a-l/anki.profile
index c1aa18ff3ab..13bb01ce2e4 100644
--- a/etc/profile-a-l/anki.profile
+++ b/etc/profile-a-l/anki.profile
@@ -6,8 +6,8 @@ include anki.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${DOCUMENTS}
-nodeny  ${HOME}/.local/share/Anki2
+noblacklist ${DOCUMENTS}
+noblacklist ${HOME}/.local/share/Anki2
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -23,8 +23,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/Anki2
-allow  ${DOCUMENTS}
-allow  ${HOME}/.local/share/Anki2
+whitelist ${DOCUMENTS}
+whitelist ${HOME}/.local/share/Anki2
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/anydesk.profile b/etc/profile-a-l/anydesk.profile
index cb30ed8da69..fdaf1025952 100644
--- a/etc/profile-a-l/anydesk.profile
+++ b/etc/profile-a-l/anydesk.profile
@@ -5,7 +5,7 @@ include anydesk.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.anydesk
+noblacklist ${HOME}/.anydesk
 
 include disable-common.inc
 include disable-devel.inc
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.anydesk
-allow  ${HOME}/.anydesk
+whitelist ${HOME}/.anydesk
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/aosp.profile b/etc/profile-a-l/aosp.profile
index d647a465745..e7b09283ef6 100644
--- a/etc/profile-a-l/aosp.profile
+++ b/etc/profile-a-l/aosp.profile
@@ -5,13 +5,13 @@ include aosp.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.android
-nodeny  ${HOME}/.bash_history
-nodeny  ${HOME}/.jack-server
-nodeny  ${HOME}/.jack-settings
-nodeny  ${HOME}/.repo_.gitconfig.json
-nodeny  ${HOME}/.repoconfig
-nodeny  ${HOME}/.tooling
+noblacklist ${HOME}/.android
+noblacklist ${HOME}/.bash_history
+noblacklist ${HOME}/.jack-server
+noblacklist ${HOME}/.jack-settings
+noblacklist ${HOME}/.repo_.gitconfig.json
+noblacklist ${HOME}/.repoconfig
+noblacklist ${HOME}/.tooling
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile
index 020ae2812e2..01566314f86 100644
--- a/etc/profile-a-l/apostrophe.profile
+++ b/etc/profile-a-l/apostrophe.profile
@@ -6,9 +6,9 @@ include apostrophe.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.texlive20*
-nodeny  ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.texlive20*
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -31,12 +31,12 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/libexec/webkit2gtk-4.0
-allow  /usr/share/apostrophe
-allow  /usr/share/texlive
-allow  /usr/share/texmf
-allow  /usr/share/pandoc-*
-allow  /usr/share/perl5
+whitelist /usr/libexec/webkit2gtk-4.0
+whitelist /usr/share/apostrophe
+whitelist /usr/share/texlive
+whitelist /usr/share/texmf
+whitelist /usr/share/pandoc-*
+whitelist /usr/share/perl5
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/arch-audit.profile b/etc/profile-a-l/arch-audit.profile
index 8c71dd574c9..accabb6f592 100644
--- a/etc/profile-a-l/arch-audit.profile
+++ b/etc/profile-a-l/arch-audit.profile
@@ -7,7 +7,7 @@ include arch-audit.local
 # Persistent global definitions
 include globals.local
 
-nodeny  /var/lib/pacman
+noblacklist /var/lib/pacman
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/arch-audit
+whitelist /usr/share/arch-audit
 include whitelist-usr-share-common.inc
 
 apparmor
diff --git a/etc/profile-a-l/archaudit-report.profile b/etc/profile-a-l/archaudit-report.profile
index 0915ede333e..19c37f90ed1 100644
--- a/etc/profile-a-l/archaudit-report.profile
+++ b/etc/profile-a-l/archaudit-report.profile
@@ -6,7 +6,7 @@ include archaudit-report.local
 # Persistent global definitions
 include globals.local
 
-nodeny  /var/lib/pacman
+noblacklist /var/lib/pacman
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/archiver-common.profile b/etc/profile-a-l/archiver-common.profile
index 5b859ceb1b4..1fab4606bfe 100644
--- a/etc/profile-a-l/archiver-common.profile
+++ b/etc/profile-a-l/archiver-common.profile
@@ -4,7 +4,7 @@ include archiver-common.local
 
 # common profile for archiver/compression tools
 
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 
 # Comment/uncomment the relevant include file(s) in your archiver-common.local
 # to (un)restrict file access for **all** archivers. Another option is to do this **per archiver**
diff --git a/etc/profile-a-l/ardour5.profile b/etc/profile-a-l/ardour5.profile
index 960948afcaa..84b1d6c185b 100644
--- a/etc/profile-a-l/ardour5.profile
+++ b/etc/profile-a-l/ardour5.profile
@@ -5,12 +5,12 @@ include ardour5.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/ardour4
-nodeny  ${HOME}/.config/ardour5
-nodeny  ${HOME}/.lv2
-nodeny  ${HOME}/.vst
-nodeny  ${DOCUMENTS}
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.config/ardour4
+noblacklist ${HOME}/.config/ardour5
+noblacklist ${HOME}/.lv2
+noblacklist ${HOME}/.vst
+noblacklist ${DOCUMENTS}
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/arduino.profile b/etc/profile-a-l/arduino.profile
index 88f14fbfed7..fd1ca9a09b5 100644
--- a/etc/profile-a-l/arduino.profile
+++ b/etc/profile-a-l/arduino.profile
@@ -6,9 +6,9 @@ include arduino.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.arduino15
-nodeny  ${HOME}/Arduino
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.arduino15
+noblacklist ${HOME}/Arduino
+noblacklist ${DOCUMENTS}
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/aria2c.profile b/etc/profile-a-l/aria2c.profile
index be56011f05f..22b8ecd65cf 100644
--- a/etc/profile-a-l/aria2c.profile
+++ b/etc/profile-a-l/aria2c.profile
@@ -6,12 +6,12 @@ include aria2c.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.aria2
-nodeny  ${HOME}/.config/aria2
-nodeny  ${HOME}/.netrc
+noblacklist ${HOME}/.aria2
+noblacklist ${HOME}/.config/aria2
+noblacklist ${HOME}/.netrc
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/ark.profile b/etc/profile-a-l/ark.profile
index 031c5708010..a63dd8f5f0e 100644
--- a/etc/profile-a-l/ark.profile
+++ b/etc/profile-a-l/ark.profile
@@ -6,8 +6,8 @@ include ark.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/arkrc
-nodeny  ${HOME}/.local/share/kxmlgui5/ark
+noblacklist ${HOME}/.config/arkrc
+noblacklist ${HOME}/.local/share/kxmlgui5/ark
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-allow  /usr/share/ark
+whitelist /usr/share/ark
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/arm.profile b/etc/profile-a-l/arm.profile
index 9ed8076be5e..2c8b630ce9d 100644
--- a/etc/profile-a-l/arm.profile
+++ b/etc/profile-a-l/arm.profile
@@ -6,7 +6,7 @@ include arm.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.arm
+noblacklist ${HOME}/.arm
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -20,7 +20,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.arm
-allow  ${HOME}/.arm
+whitelist ${HOME}/.arm
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile
index 7cfac4915e2..fab72b7d3dd 100644
--- a/etc/profile-a-l/artha.profile
+++ b/etc/profile-a-l/artha.profile
@@ -6,12 +6,12 @@ include artha.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/artha.conf
-nodeny  ${HOME}/.config/artha.log
-nodeny  ${HOME}/.config/enchant
+noblacklist ${HOME}/.config/artha.conf
+noblacklist ${HOME}/.config/artha.log
+noblacklist ${HOME}/.config/enchant
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -28,8 +28,8 @@ include disable-xdg.inc
 #whitelist ${HOME}/.config/artha.conf
 #whitelist ${HOME}/.config/artha.log
 #whitelist ${HOME}/.config/enchant
-allow  /usr/share/artha
-allow  /usr/share/wordnet
+whitelist /usr/share/artha
+whitelist /usr/share/wordnet
 #include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/assogiate.profile b/etc/profile-a-l/assogiate.profile
index f2251c210d5..977fe30a4aa 100644
--- a/etc/profile-a-l/assogiate.profile
+++ b/etc/profile-a-l/assogiate.profile
@@ -6,7 +6,7 @@ include assogiate.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  ${PICTURES}
+whitelist ${PICTURES}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/asunder.profile b/etc/profile-a-l/asunder.profile
index e650722665f..c97fd691ac2 100644
--- a/etc/profile-a-l/asunder.profile
+++ b/etc/profile-a-l/asunder.profile
@@ -6,11 +6,11 @@ include asunder.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/asunder
-nodeny  ${HOME}/.asunder_album_genre
-nodeny  ${HOME}/.asunder_album_title
-nodeny  ${HOME}/.asunder_album_artist
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.config/asunder
+noblacklist ${HOME}/.asunder_album_genre
+noblacklist ${HOME}/.asunder_album_title
+noblacklist ${HOME}/.asunder_album_artist
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/atom.profile b/etc/profile-a-l/atom.profile
index ea3038537b9..5f237ac59cf 100644
--- a/etc/profile-a-l/atom.profile
+++ b/etc/profile-a-l/atom.profile
@@ -18,8 +18,8 @@ ignore include whitelist-var-common.inc
 ignore apparmor
 ignore disable-mnt
 
-nodeny  ${HOME}/.atom
-nodeny  ${HOME}/.config/Atom
+noblacklist ${HOME}/.atom
+noblacklist ${HOME}/.config/Atom
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/atril.profile b/etc/profile-a-l/atril.profile
index 8ae8617cfdb..1c3ed66ff29 100644
--- a/etc/profile-a-l/atril.profile
+++ b/etc/profile-a-l/atril.profile
@@ -6,9 +6,9 @@ include atril.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/atril
-nodeny  ${HOME}/.config/atril
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.cache/atril
+noblacklist ${HOME}/.config/atril
+noblacklist ${DOCUMENTS}
 
 #noblacklist ${HOME}/.local/share
 # it seems to use only ${HOME}/.local/share/webkitgtk
diff --git a/etc/profile-a-l/audacious.profile b/etc/profile-a-l/audacious.profile
index 53baf0a2a26..f9f20978613 100644
--- a/etc/profile-a-l/audacious.profile
+++ b/etc/profile-a-l/audacious.profile
@@ -6,9 +6,9 @@ include audacious.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Audaciousrc
-nodeny  ${HOME}/.config/audacious
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.config/Audaciousrc
+noblacklist ${HOME}/.config/audacious
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile
index c244846e1dd..a2de8436ac3 100644
--- a/etc/profile-a-l/audacity.profile
+++ b/etc/profile-a-l/audacity.profile
@@ -6,9 +6,9 @@ include audacity.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.audacity-data
-nodeny  ${DOCUMENTS}
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.audacity-data
+noblacklist ${DOCUMENTS}
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/audio-recorder.profile b/etc/profile-a-l/audio-recorder.profile
index 534792cc661..2c7fdc81209 100644
--- a/etc/profile-a-l/audio-recorder.profile
+++ b/etc/profile-a-l/audio-recorder.profile
@@ -7,7 +7,7 @@ include audio-recorder.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,10 +17,10 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  ${MUSIC}
-allow  ${DOWNLOADS}
-allow  /usr/share/audio-recorder
-allow  /usr/share/gstreamer-1.0
+whitelist ${MUSIC}
+whitelist ${DOWNLOADS}
+whitelist /usr/share/audio-recorder
+whitelist /usr/share/gstreamer-1.0
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/authenticator-rs.profile b/etc/profile-a-l/authenticator-rs.profile
index 0d6eb6a2146..2ebe35dd510 100644
--- a/etc/profile-a-l/authenticator-rs.profile
+++ b/etc/profile-a-l/authenticator-rs.profile
@@ -6,7 +6,7 @@ include authenticator-rs.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/authenticator-rs
+noblacklist ${HOME}/.local/share/authenticator-rs
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/authenticator-rs
-allow  ${HOME}/.local/share/authenticator-rs
-allow  ${DOWNLOADS}
-allow  /usr/share/uk.co.grumlimited.authenticator-rs
+whitelist ${HOME}/.local/share/authenticator-rs
+whitelist ${DOWNLOADS}
+whitelist /usr/share/uk.co.grumlimited.authenticator-rs
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/authenticator.profile b/etc/profile-a-l/authenticator.profile
index 55d967e3e65..42d9cd56a02 100644
--- a/etc/profile-a-l/authenticator.profile
+++ b/etc/profile-a-l/authenticator.profile
@@ -6,8 +6,8 @@ include authenticator.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/Authenticator
-nodeny  ${HOME}/.config/Authenticator
+noblacklist ${HOME}/.cache/Authenticator
+noblacklist ${HOME}/.config/Authenticator
 
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
diff --git a/etc/profile-a-l/autokey-common.profile b/etc/profile-a-l/autokey-common.profile
index a5b3b22f6df..891928e5a6d 100644
--- a/etc/profile-a-l/autokey-common.profile
+++ b/etc/profile-a-l/autokey-common.profile
@@ -7,8 +7,8 @@ include autokey-common.local
 # added by caller profile
 #include globals.local
 
-nodeny  ${HOME}/.config/autokey
-nodeny  ${HOME}/.local/share/autokey
+noblacklist ${HOME}/.config/autokey
+noblacklist ${HOME}/.local/share/autokey
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/avidemux.profile b/etc/profile-a-l/avidemux.profile
index 0feb05d75b2..1ecc03da1f7 100644
--- a/etc/profile-a-l/avidemux.profile
+++ b/etc/profile-a-l/avidemux.profile
@@ -5,9 +5,9 @@ include avidemux.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.avidemux6
-nodeny  ${HOME}/.config/avidemux3_qt5rc
-nodeny  ${VIDEOS}
+noblacklist ${HOME}/.avidemux6
+noblacklist ${HOME}/.config/avidemux3_qt5rc
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.avidemux6
 mkdir ${HOME}/.config/avidemux3_qt5rc
-allow  ${HOME}/.avidemux6
-allow  ${HOME}/.config/avidemux3_qt5rc
-allow  ${VIDEOS}
+whitelist ${HOME}/.avidemux6
+whitelist ${HOME}/.config/avidemux3_qt5rc
+whitelist ${VIDEOS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/aweather.profile b/etc/profile-a-l/aweather.profile
index abe9fdb24e0..a57ad401474 100644
--- a/etc/profile-a-l/aweather.profile
+++ b/etc/profile-a-l/aweather.profile
@@ -6,7 +6,7 @@ include aweather.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/aweather
+noblacklist ${HOME}/.config/aweather
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.config/aweather
-allow  ${HOME}/.config/aweather
+whitelist ${HOME}/.config/aweather
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/awesome.profile b/etc/profile-a-l/awesome.profile
index 58f4f5e96ae..5d1bf5071e5 100644
--- a/etc/profile-a-l/awesome.profile
+++ b/etc/profile-a-l/awesome.profile
@@ -7,7 +7,7 @@ include awesome.local
 include globals.local
 
 # all applications started in awesome will run in this profile
-nodeny  ${HOME}/.config/awesome
+noblacklist ${HOME}/.config/awesome
 include disable-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/ballbuster.profile b/etc/profile-a-l/ballbuster.profile
index 46bb0b44e1a..3952921a3f3 100644
--- a/etc/profile-a-l/ballbuster.profile
+++ b/etc/profile-a-l/ballbuster.profile
@@ -6,7 +6,7 @@ include ballbuster.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.ballbuster.hs
+noblacklist ${HOME}/.ballbuster.hs
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/.ballbuster.hs
-allow  ${HOME}/.ballbuster.hs
-allow  /usr/share/ballbuster
+whitelist ${HOME}/.ballbuster.hs
+whitelist /usr/share/ballbuster
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/baloo_file.profile b/etc/profile-a-l/baloo_file.profile
index 2b10883f741..fe86d9b80bf 100644
--- a/etc/profile-a-l/baloo_file.profile
+++ b/etc/profile-a-l/baloo_file.profile
@@ -12,12 +12,12 @@ include globals.local
 # read-write ${HOME}/.local/share/baloo
 # ignore read-write
 
-nodeny  ${HOME}/.config/baloofilerc
-nodeny  ${HOME}/.kde/share/config/baloofilerc
-nodeny  ${HOME}/.kde/share/config/baloorc
-nodeny  ${HOME}/.kde4/share/config/baloofilerc
-nodeny  ${HOME}/.kde4/share/config/baloorc
-nodeny  ${HOME}/.local/share/baloo
+noblacklist ${HOME}/.config/baloofilerc
+noblacklist ${HOME}/.kde/share/config/baloofilerc
+noblacklist ${HOME}/.kde/share/config/baloorc
+noblacklist ${HOME}/.kde4/share/config/baloofilerc
+noblacklist ${HOME}/.kde4/share/config/baloorc
+noblacklist ${HOME}/.local/share/baloo
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/balsa.profile b/etc/profile-a-l/balsa.profile
index 1e74443aae8..8c69652c5b6 100644
--- a/etc/profile-a-l/balsa.profile
+++ b/etc/profile-a-l/balsa.profile
@@ -6,13 +6,13 @@ include balsa.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.balsa
-nodeny  ${HOME}/.gnupg
-nodeny  ${HOME}/.mozilla
-nodeny  ${HOME}/.signature
-nodeny  ${HOME}/mail
-nodeny  /var/mail
-nodeny  /var/spool/mail
+noblacklist ${HOME}/.balsa
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.mozilla
+noblacklist ${HOME}/.signature
+noblacklist ${HOME}/mail
+noblacklist /var/mail
+noblacklist /var/spool/mail
 
 include disable-common.inc
 include disable-devel.inc
@@ -27,17 +27,17 @@ mkdir ${HOME}/.balsa
 mkdir ${HOME}/.gnupg
 mkfile ${HOME}/.signature
 mkdir ${HOME}/mail
-allow  ${HOME}/.balsa
-allow  ${HOME}/.gnupg
-allow  ${HOME}/.mozilla/firefox/profiles.ini
-allow  ${HOME}/.signature
-allow  ${HOME}/mail
-allow  ${RUNUSER}/gnupg
-allow  /usr/share/balsa
-allow  /usr/share/gnupg
-allow  /usr/share/gnupg2
-allow  /var/mail
-allow  /var/spool/mail
+whitelist ${HOME}/.balsa
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
+whitelist ${HOME}/.signature
+whitelist ${HOME}/mail
+whitelist ${RUNUSER}/gnupg
+whitelist /usr/share/balsa
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
+whitelist /var/mail
+whitelist /var/spool/mail
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/barrier.profile b/etc/profile-a-l/barrier.profile
index fcea9b3ba4d..7b50e919922 100644
--- a/etc/profile-a-l/barrier.profile
+++ b/etc/profile-a-l/barrier.profile
@@ -6,9 +6,9 @@ include barrier.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Debauchee/Barrier.conf
-nodeny  ${HOME}/.local/share/barrier
-nodeny  ${PATH}/openssl
+noblacklist ${HOME}/.config/Debauchee/Barrier.conf
+noblacklist ${HOME}/.local/share/barrier
+noblacklist ${PATH}/openssl
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/basilisk.profile b/etc/profile-a-l/basilisk.profile
index 547c67fc881..8dc3847a0be 100644
--- a/etc/profile-a-l/basilisk.profile
+++ b/etc/profile-a-l/basilisk.profile
@@ -5,13 +5,13 @@ include basilisk.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/moonchild productions/basilisk
-nodeny  ${HOME}/.moonchild productions/basilisk
+noblacklist ${HOME}/.cache/moonchild productions/basilisk
+noblacklist ${HOME}/.moonchild productions/basilisk
 
 mkdir ${HOME}/.cache/moonchild productions/basilisk
 mkdir ${HOME}/.moonchild productions
-allow  ${HOME}/.cache/moonchild productions/basilisk
-allow  ${HOME}/.moonchild productions
+whitelist ${HOME}/.cache/moonchild productions/basilisk
+whitelist ${HOME}/.moonchild productions
 
 # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60)
 seccomp
diff --git a/etc/profile-a-l/bcompare.profile b/etc/profile-a-l/bcompare.profile
index a1d2b1e7394..3ecaea7fe1e 100644
--- a/etc/profile-a-l/bcompare.profile
+++ b/etc/profile-a-l/bcompare.profile
@@ -7,10 +7,10 @@ include bcompare.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/bcompare
+noblacklist ${HOME}/.config/bcompare
 # In case the user decides to include disable-programs.inc, still allow
 # KDE's Gwenview to view images via right click -> Open With -> Associated Application
-nodeny  ${HOME}/.config/gwenviewrc
+noblacklist ${HOME}/.config/gwenviewrc
 
 # Add the next line to your bcompare.local if you don't need to compare files in disable-common.inc.
 #include disable-common.inc
diff --git a/etc/profile-a-l/beaker.profile b/etc/profile-a-l/beaker.profile
index 588f460a8df..f3a9568bd1c 100644
--- a/etc/profile-a-l/beaker.profile
+++ b/etc/profile-a-l/beaker.profile
@@ -19,10 +19,10 @@ ignore private-cache
 ignore private-dev
 ignore private-tmp
 
-nodeny  ${HOME}/.config/Beaker Browser
+noblacklist ${HOME}/.config/Beaker Browser
 
 mkdir ${HOME}/.config/Beaker Browser
-allow  ${HOME}/.config/Beaker Browser
+whitelist ${HOME}/.config/Beaker Browser
 
 # Redirect
 include electron.profile
diff --git a/etc/profile-a-l/bibletime.profile b/etc/profile-a-l/bibletime.profile
index 717d7258db6..c7a82afbdd6 100644
--- a/etc/profile-a-l/bibletime.profile
+++ b/etc/profile-a-l/bibletime.profile
@@ -6,11 +6,11 @@ include bibletime.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.bibletime
-nodeny  ${HOME}/.sword
-nodeny  ${HOME}/.local/share/bibletime
+noblacklist ${HOME}/.bibletime
+noblacklist ${HOME}/.sword
+noblacklist ${HOME}/.local/share/bibletime
 
-deny  ${HOME}/.bashrc
+blacklist ${HOME}/.bashrc
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,12 +22,12 @@ include disable-programs.inc
 mkdir ${HOME}/.bibletime
 mkdir ${HOME}/.sword
 mkdir ${HOME}/.local/share/bibletime
-allow  ${HOME}/.bibletime
-allow  ${HOME}/.sword
-allow  ${HOME}/.local/share/bibletime
-allow  /usr/share/bibletime
-allow  /usr/share/doc/bibletime
-allow  /usr/share/sword
+whitelist ${HOME}/.bibletime
+whitelist ${HOME}/.sword
+whitelist ${HOME}/.local/share/bibletime
+whitelist /usr/share/bibletime
+whitelist /usr/share/doc/bibletime
+whitelist /usr/share/sword
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/bijiben.profile b/etc/profile-a-l/bijiben.profile
index b02fcc3e0c5..854fe5cb9c2 100644
--- a/etc/profile-a-l/bijiben.profile
+++ b/etc/profile-a-l/bijiben.profile
@@ -6,7 +6,7 @@ include bijiben.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/bijiben
+noblacklist ${HOME}/.local/share/bijiben
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,12 +18,12 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/bijiben
-allow  ${HOME}/.local/share/bijiben
-allow  ${HOME}/.cache/tracker
-allow  /usr/libexec/webkit2gtk-4.0
-allow  /usr/share/bijiben
-allow  /usr/share/tracker
-allow  /usr/share/tracker3
+whitelist ${HOME}/.local/share/bijiben
+whitelist ${HOME}/.cache/tracker
+whitelist /usr/libexec/webkit2gtk-4.0
+whitelist /usr/share/bijiben
+whitelist /usr/share/tracker
+whitelist /usr/share/tracker3
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/bitcoin-qt.profile b/etc/profile-a-l/bitcoin-qt.profile
index c4ec0f82019..932db9b73ca 100644
--- a/etc/profile-a-l/bitcoin-qt.profile
+++ b/etc/profile-a-l/bitcoin-qt.profile
@@ -6,8 +6,8 @@ include bitcoin-qt.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.bitcoin
-nodeny  ${HOME}/.config/Bitcoin
+noblacklist ${HOME}/.bitcoin
+noblacklist ${HOME}/.config/Bitcoin
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-shell.inc
 
 mkdir ${HOME}/.bitcoin
 mkdir ${HOME}/.config/Bitcoin
-allow  ${HOME}/.bitcoin
-allow  ${HOME}/.config/Bitcoin
+whitelist ${HOME}/.bitcoin
+whitelist ${HOME}/.config/Bitcoin
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/bitlbee.profile b/etc/profile-a-l/bitlbee.profile
index 0f000b26b59..dd7651979b1 100644
--- a/etc/profile-a-l/bitlbee.profile
+++ b/etc/profile-a-l/bitlbee.profile
@@ -8,8 +8,8 @@ include globals.local
 
 ignore noexec ${HOME}
 
-nodeny  /sbin
-nodeny  /usr/sbin
+noblacklist /sbin
+noblacklist /usr/sbin
 # noblacklist /var/log
 
 include disable-common.inc
diff --git a/etc/profile-a-l/bitwarden.profile b/etc/profile-a-l/bitwarden.profile
index 4b292d72aed..ba2eb2ea7d3 100644
--- a/etc/profile-a-l/bitwarden.profile
+++ b/etc/profile-a-l/bitwarden.profile
@@ -11,12 +11,12 @@ ignore include whitelist-usr-share-common.inc
 
 ignore noexec /tmp
 
-nodeny  ${HOME}/.config/Bitwarden
+noblacklist ${HOME}/.config/Bitwarden
 
 include disable-shell.inc
 
 mkdir ${HOME}/.config/Bitwarden
-allow  ${HOME}/.config/Bitwarden
+whitelist ${HOME}/.config/Bitwarden
 
 machine-id
 no3d
diff --git a/etc/profile-a-l/blackbox.profile b/etc/profile-a-l/blackbox.profile
index 616ad6801f4..233f9a96f64 100644
--- a/etc/profile-a-l/blackbox.profile
+++ b/etc/profile-a-l/blackbox.profile
@@ -7,7 +7,7 @@ include blackbox.local
 include globals.local
 
 # all applications started in blackbox will run in this profile
-nodeny  ${HOME}/.blackbox
+noblacklist ${HOME}/.blackbox
 include disable-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/blender.profile b/etc/profile-a-l/blender.profile
index 8d0b5616f28..701ae431e70 100644
--- a/etc/profile-a-l/blender.profile
+++ b/etc/profile-a-l/blender.profile
@@ -6,7 +6,7 @@ include blender.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/blender
+noblacklist ${HOME}/.config/blender
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 # Allow usage of AMD GPU by OpenCL
-nodeny  /sys/module
-allow  /sys/module/amdgpu
+noblacklist /sys/module
+whitelist /sys/module/amdgpu
 read-only /sys/module/amdgpu
 
 caps.drop all
diff --git a/etc/profile-a-l/bless.profile b/etc/profile-a-l/bless.profile
index ca5f96eee97..80dc750f79e 100644
--- a/etc/profile-a-l/bless.profile
+++ b/etc/profile-a-l/bless.profile
@@ -6,7 +6,7 @@ include bless.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/bless
+noblacklist ${HOME}/.config/bless
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile
index ee2a73b54d8..229c2029392 100644
--- a/etc/profile-a-l/blobby.profile
+++ b/etc/profile-a-l/blobby.profile
@@ -4,7 +4,7 @@ include blobby.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.blobby
+noblacklist ${HOME}/.blobby
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.blobby
-allow  ${HOME}/.blobby
+whitelist ${HOME}/.blobby
 include whitelist-common.inc
-allow  /usr/share/blobby
+whitelist /usr/share/blobby
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/blobwars.profile b/etc/profile-a-l/blobwars.profile
index e0be5261ebe..904710cb543 100644
--- a/etc/profile-a-l/blobwars.profile
+++ b/etc/profile-a-l/blobwars.profile
@@ -6,7 +6,7 @@ include blobwars.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.parallelrealities/blobwars
+noblacklist ${HOME}/.parallelrealities/blobwars
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.parallelrealities/blobwars
-allow  ${HOME}/.parallelrealities/blobwars
-allow  /usr/share/blobwars
+whitelist ${HOME}/.parallelrealities/blobwars
+whitelist /usr/share/blobwars
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/bnox.profile b/etc/profile-a-l/bnox.profile
index dcfd5d8d2d1..6e8f0d7d1ad 100644
--- a/etc/profile-a-l/bnox.profile
+++ b/etc/profile-a-l/bnox.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-nodeny  ${HOME}/.cache/bnox
-nodeny  ${HOME}/.config/bnox
+noblacklist ${HOME}/.cache/bnox
+noblacklist ${HOME}/.config/bnox
 
 mkdir ${HOME}/.cache/bnox
 mkdir ${HOME}/.config/bnox
-allow  ${HOME}/.cache/bnox
-allow  ${HOME}/.config/bnox
+whitelist ${HOME}/.cache/bnox
+whitelist ${HOME}/.config/bnox
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/brackets.profile b/etc/profile-a-l/brackets.profile
index a14bb8fef2e..0cbac049a0c 100644
--- a/etc/profile-a-l/brackets.profile
+++ b/etc/profile-a-l/brackets.profile
@@ -5,7 +5,7 @@ include brackets.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Brackets
+noblacklist ${HOME}/.config/Brackets
 #noblacklist /opt/brackets
 #noblacklist /opt/google
 
diff --git a/etc/profile-a-l/brasero.profile b/etc/profile-a-l/brasero.profile
index a788824099a..417a6b3e0a6 100644
--- a/etc/profile-a-l/brasero.profile
+++ b/etc/profile-a-l/brasero.profile
@@ -6,7 +6,7 @@ include brasero.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/brasero
+noblacklist ${HOME}/.config/brasero
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/brave.profile b/etc/profile-a-l/brave.profile
index bc2d7a6a11d..09548c7610e 100644
--- a/etc/profile-a-l/brave.profile
+++ b/etc/profile-a-l/brave.profile
@@ -14,24 +14,24 @@ ignore noexec /tmp
 # Alternatively you can add 'ignore apparmor' to your brave.local.
 ignore noexec ${HOME}
 
-nodeny  ${HOME}/.cache/BraveSoftware
-nodeny  ${HOME}/.config/BraveSoftware
-nodeny  ${HOME}/.config/brave
-nodeny  ${HOME}/.config/brave-flags.conf
+noblacklist ${HOME}/.cache/BraveSoftware
+noblacklist ${HOME}/.config/BraveSoftware
+noblacklist ${HOME}/.config/brave
+noblacklist ${HOME}/.config/brave-flags.conf
 # brave uses gpg for built-in password manager
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
 
 mkdir ${HOME}/.cache/BraveSoftware
 mkdir ${HOME}/.config/BraveSoftware
 mkdir ${HOME}/.config/brave
-allow  ${HOME}/.cache/BraveSoftware
-allow  ${HOME}/.config/BraveSoftware
-allow  ${HOME}/.config/brave
-allow  ${HOME}/.config/brave-flags.conf
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.cache/BraveSoftware
+whitelist ${HOME}/.config/BraveSoftware
+whitelist ${HOME}/.config/brave
+whitelist ${HOME}/.config/brave-flags.conf
+whitelist ${HOME}/.gnupg
 
 # Brave sandbox needs read access to /proc/config.gz
-nodeny  /proc/config.gz
+noblacklist /proc/config.gz
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/bzflag.profile b/etc/profile-a-l/bzflag.profile
index 62ca041c283..bda96bbb38b 100644
--- a/etc/profile-a-l/bzflag.profile
+++ b/etc/profile-a-l/bzflag.profile
@@ -6,7 +6,7 @@ include bzflag.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.bzf
+noblacklist ${HOME}/.bzf
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.bzf
-allow  ${HOME}/.bzf
+whitelist ${HOME}/.bzf
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/calibre.profile b/etc/profile-a-l/calibre.profile
index 99706620c72..83571397b32 100644
--- a/etc/profile-a-l/calibre.profile
+++ b/etc/profile-a-l/calibre.profile
@@ -6,9 +6,9 @@ include calibre.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/calibre
-nodeny  ${HOME}/.config/calibre
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.cache/calibre
+noblacklist ${HOME}/.config/calibre
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/calligra.profile b/etc/profile-a-l/calligra.profile
index 36ecc06a0a3..fcff47662fd 100644
--- a/etc/profile-a-l/calligra.profile
+++ b/etc/profile-a-l/calligra.profile
@@ -6,7 +6,7 @@ include calligra.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/kxmlgui5/calligra
+noblacklist ${HOME}/.local/share/kxmlgui5/calligra
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/calligragemini.profile b/etc/profile-a-l/calligragemini.profile
index 76123c96ae2..006c307ab0f 100644
--- a/etc/profile-a-l/calligragemini.profile
+++ b/etc/profile-a-l/calligragemini.profile
@@ -6,7 +6,7 @@ include calligragemini.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.local/share/calligragemini
+noblacklist ${HOME}/.local/share/calligragemini
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligraplan.profile b/etc/profile-a-l/calligraplan.profile
index 5fb1e16dae7..81dbd4dcdd2 100644
--- a/etc/profile-a-l/calligraplan.profile
+++ b/etc/profile-a-l/calligraplan.profile
@@ -6,7 +6,7 @@ include calligraplan.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.local/share/kxmlgui5/calligraplan
+noblacklist ${HOME}/.local/share/kxmlgui5/calligraplan
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligraplanwork.profile b/etc/profile-a-l/calligraplanwork.profile
index c176bfea1ae..bba91b66bfa 100644
--- a/etc/profile-a-l/calligraplanwork.profile
+++ b/etc/profile-a-l/calligraplanwork.profile
@@ -6,7 +6,7 @@ include calligraplanwork.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.local/share/kxmlgui5/calligraplanwork
+noblacklist ${HOME}/.local/share/kxmlgui5/calligraplanwork
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligrasheets.profile b/etc/profile-a-l/calligrasheets.profile
index b7ac689452f..7bc296047c0 100644
--- a/etc/profile-a-l/calligrasheets.profile
+++ b/etc/profile-a-l/calligrasheets.profile
@@ -6,7 +6,7 @@ include calligrasheets.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.local/share/kxmlgui5/calligrasheets
+noblacklist ${HOME}/.local/share/kxmlgui5/calligrasheets
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligrastage.profile b/etc/profile-a-l/calligrastage.profile
index 1258fec563e..7694abbe414 100644
--- a/etc/profile-a-l/calligrastage.profile
+++ b/etc/profile-a-l/calligrastage.profile
@@ -6,7 +6,7 @@ include calligrastage.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.local/share/kxmlgui5/calligrastage
+noblacklist ${HOME}/.local/share/kxmlgui5/calligrastage
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligrawords.profile b/etc/profile-a-l/calligrawords.profile
index c2b6c804163..d69d56a95c0 100644
--- a/etc/profile-a-l/calligrawords.profile
+++ b/etc/profile-a-l/calligrawords.profile
@@ -6,7 +6,7 @@ include calligrawords.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.local/share/kxmlgui5/calligrawords
+noblacklist ${HOME}/.local/share/kxmlgui5/calligrawords
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/cameramonitor.profile b/etc/profile-a-l/cameramonitor.profile
index 390ae383cb7..74c7cc34b61 100644
--- a/etc/profile-a-l/cameramonitor.profile
+++ b/etc/profile-a-l/cameramonitor.profile
@@ -20,7 +20,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/cameramonitor
+whitelist /usr/share/cameramonitor
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/cantata.profile b/etc/profile-a-l/cantata.profile
index 77bdc09e01b..96f88a7c4fa 100644
--- a/etc/profile-a-l/cantata.profile
+++ b/etc/profile-a-l/cantata.profile
@@ -6,10 +6,10 @@ include cantata.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/cantata
-nodeny  ${HOME}/.config/cantata
-nodeny  ${HOME}/.local/share/cantata
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.cache/cantata
+noblacklist ${HOME}/.config/cantata
+noblacklist ${HOME}/.local/share/cantata
+noblacklist ${MUSIC}
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
diff --git a/etc/profile-a-l/cargo.profile b/etc/profile-a-l/cargo.profile
index 9c53af84fc9..7cf04c55010 100644
--- a/etc/profile-a-l/cargo.profile
+++ b/etc/profile-a-l/cargo.profile
@@ -10,11 +10,11 @@ include globals.local
 ignore noexec ${HOME}
 ignore noexec /tmp
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
 
-nodeny  ${HOME}/.cargo/credentials
-nodeny  ${HOME}/.cargo/credentials.toml
+noblacklist ${HOME}/.cargo/credentials
+noblacklist ${HOME}/.cargo/credentials.toml
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
@@ -34,7 +34,7 @@ include disable-xdg.inc
 #whitelist ${HOME}/.cargo
 #whitelist ${HOME}/.rustup
 #include whitelist-common.inc
-allow  /usr/share/pkgconfig
+whitelist /usr/share/pkgconfig
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/catfish.profile b/etc/profile-a-l/catfish.profile
index 4ea53ea6b26..009d3a049d4 100644
--- a/etc/profile-a-l/catfish.profile
+++ b/etc/profile-a-l/catfish.profile
@@ -9,7 +9,7 @@ include globals.local
 # We can't blacklist much since catfish
 # is for finding files/content
 
-nodeny  ${HOME}/.config/catfish
+noblacklist ${HOME}/.config/catfish
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -21,7 +21,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 # include disable-programs.inc
 
-allow  /var/lib/mlocate
+whitelist /var/lib/mlocate
 include whitelist-var-common.inc
 
 apparmor
diff --git a/etc/profile-a-l/cawbird.profile b/etc/profile-a-l/cawbird.profile
index d7aee1902cb..6e137010cec 100644
--- a/etc/profile-a-l/cawbird.profile
+++ b/etc/profile-a-l/cawbird.profile
@@ -6,7 +6,7 @@ include cawbird.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/cawbird
+noblacklist ${HOME}/.config/cawbird
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile
index d6f4306ba94..1c539cc93e2 100644
--- a/etc/profile-a-l/celluloid.profile
+++ b/etc/profile-a-l/celluloid.profile
@@ -6,9 +6,9 @@ include celluloid.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/celluloid
-nodeny  ${HOME}/.config/gnome-mpv
-nodeny  ${HOME}/.config/youtube-dl
+noblacklist ${HOME}/.config/celluloid
+noblacklist ${HOME}/.config/gnome-mpv
+noblacklist ${HOME}/.config/youtube-dl
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -17,7 +17,7 @@ include allow-lua.inc
 include allow-python2.inc
 include allow-python3.inc
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -30,9 +30,9 @@ read-only ${DESKTOP}
 mkdir ${HOME}/.config/celluloid
 mkdir ${HOME}/.config/gnome-mpv
 mkdir ${HOME}/.config/youtube-dl
-allow  ${HOME}/.config/celluloid
-allow  ${HOME}/.config/gnome-mpv
-allow  ${HOME}/.config/youtube-dl
+whitelist ${HOME}/.config/celluloid
+whitelist ${HOME}/.config/gnome-mpv
+whitelist ${HOME}/.config/youtube-dl
 include whitelist-common.inc
 include whitelist-player-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/checkbashisms.profile b/etc/profile-a-l/checkbashisms.profile
index 0f61084e0ea..24939fc70e1 100644
--- a/etc/profile-a-l/checkbashisms.profile
+++ b/etc/profile-a-l/checkbashisms.profile
@@ -7,9 +7,9 @@ include checkbashisms.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
diff --git a/etc/profile-a-l/cheese.profile b/etc/profile-a-l/cheese.profile
index bde3e1311b4..aca1f5876a3 100644
--- a/etc/profile-a-l/cheese.profile
+++ b/etc/profile-a-l/cheese.profile
@@ -6,8 +6,8 @@ include cheese.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${VIDEOS}
-nodeny  ${PICTURES}
+noblacklist ${VIDEOS}
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  ${VIDEOS}
-allow  ${PICTURES}
-allow  /usr/share/gnome-video-effects
+whitelist ${VIDEOS}
+whitelist ${PICTURES}
+whitelist /usr/share/gnome-video-effects
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/cherrytree.profile b/etc/profile-a-l/cherrytree.profile
index d5dedd81d92..7621b3c8cc7 100644
--- a/etc/profile-a-l/cherrytree.profile
+++ b/etc/profile-a-l/cherrytree.profile
@@ -6,8 +6,8 @@ include cherrytree.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/cherrytree
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.config/cherrytree
+noblacklist ${DOCUMENTS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/chromium-browser-privacy.profile b/etc/profile-a-l/chromium-browser-privacy.profile
index 64c45772a5a..8803a4d9d1b 100644
--- a/etc/profile-a-l/chromium-browser-privacy.profile
+++ b/etc/profile-a-l/chromium-browser-privacy.profile
@@ -3,15 +3,15 @@
 # Persistent local customizations
 include chromium-browser-privacy.local
 
-nodeny  ${HOME}/.cache/ungoogled-chromium
-nodeny  ${HOME}/.config/ungoogled-chromium
+noblacklist ${HOME}/.cache/ungoogled-chromium
+noblacklist ${HOME}/.config/ungoogled-chromium
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 mkdir ${HOME}/.cache/ungoogled-chromium
 mkdir ${HOME}/.config/ungoogled-chromium
-allow  ${HOME}/.cache/ungoogled-chromium
-allow  ${HOME}/.config/ungoogled-chromium
+whitelist ${HOME}/.cache/ungoogled-chromium
+whitelist ${HOME}/.config/ungoogled-chromium
 
 # private-bin basename,bash,cat,chromium-browser-privacy,dirname,mkdir,readlink,sed,touch,which,xdg-settings
 
diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile
index dbeb715d44d..b0e0254d477 100644
--- a/etc/profile-a-l/chromium-common.profile
+++ b/etc/profile-a-l/chromium-common.profile
@@ -9,8 +9,8 @@ include chromium-common.local
 # noexec ${HOME} breaks DRM binaries.
 ?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
 
-nodeny  ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.pki
+noblacklist ${HOME}/.local/share/pki
 
 # Add the next line to your chromium-common.local if you want Google Chrome/Chromium browser
 # to have access to Gnome extensions (extensions.gnome.org) via browser connector
@@ -26,9 +26,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
-allow  ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.local/share/pki
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/chromium.profile b/etc/profile-a-l/chromium.profile
index ea92e90a8a9..9ac33aa1c6d 100644
--- a/etc/profile-a-l/chromium.profile
+++ b/etc/profile-a-l/chromium.profile
@@ -6,17 +6,17 @@ include chromium.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/chromium
-nodeny  ${HOME}/.config/chromium
-nodeny  ${HOME}/.config/chromium-flags.conf
+noblacklist ${HOME}/.cache/chromium
+noblacklist ${HOME}/.config/chromium
+noblacklist ${HOME}/.config/chromium-flags.conf
 
 mkdir ${HOME}/.cache/chromium
 mkdir ${HOME}/.config/chromium
-allow  ${HOME}/.cache/chromium
-allow  ${HOME}/.config/chromium
-allow  ${HOME}/.config/chromium-flags.conf
-allow  /usr/share/chromium
-allow  /usr/share/mozilla/extensions
+whitelist ${HOME}/.cache/chromium
+whitelist ${HOME}/.config/chromium
+whitelist ${HOME}/.config/chromium-flags.conf
+whitelist /usr/share/chromium
+whitelist /usr/share/mozilla/extensions
 
 # private-bin chromium,chromium-browser,chromedriver
 
diff --git a/etc/profile-a-l/cin.profile b/etc/profile-a-l/cin.profile
index c967e1c96bf..e1f9523c45c 100644
--- a/etc/profile-a-l/cin.profile
+++ b/etc/profile-a-l/cin.profile
@@ -5,7 +5,7 @@ include cin.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.bcast5
+noblacklist ${HOME}/.bcast5
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/clamav.profile b/etc/profile-a-l/clamav.profile
index 0efbcd4f24e..e403c2c410e 100644
--- a/etc/profile-a-l/clamav.profile
+++ b/etc/profile-a-l/clamav.profile
@@ -7,7 +7,7 @@ include clamav.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
 include disable-exec.inc
 
diff --git a/etc/profile-a-l/claws-mail.profile b/etc/profile-a-l/claws-mail.profile
index 3e4e1f2a19e..691657fa04d 100644
--- a/etc/profile-a-l/claws-mail.profile
+++ b/etc/profile-a-l/claws-mail.profile
@@ -6,17 +6,17 @@ include claws-mail.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.claws-mail
+noblacklist ${HOME}/.claws-mail
 
 mkdir ${HOME}/.claws-mail
-allow  ${HOME}/.claws-mail
+whitelist ${HOME}/.claws-mail
 
 # Add the below lines to your claws-mail.local if you use python-based plugins.
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
 #include allow-python3.inc
 
-allow  /usr/share/doc/claws-mail
+whitelist /usr/share/doc/claws-mail
 
 # private-bin claws-mail,curl,gpg,gpg2,gpg-agent,gpgsm,gpgme-config,pinentry,pinentry-gtk-2
 
diff --git a/etc/profile-a-l/clawsker.profile b/etc/profile-a-l/clawsker.profile
index ee64391d9cb..9b62a1f735a 100644
--- a/etc/profile-a-l/clawsker.profile
+++ b/etc/profile-a-l/clawsker.profile
@@ -6,7 +6,7 @@ include clawsker.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.claws-mail
+noblacklist ${HOME}/.claws-mail
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -19,7 +19,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.claws-mail
-allow  ${HOME}/.claws-mail
+whitelist ${HOME}/.claws-mail
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/clementine.profile b/etc/profile-a-l/clementine.profile
index f9c0006f984..fa33795c17c 100644
--- a/etc/profile-a-l/clementine.profile
+++ b/etc/profile-a-l/clementine.profile
@@ -6,9 +6,9 @@ include clementine.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/Clementine
-nodeny  ${HOME}/.config/Clementine
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.cache/Clementine
+noblacklist ${HOME}/.config/Clementine
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/clion.profile b/etc/profile-a-l/clion.profile
index 5c5399069f5..77952358fc5 100644
--- a/etc/profile-a-l/clion.profile
+++ b/etc/profile-a-l/clion.profile
@@ -5,16 +5,16 @@ include clion.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/JetBrains/CLion*
-nodeny  ${HOME}/.cache/JetBrains/CLion*
-nodeny  ${HOME}/.clion*
-nodeny  ${HOME}/.CLion*
-nodeny  ${HOME}/.config/git
-nodeny  ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
-nodeny  ${HOME}/.java
-nodeny  ${HOME}/.local/share/JetBrains
-nodeny  ${HOME}/.tooling
+noblacklist ${HOME}/.config/JetBrains/CLion*
+noblacklist ${HOME}/.cache/JetBrains/CLion*
+noblacklist ${HOME}/.clion*
+noblacklist ${HOME}/.CLion*
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+noblacklist ${HOME}/.java
+noblacklist ${HOME}/.local/share/JetBrains
+noblacklist ${HOME}/.tooling
 
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
diff --git a/etc/profile-a-l/clipgrab.profile b/etc/profile-a-l/clipgrab.profile
index 89f8d96f056..c8258da070a 100644
--- a/etc/profile-a-l/clipgrab.profile
+++ b/etc/profile-a-l/clipgrab.profile
@@ -6,9 +6,9 @@ include clipgrab.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Philipp Schmieder
-nodeny  ${HOME}/.pki
-nodeny  ${VIDEOS}
+noblacklist ${HOME}/.config/Philipp Schmieder
+noblacklist ${HOME}/.pki
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/clipit.profile b/etc/profile-a-l/clipit.profile
index 4a2a5171b30..d421903a324 100644
--- a/etc/profile-a-l/clipit.profile
+++ b/etc/profile-a-l/clipit.profile
@@ -6,8 +6,8 @@ include clipit.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/clipit
-nodeny  ${HOME}/.local/share/clipit
+noblacklist ${HOME}/.config/clipit
+noblacklist ${HOME}/.local/share/clipit
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/clipit
 mkdir ${HOME}/.local/share/clipit
-allow  ${HOME}/.config/clipit
-allow  ${HOME}/.local/share/clipit
+whitelist ${HOME}/.config/clipit
+whitelist ${HOME}/.local/share/clipit
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/cliqz.profile b/etc/profile-a-l/cliqz.profile
index 22c6ef88253..d0b8cc0ef3f 100644
--- a/etc/profile-a-l/cliqz.profile
+++ b/etc/profile-a-l/cliqz.profile
@@ -5,16 +5,16 @@ include cliqz.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/cliqz
-nodeny  ${HOME}/.cliqz
-nodeny  ${HOME}/.config/cliqz
+noblacklist ${HOME}/.cache/cliqz
+noblacklist ${HOME}/.cliqz
+noblacklist ${HOME}/.config/cliqz
 
 mkdir ${HOME}/.cache/cliqz
 mkdir ${HOME}/.cliqz
 mkdir ${HOME}/.config/cliqz
-allow  ${HOME}/.cache/cliqz
-allow  ${HOME}/.cliqz
-allow  ${HOME}/.config/cliqz
+whitelist ${HOME}/.cache/cliqz
+whitelist ${HOME}/.cliqz
+whitelist ${HOME}/.config/cliqz
 
 # private-etc must first be enabled in firefox-common.profile
 #private-etc cliqz
diff --git a/etc/profile-a-l/cmus.profile b/etc/profile-a-l/cmus.profile
index 51e53209f9f..bcd557787b8 100644
--- a/etc/profile-a-l/cmus.profile
+++ b/etc/profile-a-l/cmus.profile
@@ -6,8 +6,8 @@ include cmus.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/cmus
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.config/cmus
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/code.profile b/etc/profile-a-l/code.profile
index 1933c66fa5b..e19b789088b 100644
--- a/etc/profile-a-l/code.profile
+++ b/etc/profile-a-l/code.profile
@@ -5,10 +5,10 @@ include code.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Code
-nodeny  ${HOME}/.config/Code - OSS
-nodeny  ${HOME}/.vscode
-nodeny  ${HOME}/.vscode-oss
+noblacklist ${HOME}/.config/Code
+noblacklist ${HOME}/.config/Code - OSS
+noblacklist ${HOME}/.vscode
+noblacklist ${HOME}/.vscode-oss
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/colorful.profile b/etc/profile-a-l/colorful.profile
index efa7f516cb5..bd6d8f5b08c 100644
--- a/etc/profile-a-l/colorful.profile
+++ b/etc/profile-a-l/colorful.profile
@@ -6,7 +6,7 @@ include colorful.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.suve/colorful
+noblacklist ${HOME}/.suve/colorful
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.suve/colorful
-allow  ${HOME}/.suve/colorful
-allow  /usr/share/suve
+whitelist ${HOME}/.suve/colorful
+whitelist /usr/share/suve
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/com.github.bleakgrey.tootle.profile b/etc/profile-a-l/com.github.bleakgrey.tootle.profile
index 34b66295955..c8bdfec2361 100644
--- a/etc/profile-a-l/com.github.bleakgrey.tootle.profile
+++ b/etc/profile-a-l/com.github.bleakgrey.tootle.profile
@@ -6,7 +6,7 @@ include com.github.bleakgrey.tootle.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/com.github.bleakgrey.tootle
+noblacklist ${HOME}/.config/com.github.bleakgrey.tootle
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/com.github.bleakgrey.tootle
-allow  ${DOWNLOADS}
-allow  ${HOME}/.config/com.github.bleakgrey.tootle
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.config/com.github.bleakgrey.tootle
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/com.github.dahenson.agenda.profile b/etc/profile-a-l/com.github.dahenson.agenda.profile
index 4e26e492523..b467a0f7aa2 100644
--- a/etc/profile-a-l/com.github.dahenson.agenda.profile
+++ b/etc/profile-a-l/com.github.dahenson.agenda.profile
@@ -6,9 +6,9 @@ include com.github.dahenson.agenda.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/agenda
-nodeny  ${HOME}/.config/agenda
-nodeny  ${HOME}/.local/share/agenda
+noblacklist ${HOME}/.cache/agenda
+noblacklist ${HOME}/.config/agenda
+noblacklist ${HOME}/.local/share/agenda
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,9 +22,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/agenda
 mkdir ${HOME}/.config/agenda
 mkdir ${HOME}/.local/share/agenda
-allow  ${HOME}/.cache/agenda
-allow  ${HOME}/.config/agenda
-allow  ${HOME}/.local/share/agenda
+whitelist ${HOME}/.cache/agenda
+whitelist ${HOME}/.config/agenda
+whitelist ${HOME}/.local/share/agenda
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
index bbfc1fe411b..c13f9618b8e 100644
--- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
+++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
@@ -6,9 +6,9 @@ include foliate.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${DOCUMENTS}
-nodeny  ${HOME}/.cache/com.github.johnfactotum.Foliate
-nodeny  ${HOME}/.local/share/com.github.johnfactotum.Foliate
+noblacklist ${DOCUMENTS}
+noblacklist ${HOME}/.cache/com.github.johnfactotum.Foliate
+noblacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
@@ -24,12 +24,12 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate
 mkdir ${HOME}/.local/share/com.github.johnfactotum.Foliate
-allow  ${HOME}/.cache/com.github.johnfactotum.Foliate
-allow  ${HOME}/.local/share/com.github.johnfactotum.Foliate
-allow  ${DOCUMENTS}
-allow  ${DOWNLOADS}
-allow  /usr/share/com.github.johnfactotum.Foliate
-allow  /usr/share/hyphen
+whitelist ${HOME}/.cache/com.github.johnfactotum.Foliate
+whitelist ${HOME}/.local/share/com.github.johnfactotum.Foliate
+whitelist ${DOCUMENTS}
+whitelist ${DOWNLOADS}
+whitelist /usr/share/com.github.johnfactotum.Foliate
+whitelist /usr/share/hyphen
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/com.github.phase1geo.minder.profile b/etc/profile-a-l/com.github.phase1geo.minder.profile
index 3e9acc6c85f..d0402d188bc 100644
--- a/etc/profile-a-l/com.github.phase1geo.minder.profile
+++ b/etc/profile-a-l/com.github.phase1geo.minder.profile
@@ -6,9 +6,9 @@ include com.github.phase1geo.minder.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/minder
-nodeny  ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.local/share/minder
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,10 +20,10 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/minder
-allow  ${HOME}/.local/share/minder
-allow  ${DOCUMENTS}
-allow  ${DOWNLOADS}
-allow  ${PICTURES}
+whitelist ${HOME}/.local/share/minder
+whitelist ${DOCUMENTS}
+whitelist ${DOWNLOADS}
+whitelist ${PICTURES}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/conkeror.profile b/etc/profile-a-l/conkeror.profile
index 6cc9ec551cd..38edf0d212e 100644
--- a/etc/profile-a-l/conkeror.profile
+++ b/etc/profile-a-l/conkeror.profile
@@ -5,23 +5,23 @@ include conkeror.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.conkeror.mozdev.org
+noblacklist ${HOME}/.conkeror.mozdev.org
 
 include disable-common.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.conkeror.mozdev.org
 mkfile ${HOME}/.conkerorrc
-allow  ${HOME}/.conkeror.mozdev.org
-allow  ${HOME}/.conkerorrc
-allow  ${HOME}/.lastpass
-allow  ${HOME}/.pentadactyl
-allow  ${HOME}/.pentadactylrc
-allow  ${HOME}/.vimperator
-allow  ${HOME}/.vimperatorrc
-allow  ${HOME}/.zotero
-allow  ${HOME}/dwhelper
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.conkeror.mozdev.org
+whitelist ${HOME}/.conkerorrc
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactylrc
+whitelist ${HOME}/.vimperator
+whitelist ${HOME}/.vimperatorrc
+whitelist ${HOME}/.zotero
+whitelist ${HOME}/dwhelper
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/conky.profile b/etc/profile-a-l/conky.profile
index 1b3fe665121..eaa18739dfc 100644
--- a/etc/profile-a-l/conky.profile
+++ b/etc/profile-a-l/conky.profile
@@ -6,7 +6,7 @@ include conky.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
diff --git a/etc/profile-a-l/corebird.profile b/etc/profile-a-l/corebird.profile
index 266c404ee9b..2fb446e2ac3 100644
--- a/etc/profile-a-l/corebird.profile
+++ b/etc/profile-a-l/corebird.profile
@@ -6,7 +6,7 @@ include corebird.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/corebird
+noblacklist ${HOME}/.config/corebird
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/cower.profile b/etc/profile-a-l/cower.profile
index 0a1353e40f8..1635995dc13 100644
--- a/etc/profile-a-l/cower.profile
+++ b/etc/profile-a-l/cower.profile
@@ -7,8 +7,8 @@ include cower.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/cower
-nodeny  /var/lib/pacman
+noblacklist ${HOME}/.config/cower
+noblacklist /var/lib/pacman
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/coyim.profile b/etc/profile-a-l/coyim.profile
index 5e48c802264..7ece35c2bc2 100644
--- a/etc/profile-a-l/coyim.profile
+++ b/etc/profile-a-l/coyim.profile
@@ -6,7 +6,7 @@ include coyim.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/coyim
+noblacklist ${HOME}/.config/coyim
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/coyim
-allow  ${HOME}/.config/coyim
+whitelist ${HOME}/.config/coyim
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/cpio.profile b/etc/profile-a-l/cpio.profile
index dec8c086b70..bdc4f21a697 100644
--- a/etc/profile-a-l/cpio.profile
+++ b/etc/profile-a-l/cpio.profile
@@ -7,8 +7,8 @@ include cpio.local
 # Persistent global definitions
 include globals.local
 
-nodeny  /sbin
-nodeny  /usr/sbin
+noblacklist /sbin
+noblacklist /usr/sbin
 
 # Redirect
 include archiver-common.profile
diff --git a/etc/profile-a-l/crawl.profile b/etc/profile-a-l/crawl.profile
index 81292c01c1d..b10216895a5 100644
--- a/etc/profile-a-l/crawl.profile
+++ b/etc/profile-a-l/crawl.profile
@@ -6,7 +6,7 @@ include crawl-tiles.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.crawl
+noblacklist ${HOME}/.crawl
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.crawl
-allow  ${HOME}/.crawl
+whitelist ${HOME}/.crawl
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/crow.profile b/etc/profile-a-l/crow.profile
index 36bd93778bf..02b15ecc287 100644
--- a/etc/profile-a-l/crow.profile
+++ b/etc/profile-a-l/crow.profile
@@ -8,8 +8,8 @@ include globals.local
 
 mkdir ${HOME}/.config/crow
 mkdir ${HOME}/.cache/gstreamer-1.0
-allow  ${HOME}/.config/crow
-allow  ${HOME}/.cache/gstreamer-1.0
+whitelist ${HOME}/.config/crow
+whitelist ${HOME}/.cache/gstreamer-1.0
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile
index 4950b7a4c6f..c9867c5d71d 100644
--- a/etc/profile-a-l/curl.profile
+++ b/etc/profile-a-l/curl.profile
@@ -12,11 +12,11 @@ include globals.local
 # Technically this file can be anywhere but let's assume users have it in ${HOME}/.curl-hsts.
 # If your setup diverts, add 'blacklist /path/to/curl/hsts/file' to your disable-programs.local
 # and 'noblacklist /path/to/curl/hsts/file' to curl.local to keep the sandbox logic intact.
-nodeny  ${HOME}/.curl-hsts
-nodeny  ${HOME}/.curlrc
+noblacklist ${HOME}/.curl-hsts
+noblacklist ${HOME}/.curlrc
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
 
 include disable-common.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/cyberfox.profile b/etc/profile-a-l/cyberfox.profile
index 49f972e4aa3..d1fff000468 100644
--- a/etc/profile-a-l/cyberfox.profile
+++ b/etc/profile-a-l/cyberfox.profile
@@ -5,13 +5,13 @@ include cyberfox.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.8pecxstudios
-nodeny  ${HOME}/.cache/8pecxstudios
+noblacklist ${HOME}/.8pecxstudios
+noblacklist ${HOME}/.cache/8pecxstudios
 
 mkdir ${HOME}/.8pecxstudios
 mkdir ${HOME}/.cache/8pecxstudios
-allow  ${HOME}/.8pecxstudios
-allow  ${HOME}/.cache/8pecxstudios
+whitelist ${HOME}/.8pecxstudios
+whitelist ${HOME}/.cache/8pecxstudios
 
 # private-bin cyberfox,dbus-launch,dbus-send,env,sh,which
 # private-etc must first be enabled in firefox-common.profile
diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile
index c7ce1730a54..ba1e7adade9 100644
--- a/etc/profile-a-l/d-feet.profile
+++ b/etc/profile-a-l/d-feet.profile
@@ -6,7 +6,7 @@ include d-feet.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/d-feet
+noblacklist ${HOME}/.config/d-feet
 
 # Allow python (disabled by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,8 +22,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/d-feet
-allow  ${HOME}/.config/d-feet
-allow  /usr/share/d-feet
+whitelist ${HOME}/.config/d-feet
+whitelist /usr/share/d-feet
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/darktable.profile b/etc/profile-a-l/darktable.profile
index 4d51c255e02..61fa52928d9 100644
--- a/etc/profile-a-l/darktable.profile
+++ b/etc/profile-a-l/darktable.profile
@@ -6,9 +6,9 @@ include darktable.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/darktable
-nodeny  ${HOME}/.config/darktable
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.cache/darktable
+noblacklist ${HOME}/.config/darktable
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile
index 745042d6fb8..67a61bb6094 100644
--- a/etc/profile-a-l/dbus-send.profile
+++ b/etc/profile-a-l/dbus-send.profile
@@ -7,8 +7,8 @@ include dbus-send.local
 # Persistent global definitions
 include globals.local
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dconf-editor.profile b/etc/profile-a-l/dconf-editor.profile
index c1231c6cfde..0c221850ad3 100644
--- a/etc/profile-a-l/dconf-editor.profile
+++ b/etc/profile-a-l/dconf-editor.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  ${HOME}/.local/share/glib-2.0
+whitelist ${HOME}/.local/share/glib-2.0
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/dconf.profile b/etc/profile-a-l/dconf.profile
index b9d385adfb2..be7514cbf32 100644
--- a/etc/profile-a-l/dconf.profile
+++ b/etc/profile-a-l/dconf.profile
@@ -6,7 +6,7 @@ include dconf.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  ${HOME}/.local/share/glib-2.0
+whitelist ${HOME}/.local/share/glib-2.0
 # dconf paths are whitelisted by the following
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/ddgtk.profile b/etc/profile-a-l/ddgtk.profile
index 09fa7a07a40..5b95b74be2a 100644
--- a/etc/profile-a-l/ddgtk.profile
+++ b/etc/profile-a-l/ddgtk.profile
@@ -18,8 +18,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  ${DOWNLOADS}
-allow  /usr/share/ddgtk
+whitelist ${DOWNLOADS}
+whitelist /usr/share/ddgtk
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/deadbeef.profile b/etc/profile-a-l/deadbeef.profile
index 25fa944a118..a221ebbd758 100644
--- a/etc/profile-a-l/deadbeef.profile
+++ b/etc/profile-a-l/deadbeef.profile
@@ -6,8 +6,8 @@ include deadbeef.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/deadbeef
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.config/deadbeef
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/deluge.profile b/etc/profile-a-l/deluge.profile
index d41a4a02398..ad7aa6ed522 100644
--- a/etc/profile-a-l/deluge.profile
+++ b/etc/profile-a-l/deluge.profile
@@ -6,7 +6,7 @@ include deluge.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/deluge
+noblacklist ${HOME}/.config/deluge
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.config/deluge
-allow  ${DOWNLOADS}
-allow  ${HOME}/.config/deluge
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.config/deluge
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/desktopeditors.profile b/etc/profile-a-l/desktopeditors.profile
index aed4355d56f..212cdab60fb 100644
--- a/etc/profile-a-l/desktopeditors.profile
+++ b/etc/profile-a-l/desktopeditors.profile
@@ -6,9 +6,9 @@ include desktopeditors.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/onlyoffice
-nodeny  ${HOME}/.local/share/onlyoffice
-nodeny  ${HOME}/.pki
+noblacklist ${HOME}/.config/onlyoffice
+noblacklist ${HOME}/.local/share/onlyoffice
+noblacklist ${HOME}/.pki
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/devhelp.profile b/etc/profile-a-l/devhelp.profile
index dc0f290fb45..5007f8e742c 100644
--- a/etc/profile-a-l/devhelp.profile
+++ b/etc/profile-a-l/devhelp.profile
@@ -16,9 +16,9 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/devhelp
-allow  /usr/share/doc
-allow  /usr/share/gtk-doc/html
+whitelist /usr/share/devhelp
+whitelist /usr/share/doc
+whitelist /usr/share/gtk-doc/html
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 
diff --git a/etc/profile-a-l/devilspie.profile b/etc/profile-a-l/devilspie.profile
index 631f15f9303..6267b57097b 100644
--- a/etc/profile-a-l/devilspie.profile
+++ b/etc/profile-a-l/devilspie.profile
@@ -6,9 +6,9 @@ include devilspie.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  ${HOME}/.devilspie
+noblacklist ${HOME}/.devilspie
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.devilspie
-allow  ${HOME}/.devilspie
+whitelist ${HOME}/.devilspie
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/devilspie2.profile b/etc/profile-a-l/devilspie2.profile
index 140c9da0ff7..9eab3f536ab 100644
--- a/etc/profile-a-l/devilspie2.profile
+++ b/etc/profile-a-l/devilspie2.profile
@@ -6,17 +6,17 @@ include devilspie2.local
 # Persistent global definitions
 #include globals.local
 
-deny  ${HOME}/.devilspie
+blacklist ${HOME}/.devilspie
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  ${HOME}/.config/devilspie2
+noblacklist ${HOME}/.config/devilspie2
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
 
 mkdir ${HOME}/.config/devilspie2
-allow  ${HOME}/.config/devilspie2
+whitelist ${HOME}/.config/devilspie2
 
 private-bin devilspie2
 
diff --git a/etc/profile-a-l/dia.profile b/etc/profile-a-l/dia.profile
index 2a808238b9e..531734b7d11 100644
--- a/etc/profile-a-l/dia.profile
+++ b/etc/profile-a-l/dia.profile
@@ -6,8 +6,8 @@ include dia.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.dia
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.dia
+noblacklist ${DOCUMENTS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -25,7 +25,7 @@ include disable-xdg.inc
 #whitelist ${HOME}/.dia
 #whitelist ${DOCUMENTS}
 #include whitelist-common.inc
-allow  /usr/share/dia
+whitelist /usr/share/dia
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/dig.profile b/etc/profile-a-l/dig.profile
index 2d683b8115a..247159a8a83 100644
--- a/etc/profile-a-l/dig.profile
+++ b/etc/profile-a-l/dig.profile
@@ -7,11 +7,11 @@ include dig.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.digrc
-nodeny  ${PATH}/dig
+noblacklist ${HOME}/.digrc
+noblacklist ${PATH}/dig
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
 
 include disable-common.inc
 # include disable-devel.inc
@@ -22,7 +22,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 #mkfile ${HOME}/.digrc - see #903
-allow  ${HOME}/.digrc
+whitelist ${HOME}/.digrc
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/digikam.profile b/etc/profile-a-l/digikam.profile
index 124b5095295..2ca7bd40023 100644
--- a/etc/profile-a-l/digikam.profile
+++ b/etc/profile-a-l/digikam.profile
@@ -6,12 +6,12 @@ include digikam.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/digikam
-nodeny  ${HOME}/.config/digikamrc
-nodeny  ${HOME}/.kde/share/apps/digikam
-nodeny  ${HOME}/.kde4/share/apps/digikam
-nodeny  ${HOME}/.local/share/kxmlgui5/digikam
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.config/digikam
+noblacklist ${HOME}/.config/digikamrc
+noblacklist ${HOME}/.kde/share/apps/digikam
+noblacklist ${HOME}/.kde4/share/apps/digikam
+noblacklist ${HOME}/.local/share/kxmlgui5/digikam
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dillo.profile b/etc/profile-a-l/dillo.profile
index 883466f4db9..9871a6095fb 100644
--- a/etc/profile-a-l/dillo.profile
+++ b/etc/profile-a-l/dillo.profile
@@ -6,7 +6,7 @@ include dillo.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.dillo
+noblacklist ${HOME}/.dillo
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-programs.inc
 
 mkdir ${HOME}/.dillo
 mkdir ${HOME}/.fltk
-allow  ${DOWNLOADS}
-allow  ${HOME}/.dillo
-allow  ${HOME}/.fltk
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.dillo
+whitelist ${HOME}/.fltk
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/dino.profile b/etc/profile-a-l/dino.profile
index 3078bef717c..c3174b35f26 100644
--- a/etc/profile-a-l/dino.profile
+++ b/etc/profile-a-l/dino.profile
@@ -6,7 +6,7 @@ include dino.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/dino
+noblacklist ${HOME}/.local/share/dino
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.local/share/dino
-allow  ${HOME}/.local/share/dino
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.local/share/dino
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/discord-canary.profile b/etc/profile-a-l/discord-canary.profile
index 1c53cd211e0..43db95b8a93 100644
--- a/etc/profile-a-l/discord-canary.profile
+++ b/etc/profile-a-l/discord-canary.profile
@@ -5,10 +5,10 @@ include discord-canary.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/discordcanary
+noblacklist ${HOME}/.config/discordcanary
 
 mkdir ${HOME}/.config/discordcanary
-allow  ${HOME}/.config/discordcanary
+whitelist ${HOME}/.config/discordcanary
 
 private-bin discord-canary,electron,electron[0-9],electron[0-9][0-9]
 private-opt discord-canary
diff --git a/etc/profile-a-l/discord-common.profile b/etc/profile-a-l/discord-common.profile
index 6bee1901c89..19e7bd9ab42 100644
--- a/etc/profile-a-l/discord-common.profile
+++ b/etc/profile-a-l/discord-common.profile
@@ -20,8 +20,8 @@ ignore dbus-system none
 ignore noexec ${HOME}
 ignore novideo
 
-allow  ${HOME}/.config/BetterDiscord
-allow  ${HOME}/.local/share/betterdiscordctl
+whitelist ${HOME}/.config/BetterDiscord
+whitelist ${HOME}/.local/share/betterdiscordctl
 
 private-bin bash,cut,echo,egrep,fish,grep,head,sed,sh,tclsh,tr,xdg-mime,xdg-open,zsh
 private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl
diff --git a/etc/profile-a-l/discord.profile b/etc/profile-a-l/discord.profile
index 658d3fc8313..8ef02a30f5a 100644
--- a/etc/profile-a-l/discord.profile
+++ b/etc/profile-a-l/discord.profile
@@ -5,10 +5,10 @@ include discord.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/discord
+noblacklist ${HOME}/.config/discord
 
 mkdir ${HOME}/.config/discord
-allow  ${HOME}/.config/discord
+whitelist ${HOME}/.config/discord
 
 private-bin discord
 private-opt discord
diff --git a/etc/profile-a-l/display.profile b/etc/profile-a-l/display.profile
index 4474b97d246..11f3fd36ebb 100644
--- a/etc/profile-a-l/display.profile
+++ b/etc/profile-a-l/display.profile
@@ -5,7 +5,7 @@ include display.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/dnox.profile b/etc/profile-a-l/dnox.profile
index 8c3d6211bae..51ba6f8b759 100644
--- a/etc/profile-a-l/dnox.profile
+++ b/etc/profile-a-l/dnox.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-nodeny  ${HOME}/.cache/dnox
-nodeny  ${HOME}/.config/dnox
+noblacklist ${HOME}/.cache/dnox
+noblacklist ${HOME}/.config/dnox
 
 mkdir ${HOME}/.cache/dnox
 mkdir ${HOME}/.config/dnox
-allow  ${HOME}/.cache/dnox
-allow  ${HOME}/.config/dnox
+whitelist ${HOME}/.cache/dnox
+whitelist ${HOME}/.config/dnox
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/dnscrypt-proxy.profile b/etc/profile-a-l/dnscrypt-proxy.profile
index dbcef36f806..f8fb1a33131 100644
--- a/etc/profile-a-l/dnscrypt-proxy.profile
+++ b/etc/profile-a-l/dnscrypt-proxy.profile
@@ -7,11 +7,11 @@ include dnscrypt-proxy.local
 # Persistent global definitions
 include globals.local
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  /sbin
-nodeny  /usr/sbin
+noblacklist /sbin
+noblacklist /usr/sbin
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,7 +21,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  /usr/share/dnscrypt-proxy
+whitelist /usr/share/dnscrypt-proxy
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile
index b1acbf392cb..01398c2b272 100644
--- a/etc/profile-a-l/dnsmasq.profile
+++ b/etc/profile-a-l/dnsmasq.profile
@@ -7,11 +7,11 @@ include dnsmasq.local
 # Persistent global definitions
 include globals.local
 
-nodeny  /sbin
-nodeny  /usr/sbin
+noblacklist /sbin
+noblacklist /usr/sbin
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dolphin-emu.profile b/etc/profile-a-l/dolphin-emu.profile
index 15b312ecbae..49feec32ecf 100644
--- a/etc/profile-a-l/dolphin-emu.profile
+++ b/etc/profile-a-l/dolphin-emu.profile
@@ -8,9 +8,9 @@ include globals.local
 
 # Note: you must whitelist your games folder in your dolphin-emu.local.
 
-nodeny  ${HOME}/.cache/dolphin-emu
-nodeny  ${HOME}/.config/dolphin-emu
-nodeny  ${HOME}/.local/share/dolphin-emu
+noblacklist ${HOME}/.cache/dolphin-emu
+noblacklist ${HOME}/.config/dolphin-emu
+noblacklist ${HOME}/.local/share/dolphin-emu
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,10 +24,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/dolphin-emu
 mkdir ${HOME}/.config/dolphin-emu
 mkdir ${HOME}/.local/share/dolphin-emu
-allow  ${HOME}/.cache/dolphin-emu
-allow  ${HOME}/.config/dolphin-emu
-allow  ${HOME}/.local/share/dolphin-emu
-allow  /usr/share/dolphin-emu
+whitelist ${HOME}/.cache/dolphin-emu
+whitelist ${HOME}/.config/dolphin-emu
+whitelist ${HOME}/.local/share/dolphin-emu
+whitelist /usr/share/dolphin-emu
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/dooble.profile b/etc/profile-a-l/dooble.profile
index 3b0adcc3626..37a4113cbaf 100644
--- a/etc/profile-a-l/dooble.profile
+++ b/etc/profile-a-l/dooble.profile
@@ -7,7 +7,7 @@ include dooble-qt4.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.dooble
+noblacklist ${HOME}/.dooble
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.dooble
-allow  ${DOWNLOADS}
-allow  ${HOME}/.dooble
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.dooble
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/dosbox.profile b/etc/profile-a-l/dosbox.profile
index 29e50676492..988f66f285f 100644
--- a/etc/profile-a-l/dosbox.profile
+++ b/etc/profile-a-l/dosbox.profile
@@ -6,8 +6,8 @@ include dosbox.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.dosbox
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.dosbox
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dragon.profile b/etc/profile-a-l/dragon.profile
index 90ca11774cc..8fa01d50443 100644
--- a/etc/profile-a-l/dragon.profile
+++ b/etc/profile-a-l/dragon.profile
@@ -6,9 +6,9 @@ include dragon.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/dragonplayerrc
-nodeny  ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${HOME}/.config/dragonplayerrc
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/dragonplayer
+whitelist /usr/share/dragonplayer
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/drawio.profile b/etc/profile-a-l/drawio.profile
index 84a77ce34f3..82d96e405b7 100644
--- a/etc/profile-a-l/drawio.profile
+++ b/etc/profile-a-l/drawio.profile
@@ -6,7 +6,7 @@ include drawio.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/draw.io
+noblacklist ${HOME}/.config/draw.io
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/draw.io
-allow  ${HOME}/.config/draw.io
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.config/draw.io
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/drill.profile b/etc/profile-a-l/drill.profile
index e177fd60e9c..068bd88d896 100644
--- a/etc/profile-a-l/drill.profile
+++ b/etc/profile-a-l/drill.profile
@@ -7,10 +7,10 @@ include drill.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${PATH}/drill
+noblacklist ${PATH}/drill
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
 
 include disable-common.inc
 # include disable-devel.inc
diff --git a/etc/profile-a-l/dropbox.profile b/etc/profile-a-l/dropbox.profile
index 274cdd47841..b3b2aaf4036 100644
--- a/etc/profile-a-l/dropbox.profile
+++ b/etc/profile-a-l/dropbox.profile
@@ -5,9 +5,9 @@ include dropbox.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/autostart
-nodeny  ${HOME}/.dropbox
-nodeny  ${HOME}/.dropbox-dist
+noblacklist ${HOME}/.config/autostart
+noblacklist ${HOME}/.dropbox
+noblacklist ${HOME}/.dropbox-dist
 
 # Allow python3 (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
@@ -22,10 +22,10 @@ mkdir ${HOME}/.dropbox
 mkdir ${HOME}/.dropbox-dist
 mkdir ${HOME}/Dropbox
 mkfile ${HOME}/.config/autostart/dropbox.desktop
-allow  ${HOME}/.config/autostart/dropbox.desktop
-allow  ${HOME}/.dropbox
-allow  ${HOME}/.dropbox-dist
-allow  ${HOME}/Dropbox
+whitelist ${HOME}/.config/autostart/dropbox.desktop
+whitelist ${HOME}/.dropbox
+whitelist ${HOME}/.dropbox-dist
+whitelist ${HOME}/Dropbox
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/easystroke.profile b/etc/profile-a-l/easystroke.profile
index da54fec3410..38e4b16f78d 100644
--- a/etc/profile-a-l/easystroke.profile
+++ b/etc/profile-a-l/easystroke.profile
@@ -6,7 +6,7 @@ include easystroke.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.easystroke
+noblacklist ${HOME}/.easystroke
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.easystroke
-allow  ${HOME}/.easystroke
+whitelist ${HOME}/.easystroke
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile
index 10e57371e3a..278dd6cbd01 100644
--- a/etc/profile-a-l/electron-mail.profile
+++ b/etc/profile-a-l/electron-mail.profile
@@ -6,7 +6,7 @@ include electron-mail.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/electron-mail
+noblacklist ${HOME}/.config/electron-mail
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/electron-mail
-allow  ${HOME}/.config/electron-mail
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.config/electron-mail
+whitelist ${DOWNLOADS}
 
 include whitelist-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/electron.profile b/etc/profile-a-l/electron.profile
index e8d8d35c405..493af79d42a 100644
--- a/etc/profile-a-l/electron.profile
+++ b/etc/profile-a-l/electron.profile
@@ -12,7 +12,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/electrum.profile b/etc/profile-a-l/electrum.profile
index f6691017c95..ad636d71a79 100644
--- a/etc/profile-a-l/electrum.profile
+++ b/etc/profile-a-l/electrum.profile
@@ -6,7 +6,7 @@ include electrum.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.electrum
+noblacklist ${HOME}/.electrum
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,7 +22,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.electrum
-allow  ${HOME}/.electrum
+whitelist ${HOME}/.electrum
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/element-desktop.profile b/etc/profile-a-l/element-desktop.profile
index ec28866b87e..48a826f2e76 100644
--- a/etc/profile-a-l/element-desktop.profile
+++ b/etc/profile-a-l/element-desktop.profile
@@ -9,11 +9,11 @@ include element-desktop.local
 
 ignore dbus-user none
 
-nodeny  ${HOME}/.config/Element
+noblacklist ${HOME}/.config/Element
 
 mkdir ${HOME}/.config/Element
-allow  ${HOME}/.config/Element
-allow  /opt/Element
+whitelist ${HOME}/.config/Element
+whitelist /opt/Element
 
 private-opt Element
 
diff --git a/etc/profile-a-l/elinks.profile b/etc/profile-a-l/elinks.profile
index 30dca05cb9a..5a29eb24b59 100644
--- a/etc/profile-a-l/elinks.profile
+++ b/etc/profile-a-l/elinks.profile
@@ -7,10 +7,10 @@ include elinks.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.elinks
+noblacklist ${HOME}/.elinks
 
 mkdir ${HOME}/.elinks
-allow  ${HOME}/.elinks
+whitelist ${HOME}/.elinks
 
 private-bin elinks
 
diff --git a/etc/profile-a-l/emacs.profile b/etc/profile-a-l/emacs.profile
index f0e0e2830c8..55bf743ef8f 100644
--- a/etc/profile-a-l/emacs.profile
+++ b/etc/profile-a-l/emacs.profile
@@ -6,8 +6,8 @@ include emacs.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.emacs
-nodeny  ${HOME}/.emacs.d
+noblacklist ${HOME}/.emacs
+noblacklist ${HOME}/.emacs.d
 # Add the next line to your emacs.local if you need gpg support.
 #noblacklist ${HOME}/.gnupg
 
diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile
index 5fc72d34096..6c9a8a6ea9a 100644
--- a/etc/profile-a-l/email-common.profile
+++ b/etc/profile-a-l/email-common.profile
@@ -7,14 +7,14 @@ include email-common.local
 # added by caller profile
 #include globals.local
 
-nodeny  ${HOME}/.gnupg
-nodeny  ${HOME}/.mozilla
-nodeny  ${HOME}/.signature
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.mozilla
+noblacklist ${HOME}/.signature
 # when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local
 # and 'blacklist' it in your disable-common.local too so it is  kept hidden from other applications
-nodeny  ${HOME}/Mail
+noblacklist ${HOME}/Mail
 
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -27,17 +27,17 @@ include disable-xdg.inc
 mkdir ${HOME}/.gnupg
 mkfile ${HOME}/.config/mimeapps.list
 mkfile ${HOME}/.signature
-allow  ${HOME}/.config/mimeapps.list
-allow  ${HOME}/.mozilla/firefox/profiles.ini
-allow  ${HOME}/.gnupg
-allow  ${HOME}/.signature
-allow  ${DOCUMENTS}
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.config/mimeapps.list
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.signature
+whitelist ${DOCUMENTS}
+whitelist ${DOWNLOADS}
 # when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local
-allow  ${HOME}/Mail
-allow  ${RUNUSER}/gnupg
-allow  /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist ${HOME}/Mail
+whitelist ${RUNUSER}/gnupg
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/enchant.profile b/etc/profile-a-l/enchant.profile
index 36015b7028c..ac17b172684 100644
--- a/etc/profile-a-l/enchant.profile
+++ b/etc/profile-a-l/enchant.profile
@@ -6,9 +6,9 @@ include enchant.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  ${HOME}/.config/enchant
+noblacklist ${HOME}/.config/enchant
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/enchant
-allow  ${HOME}/.config/enchant
+whitelist ${HOME}/.config/enchant
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/enox.profile b/etc/profile-a-l/enox.profile
index 9a1d89bbab1..d982433e277 100644
--- a/etc/profile-a-l/enox.profile
+++ b/etc/profile-a-l/enox.profile
@@ -10,15 +10,15 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-nodeny  ${HOME}/.cache/Enox
-nodeny  ${HOME}/.config/Enox
+noblacklist ${HOME}/.cache/Enox
+noblacklist ${HOME}/.config/Enox
 
 #mkdir ${HOME}/.cache/dnox
 #mkdir ${HOME}/.config/dnox
 mkdir ${HOME}/.cache/Enox
 mkdir ${HOME}/.config/Enox
-allow  ${HOME}/.cache/Enox
-allow  ${HOME}/.config/Enox
+whitelist ${HOME}/.cache/Enox
+whitelist ${HOME}/.config/Enox
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/enpass.profile b/etc/profile-a-l/enpass.profile
index 5d8f8a0b966..c4123b4c299 100644
--- a/etc/profile-a-l/enpass.profile
+++ b/etc/profile-a-l/enpass.profile
@@ -6,11 +6,11 @@ include enpass.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/Enpass
-nodeny  ${HOME}/.config/sinew.in
-nodeny  ${HOME}/.config/Sinew Software Systems
-nodeny  ${HOME}/.local/share/Enpass
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.cache/Enpass
+noblacklist ${HOME}/.config/sinew.in
+noblacklist ${HOME}/.config/Sinew Software Systems
+noblacklist ${HOME}/.local/share/Enpass
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,11 +24,11 @@ mkdir ${HOME}/.cache/Enpass
 mkfile ${HOME}/.config/sinew.in
 mkdir ${HOME}/.config/Sinew Software Systems
 mkdir ${HOME}/.local/share/Enpass
-allow  ${HOME}/.cache/Enpass
-allow  ${HOME}/.config/sinew.in
-allow  ${HOME}/.config/Sinew Software Systems
-allow  ${HOME}/.local/share/Enpass
-allow  ${DOCUMENTS}
+whitelist ${HOME}/.cache/Enpass
+whitelist ${HOME}/.config/sinew.in
+whitelist ${HOME}/.config/Sinew Software Systems
+whitelist ${HOME}/.local/share/Enpass
+whitelist ${DOCUMENTS}
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/eo-common.profile b/etc/profile-a-l/eo-common.profile
index ff7040e5c3f..fe7913e77a7 100644
--- a/etc/profile-a-l/eo-common.profile
+++ b/etc/profile-a-l/eo-common.profile
@@ -7,11 +7,11 @@ include eo-common.local
 # added by caller profile
 #include globals.local
 
-nodeny  ${HOME}/.local/share/Trash
-nodeny  ${HOME}/.Steam
-nodeny  ${HOME}/.steam
+noblacklist ${HOME}/.local/share/Trash
+noblacklist ${HOME}/.Steam
+noblacklist ${HOME}/.steam
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/eog.profile b/etc/profile-a-l/eog.profile
index e8592c7dfa7..5892374bd15 100644
--- a/etc/profile-a-l/eog.profile
+++ b/etc/profile-a-l/eog.profile
@@ -6,9 +6,9 @@ include eog.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/eog
+noblacklist ${HOME}/.config/eog
 
-allow  /usr/share/eog
+whitelist /usr/share/eog
 
 # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'.
 # Add the next lines to your eog.local if you need that functionality.
diff --git a/etc/profile-a-l/eom.profile b/etc/profile-a-l/eom.profile
index 323f5ade221..7143a8e0328 100644
--- a/etc/profile-a-l/eom.profile
+++ b/etc/profile-a-l/eom.profile
@@ -6,9 +6,9 @@ include eom.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/mate/eom
+noblacklist ${HOME}/.config/mate/eom
 
-allow  /usr/share/eom
+whitelist /usr/share/eom
 
 # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'.
 # Add the next lines to your eom.local if you need that functionality.
diff --git a/etc/profile-a-l/ephemeral.profile b/etc/profile-a-l/ephemeral.profile
index 3657742b9bf..131d68951d9 100644
--- a/etc/profile-a-l/ephemeral.profile
+++ b/etc/profile-a-l/ephemeral.profile
@@ -9,8 +9,8 @@ include globals.local
 # enforce private-cache
 #noblacklist ${HOME}/.cache/ephemeral
 
-nodeny  ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.pki
+noblacklist ${HOME}/.local/share/pki
 
 # noexec ${HOME} breaks DRM binaries.
 ?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
@@ -27,9 +27,9 @@ mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
 # enforce private-cache
 #whitelist ${HOME}/.cache/ephemeral
-allow  ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.local/share/pki
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/epiphany.profile b/etc/profile-a-l/epiphany.profile
index daedb21930f..225811226fa 100644
--- a/etc/profile-a-l/epiphany.profile
+++ b/etc/profile-a-l/epiphany.profile
@@ -9,9 +9,9 @@ include globals.local
 # Note: Epiphany use bwrap since 3.34 and can not be firejailed any more.
 # See https://github.com/netblue30/firejail/issues/2995
 
-nodeny  ${HOME}/.cache/epiphany
-nodeny  ${HOME}/.config/epiphany
-nodeny  ${HOME}/.local/share/epiphany
+noblacklist ${HOME}/.cache/epiphany
+noblacklist ${HOME}/.config/epiphany
+noblacklist ${HOME}/.local/share/epiphany
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,10 +21,10 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/epiphany
 mkdir ${HOME}/.config/epiphany
 mkdir ${HOME}/.local/share/epiphany
-allow  ${DOWNLOADS}
-allow  ${HOME}/.cache/epiphany
-allow  ${HOME}/.config/epiphany
-allow  ${HOME}/.local/share/epiphany
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/epiphany
+whitelist ${HOME}/.config/epiphany
+whitelist ${HOME}/.local/share/epiphany
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/equalx.profile b/etc/profile-a-l/equalx.profile
index ac957870c28..964d3b7ca0d 100644
--- a/etc/profile-a-l/equalx.profile
+++ b/etc/profile-a-l/equalx.profile
@@ -6,8 +6,8 @@ include equalx.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/equalx
-nodeny  ${HOME}/.equalx
+noblacklist ${HOME}/.config/equalx
+noblacklist ${HOME}/.equalx
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,13 +20,13 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/equalx
 mkdir ${HOME}/.equalx
-allow  ${HOME}/.config/equalx
-allow  ${HOME}/.equalx
-allow  /usr/share/poppler
-allow  /usr/share/ghostscript
-allow  /usr/share/texlive
-allow  /usr/share/equalx
-allow  /var/lib/texmf
+whitelist ${HOME}/.config/equalx
+whitelist ${HOME}/.equalx
+whitelist /usr/share/poppler
+whitelist /usr/share/ghostscript
+whitelist /usr/share/texlive
+whitelist /usr/share/equalx
+whitelist /var/lib/texmf
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile
index a2f46b757d3..fdff1e4b5ac 100644
--- a/etc/profile-a-l/etr.profile
+++ b/etc/profile-a-l/etr.profile
@@ -6,9 +6,9 @@ include etr.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.etr
+noblacklist ${HOME}/.etr
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,10 +20,10 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.etr
-allow  ${HOME}/.etr
-allow  /usr/share/etr
+whitelist ${HOME}/.etr
+whitelist /usr/share/etr
 # Debian version
-allow  /usr/share/games/etr
+whitelist /usr/share/games/etr
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile
index ce2617ad6a6..a9e39b15c29 100644
--- a/etc/profile-a-l/evince.profile
+++ b/etc/profile-a-l/evince.profile
@@ -10,10 +10,10 @@ include globals.local
 # Add the next line to your evince.local if you need bookmarks support. This also needs additional dbus-user filtering (see below).
 #noblacklist ${HOME}/.local/share/gvfs-metadata
 
-nodeny  ${HOME}/.config/evince
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.config/evince
+noblacklist ${DOCUMENTS}
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,10 +24,10 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/doc
-allow  /usr/share/evince
-allow  /usr/share/poppler
-allow  /usr/share/tracker
+whitelist /usr/share/doc
+whitelist /usr/share/evince
+whitelist /usr/share/poppler
+whitelist /usr/share/tracker
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/evolution.profile b/etc/profile-a-l/evolution.profile
index 142498a28da..7222493ac3b 100644
--- a/etc/profile-a-l/evolution.profile
+++ b/etc/profile-a-l/evolution.profile
@@ -6,15 +6,15 @@ include evolution.local
 # Persistent global definitions
 include globals.local
 
-nodeny  /var/mail
-nodeny  /var/spool/mail
-nodeny  ${HOME}/.bogofilter
-nodeny  ${HOME}/.cache/evolution
-nodeny  ${HOME}/.config/evolution
-nodeny  ${HOME}/.gnupg
-nodeny  ${HOME}/.local/share/evolution
-nodeny  ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist /var/mail
+noblacklist /var/spool/mail
+noblacklist ${HOME}/.bogofilter
+noblacklist ${HOME}/.cache/evolution
+noblacklist ${HOME}/.config/evolution
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.local/share/evolution
+noblacklist ${HOME}/.pki
+noblacklist ${HOME}/.local/share/pki
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/exiftool.profile b/etc/profile-a-l/exiftool.profile
index 21681498937..7b09a2c64d2 100644
--- a/etc/profile-a-l/exiftool.profile
+++ b/etc/profile-a-l/exiftool.profile
@@ -6,7 +6,7 @@ include exiftool.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -18,7 +18,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-allow  /usr/share/perl-image-exiftool
+whitelist /usr/share/perl-image-exiftool
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/falkon.profile b/etc/profile-a-l/falkon.profile
index 9bb42945b16..b2061db79b4 100644
--- a/etc/profile-a-l/falkon.profile
+++ b/etc/profile-a-l/falkon.profile
@@ -6,8 +6,8 @@ include falkon.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/falkon
-nodeny  ${HOME}/.config/falkon
+noblacklist ${HOME}/.cache/falkon
+noblacklist ${HOME}/.config/falkon
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,10 +19,10 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/falkon
 mkdir ${HOME}/.config/falkon
-allow  ${DOWNLOADS}
-allow  ${HOME}/.cache/falkon
-allow  ${HOME}/.config/falkon
-allow  /usr/share/falkon
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/falkon
+whitelist ${HOME}/.config/falkon
+whitelist /usr/share/falkon
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/fbreader.profile b/etc/profile-a-l/fbreader.profile
index d141c6ed591..8e81000fd26 100644
--- a/etc/profile-a-l/fbreader.profile
+++ b/etc/profile-a-l/fbreader.profile
@@ -6,8 +6,8 @@ include fbreader.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.FBReader
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.FBReader
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile
index 17a3650534c..31cb1776ca5 100644
--- a/etc/profile-a-l/fdns.profile
+++ b/etc/profile-a-l/fdns.profile
@@ -5,11 +5,11 @@ include fdns.local
 # Persistent global definitions
 include globals.local
 
-nodeny  /sbin
-nodeny  /usr/sbin
+noblacklist /sbin
+noblacklist /usr/sbin
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/feedreader.profile b/etc/profile-a-l/feedreader.profile
index 359be083e30..664ec2da640 100644
--- a/etc/profile-a-l/feedreader.profile
+++ b/etc/profile-a-l/feedreader.profile
@@ -6,8 +6,8 @@ include feedreader.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/feedreader
-nodeny  ${HOME}/.local/share/feedreader
+noblacklist ${HOME}/.cache/feedreader
+noblacklist ${HOME}/.local/share/feedreader
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/feedreader
 mkdir ${HOME}/.local/share/feedreader
-allow  ${HOME}/.cache/feedreader
-allow  ${HOME}/.local/share/feedreader
-allow  /usr/share/feedreader
+whitelist ${HOME}/.cache/feedreader
+whitelist ${HOME}/.local/share/feedreader
+whitelist /usr/share/feedreader
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/ferdi.profile b/etc/profile-a-l/ferdi.profile
index f60055f37a7..a2372ec8af6 100644
--- a/etc/profile-a-l/ferdi.profile
+++ b/etc/profile-a-l/ferdi.profile
@@ -7,10 +7,10 @@ include globals.local
 
 ignore noexec /tmp
 
-nodeny  ${HOME}/.cache/Ferdi
-nodeny  ${HOME}/.config/Ferdi
-nodeny  ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.cache/Ferdi
+noblacklist ${HOME}/.config/Ferdi
+noblacklist ${HOME}/.pki
+noblacklist ${HOME}/.local/share/pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Ferdi
 mkdir ${HOME}/.config/Ferdi
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
-allow  ${HOME}/.cache/Ferdi
-allow  ${HOME}/.config/Ferdi
-allow  ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/Ferdi
+whitelist ${HOME}/.config/Ferdi
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.local/share/pki
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/fetchmail.profile b/etc/profile-a-l/fetchmail.profile
index 1e06ec29a3f..7358ed5c7cb 100644
--- a/etc/profile-a-l/fetchmail.profile
+++ b/etc/profile-a-l/fetchmail.profile
@@ -6,8 +6,8 @@ include fetchmail.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.fetchmailrc
-nodeny  ${HOME}/.netrc
+noblacklist ${HOME}/.fetchmailrc
+noblacklist ${HOME}/.netrc
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/ffmpeg.profile b/etc/profile-a-l/ffmpeg.profile
index 1a64183ab5b..13ef1beb9d3 100644
--- a/etc/profile-a-l/ffmpeg.profile
+++ b/etc/profile-a-l/ffmpeg.profile
@@ -7,8 +7,8 @@ include ffmpeg.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/devedeng
-allow  /usr/share/ffmpeg
-allow  /usr/share/qtchooser
+whitelist /usr/share/devedeng
+whitelist /usr/share/ffmpeg
+whitelist /usr/share/qtchooser
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile
index f7a938f2430..4eeceeee8c8 100644
--- a/etc/profile-a-l/file-roller.profile
+++ b/etc/profile-a-l/file-roller.profile
@@ -13,9 +13,9 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-allow  /usr/libexec/file-roller
-allow  /usr/libexec/p7zip
-allow  /usr/share/file-roller
+whitelist /usr/libexec/file-roller
+whitelist /usr/libexec/p7zip
+whitelist /usr/share/file-roller
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/file.profile b/etc/profile-a-l/file.profile
index 426d1e72db9..5c758360523 100644
--- a/etc/profile-a-l/file.profile
+++ b/etc/profile-a-l/file.profile
@@ -7,7 +7,7 @@ include file.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 
 include disable-common.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/filezilla.profile b/etc/profile-a-l/filezilla.profile
index d9e0e9da04b..dc5def54fec 100644
--- a/etc/profile-a-l/filezilla.profile
+++ b/etc/profile-a-l/filezilla.profile
@@ -6,8 +6,8 @@ include filezilla.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/filezilla
-nodeny  ${HOME}/.filezilla
+noblacklist ${HOME}/.config/filezilla
+noblacklist ${HOME}/.filezilla
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/firedragon.profile b/etc/profile-a-l/firedragon.profile
index e2242479468..77487161e84 100644
--- a/etc/profile-a-l/firedragon.profile
+++ b/etc/profile-a-l/firedragon.profile
@@ -6,13 +6,13 @@ include firedragon.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/firedragon
-nodeny  ${HOME}/.firedragon
+noblacklist ${HOME}/.cache/firedragon
+noblacklist ${HOME}/.firedragon
 
 mkdir ${HOME}/.cache/firedragon
 mkdir ${HOME}/.firedragon
-allow  ${HOME}/.cache/firedragon
-allow  ${HOME}/.firedragon
+whitelist ${HOME}/.cache/firedragon
+whitelist ${HOME}/.firedragon
 
 # Add the next lines to your firedragon.local if you want to use the migration wizard.
 #noblacklist ${HOME}/.mozilla
diff --git a/etc/profile-a-l/firefox-common-addons.profile b/etc/profile-a-l/firefox-common-addons.profile
index 7e2e8760d0d..d282f9a60fa 100644
--- a/etc/profile-a-l/firefox-common-addons.profile
+++ b/etc/profile-a-l/firefox-common-addons.profile
@@ -5,74 +5,74 @@ include firefox-common-addons.local
 ignore include whitelist-runuser-common.inc
 ignore private-cache
 
-nodeny  ${HOME}/.cache/youtube-dl
-nodeny  ${HOME}/.config/kgetrc
-nodeny  ${HOME}/.config/mpv
-nodeny  ${HOME}/.config/okularpartrc
-nodeny  ${HOME}/.config/okularrc
-nodeny  ${HOME}/.config/qpdfview
-nodeny  ${HOME}/.config/youtube-dl
-nodeny  ${HOME}/.kde/share/apps/kget
-nodeny  ${HOME}/.kde/share/apps/okular
-nodeny  ${HOME}/.kde/share/config/kgetrc
-nodeny  ${HOME}/.kde/share/config/okularpartrc
-nodeny  ${HOME}/.kde/share/config/okularrc
-nodeny  ${HOME}/.kde4/share/apps/kget
-nodeny  ${HOME}/.kde4/share/apps/okular
-nodeny  ${HOME}/.kde4/share/config/kgetrc
-nodeny  ${HOME}/.kde4/share/config/okularpartrc
-nodeny  ${HOME}/.kde4/share/config/okularrc
-nodeny  ${HOME}/.local/share/kget
-nodeny  ${HOME}/.local/share/kxmlgui5/okular
-nodeny  ${HOME}/.local/share/okular
-nodeny  ${HOME}/.local/share/qpdfview
-nodeny  ${HOME}/.netrc
+noblacklist ${HOME}/.cache/youtube-dl
+noblacklist ${HOME}/.config/kgetrc
+noblacklist ${HOME}/.config/mpv
+noblacklist ${HOME}/.config/okularpartrc
+noblacklist ${HOME}/.config/okularrc
+noblacklist ${HOME}/.config/qpdfview
+noblacklist ${HOME}/.config/youtube-dl
+noblacklist ${HOME}/.kde/share/apps/kget
+noblacklist ${HOME}/.kde/share/apps/okular
+noblacklist ${HOME}/.kde/share/config/kgetrc
+noblacklist ${HOME}/.kde/share/config/okularpartrc
+noblacklist ${HOME}/.kde/share/config/okularrc
+noblacklist ${HOME}/.kde4/share/apps/kget
+noblacklist ${HOME}/.kde4/share/apps/okular
+noblacklist ${HOME}/.kde4/share/config/kgetrc
+noblacklist ${HOME}/.kde4/share/config/okularpartrc
+noblacklist ${HOME}/.kde4/share/config/okularrc
+noblacklist ${HOME}/.local/share/kget
+noblacklist ${HOME}/.local/share/kxmlgui5/okular
+noblacklist ${HOME}/.local/share/okular
+noblacklist ${HOME}/.local/share/qpdfview
+noblacklist ${HOME}/.netrc
 
-allow  ${HOME}/.cache/gnome-mplayer/plugin
-allow  ${HOME}/.cache/youtube-dl/youtube-sigfuncs
-allow  ${HOME}/.config/gnome-mplayer
-allow  ${HOME}/.config/kgetrc
-allow  ${HOME}/.config/mpv
-allow  ${HOME}/.config/okularpartrc
-allow  ${HOME}/.config/okularrc
-allow  ${HOME}/.config/pipelight-silverlight5.1
-allow  ${HOME}/.config/pipelight-widevine
-allow  ${HOME}/.config/qpdfview
-allow  ${HOME}/.config/youtube-dl
-allow  ${HOME}/.kde/share/apps/kget
-allow  ${HOME}/.kde/share/apps/okular
-allow  ${HOME}/.kde/share/config/kgetrc
-allow  ${HOME}/.kde/share/config/okularpartrc
-allow  ${HOME}/.kde/share/config/okularrc
-allow  ${HOME}/.kde4/share/apps/kget
-allow  ${HOME}/.kde4/share/apps/okular
-allow  ${HOME}/.kde4/share/config/kgetrc
-allow  ${HOME}/.kde4/share/config/okularpartrc
-allow  ${HOME}/.kde4/share/config/okularrc
-allow  ${HOME}/.keysnail.js
-allow  ${HOME}/.lastpass
-allow  ${HOME}/.local/share/kget
-allow  ${HOME}/.local/share/kxmlgui5/okular
-allow  ${HOME}/.local/share/okular
-allow  ${HOME}/.local/share/qpdfview
-allow  ${HOME}/.local/share/tridactyl
-allow  ${HOME}/.netrc
-allow  ${HOME}/.pentadactyl
-allow  ${HOME}/.pentadactylrc
-allow  ${HOME}/.tridactylrc
-allow  ${HOME}/.vimperator
-allow  ${HOME}/.vimperatorrc
-allow  ${HOME}/.wine-pipelight
-allow  ${HOME}/.wine-pipelight64
-allow  ${HOME}/.zotero
-allow  ${HOME}/dwhelper
-allow  /usr/share/lua
-allow  /usr/share/lua*
-allow  /usr/share/vulkan
+whitelist ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs
+whitelist ${HOME}/.config/gnome-mplayer
+whitelist ${HOME}/.config/kgetrc
+whitelist ${HOME}/.config/mpv
+whitelist ${HOME}/.config/okularpartrc
+whitelist ${HOME}/.config/okularrc
+whitelist ${HOME}/.config/pipelight-silverlight5.1
+whitelist ${HOME}/.config/pipelight-widevine
+whitelist ${HOME}/.config/qpdfview
+whitelist ${HOME}/.config/youtube-dl
+whitelist ${HOME}/.kde/share/apps/kget
+whitelist ${HOME}/.kde/share/apps/okular
+whitelist ${HOME}/.kde/share/config/kgetrc
+whitelist ${HOME}/.kde/share/config/okularpartrc
+whitelist ${HOME}/.kde/share/config/okularrc
+whitelist ${HOME}/.kde4/share/apps/kget
+whitelist ${HOME}/.kde4/share/apps/okular
+whitelist ${HOME}/.kde4/share/config/kgetrc
+whitelist ${HOME}/.kde4/share/config/okularpartrc
+whitelist ${HOME}/.kde4/share/config/okularrc
+whitelist ${HOME}/.keysnail.js
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.local/share/kget
+whitelist ${HOME}/.local/share/kxmlgui5/okular
+whitelist ${HOME}/.local/share/okular
+whitelist ${HOME}/.local/share/qpdfview
+whitelist ${HOME}/.local/share/tridactyl
+whitelist ${HOME}/.netrc
+whitelist ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactylrc
+whitelist ${HOME}/.tridactylrc
+whitelist ${HOME}/.vimperator
+whitelist ${HOME}/.vimperatorrc
+whitelist ${HOME}/.wine-pipelight
+whitelist ${HOME}/.wine-pipelight64
+whitelist ${HOME}/.zotero
+whitelist ${HOME}/dwhelper
+whitelist /usr/share/lua
+whitelist /usr/share/lua*
+whitelist /usr/share/vulkan
 
 # GNOME Shell integration (chrome-gnome-shell) needs dbus and python
-nodeny  ${HOME}/.local/share/gnome-shell
-allow  ${HOME}/.local/share/gnome-shell
+noblacklist ${HOME}/.local/share/gnome-shell
+whitelist ${HOME}/.local/share/gnome-shell
 dbus-user.talk ca.desrt.dconf
 dbus-user.talk org.gnome.ChromeGnomeShell
 dbus-user.talk org.gnome.Shell
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile
index cb0fae5dca8..8b74ed979ea 100644
--- a/etc/profile-a-l/firefox-common.profile
+++ b/etc/profile-a-l/firefox-common.profile
@@ -12,8 +12,8 @@ include firefox-common.local
 # Add the next line to your firefox-common.local to allow access to common programs/addons/plugins.
 #include firefox-common-addons.profile
 
-nodeny  ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.pki
+noblacklist ${HOME}/.local/share/pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,9 +23,9 @@ include disable-programs.inc
 
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
-allow  ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.local/share/pki
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/firefox-esr.profile b/etc/profile-a-l/firefox-esr.profile
index 4fd315fdf33..5e69fdb5195 100644
--- a/etc/profile-a-l/firefox-esr.profile
+++ b/etc/profile-a-l/firefox-esr.profile
@@ -6,7 +6,7 @@ include firefox-esr.local
 # added by included profile
 #include globals.local
 
-allow  /usr/share/firefox-esr
+whitelist /usr/share/firefox-esr
 
 # Redirect
 include firefox.profile
diff --git a/etc/profile-a-l/firefox.profile b/etc/profile-a-l/firefox.profile
index 8acfe7c2ad7..3ad67734d05 100644
--- a/etc/profile-a-l/firefox.profile
+++ b/etc/profile-a-l/firefox.profile
@@ -14,27 +14,27 @@ include globals.local
 # https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-run-two-instances-of-firefox
 # https://github.com/netblue30/firejail/issues/4206#issuecomment-824806968
 
-nodeny  ${HOME}/.cache/mozilla
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.mozilla
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 mkdir ${HOME}/.cache/mozilla/firefox
 mkdir ${HOME}/.mozilla
-allow  ${HOME}/.cache/mozilla/firefox
-allow  ${HOME}/.mozilla
+whitelist ${HOME}/.cache/mozilla/firefox
+whitelist ${HOME}/.mozilla
 
 # Add one of the following whitelist options to your firefox.local to enable KeePassXC Plugin support.
 # NOTE: start KeePassXC before Firefox and keep it open to allow communication between them.
 #whitelist ${RUNUSER}/kpxc_server
 #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
 
-allow  /usr/share/doc
-allow  /usr/share/firefox
-allow  /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
-allow  /usr/share/gtk-doc/html
-allow  /usr/share/mozilla
-allow  /usr/share/webext
+whitelist /usr/share/doc
+whitelist /usr/share/firefox
+whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
+whitelist /usr/share/gtk-doc/html
+whitelist /usr/share/mozilla
+whitelist /usr/share/webext
 include whitelist-usr-share-common.inc
 
 # firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin.
diff --git a/etc/profile-a-l/five-or-more.profile b/etc/profile-a-l/five-or-more.profile
index bd1becaf01f..2c86d3ac73f 100644
--- a/etc/profile-a-l/five-or-more.profile
+++ b/etc/profile-a-l/five-or-more.profile
@@ -6,12 +6,12 @@ include five-or-more.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/five-or-more
+noblacklist ${HOME}/.local/share/five-or-more
 
 mkdir ${HOME}/.local/share/five-or-more
-allow  ${HOME}/.local/share/five-or-more
+whitelist ${HOME}/.local/share/five-or-more
 
-allow  /usr/share/five-or-more
+whitelist /usr/share/five-or-more
 
 private-bin five-or-more
 
diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile
index f16a65536e5..55af96c841a 100644
--- a/etc/profile-a-l/flameshot.profile
+++ b/etc/profile-a-l/flameshot.profile
@@ -7,9 +7,9 @@ include flameshot.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${PICTURES}
-nodeny  ${HOME}/.config/Dharkael
-nodeny  ${HOME}/.config/flameshot
+noblacklist ${PICTURES}
+noblacklist ${HOME}/.config/Dharkael
+noblacklist ${HOME}/.config/flameshot
 
 include disable-common.inc
 include disable-devel.inc
@@ -25,7 +25,7 @@ include disable-xdg.inc
 #whitelist ${PICTURES}
 #whitelist ${HOME}/.config/Dharkael
 #whitelist ${HOME}/.config/flameshot
-allow  /usr/share/flameshot
+whitelist /usr/share/flameshot
 #include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/flashpeak-slimjet.profile b/etc/profile-a-l/flashpeak-slimjet.profile
index af114e129ce..310fb378f0b 100644
--- a/etc/profile-a-l/flashpeak-slimjet.profile
+++ b/etc/profile-a-l/flashpeak-slimjet.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-nodeny  ${HOME}/.cache/slimjet
-nodeny  ${HOME}/.config/slimjet
+noblacklist ${HOME}/.cache/slimjet
+noblacklist ${HOME}/.config/slimjet
 
 mkdir ${HOME}/.cache/slimjet
 mkdir ${HOME}/.config/slimjet
-allow  ${HOME}/.cache/slimjet
-allow  ${HOME}/.config/slimjet
+whitelist ${HOME}/.cache/slimjet
+whitelist ${HOME}/.config/slimjet
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/flowblade.profile b/etc/profile-a-l/flowblade.profile
index 505763fb9cf..a4421e3ce59 100644
--- a/etc/profile-a-l/flowblade.profile
+++ b/etc/profile-a-l/flowblade.profile
@@ -6,8 +6,8 @@ include flowblade.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/flowblade
-nodeny  ${HOME}/.flowblade
+noblacklist ${HOME}/.config/flowblade
+noblacklist ${HOME}/.flowblade
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/fluxbox.profile b/etc/profile-a-l/fluxbox.profile
index a22c0e1034e..1210f365c5e 100644
--- a/etc/profile-a-l/fluxbox.profile
+++ b/etc/profile-a-l/fluxbox.profile
@@ -7,7 +7,7 @@ include fluxbox.local
 include globals.local
 
 # all applications started in fluxbox will run in this profile
-nodeny  ${HOME}/.fluxbox
+noblacklist ${HOME}/.fluxbox
 include disable-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/font-manager.profile b/etc/profile-a-l/font-manager.profile
index ff9167c1afd..cd01294366f 100644
--- a/etc/profile-a-l/font-manager.profile
+++ b/etc/profile-a-l/font-manager.profile
@@ -6,8 +6,8 @@ include font-manager.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/font-manager
-nodeny  ${HOME}/.config/font-manager
+noblacklist ${HOME}/.cache/font-manager
+noblacklist ${HOME}/.config/font-manager
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -24,9 +24,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/font-manager
 mkdir ${HOME}/.config/font-manager
-allow  ${HOME}/.cache/font-manager
-allow  ${HOME}/.config/font-manager
-allow  /usr/share/font-manager
+whitelist ${HOME}/.cache/font-manager
+whitelist ${HOME}/.config/font-manager
+whitelist /usr/share/font-manager
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/fontforge.profile b/etc/profile-a-l/fontforge.profile
index 64c7655e2db..bd1495877da 100644
--- a/etc/profile-a-l/fontforge.profile
+++ b/etc/profile-a-l/fontforge.profile
@@ -6,8 +6,8 @@ include fontforge.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.FontForge
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.FontForge
+noblacklist ${DOCUMENTS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/fossamail.profile b/etc/profile-a-l/fossamail.profile
index 5e5a12794fc..2d700d3368e 100644
--- a/etc/profile-a-l/fossamail.profile
+++ b/etc/profile-a-l/fossamail.profile
@@ -6,16 +6,16 @@ include fossamail.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.cache/fossamail
-nodeny  ${HOME}/.fossamail
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.cache/fossamail
+noblacklist ${HOME}/.fossamail
+noblacklist ${HOME}/.gnupg
 
 mkdir ${HOME}/.cache/fossamail
 mkdir ${HOME}/.fossamail
 mkdir ${HOME}/.gnupg
-allow  ${HOME}/.cache/fossamail
-allow  ${HOME}/.fossamail
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.cache/fossamail
+whitelist ${HOME}/.fossamail
+whitelist ${HOME}/.gnupg
 include whitelist-common.inc
 
 # allow browsers
diff --git a/etc/profile-a-l/four-in-a-row.profile b/etc/profile-a-l/four-in-a-row.profile
index 97fd4a62635..eb0c43ca51e 100644
--- a/etc/profile-a-l/four-in-a-row.profile
+++ b/etc/profile-a-l/four-in-a-row.profile
@@ -9,7 +9,7 @@ include globals.local
 ignore machine-id
 ignore nosound
 
-allow  /usr/share/four-in-a-row
+whitelist /usr/share/four-in-a-row
 
 private-bin four-in-a-row
 
diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile
index 8edc9b02d3f..1b1d031b4c9 100644
--- a/etc/profile-a-l/fractal.profile
+++ b/etc/profile-a-l/fractal.profile
@@ -6,7 +6,7 @@ include fractal.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/fractal
+noblacklist ${HOME}/.cache/fractal
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,8 +22,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.cache/fractal
-allow  ${HOME}/.cache/fractal
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.cache/fractal
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/franz.profile b/etc/profile-a-l/franz.profile
index 1a8ec8f9919..9b780a57246 100644
--- a/etc/profile-a-l/franz.profile
+++ b/etc/profile-a-l/franz.profile
@@ -7,10 +7,10 @@ include globals.local
 
 ignore noexec /tmp
 
-nodeny  ${HOME}/.cache/Franz
-nodeny  ${HOME}/.config/Franz
-nodeny  ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.cache/Franz
+noblacklist ${HOME}/.config/Franz
+noblacklist ${HOME}/.pki
+noblacklist ${HOME}/.local/share/pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Franz
 mkdir ${HOME}/.config/Franz
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
-allow  ${HOME}/.cache/Franz
-allow  ${HOME}/.config/Franz
-allow  ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/Franz
+whitelist ${HOME}/.config/Franz
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.local/share/pki
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/freecad.profile b/etc/profile-a-l/freecad.profile
index a45ad4c7a3d..8043d0530f0 100644
--- a/etc/profile-a-l/freecad.profile
+++ b/etc/profile-a-l/freecad.profile
@@ -6,8 +6,8 @@ include freecad.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/FreeCAD
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.config/FreeCAD
+noblacklist ${DOCUMENTS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/freeciv.profile b/etc/profile-a-l/freeciv.profile
index 20abd4056ad..23c19682c06 100644
--- a/etc/profile-a-l/freeciv.profile
+++ b/etc/profile-a-l/freeciv.profile
@@ -6,7 +6,7 @@ include freeciv.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.freeciv
+noblacklist ${HOME}/.freeciv
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.freeciv
-allow  ${HOME}/.freeciv
+whitelist ${HOME}/.freeciv
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/freecol.profile b/etc/profile-a-l/freecol.profile
index 79ccf4101e7..93fa7da0359 100644
--- a/etc/profile-a-l/freecol.profile
+++ b/etc/profile-a-l/freecol.profile
@@ -6,10 +6,10 @@ include freecol.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.freecol
-nodeny  ${HOME}/.cache/freecol
-nodeny  ${HOME}/.config/freecol
-nodeny  ${HOME}/.local/share/freecol
+noblacklist ${HOME}/.freecol
+noblacklist ${HOME}/.cache/freecol
+noblacklist ${HOME}/.config/freecol
+noblacklist ${HOME}/.local/share/freecol
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -26,11 +26,11 @@ mkdir ${HOME}/.java
 mkdir ${HOME}/.cache/freecol
 mkdir ${HOME}/.config/freecol
 mkdir ${HOME}/.local/share/freecol
-allow  ${HOME}/.freecol
-allow  ${HOME}/.java
-allow  ${HOME}/.cache/freecol
-allow  ${HOME}/.config/freecol
-allow  ${HOME}/.local/share/freecol
+whitelist ${HOME}/.freecol
+whitelist ${HOME}/.java
+whitelist ${HOME}/.cache/freecol
+whitelist ${HOME}/.config/freecol
+whitelist ${HOME}/.local/share/freecol
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/freemind.profile b/etc/profile-a-l/freemind.profile
index ba52dd20850..69917703912 100644
--- a/etc/profile-a-l/freemind.profile
+++ b/etc/profile-a-l/freemind.profile
@@ -6,8 +6,8 @@ include freemind.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${DOCUMENTS}
-nodeny  ${HOME}/.freemind
+noblacklist ${DOCUMENTS}
+noblacklist ${HOME}/.freemind
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/freetube.profile b/etc/profile-a-l/freetube.profile
index 4c321322cb5..e6aff533da7 100644
--- a/etc/profile-a-l/freetube.profile
+++ b/etc/profile-a-l/freetube.profile
@@ -6,12 +6,12 @@ include freetube.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/FreeTube
+noblacklist ${HOME}/.config/FreeTube
 
 include disable-shell.inc
 
 mkdir ${HOME}/.config/FreeTube
-allow  ${HOME}/.config/FreeTube
+whitelist ${HOME}/.config/FreeTube
 
 private-bin freetube
 private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg
diff --git a/etc/profile-a-l/frogatto.profile b/etc/profile-a-l/frogatto.profile
index 3a6dfcfd6e8..b4ad810466a 100644
--- a/etc/profile-a-l/frogatto.profile
+++ b/etc/profile-a-l/frogatto.profile
@@ -6,7 +6,7 @@ include frogatto.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.frogatto
+noblacklist ${HOME}/.frogatto
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.frogatto
-allow  ${HOME}/.frogatto
-allow  /usr/libexec/frogatto
-allow  /usr/share/frogatto
+whitelist ${HOME}/.frogatto
+whitelist /usr/libexec/frogatto
+whitelist /usr/share/frogatto
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/frozen-bubble.profile b/etc/profile-a-l/frozen-bubble.profile
index 12eca8eb0dc..76352e41e77 100644
--- a/etc/profile-a-l/frozen-bubble.profile
+++ b/etc/profile-a-l/frozen-bubble.profile
@@ -6,7 +6,7 @@ include frozen-bubble.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.frozen-bubble
+noblacklist ${HOME}/.frozen-bubble
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -20,7 +20,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.frozen-bubble
-allow  ${HOME}/.frozen-bubble
+whitelist ${HOME}/.frozen-bubble
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/funnyboat.profile b/etc/profile-a-l/funnyboat.profile
index 07030df4b93..8852925b1e3 100644
--- a/etc/profile-a-l/funnyboat.profile
+++ b/etc/profile-a-l/funnyboat.profile
@@ -5,7 +5,7 @@ include funnyboat.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.funnyboat
+noblacklist ${HOME}/.funnyboat
 
 ignore noexec /dev/shm
 include allow-python2.inc
@@ -21,12 +21,12 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.funnyboat
-allow  ${HOME}/.funnyboat
+whitelist ${HOME}/.funnyboat
 include whitelist-common.inc
 include whitelist-runuser-common.inc
-allow  /usr/share/funnyboat
+whitelist /usr/share/funnyboat
 # Debian:
-allow  /usr/share/games/funnyboat
+whitelist /usr/share/games/funnyboat
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gajim.profile b/etc/profile-a-l/gajim.profile
index 4cd2cb1e62b..ed3f0357d16 100644
--- a/etc/profile-a-l/gajim.profile
+++ b/etc/profile-a-l/gajim.profile
@@ -6,10 +6,10 @@ include gajim.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.gnupg
-nodeny  ${HOME}/.cache/gajim
-nodeny  ${HOME}/.config/gajim
-nodeny  ${HOME}/.local/share/gajim
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.cache/gajim
+noblacklist ${HOME}/.config/gajim
+noblacklist ${HOME}/.local/share/gajim
 
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -28,14 +28,14 @@ mkdir ${HOME}/.gnupg
 mkdir ${HOME}/.cache/gajim
 mkdir ${HOME}/.config/gajim
 mkdir ${HOME}/.local/share/gajim
-allow  ${HOME}/.gnupg
-allow  ${HOME}/.cache/gajim
-allow  ${HOME}/.config/gajim
-allow  ${HOME}/.local/share/gajim
-allow  ${DOWNLOADS}
-allow  ${RUNUSER}/gnupg
-allow  /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.cache/gajim
+whitelist ${HOME}/.config/gajim
+whitelist ${HOME}/.local/share/gajim
+whitelist ${DOWNLOADS}
+whitelist ${RUNUSER}/gnupg
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/galculator.profile b/etc/profile-a-l/galculator.profile
index 0b1b595a6c9..550b3808b85 100644
--- a/etc/profile-a-l/galculator.profile
+++ b/etc/profile-a-l/galculator.profile
@@ -6,7 +6,7 @@ include galculator.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/galculator
+noblacklist ${HOME}/.config/galculator
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/galculator
-allow  ${HOME}/.config/galculator
+whitelist ${HOME}/.config/galculator
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile
index 00b83023432..3a8c055f297 100644
--- a/etc/profile-a-l/gapplication.profile
+++ b/etc/profile-a-l/gapplication.profile
@@ -6,8 +6,8 @@ include gapplication.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
-deny  /usr/libexec
+blacklist ${RUNUSER}/wayland-*
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gcloud.profile b/etc/profile-a-l/gcloud.profile
index 896a100fcb3..388f4c0dfa9 100644
--- a/etc/profile-a-l/gcloud.profile
+++ b/etc/profile-a-l/gcloud.profile
@@ -8,9 +8,9 @@ include globals.local
 # noexec ${HOME} will break user-local installs of gcloud tooling
 ignore noexec ${HOME}
 
-nodeny  ${HOME}/.boto
-nodeny  ${HOME}/.config/gcloud
-nodeny  /var/run/docker.sock
+noblacklist ${HOME}/.boto
+noblacklist ${HOME}/.config/gcloud
+noblacklist /var/run/docker.sock
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gconf-editor.profile b/etc/profile-a-l/gconf-editor.profile
index 8f72f0b3430..cb39174e569 100644
--- a/etc/profile-a-l/gconf-editor.profile
+++ b/etc/profile-a-l/gconf-editor.profile
@@ -7,9 +7,9 @@ include gconf-editor.local
 # added by included profile
 #include globals.local
 
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
 
-allow  /usr/share/gconf-editor
+whitelist /usr/share/gconf-editor
 
 ignore x11 none
 
diff --git a/etc/profile-a-l/gconf.profile b/etc/profile-a-l/gconf.profile
index 8c701357430..fec1a555a11 100644
--- a/etc/profile-a-l/gconf.profile
+++ b/etc/profile-a-l/gconf.profile
@@ -6,9 +6,9 @@ include gconf.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  ${HOME}/.config/gconf
+noblacklist ${HOME}/.config/gconf
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -23,9 +23,9 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/gconf
-allow  ${HOME}/.config/gconf
-allow  /usr/share/GConf
-allow  /usr/share/gconf
+whitelist ${HOME}/.config/gconf
+whitelist /usr/share/GConf
+whitelist /usr/share/gconf
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/geany.profile b/etc/profile-a-l/geany.profile
index 706a85c7551..6fdb9b37a14 100644
--- a/etc/profile-a-l/geany.profile
+++ b/etc/profile-a-l/geany.profile
@@ -6,7 +6,7 @@ include geany.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/geany
+noblacklist ${HOME}/.config/geany
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile
index 512fc1e59c5..74e135a7c72 100644
--- a/etc/profile-a-l/geary.profile
+++ b/etc/profile-a-l/geary.profile
@@ -6,14 +6,14 @@ include geary.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/evolution
-nodeny  ${HOME}/.cache/folks
-nodeny  ${HOME}/.cache/geary
-nodeny  ${HOME}/.config/evolution
-nodeny  ${HOME}/.config/geary
-nodeny  ${HOME}/.local/share/evolution
-nodeny  ${HOME}/.local/share/geary
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.cache/evolution
+noblacklist ${HOME}/.cache/folks
+noblacklist ${HOME}/.cache/geary
+noblacklist ${HOME}/.config/evolution
+noblacklist ${HOME}/.config/geary
+noblacklist ${HOME}/.local/share/evolution
+noblacklist ${HOME}/.local/share/geary
+noblacklist ${HOME}/.mozilla
 
 include disable-common.inc
 include disable-devel.inc
@@ -31,16 +31,16 @@ mkdir ${HOME}/.config/evolution
 mkdir ${HOME}/.config/geary
 mkdir ${HOME}/.local/share/evolution
 mkdir ${HOME}/.local/share/geary
-allow  ${DOWNLOADS}
-allow  ${HOME}/.cache/evolution
-allow  ${HOME}/.cache/folks
-allow  ${HOME}/.cache/geary
-allow  ${HOME}/.config/evolution
-allow  ${HOME}/.config/geary
-allow  ${HOME}/.local/share/evolution
-allow  ${HOME}/.local/share/geary
-allow  ${HOME}/.mozilla/firefox/profiles.ini
-allow  /usr/share/geary
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/evolution
+whitelist ${HOME}/.cache/folks
+whitelist ${HOME}/.cache/geary
+whitelist ${HOME}/.config/evolution
+whitelist ${HOME}/.config/geary
+whitelist ${HOME}/.local/share/evolution
+whitelist ${HOME}/.local/share/geary
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
+whitelist /usr/share/geary
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gedit.profile b/etc/profile-a-l/gedit.profile
index f11540374cb..108b7041d24 100644
--- a/etc/profile-a-l/gedit.profile
+++ b/etc/profile-a-l/gedit.profile
@@ -6,8 +6,8 @@ include gedit.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/enchant
-nodeny  ${HOME}/.config/gedit
+noblacklist ${HOME}/.config/enchant
+noblacklist ${HOME}/.config/gedit
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/geeqie.profile b/etc/profile-a-l/geeqie.profile
index 8ec3bbaf9ff..dd33b3fb57d 100644
--- a/etc/profile-a-l/geeqie.profile
+++ b/etc/profile-a-l/geeqie.profile
@@ -6,9 +6,9 @@ include geeqie.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/geeqie
-nodeny  ${HOME}/.config/geeqie
-nodeny  ${HOME}/.local/share/geeqie
+noblacklist ${HOME}/.cache/geeqie
+noblacklist ${HOME}/.config/geeqie
+noblacklist ${HOME}/.local/share/geeqie
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile
index 1661da639bb..f894a42ca46 100644
--- a/etc/profile-a-l/gfeeds.profile
+++ b/etc/profile-a-l/gfeeds.profile
@@ -6,10 +6,10 @@ include gfeeds.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/gfeeds
-nodeny  ${HOME}/.cache/org.gabmus.gfeeds
-nodeny  ${HOME}/.config/org.gabmus.gfeeds.json
-nodeny  ${HOME}/.config/org.gabmus.gfeeds.saved_articles
+noblacklist ${HOME}/.cache/gfeeds
+noblacklist ${HOME}/.cache/org.gabmus.gfeeds
+noblacklist ${HOME}/.config/org.gabmus.gfeeds.json
+noblacklist ${HOME}/.config/org.gabmus.gfeeds.saved_articles
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
@@ -27,12 +27,12 @@ mkdir ${HOME}/.cache/gfeeds
 mkdir ${HOME}/.cache/org.gabmus.gfeeds
 mkfile ${HOME}/.config/org.gabmus.gfeeds.json
 mkdir ${HOME}/.config/org.gabmus.gfeeds.saved_articles
-allow  ${HOME}/.cache/gfeeds
-allow  ${HOME}/.cache/org.gabmus.gfeeds
-allow  ${HOME}/.config/org.gabmus.gfeeds.json
-allow  ${HOME}/.config/org.gabmus.gfeeds.saved_articles
-allow  /usr/libexec/webkit2gtk-4.0
-allow  /usr/share/gfeeds
+whitelist ${HOME}/.cache/gfeeds
+whitelist ${HOME}/.cache/org.gabmus.gfeeds
+whitelist ${HOME}/.config/org.gabmus.gfeeds.json
+whitelist ${HOME}/.config/org.gabmus.gfeeds.saved_articles
+whitelist /usr/libexec/webkit2gtk-4.0
+whitelist /usr/share/gfeeds
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile
index 06929dbe345..d9c5a0d9a80 100644
--- a/etc/profile-a-l/gget.profile
+++ b/etc/profile-a-l/gget.profile
@@ -7,8 +7,8 @@ include gget.local
 # Persistent global definitions
 include globals.local
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/ghostwriter.profile b/etc/profile-a-l/ghostwriter.profile
index 0577fe24f0d..276ab76df36 100644
--- a/etc/profile-a-l/ghostwriter.profile
+++ b/etc/profile-a-l/ghostwriter.profile
@@ -6,10 +6,10 @@ include ghostwriter.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/ghostwriter
-nodeny  ${HOME}/.local/share/ghostwriter
-nodeny  ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.config/ghostwriter
+noblacklist ${HOME}/.local/share/ghostwriter
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 
 include allow-lua.inc
 
@@ -22,10 +22,10 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/ghostwriter
-allow  /usr/share/mozilla-dicts
-allow  /usr/share/texlive
-allow  /usr/share/pandoc*
+whitelist /usr/share/ghostwriter
+whitelist /usr/share/mozilla-dicts
+whitelist /usr/share/texlive
+whitelist /usr/share/pandoc*
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile
index de9db8d0f9d..dfc1304d12c 100644
--- a/etc/profile-a-l/gimp.profile
+++ b/etc/profile-a-l/gimp.profile
@@ -18,13 +18,13 @@ include globals.local
 # If you are not using external plugins, you can add 'noexec ${HOME}' to your gimp.local.
 ignore noexec ${HOME}
 
-nodeny  ${HOME}/.cache/babl
-nodeny  ${HOME}/.cache/gegl-0.4
-nodeny  ${HOME}/.cache/gimp
-nodeny  ${HOME}/.config/GIMP
-nodeny  ${HOME}/.gimp*
-nodeny  ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.cache/babl
+noblacklist ${HOME}/.cache/gegl-0.4
+noblacklist ${HOME}/.cache/gimp
+noblacklist ${HOME}/.config/GIMP
+noblacklist ${HOME}/.gimp*
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-exec.inc
@@ -33,10 +33,10 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  /usr/share/gegl-0.4
-allow  /usr/share/gimp
-allow  /usr/share/mypaint-data
-allow  /usr/share/lensfun
+whitelist /usr/share/gegl-0.4
+whitelist /usr/share/gimp
+whitelist /usr/share/mypaint-data
+whitelist /usr/share/lensfun
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile
index e601d3ab024..661c3a3756f 100644
--- a/etc/profile-a-l/gist.profile
+++ b/etc/profile-a-l/gist.profile
@@ -7,10 +7,10 @@ include gist.local
 # Persistent global definitions
 include globals.local
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  ${HOME}/.gist
+noblacklist ${HOME}/.gist
 
 # Allow ruby (blacklisted by disable-interpreters.inc)
 include allow-ruby.inc
@@ -24,8 +24,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.gist
-allow  ${HOME}/.gist
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.gist
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile
index 74b7506cfd1..5e424937679 100644
--- a/etc/profile-a-l/git-cola.profile
+++ b/etc/profile-a-l/git-cola.profile
@@ -8,12 +8,12 @@ include globals.local
 
 ignore noexec ${HOME}
 
-nodeny  ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
-nodeny  ${HOME}/.gnupg
-nodeny  ${HOME}/.subversion
-nodeny  ${HOME}/.config/git
-nodeny  ${HOME}/.config/git-cola
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.subversion
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.config/git-cola
 # Add your editor/diff viewer config paths and the next line to your git-cola.local to load settings.
 #noblacklist ${HOME}/
 
@@ -32,17 +32,17 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  ${RUNUSER}/gnupg
-allow  ${RUNUSER}/keyring
+whitelist ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/keyring
 # Add additional whitelist paths below /usr/share to your git-cola.local to support your editor/diff viewer.
-allow  /usr/share/git
-allow  /usr/share/git-cola
-allow  /usr/share/git-core
-allow  /usr/share/git-gui
-allow  /usr/share/gitk
-allow  /usr/share/gitweb
-allow  /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist /usr/share/git
+whitelist /usr/share/git-cola
+whitelist /usr/share/git-core
+whitelist /usr/share/git-gui
+whitelist /usr/share/gitk
+whitelist /usr/share/gitweb
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/git.profile b/etc/profile-a-l/git.profile
index 680e9108512..bfa0081c6e5 100644
--- a/etc/profile-a-l/git.profile
+++ b/etc/profile-a-l/git.profile
@@ -7,33 +7,33 @@ include git.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/git
-nodeny  ${HOME}/.config/nano
-nodeny  ${HOME}/.emacs
-nodeny  ${HOME}/.emacs.d
-nodeny  ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
-nodeny  ${HOME}/.gnupg
-nodeny  ${HOME}/.nanorc
-nodeny  ${HOME}/.vim
-nodeny  ${HOME}/.viminfo
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.config/nano
+noblacklist ${HOME}/.emacs
+noblacklist ${HOME}/.emacs.d
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.nanorc
+noblacklist ${HOME}/.vim
+noblacklist ${HOME}/.viminfo
 
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-exec.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-allow  /usr/share/git
-allow  /usr/share/git-core
-allow  /usr/share/gitgui
-allow  /usr/share/gitweb
-allow  /usr/share/nano
+whitelist /usr/share/git
+whitelist /usr/share/git-core
+whitelist /usr/share/gitgui
+whitelist /usr/share/gitweb
+whitelist /usr/share/nano
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gitg.profile b/etc/profile-a-l/gitg.profile
index d313b5022f3..05d7dffa902 100644
--- a/etc/profile-a-l/gitg.profile
+++ b/etc/profile-a-l/gitg.profile
@@ -6,10 +6,10 @@ include gitg.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/git
-nodeny  ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
-nodeny  ${HOME}/.local/share/gitg
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+noblacklist ${HOME}/.local/share/gitg
 
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
@@ -29,7 +29,7 @@ include disable-programs.inc
 #whitelist ${HOME}/.ssh
 #include whitelist-common.inc
 
-allow  /usr/share/gitg
+whitelist /usr/share/gitg
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/github-desktop.profile b/etc/profile-a-l/github-desktop.profile
index 81b534a745b..325c54ced78 100644
--- a/etc/profile-a-l/github-desktop.profile
+++ b/etc/profile-a-l/github-desktop.profile
@@ -22,10 +22,10 @@ ignore apparmor
 ignore dbus-user none
 ignore dbus-system none
 
-nodeny  ${HOME}/.config/GitHub Desktop
-nodeny  ${HOME}/.config/git
-nodeny  ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
+noblacklist ${HOME}/.config/GitHub Desktop
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
 
 # no3d
 nosound
diff --git a/etc/profile-a-l/gitter.profile b/etc/profile-a-l/gitter.profile
index 2d1694ef7a6..460e2b99057 100644
--- a/etc/profile-a-l/gitter.profile
+++ b/etc/profile-a-l/gitter.profile
@@ -5,8 +5,8 @@ include gitter.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/autostart
-nodeny  ${HOME}/.config/Gitter
+noblacklist ${HOME}/.config/autostart
+noblacklist ${HOME}/.config/Gitter
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.config/Gitter
-allow  ${DOWNLOADS}
-allow  ${HOME}/.config/autostart
-allow  ${HOME}/.config/Gitter
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.config/autostart
+whitelist ${HOME}/.config/Gitter
 include whitelist-var-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/gjs.profile b/etc/profile-a-l/gjs.profile
index e00bb1dbfff..ed68b3c2d92 100644
--- a/etc/profile-a-l/gjs.profile
+++ b/etc/profile-a-l/gjs.profile
@@ -8,10 +8,10 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-nodeny  ${HOME}/.cache/libgweather
-nodeny  ${HOME}/.cache/org.gnome.Books
-nodeny  ${HOME}/.config/libreoffice
-nodeny  ${HOME}/.local/share/gnome-photos
+noblacklist ${HOME}/.cache/libgweather
+noblacklist ${HOME}/.cache/org.gnome.Books
+noblacklist ${HOME}/.config/libreoffice
+noblacklist ${HOME}/.local/share/gnome-photos
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gl-117.profile b/etc/profile-a-l/gl-117.profile
index a3236c2be51..c8cefc67e6d 100644
--- a/etc/profile-a-l/gl-117.profile
+++ b/etc/profile-a-l/gl-117.profile
@@ -6,7 +6,7 @@ include gl-117.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.gl-117
+noblacklist ${HOME}/.gl-117
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.gl-117
-allow  ${HOME}/.gl-117
-allow  /usr/share/gl-117
+whitelist ${HOME}/.gl-117
+whitelist /usr/share/gl-117
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/glaxium.profile b/etc/profile-a-l/glaxium.profile
index ec894a5f31a..ee7af054688 100644
--- a/etc/profile-a-l/glaxium.profile
+++ b/etc/profile-a-l/glaxium.profile
@@ -6,7 +6,7 @@ include glaxium.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.glaxiumrc
+noblacklist ${HOME}/.glaxiumrc
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/.glaxiumrc
-allow  ${HOME}/.glaxiumrc
-allow  /usr/share/glaxium
+whitelist ${HOME}/.glaxiumrc
+whitelist /usr/share/glaxium
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/globaltime.profile b/etc/profile-a-l/globaltime.profile
index e091b811f7f..14b3ef81189 100644
--- a/etc/profile-a-l/globaltime.profile
+++ b/etc/profile-a-l/globaltime.profile
@@ -5,7 +5,7 @@ include globaltime.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/globaltime
+noblacklist ${HOME}/.config/globaltime
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gmpc.profile b/etc/profile-a-l/gmpc.profile
index 79397d28f4f..b3aad8b2c53 100644
--- a/etc/profile-a-l/gmpc.profile
+++ b/etc/profile-a-l/gmpc.profile
@@ -6,8 +6,8 @@ include gmpc.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/gmpc
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.config/gmpc
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/gmpc
-allow  ${HOME}/.config/gmpc
-allow  ${MUSIC}
-allow  /usr/share/gmpc
+whitelist ${HOME}/.config/gmpc
+whitelist ${MUSIC}
+whitelist /usr/share/gmpc
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-2048.profile b/etc/profile-a-l/gnome-2048.profile
index c723f6e4669..777c81dbebc 100644
--- a/etc/profile-a-l/gnome-2048.profile
+++ b/etc/profile-a-l/gnome-2048.profile
@@ -6,10 +6,10 @@ include gnome-2048.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/gnome-2048
+noblacklist ${HOME}/.local/share/gnome-2048
 
 mkdir ${HOME}/.local/share/gnome-2048
-allow  ${HOME}/.local/share/gnome-2048
+whitelist ${HOME}/.local/share/gnome-2048
 
 private-bin gnome-2048
 
diff --git a/etc/profile-a-l/gnome-books.profile b/etc/profile-a-l/gnome-books.profile
index 2ed5fa76b66..34a7f557ce9 100644
--- a/etc/profile-a-l/gnome-books.profile
+++ b/etc/profile-a-l/gnome-books.profile
@@ -7,8 +7,8 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-nodeny  ${HOME}/.cache/org.gnome.Books
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.cache/org.gnome.Books
+noblacklist ${DOCUMENTS}
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnome-builder.profile b/etc/profile-a-l/gnome-builder.profile
index 7dd1c6e22f6..37ca5aeff41 100644
--- a/etc/profile-a-l/gnome-builder.profile
+++ b/etc/profile-a-l/gnome-builder.profile
@@ -6,11 +6,11 @@ include gnome-builder.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.bash_history
+noblacklist ${HOME}/.bash_history
 
-nodeny  ${HOME}/.cache/gnome-builder
-nodeny  ${HOME}/.config/gnome-builder
-nodeny  ${HOME}/.local/share/gnome-builder
+noblacklist ${HOME}/.cache/gnome-builder
+noblacklist ${HOME}/.config/gnome-builder
+noblacklist ${HOME}/.local/share/gnome-builder
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/gnome-calendar.profile b/etc/profile-a-l/gnome-calendar.profile
index d91fbaa4b85..03acd66aa91 100644
--- a/etc/profile-a-l/gnome-calendar.profile
+++ b/etc/profile-a-l/gnome-calendar.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/libgweather
+whitelist /usr/share/libgweather
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-characters.profile b/etc/profile-a-l/gnome-characters.profile
index 806d7e571e6..741fe9bf7cd 100644
--- a/etc/profile-a-l/gnome-characters.profile
+++ b/etc/profile-a-l/gnome-characters.profile
@@ -18,7 +18,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/org.gnome.Characters
+whitelist /usr/share/org.gnome.Characters
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-chess.profile b/etc/profile-a-l/gnome-chess.profile
index 09521056500..bd39f625c4f 100644
--- a/etc/profile-a-l/gnome-chess.profile
+++ b/etc/profile-a-l/gnome-chess.profile
@@ -6,8 +6,8 @@ include gnome-chess.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/gnome-chess
-nodeny  ${HOME}/.local/share/gnome-chess
+noblacklist ${HOME}/.config/gnome-chess
+noblacklist ${HOME}/.local/share/gnome-chess
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,8 +22,8 @@ include disable-xdg.inc
 #whitelist ${HOME}/.local/share/gnome-chess
 #include whitelist-common.inc
 
-allow  /usr/share/gnuchess
-allow  /usr/share/gnome-chess
+whitelist /usr/share/gnuchess
+whitelist /usr/share/gnome-chess
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-clocks.profile b/etc/profile-a-l/gnome-clocks.profile
index 7e2d458fdb0..1e7c70b8412 100644
--- a/etc/profile-a-l/gnome-clocks.profile
+++ b/etc/profile-a-l/gnome-clocks.profile
@@ -15,8 +15,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/gnome-clocks
-allow  /usr/share/libgweather
+whitelist /usr/share/gnome-clocks
+whitelist /usr/share/libgweather
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-contacts.profile b/etc/profile-a-l/gnome-contacts.profile
index 7902fa16904..dcc6163b6d5 100644
--- a/etc/profile-a-l/gnome-contacts.profile
+++ b/etc/profile-a-l/gnome-contacts.profile
@@ -6,7 +6,7 @@ include gnome-contacts.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-documents.profile b/etc/profile-a-l/gnome-documents.profile
index 0f601149f72..29ad67af889 100644
--- a/etc/profile-a-l/gnome-documents.profile
+++ b/etc/profile-a-l/gnome-documents.profile
@@ -8,8 +8,8 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-nodeny  ${HOME}/.config/libreoffice
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.config/libreoffice
+noblacklist ${DOCUMENTS}
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnome-hexgl.profile b/etc/profile-a-l/gnome-hexgl.profile
index 50c3e2c6fcc..2db956fafa2 100644
--- a/etc/profile-a-l/gnome-hexgl.profile
+++ b/etc/profile-a-l/gnome-hexgl.profile
@@ -16,7 +16,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.cache/mesa_shader_cache
-allow  /usr/share/gnome-hexgl
+whitelist /usr/share/gnome-hexgl
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-keyring.profile b/etc/profile-a-l/gnome-keyring.profile
index 62a5a34ea91..25b4c47de84 100644
--- a/etc/profile-a-l/gnome-keyring.profile
+++ b/etc/profile-a-l/gnome-keyring.profile
@@ -7,7 +7,7 @@ include gnome-keyring.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,12 +18,12 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.gnupg
-allow  ${HOME}/.gnupg
-allow  ${DOWNLOADS}
-allow  ${RUNUSER}/gnupg
-allow  ${RUNUSER}/keyring
-allow  /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist ${HOME}/.gnupg
+whitelist ${DOWNLOADS}
+whitelist ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/keyring
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-klotski.profile b/etc/profile-a-l/gnome-klotski.profile
index ed074f944fb..c67a5c0dae8 100644
--- a/etc/profile-a-l/gnome-klotski.profile
+++ b/etc/profile-a-l/gnome-klotski.profile
@@ -6,10 +6,10 @@ include gnome-klotski.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/gnome-klotski
+noblacklist ${HOME}/.local/share/gnome-klotski
 
 mkdir ${HOME}/.local/share/gnome-klotski
-allow  ${HOME}/.local/share/gnome-klotski
+whitelist ${HOME}/.local/share/gnome-klotski
 
 private-bin gnome-klotski
 
diff --git a/etc/profile-a-l/gnome-latex.profile b/etc/profile-a-l/gnome-latex.profile
index 4a03a7ff575..1a7eafeca31 100644
--- a/etc/profile-a-l/gnome-latex.profile
+++ b/etc/profile-a-l/gnome-latex.profile
@@ -6,8 +6,8 @@ include gnome-latex.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/gnome-latex
-nodeny  ${HOME}/.local/share/gnome-latex
+noblacklist ${HOME}/.config/gnome-latex
+noblacklist ${HOME}/.local/share/gnome-latex
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -19,8 +19,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-allow  /usr/share/gnome-latex
-allow  /usr/share/texlive
+whitelist /usr/share/gnome-latex
+whitelist /usr/share/texlive
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 # May cause issues.
diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile
index fcc02dc7664..9d2ea7b7b39 100644
--- a/etc/profile-a-l/gnome-logs.profile
+++ b/etc/profile-a-l/gnome-logs.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /var/log/journal
+whitelist /var/log/journal
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-mahjongg.profile b/etc/profile-a-l/gnome-mahjongg.profile
index e21f03efe2a..42409dce8c9 100644
--- a/etc/profile-a-l/gnome-mahjongg.profile
+++ b/etc/profile-a-l/gnome-mahjongg.profile
@@ -6,7 +6,7 @@ include gnome-mahjongg.local
 # Persistent global definitions
 include globals.local
 
-allow  /usr/share/gnome-mahjongg
+whitelist /usr/share/gnome-mahjongg
 
 private-bin gnome-mahjongg
 
diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile
index cf4eceee306..23aab343f4e 100644
--- a/etc/profile-a-l/gnome-maps.profile
+++ b/etc/profile-a-l/gnome-maps.profile
@@ -11,14 +11,14 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-nodeny  ${HOME}/.cache/champlain
-nodeny  ${HOME}/.cache/org.gnome.Maps
-nodeny  ${HOME}/.local/share/maps-places.json
+noblacklist ${HOME}/.cache/champlain
+noblacklist ${HOME}/.cache/org.gnome.Maps
+noblacklist ${HOME}/.local/share/maps-places.json
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -31,12 +31,12 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/champlain
 mkfile ${HOME}/.local/share/maps-places.json
-allow  ${HOME}/.cache/champlain
-allow  ${HOME}/.local/share/maps-places.json
-allow  ${DOWNLOADS}
-allow  ${PICTURES}
-allow  /usr/share/gnome-maps
-allow  /usr/share/libgweather
+whitelist ${HOME}/.cache/champlain
+whitelist ${HOME}/.local/share/maps-places.json
+whitelist ${DOWNLOADS}
+whitelist ${PICTURES}
+whitelist /usr/share/gnome-maps
+whitelist /usr/share/libgweather
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-mines.profile b/etc/profile-a-l/gnome-mines.profile
index 1b2949bc5fa..4fe8986c270 100644
--- a/etc/profile-a-l/gnome-mines.profile
+++ b/etc/profile-a-l/gnome-mines.profile
@@ -6,11 +6,11 @@ include gnome-mines.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/gnome-mines
+noblacklist ${HOME}/.local/share/gnome-mines
 
 mkdir ${HOME}/.local/share/gnome-mines
-allow  ${HOME}/.local/share/gnome-mines
-allow  /usr/share/gnome-mines
+whitelist ${HOME}/.local/share/gnome-mines
+whitelist /usr/share/gnome-mines
 
 private-bin gnome-mines
 
diff --git a/etc/profile-a-l/gnome-mplayer.profile b/etc/profile-a-l/gnome-mplayer.profile
index c1cbc796a64..43fe71f5e0e 100644
--- a/etc/profile-a-l/gnome-mplayer.profile
+++ b/etc/profile-a-l/gnome-mplayer.profile
@@ -6,9 +6,9 @@ include gnome-mplayer.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/gnome-mplayer
-nodeny  ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${HOME}/.config/gnome-mplayer
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-music.profile b/etc/profile-a-l/gnome-music.profile
index 8fd0826c4d7..2fcbe991073 100644
--- a/etc/profile-a-l/gnome-music.profile
+++ b/etc/profile-a-l/gnome-music.profile
@@ -6,8 +6,8 @@ include gnome-music.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/gnome-music
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.local/share/gnome-music
+noblacklist ${MUSIC}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/gnome-nettool.profile b/etc/profile-a-l/gnome-nettool.profile
index a929582f830..814751db3c8 100644
--- a/etc/profile-a-l/gnome-nettool.profile
+++ b/etc/profile-a-l/gnome-nettool.profile
@@ -14,7 +14,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  /usr/share/gnome-nettool
+whitelist /usr/share/gnome-nettool
 #include whitelist-common.inc -- see #903
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-nibbles.profile b/etc/profile-a-l/gnome-nibbles.profile
index d4c037a4125..b22810d347c 100644
--- a/etc/profile-a-l/gnome-nibbles.profile
+++ b/etc/profile-a-l/gnome-nibbles.profile
@@ -9,11 +9,11 @@ include globals.local
 ignore machine-id
 ignore nosound
 
-nodeny  ${HOME}/.local/share/gnome-nibbles
+noblacklist ${HOME}/.local/share/gnome-nibbles
 
 mkdir ${HOME}/.local/share/gnome-nibbles
-allow  ${HOME}/.local/share/gnome-nibbles
-allow  /usr/share/gnome-nibbles
+whitelist ${HOME}/.local/share/gnome-nibbles
+whitelist /usr/share/gnome-nibbles
 
 private-bin gnome-nibbles
 
diff --git a/etc/profile-a-l/gnome-passwordsafe.profile b/etc/profile-a-l/gnome-passwordsafe.profile
index d2cf828cc15..fee5f88b9c1 100644
--- a/etc/profile-a-l/gnome-passwordsafe.profile
+++ b/etc/profile-a-l/gnome-passwordsafe.profile
@@ -6,14 +6,14 @@ include gnome-passwordsafe.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${DOCUMENTS}
-nodeny  ${HOME}/*.kdb
-nodeny  ${HOME}/*.kdbx
+noblacklist ${DOCUMENTS}
+noblacklist ${HOME}/*.kdb
+noblacklist ${HOME}/*.kdbx
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,8 +24,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/cracklib
-allow  /usr/share/passwordsafe
+whitelist /usr/share/cracklib
+whitelist /usr/share/passwordsafe
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-photos.profile b/etc/profile-a-l/gnome-photos.profile
index 3702da2c741..58bf3f349aa 100644
--- a/etc/profile-a-l/gnome-photos.profile
+++ b/etc/profile-a-l/gnome-photos.profile
@@ -8,7 +8,7 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-nodeny  ${HOME}/.local/share/gnome-photos
+noblacklist ${HOME}/.local/share/gnome-photos
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-pie.profile b/etc/profile-a-l/gnome-pie.profile
index e9ae2bcb0f1..41903b13669 100644
--- a/etc/profile-a-l/gnome-pie.profile
+++ b/etc/profile-a-l/gnome-pie.profile
@@ -6,7 +6,7 @@ include gnome-pie.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/gnome-pie
+noblacklist ${HOME}/.config/gnome-pie
 
 #include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-pomodoro.profile b/etc/profile-a-l/gnome-pomodoro.profile
index bec23910c63..c2ba7556d6c 100644
--- a/etc/profile-a-l/gnome-pomodoro.profile
+++ b/etc/profile-a-l/gnome-pomodoro.profile
@@ -6,7 +6,7 @@ include gnome-pomodoro.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/gnome-pomodoro
+noblacklist ${HOME}/.local/share/gnome-pomodoro
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/gnome-pomodoro
-allow  ${HOME}/.local/share/gnome-pomodoro
-allow  /usr/share/gnome-pomodoro
+whitelist ${HOME}/.local/share/gnome-pomodoro
+whitelist /usr/share/gnome-pomodoro
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/gnome-recipes.profile b/etc/profile-a-l/gnome-recipes.profile
index 5ef33fdd8b7..48c98ebe090 100644
--- a/etc/profile-a-l/gnome-recipes.profile
+++ b/etc/profile-a-l/gnome-recipes.profile
@@ -7,8 +7,8 @@ include gnome-recipes.local
 include globals.local
 
 
-nodeny  ${HOME}/.cache/gnome-recipes
-nodeny  ${HOME}/.local/share/gnome-recipes
+noblacklist ${HOME}/.cache/gnome-recipes
+noblacklist ${HOME}/.local/share/gnome-recipes
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-shell.inc
 
 mkdir ${HOME}/.cache/gnome-recipes
 mkdir ${HOME}/.local/share/gnome-recipes
-allow  ${HOME}/.cache/gnome-recipes
-allow  ${HOME}/.local/share/gnome-recipes
-allow  /usr/share/gnome-recipes
+whitelist ${HOME}/.cache/gnome-recipes
+whitelist ${HOME}/.local/share/gnome-recipes
+whitelist /usr/share/gnome-recipes
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-ring.profile b/etc/profile-a-l/gnome-ring.profile
index b34d264f478..78ceb9c4f74 100644
--- a/etc/profile-a-l/gnome-ring.profile
+++ b/etc/profile-a-l/gnome-ring.profile
@@ -5,7 +5,7 @@ include gnome-ring.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/gnome-ring
+noblacklist ${HOME}/.local/share/gnome-ring
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-robots.profile b/etc/profile-a-l/gnome-robots.profile
index 836d4e2b2cd..8835f2b9323 100644
--- a/etc/profile-a-l/gnome-robots.profile
+++ b/etc/profile-a-l/gnome-robots.profile
@@ -9,7 +9,7 @@ include globals.local
 ignore machine-id
 ignore nosound
 
-allow  /usr/share/gnome-robots
+whitelist /usr/share/gnome-robots
 
 private-bin gnome-robots
 
diff --git a/etc/profile-a-l/gnome-schedule.profile b/etc/profile-a-l/gnome-schedule.profile
index 146f8bc4e05..69c90b33d98 100644
--- a/etc/profile-a-l/gnome-schedule.profile
+++ b/etc/profile-a-l/gnome-schedule.profile
@@ -6,17 +6,17 @@ include gnome-schedule.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.gnome/gnome-schedule
+noblacklist ${HOME}/.gnome/gnome-schedule
 
 # Needs at and crontab to read/write user cron
-nodeny  ${PATH}/at
-nodeny  ${PATH}/crontab
+noblacklist ${PATH}/at
+noblacklist ${PATH}/crontab
 
 # Needs access to these files/dirs
-nodeny  /etc/cron.allow
-nodeny  /etc/cron.deny
-nodeny  /etc/shadow
-nodeny  /var/spool/cron
+noblacklist /etc/cron.allow
+noblacklist /etc/cron.deny
+noblacklist /etc/shadow
+noblacklist /var/spool/cron
 
 # cron job testing needs a terminal, resulting in sandbox escape (see disable-common.inc)
 # add 'noblacklist ${PATH}/your-terminal' to gnome-schedule.local if you need that functionality
@@ -34,10 +34,10 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/.gnome/gnome-schedule
-allow  ${HOME}/.gnome/gnome-schedule
-allow  /usr/share/gnome-schedule
-allow  /var/spool/atd
-allow  /var/spool/cron
+whitelist ${HOME}/.gnome/gnome-schedule
+whitelist /usr/share/gnome-schedule
+whitelist /var/spool/atd
+whitelist /var/spool/cron
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-screenshot.profile b/etc/profile-a-l/gnome-screenshot.profile
index 175549e99be..b683b6f6cd6 100644
--- a/etc/profile-a-l/gnome-screenshot.profile
+++ b/etc/profile-a-l/gnome-screenshot.profile
@@ -6,8 +6,8 @@ include gnome-screenshot.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${PICTURES}
-nodeny  ${HOME}/.cache/gnome-screenshot
+noblacklist ${PICTURES}
+noblacklist ${HOME}/.cache/gnome-screenshot
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-sound-recorder.profile b/etc/profile-a-l/gnome-sound-recorder.profile
index c2fb14fa49b..34f5fdeffef 100644
--- a/etc/profile-a-l/gnome-sound-recorder.profile
+++ b/etc/profile-a-l/gnome-sound-recorder.profile
@@ -6,8 +6,8 @@ include gnome-sound-recorder.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${MUSIC}
-nodeny  ${HOME}/.local/share/Trash
+noblacklist ${MUSIC}
+noblacklist ${HOME}/.local/share/Trash
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnome-sudoku.profile b/etc/profile-a-l/gnome-sudoku.profile
index 3b7835e5202..12fd48a865a 100644
--- a/etc/profile-a-l/gnome-sudoku.profile
+++ b/etc/profile-a-l/gnome-sudoku.profile
@@ -6,10 +6,10 @@ include gnome-sudoku.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/gnome-sudoku
+noblacklist ${HOME}/.local/share/gnome-sudoku
 
 mkdir ${HOME}/.local/share/gnome-sudoku
-allow  ${HOME}/.local/share/gnome-sudoku
+whitelist ${HOME}/.local/share/gnome-sudoku
 
 private-bin gnome-sudoku
 
diff --git a/etc/profile-a-l/gnome-system-log.profile b/etc/profile-a-l/gnome-system-log.profile
index 6978f7cab85..8a818695df4 100644
--- a/etc/profile-a-l/gnome-system-log.profile
+++ b/etc/profile-a-l/gnome-system-log.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /var/log
+whitelist /var/log
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-taquin.profile b/etc/profile-a-l/gnome-taquin.profile
index ac87cf70f3f..2341334f7d2 100644
--- a/etc/profile-a-l/gnome-taquin.profile
+++ b/etc/profile-a-l/gnome-taquin.profile
@@ -9,7 +9,7 @@ include globals.local
 ignore machine-id
 ignore nosound
 
-allow  /usr/share/gnome-taquin
+whitelist /usr/share/gnome-taquin
 
 private-bin gnome-taquin
 
diff --git a/etc/profile-a-l/gnome-todo.profile b/etc/profile-a-l/gnome-todo.profile
index 092fd58a385..3b147cd4822 100644
--- a/etc/profile-a-l/gnome-todo.profile
+++ b/etc/profile-a-l/gnome-todo.profile
@@ -18,7 +18,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/gnome-todo
+whitelist /usr/share/gnome-todo
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/gnome-twitch.profile b/etc/profile-a-l/gnome-twitch.profile
index d76872ea634..b8ec195d30b 100644
--- a/etc/profile-a-l/gnome-twitch.profile
+++ b/etc/profile-a-l/gnome-twitch.profile
@@ -6,8 +6,8 @@ include gnome-twitch.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/gnome-twitch
-nodeny  ${HOME}/.local/share/gnome-twitch
+noblacklist ${HOME}/.cache/gnome-twitch
+noblacklist ${HOME}/.local/share/gnome-twitch
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.cache/gnome-twitch
 mkdir ${HOME}/.local/share/gnome-twitch
-allow  ${HOME}/.cache/gnome-twitch
-allow  ${HOME}/.local/share/gnome-twitch
+whitelist ${HOME}/.cache/gnome-twitch
+whitelist ${HOME}/.local/share/gnome-twitch
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/gnome-weather.profile b/etc/profile-a-l/gnome-weather.profile
index 6f557ff8dcf..2e08fa41d3b 100644
--- a/etc/profile-a-l/gnome-weather.profile
+++ b/etc/profile-a-l/gnome-weather.profile
@@ -8,7 +8,7 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-nodeny  ${HOME}/.cache/libgweather
+noblacklist ${HOME}/.cache/libgweather
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnote.profile b/etc/profile-a-l/gnote.profile
index 261efeface1..c3014a28850 100644
--- a/etc/profile-a-l/gnote.profile
+++ b/etc/profile-a-l/gnote.profile
@@ -6,8 +6,8 @@ include gnote.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/gnote
-nodeny  ${HOME}/.local/share/gnote
+noblacklist ${HOME}/.config/gnote
+noblacklist ${HOME}/.local/share/gnote
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/gnote
 mkdir ${HOME}/.local/share/gnote
-allow  ${HOME}/.config/gnote
-allow  ${HOME}/.local/share/gnote
-allow  /usr/share/gnote
+whitelist ${HOME}/.config/gnote
+whitelist ${HOME}/.local/share/gnote
+whitelist /usr/share/gnote
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnubik.profile b/etc/profile-a-l/gnubik.profile
index e6fbca26fd9..22851ce9fc0 100644
--- a/etc/profile-a-l/gnubik.profile
+++ b/etc/profile-a-l/gnubik.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/gnubik
+whitelist /usr/share/gnubik
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/godot.profile b/etc/profile-a-l/godot.profile
index f35a53ca41e..09ca17caab1 100644
--- a/etc/profile-a-l/godot.profile
+++ b/etc/profile-a-l/godot.profile
@@ -6,9 +6,9 @@ include godot.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/godot
-nodeny  ${HOME}/.config/godot
-nodeny  ${HOME}/.local/share/godot
+noblacklist ${HOME}/.cache/godot
+noblacklist ${HOME}/.config/godot
+noblacklist ${HOME}/.local/share/godot
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/goobox.profile b/etc/profile-a-l/goobox.profile
index 95dd41c2ac4..8399d77c414 100644
--- a/etc/profile-a-l/goobox.profile
+++ b/etc/profile-a-l/goobox.profile
@@ -6,7 +6,7 @@ include goobox.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/google-chrome-beta.profile b/etc/profile-a-l/google-chrome-beta.profile
index 07f0e587d0e..ebe5e870b54 100644
--- a/etc/profile-a-l/google-chrome-beta.profile
+++ b/etc/profile-a-l/google-chrome-beta.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-nodeny  ${HOME}/.cache/google-chrome-beta
-nodeny  ${HOME}/.config/google-chrome-beta
+noblacklist ${HOME}/.cache/google-chrome-beta
+noblacklist ${HOME}/.config/google-chrome-beta
 
-nodeny  ${HOME}/.config/chrome-beta-flags.conf
-nodeny  ${HOME}/.config/chrome-beta-flags.config
+noblacklist ${HOME}/.config/chrome-beta-flags.conf
+noblacklist ${HOME}/.config/chrome-beta-flags.config
 
 mkdir ${HOME}/.cache/google-chrome-beta
 mkdir ${HOME}/.config/google-chrome-beta
-allow  ${HOME}/.cache/google-chrome-beta
-allow  ${HOME}/.config/google-chrome-beta
+whitelist ${HOME}/.cache/google-chrome-beta
+whitelist ${HOME}/.config/google-chrome-beta
 
-allow  ${HOME}/.config/chrome-beta-flags.conf
-allow  ${HOME}/.config/chrome-beta-flags.config
+whitelist ${HOME}/.config/chrome-beta-flags.conf
+whitelist ${HOME}/.config/chrome-beta-flags.config
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/google-chrome-unstable.profile b/etc/profile-a-l/google-chrome-unstable.profile
index 22990441147..4d303f71bcb 100644
--- a/etc/profile-a-l/google-chrome-unstable.profile
+++ b/etc/profile-a-l/google-chrome-unstable.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-nodeny  ${HOME}/.cache/google-chrome-unstable
-nodeny  ${HOME}/.config/google-chrome-unstable
+noblacklist ${HOME}/.cache/google-chrome-unstable
+noblacklist ${HOME}/.config/google-chrome-unstable
 
-nodeny  ${HOME}/.config/chrome-unstable-flags.conf
-nodeny  ${HOME}/.config/chrome-unstable-flags.config
+noblacklist ${HOME}/.config/chrome-unstable-flags.conf
+noblacklist ${HOME}/.config/chrome-unstable-flags.config
 
 mkdir ${HOME}/.cache/google-chrome-unstable
 mkdir ${HOME}/.config/google-chrome-unstable
-allow  ${HOME}/.cache/google-chrome-unstable
-allow  ${HOME}/.config/google-chrome-unstable
+whitelist ${HOME}/.cache/google-chrome-unstable
+whitelist ${HOME}/.config/google-chrome-unstable
 
-allow  ${HOME}/.config/chrome-unstable-flags.conf
-allow  ${HOME}/.config/chrome-unstable-flags.config
+whitelist ${HOME}/.config/chrome-unstable-flags.conf
+whitelist ${HOME}/.config/chrome-unstable-flags.config
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/google-chrome.profile b/etc/profile-a-l/google-chrome.profile
index f61642f17fd..ed2595f7232 100644
--- a/etc/profile-a-l/google-chrome.profile
+++ b/etc/profile-a-l/google-chrome.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-nodeny  ${HOME}/.cache/google-chrome
-nodeny  ${HOME}/.config/google-chrome
+noblacklist ${HOME}/.cache/google-chrome
+noblacklist ${HOME}/.config/google-chrome
 
-nodeny  ${HOME}/.config/chrome-flags.conf
-nodeny  ${HOME}/.config/chrome-flags.config
+noblacklist ${HOME}/.config/chrome-flags.conf
+noblacklist ${HOME}/.config/chrome-flags.config
 
 mkdir ${HOME}/.cache/google-chrome
 mkdir ${HOME}/.config/google-chrome
-allow  ${HOME}/.cache/google-chrome
-allow  ${HOME}/.config/google-chrome
+whitelist ${HOME}/.cache/google-chrome
+whitelist ${HOME}/.config/google-chrome
 
-allow  ${HOME}/.config/chrome-flags.conf
-allow  ${HOME}/.config/chrome-flags.config
+whitelist ${HOME}/.config/chrome-flags.conf
+whitelist ${HOME}/.config/chrome-flags.config
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/google-earth.profile b/etc/profile-a-l/google-earth.profile
index 6039f7cbd16..65ac047714b 100644
--- a/etc/profile-a-l/google-earth.profile
+++ b/etc/profile-a-l/google-earth.profile
@@ -5,8 +5,8 @@ include google-earth.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Google
-nodeny  ${HOME}/.googleearth
+noblacklist ${HOME}/.config/Google
+noblacklist ${HOME}/.googleearth
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.config/Google
 mkdir ${HOME}/.googleearth
-allow  ${HOME}/.config/Google
-allow  ${HOME}/.googleearth
+whitelist ${HOME}/.config/Google
+whitelist ${HOME}/.googleearth
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/google-play-music-desktop-player.profile b/etc/profile-a-l/google-play-music-desktop-player.profile
index fdb65b93c66..a7aabe105bf 100644
--- a/etc/profile-a-l/google-play-music-desktop-player.profile
+++ b/etc/profile-a-l/google-play-music-desktop-player.profile
@@ -8,7 +8,7 @@ include globals.local
 # noexec /tmp breaks mpris support
 ignore noexec /tmp
 
-nodeny  ${HOME}/.config/Google Play Music Desktop Player
+noblacklist ${HOME}/.config/Google Play Music Desktop Player
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,7 +20,7 @@ include disable-programs.inc
 mkdir ${HOME}/.config/Google Play Music Desktop Player
 # whitelist ${HOME}/.config/pulse
 # whitelist ${HOME}/.pulse
-allow  ${HOME}/.config/Google Play Music Desktop Player
+whitelist ${HOME}/.config/Google Play Music Desktop Player
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile
index 952c9c1d463..2d0bce52b51 100644
--- a/etc/profile-a-l/googler-common.profile
+++ b/etc/profile-a-l/googler-common.profile
@@ -7,10 +7,10 @@ include googler-common.local
 # added by caller profile
 #include globals.local
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
 
-nodeny  ${HOME}/.w3m
+noblacklist ${HOME}/.w3m
 
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -26,7 +26,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  ${HOME}/.w3m
+whitelist ${HOME}/.w3m
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gpa.profile b/etc/profile-a-l/gpa.profile
index 9b8da361b7d..37b4f0b1c91 100644
--- a/etc/profile-a-l/gpa.profile
+++ b/etc/profile-a-l/gpa.profile
@@ -6,7 +6,7 @@ include gpa.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gpg-agent.profile b/etc/profile-a-l/gpg-agent.profile
index 5fa66bb55c2..7f0b614b13e 100644
--- a/etc/profile-a-l/gpg-agent.profile
+++ b/etc/profile-a-l/gpg-agent.profile
@@ -7,10 +7,10 @@ include gpg-agent.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,11 +20,11 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.gnupg
-allow  ${HOME}/.gnupg
-allow  ${RUNUSER}/gnupg
-allow  ${RUNUSER}/keyring
-allow  /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist ${HOME}/.gnupg
+whitelist ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/keyring
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gpg.profile b/etc/profile-a-l/gpg.profile
index 2ad896abe03..4a4d6527cc9 100644
--- a/etc/profile-a-l/gpg.profile
+++ b/etc/profile-a-l/gpg.profile
@@ -7,10 +7,10 @@ include gpg.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,11 +18,11 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-allow  ${RUNUSER}/gnupg
-allow  ${RUNUSER}/keyring
-allow  /usr/share/gnupg
-allow  /usr/share/gnupg2
-allow  /usr/share/pacman/keyrings
+whitelist ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/keyring
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
+whitelist /usr/share/pacman/keyrings
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gpicview.profile b/etc/profile-a-l/gpicview.profile
index 0552dc3d7e4..fa53c26c8cf 100644
--- a/etc/profile-a-l/gpicview.profile
+++ b/etc/profile-a-l/gpicview.profile
@@ -6,7 +6,7 @@ include gpicview.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/gpicview
+noblacklist ${HOME}/.config/gpicview
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
 
-allow  /usr/share/gpicview
+whitelist /usr/share/gpicview
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gpredict.profile b/etc/profile-a-l/gpredict.profile
index c9e62a73f3e..253d644f17a 100644
--- a/etc/profile-a-l/gpredict.profile
+++ b/etc/profile-a-l/gpredict.profile
@@ -6,7 +6,7 @@ include gpredict.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Gpredict
+noblacklist ${HOME}/.config/Gpredict
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.config/Gpredict
-allow  ${HOME}/.config/Gpredict
+whitelist ${HOME}/.config/Gpredict
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/gradio.profile b/etc/profile-a-l/gradio.profile
index 2aebe23382c..2b4c536d2a4 100644
--- a/etc/profile-a-l/gradio.profile
+++ b/etc/profile-a-l/gradio.profile
@@ -5,8 +5,8 @@ include gradio.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/gradio
-nodeny  ${HOME}/.local/share/gradio
+noblacklist ${HOME}/.cache/gradio
+noblacklist ${HOME}/.local/share/gradio
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/gradio
 mkdir ${HOME}/.local/share/gradio
-allow  ${HOME}/.cache/gradio
-allow  ${HOME}/.local/share/gradio
+whitelist ${HOME}/.cache/gradio
+whitelist ${HOME}/.local/share/gradio
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gramps.profile b/etc/profile-a-l/gramps.profile
index 53f0baccbab..c7e0c297772 100644
--- a/etc/profile-a-l/gramps.profile
+++ b/etc/profile-a-l/gramps.profile
@@ -6,7 +6,7 @@ include gramps.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.gramps
+noblacklist ${HOME}/.gramps
 
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -21,7 +21,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.gramps
-allow  ${HOME}/.gramps
+whitelist ${HOME}/.gramps
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
index ecc871c2e5a..890ba256078 100644
--- a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
+++ b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/gravity-beams-and-evaporating-stars
+whitelist /usr/share/gravity-beams-and-evaporating-stars
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gthumb.profile b/etc/profile-a-l/gthumb.profile
index 9a4f7b4fbb6..5927e8c4d3e 100644
--- a/etc/profile-a-l/gthumb.profile
+++ b/etc/profile-a-l/gthumb.profile
@@ -6,9 +6,9 @@ include gthumb.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/gthumb
-nodeny  ${HOME}/.Steam
-nodeny  ${HOME}/.steam
+noblacklist ${HOME}/.config/gthumb
+noblacklist ${HOME}/.Steam
+noblacklist ${HOME}/.steam
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gtk-update-icon-cache.profile b/etc/profile-a-l/gtk-update-icon-cache.profile
index d6bb9902a5f..c8addae75d2 100644
--- a/etc/profile-a-l/gtk-update-icon-cache.profile
+++ b/etc/profile-a-l/gtk-update-icon-cache.profile
@@ -7,7 +7,7 @@ include gtk-update-icon-cache.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gtk2-youtube-viewer.profile b/etc/profile-a-l/gtk2-youtube-viewer.profile
index 8241de43ac6..787c7bd90fe 100644
--- a/etc/profile-a-l/gtk2-youtube-viewer.profile
+++ b/etc/profile-a-l/gtk2-youtube-viewer.profile
@@ -8,8 +8,8 @@ include gtk2-youtube-viewer.local
 
 ignore quiet
 
-nodeny  /tmp/.X11-unix
-nodeny  ${RUNUSER}
+noblacklist /tmp/.X11-unix
+noblacklist ${RUNUSER}
 
 include whitelist-runuser-common.inc
 
diff --git a/etc/profile-a-l/gtk3-youtube-viewer.profile b/etc/profile-a-l/gtk3-youtube-viewer.profile
index 6ea4ebbdc80..988882622fd 100644
--- a/etc/profile-a-l/gtk3-youtube-viewer.profile
+++ b/etc/profile-a-l/gtk3-youtube-viewer.profile
@@ -8,8 +8,8 @@ include gtk3-youtube-viewer.local
 
 ignore quiet
 
-nodeny  /tmp/.X11-unix
-nodeny  ${RUNUSER}
+noblacklist /tmp/.X11-unix
+noblacklist ${RUNUSER}
 
 include whitelist-runuser-common.inc
 
diff --git a/etc/profile-a-l/guayadeque.profile b/etc/profile-a-l/guayadeque.profile
index 731bcad1d5d..3d2b71e9d7b 100644
--- a/etc/profile-a-l/guayadeque.profile
+++ b/etc/profile-a-l/guayadeque.profile
@@ -5,8 +5,8 @@ include guayadeque.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.guayadeque
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.guayadeque
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gummi.profile b/etc/profile-a-l/gummi.profile
index 5cdc2cc18ea..2223c37a1ca 100644
--- a/etc/profile-a-l/gummi.profile
+++ b/etc/profile-a-l/gummi.profile
@@ -5,8 +5,8 @@ include gummi.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/gummi
-nodeny  ${HOME}/.config/gummi
+noblacklist ${HOME}/.cache/gummi
+noblacklist ${HOME}/.config/gummi
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
diff --git a/etc/profile-a-l/guvcview.profile b/etc/profile-a-l/guvcview.profile
index 3404f51779b..9221ca31c07 100644
--- a/etc/profile-a-l/guvcview.profile
+++ b/etc/profile-a-l/guvcview.profile
@@ -6,10 +6,10 @@ include guvcview.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/guvcview2
+noblacklist ${HOME}/.config/guvcview2
 
-nodeny  ${PICTURES}
-nodeny  ${VIDEOS}
+noblacklist ${PICTURES}
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,9 +21,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/guvcview2
-allow  ${HOME}/.config/guvcview2
-allow  ${PICTURES}
-allow  ${VIDEOS}
+whitelist ${HOME}/.config/guvcview2
+whitelist ${PICTURES}
+whitelist ${VIDEOS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gwenview.profile b/etc/profile-a-l/gwenview.profile
index 132b5a2e2d9..d33e2a67348 100644
--- a/etc/profile-a-l/gwenview.profile
+++ b/etc/profile-a-l/gwenview.profile
@@ -6,17 +6,17 @@ include gwenview.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/GIMP
-nodeny  ${HOME}/.config/gwenviewrc
-nodeny  ${HOME}/.config/org.kde.gwenviewrc
-nodeny  ${HOME}/.gimp*
-nodeny  ${HOME}/.kde/share/apps/gwenview
-nodeny  ${HOME}/.kde/share/config/gwenviewrc
-nodeny  ${HOME}/.kde4/share/apps/gwenview
-nodeny  ${HOME}/.kde4/share/config/gwenviewrc
-nodeny  ${HOME}/.local/share/gwenview
-nodeny  ${HOME}/.local/share/kxmlgui5/gwenview
-nodeny  ${HOME}/.local/share/org.kde.gwenview
+noblacklist ${HOME}/.config/GIMP
+noblacklist ${HOME}/.config/gwenviewrc
+noblacklist ${HOME}/.config/org.kde.gwenviewrc
+noblacklist ${HOME}/.gimp*
+noblacklist ${HOME}/.kde/share/apps/gwenview
+noblacklist ${HOME}/.kde/share/config/gwenviewrc
+noblacklist ${HOME}/.kde4/share/apps/gwenview
+noblacklist ${HOME}/.kde4/share/config/gwenviewrc
+noblacklist ${HOME}/.local/share/gwenview
+noblacklist ${HOME}/.local/share/kxmlgui5/gwenview
+noblacklist ${HOME}/.local/share/org.kde.gwenview
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gzip.profile b/etc/profile-a-l/gzip.profile
index 46c98bdc2fc..b261c16f4aa 100644
--- a/etc/profile-a-l/gzip.profile
+++ b/etc/profile-a-l/gzip.profile
@@ -9,7 +9,7 @@ include globals.local
 
 # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop
 # all capabilities this is automatically read-only.
-nodeny  /var/lib/pacman
+noblacklist /var/lib/pacman
 
 # Redirect
 include archiver-common.profile
diff --git a/etc/profile-a-l/handbrake.profile b/etc/profile-a-l/handbrake.profile
index c102ac4cb29..847e1ec1e0a 100644
--- a/etc/profile-a-l/handbrake.profile
+++ b/etc/profile-a-l/handbrake.profile
@@ -6,9 +6,9 @@ include handbrake.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/ghb
-nodeny  ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${HOME}/.config/ghb
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hashcat.profile b/etc/profile-a-l/hashcat.profile
index d98a1b554ed..aab4b0c21a9 100644
--- a/etc/profile-a-l/hashcat.profile
+++ b/etc/profile-a-l/hashcat.profile
@@ -7,11 +7,11 @@ include hashcat.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  ${HOME}/.hashcat
-nodeny  /usr/include
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.hashcat
+noblacklist /usr/include
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hasher-common.profile b/etc/profile-a-l/hasher-common.profile
index 1c2a44e06fc..44584f26b3f 100644
--- a/etc/profile-a-l/hasher-common.profile
+++ b/etc/profile-a-l/hasher-common.profile
@@ -4,7 +4,7 @@ include hasher-common.local
 
 # common profile for hasher/checksum tools
 
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 
 # Comment/uncomment the relevant include file(s) in your hasher-common.local
 # to (un)restrict file access for **all** hashers. Another option is to do this **per hasher**
diff --git a/etc/profile-a-l/hedgewars.profile b/etc/profile-a-l/hedgewars.profile
index 90833af91f0..c0675d8ecd3 100644
--- a/etc/profile-a-l/hedgewars.profile
+++ b/etc/profile-a-l/hedgewars.profile
@@ -6,7 +6,7 @@ include hedgewars.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.hedgewars
+noblacklist ${HOME}/.hedgewars
 
 include allow-lua.inc
 
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.hedgewars
-allow  ${HOME}/.hedgewars
+whitelist ${HOME}/.hedgewars
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/hexchat.profile b/etc/profile-a-l/hexchat.profile
index 993efb5911c..b887de1474f 100644
--- a/etc/profile-a-l/hexchat.profile
+++ b/etc/profile-a-l/hexchat.profile
@@ -6,7 +6,7 @@ include hexchat.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/hexchat
+noblacklist ${HOME}/.config/hexchat
 
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -28,7 +28,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/hexchat
-allow  ${HOME}/.config/hexchat
+whitelist ${HOME}/.config/hexchat
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/highlight.profile b/etc/profile-a-l/highlight.profile
index 53db642dccf..643736ac7f5 100644
--- a/etc/profile-a-l/highlight.profile
+++ b/etc/profile-a-l/highlight.profile
@@ -6,7 +6,7 @@ include highlight.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/homebank.profile b/etc/profile-a-l/homebank.profile
index ef259cc00ec..199b1a5e55a 100644
--- a/etc/profile-a-l/homebank.profile
+++ b/etc/profile-a-l/homebank.profile
@@ -6,7 +6,7 @@ include homebank.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/homebank
+noblacklist ${HOME}/.config/homebank
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/homebank
-allow  ${DOWNLOADS}
-allow  ${HOME}/.config/homebank
-allow  /usr/share/homebank
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.config/homebank
+whitelist /usr/share/homebank
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/host.profile b/etc/profile-a-l/host.profile
index 63e1be259b4..00d9f7a768b 100644
--- a/etc/profile-a-l/host.profile
+++ b/etc/profile-a-l/host.profile
@@ -7,8 +7,8 @@ include host.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}
-nodeny  ${PATH}/host
+blacklist ${RUNUSER}
+noblacklist ${PATH}/host
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hugin.profile b/etc/profile-a-l/hugin.profile
index db5cd29ccec..267712c87dc 100644
--- a/etc/profile-a-l/hugin.profile
+++ b/etc/profile-a-l/hugin.profile
@@ -6,9 +6,9 @@ include hugin.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.hugin
-nodeny  ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.hugin
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hyperrogue.profile b/etc/profile-a-l/hyperrogue.profile
index 1fb33ceb8d2..e66ffd7e14e 100644
--- a/etc/profile-a-l/hyperrogue.profile
+++ b/etc/profile-a-l/hyperrogue.profile
@@ -6,7 +6,7 @@ include hyperrogue.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/hyperrogue.ini
+noblacklist ${HOME}/hyperrogue.ini
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/hyperrogue.ini
-allow  ${HOME}/hyperrogue.ini
-allow  /usr/share/hyperrogue
+whitelist ${HOME}/hyperrogue.ini
+whitelist /usr/share/hyperrogue
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/i2prouter.profile b/etc/profile-a-l/i2prouter.profile
index c8a2e8a04e9..47c98417572 100644
--- a/etc/profile-a-l/i2prouter.profile
+++ b/etc/profile-a-l/i2prouter.profile
@@ -14,12 +14,12 @@ include globals.local
 # Only needed when i2prouter binary resides in home directory (official I2P java installer does so).
 ignore noexec ${HOME}
 
-nodeny  ${HOME}/.config/i2p
-nodeny  ${HOME}/.i2p
-nodeny  ${HOME}/.local/share/i2p
-nodeny  ${HOME}/i2p
+noblacklist ${HOME}/.config/i2p
+noblacklist ${HOME}/.i2p
+noblacklist ${HOME}/.local/share/i2p
+noblacklist ${HOME}/i2p
 # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so).
-nodeny  /usr/sbin
+noblacklist /usr/sbin
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -36,12 +36,12 @@ mkdir ${HOME}/.config/i2p
 mkdir ${HOME}/.i2p
 mkdir ${HOME}/.local/share/i2p
 mkdir ${HOME}/i2p
-allow  ${HOME}/.config/i2p
-allow  ${HOME}/.i2p
-allow  ${HOME}/.local/share/i2p
-allow  ${HOME}/i2p
+whitelist ${HOME}/.config/i2p
+whitelist ${HOME}/.i2p
+whitelist ${HOME}/.local/share/i2p
+whitelist ${HOME}/i2p
 # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so).
-allow  /usr/sbin/wrapper*
+whitelist /usr/sbin/wrapper*
 
 include whitelist-common.inc
 
diff --git a/etc/profile-a-l/i3.profile b/etc/profile-a-l/i3.profile
index 95ddad221ed..e96b1843c85 100644
--- a/etc/profile-a-l/i3.profile
+++ b/etc/profile-a-l/i3.profile
@@ -7,7 +7,7 @@ include i3.local
 include globals.local
 
 # all applications started in i3 will run in this profile
-nodeny  ${HOME}/.config/i3
+noblacklist ${HOME}/.config/i3
 include disable-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/icecat.profile b/etc/profile-a-l/icecat.profile
index 0de2f658b3e..660343a290b 100644
--- a/etc/profile-a-l/icecat.profile
+++ b/etc/profile-a-l/icecat.profile
@@ -5,13 +5,13 @@ include icecat.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/mozilla
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.mozilla
 
 mkdir ${HOME}/.cache/mozilla/icecat
 mkdir ${HOME}/.mozilla
-allow  ${HOME}/.cache/mozilla/icecat
-allow  ${HOME}/.mozilla
+whitelist ${HOME}/.cache/mozilla/icecat
+whitelist ${HOME}/.mozilla
 
 # private-etc must first be enabled in firefox-common.profile
 #private-etc icecat
diff --git a/etc/profile-a-l/icedove.profile b/etc/profile-a-l/icedove.profile
index 0c22d87d02a..19690cd5ae3 100644
--- a/etc/profile-a-l/icedove.profile
+++ b/etc/profile-a-l/icedove.profile
@@ -9,16 +9,16 @@ include icedove.local
 # Users have icedove set to open a browser by clicking a link in an email
 # We are not allowed to blacklist browser-specific directories
 
-nodeny  ${HOME}/.cache/icedove
-nodeny  ${HOME}/.gnupg
-nodeny  ${HOME}/.icedove
+noblacklist ${HOME}/.cache/icedove
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.icedove
 
 mkdir ${HOME}/.cache/icedove
 mkdir ${HOME}/.gnupg
 mkdir ${HOME}/.icedove
-allow  ${HOME}/.cache/icedove
-allow  ${HOME}/.gnupg
-allow  ${HOME}/.icedove
+whitelist ${HOME}/.cache/icedove
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.icedove
 include whitelist-common.inc
 
 ignore private-tmp
diff --git a/etc/profile-a-l/idea.sh.profile b/etc/profile-a-l/idea.sh.profile
index 180b62ec274..680b8e77701 100644
--- a/etc/profile-a-l/idea.sh.profile
+++ b/etc/profile-a-l/idea.sh.profile
@@ -5,12 +5,12 @@ include idea.sh.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.IdeaIC*
-nodeny  ${HOME}/.android
-nodeny  ${HOME}/.jack-server
-nodeny  ${HOME}/.jack-settings
-nodeny  ${HOME}/.local/share/JetBrains
-nodeny  ${HOME}/.tooling
+noblacklist ${HOME}/.IdeaIC*
+noblacklist ${HOME}/.android
+noblacklist ${HOME}/.jack-server
+noblacklist ${HOME}/.jack-settings
+noblacklist ${HOME}/.local/share/JetBrains
+noblacklist ${HOME}/.tooling
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/imagej.profile b/etc/profile-a-l/imagej.profile
index 5d28e7aca19..12ce7976b96 100644
--- a/etc/profile-a-l/imagej.profile
+++ b/etc/profile-a-l/imagej.profile
@@ -6,7 +6,7 @@ include imagej.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.imagej
+noblacklist ${HOME}/.imagej
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/img2txt.profile b/etc/profile-a-l/img2txt.profile
index 70d56a7dceb..c26958d0648 100644
--- a/etc/profile-a-l/img2txt.profile
+++ b/etc/profile-a-l/img2txt.profile
@@ -5,10 +5,10 @@ include img2txt.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  /usr/share/imlib2
+whitelist /usr/share/imlib2
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/impressive.profile b/etc/profile-a-l/impressive.profile
index 4914cd9d0f2..c152be01cfa 100644
--- a/etc/profile-a-l/impressive.profile
+++ b/etc/profile-a-l/impressive.profile
@@ -6,9 +6,9 @@ include impressive.local
 # Persistent global definitions
 #include globals.local
 
-nodeny  ${DOCUMENTS}
-nodeny  /sbin
-nodeny  /usr/sbin
+noblacklist ${DOCUMENTS}
+noblacklist /sbin
+noblacklist /usr/sbin
 
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -23,8 +23,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.cache/mesa_shader_cache
-allow  /usr/share/opengl-games-utils
-allow  /usr/share/zenity
+whitelist /usr/share/opengl-games-utils
+whitelist /usr/share/zenity
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/inkscape.profile b/etc/profile-a-l/inkscape.profile
index 1a949b3004c..35dd86b32ad 100644
--- a/etc/profile-a-l/inkscape.profile
+++ b/etc/profile-a-l/inkscape.profile
@@ -6,14 +6,14 @@ include inkscape.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/inkscape
-nodeny  ${HOME}/.config/inkscape
-nodeny  ${HOME}/.inkscape
-nodeny  ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.cache/inkscape
+noblacklist ${HOME}/.config/inkscape
+noblacklist ${HOME}/.inkscape
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 # Allow exporting .xcf files
-nodeny  ${HOME}/.config/GIMP
-nodeny  ${HOME}/.gimp*
+noblacklist ${HOME}/.config/GIMP
+noblacklist ${HOME}/.gimp*
 
 
 # Allow python (blacklisted by disable-interpreters.inc)
@@ -28,7 +28,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  /usr/share/inkscape
+whitelist /usr/share/inkscape
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/inox.profile b/etc/profile-a-l/inox.profile
index 1591ed7ea7a..a5cac12f24f 100644
--- a/etc/profile-a-l/inox.profile
+++ b/etc/profile-a-l/inox.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-nodeny  ${HOME}/.cache/inox
-nodeny  ${HOME}/.config/inox
+noblacklist ${HOME}/.cache/inox
+noblacklist ${HOME}/.config/inox
 
 mkdir ${HOME}/.cache/inox
 mkdir ${HOME}/.config/inox
-allow  ${HOME}/.cache/inox
-allow  ${HOME}/.config/inox
+whitelist ${HOME}/.cache/inox
+whitelist ${HOME}/.config/inox
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/iridium.profile b/etc/profile-a-l/iridium.profile
index f361fd66316..3037d00e98a 100644
--- a/etc/profile-a-l/iridium.profile
+++ b/etc/profile-a-l/iridium.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-nodeny  ${HOME}/.cache/iridium
-nodeny  ${HOME}/.config/iridium
+noblacklist ${HOME}/.cache/iridium
+noblacklist ${HOME}/.config/iridium
 
 mkdir ${HOME}/.cache/iridium
 mkdir ${HOME}/.config/iridium
-allow  ${HOME}/.cache/iridium
-allow  ${HOME}/.config/iridium
+whitelist ${HOME}/.cache/iridium
+whitelist ${HOME}/.config/iridium
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/itch.profile b/etc/profile-a-l/itch.profile
index fa0bcf9864a..e02dcbdb157 100644
--- a/etc/profile-a-l/itch.profile
+++ b/etc/profile-a-l/itch.profile
@@ -8,8 +8,8 @@ include globals.local
 # itch.io has native firejail/sandboxing support bundled in
 # See https://itch.io/docs/itch/using/sandbox/linux.html
 
-nodeny  ${HOME}/.itch
-nodeny  ${HOME}/.config/itch
+noblacklist ${HOME}/.itch
+noblacklist ${HOME}/.config/itch
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.itch
 mkdir ${HOME}/.config/itch
-allow  ${HOME}/.itch
-allow  ${HOME}/.config/itch
+whitelist ${HOME}/.itch
+whitelist ${HOME}/.config/itch
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/jami-gnome.profile b/etc/profile-a-l/jami-gnome.profile
index e4be574df13..3e9abf36983 100644
--- a/etc/profile-a-l/jami-gnome.profile
+++ b/etc/profile-a-l/jami-gnome.profile
@@ -6,8 +6,8 @@ include jami-gnome.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/jami
-nodeny  ${HOME}/.local/share/jami
+noblacklist ${HOME}/.config/jami
+noblacklist ${HOME}/.local/share/jami
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.config/jami
 mkdir ${HOME}/.local/share/jami
-allow  ${HOME}/.config/jami
-allow  ${HOME}/.local/share/jami
+whitelist ${HOME}/.config/jami
+whitelist ${HOME}/.local/share/jami
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/jd-gui.profile b/etc/profile-a-l/jd-gui.profile
index bfea84c69a5..7d29f10680e 100644
--- a/etc/profile-a-l/jd-gui.profile
+++ b/etc/profile-a-l/jd-gui.profile
@@ -5,7 +5,7 @@ include jd-gui.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/jd-gui.cfg
+noblacklist ${HOME}/.config/jd-gui.cfg
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/jerry.profile b/etc/profile-a-l/jerry.profile
index c4102761805..85b1f2120b1 100644
--- a/etc/profile-a-l/jerry.profile
+++ b/etc/profile-a-l/jerry.profile
@@ -6,7 +6,7 @@ include jerry.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/dkl
+noblacklist ${HOME}/.config/dkl
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/jitsi-meet-desktop.profile b/etc/profile-a-l/jitsi-meet-desktop.profile
index 9ca30c36d6f..edb7ed84038 100644
--- a/etc/profile-a-l/jitsi-meet-desktop.profile
+++ b/etc/profile-a-l/jitsi-meet-desktop.profile
@@ -13,12 +13,12 @@ ignore shell none
 
 ignore noexec /tmp
 
-nodeny  ${HOME}/.config/Jitsi Meet
+noblacklist ${HOME}/.config/Jitsi Meet
 
-noallow  ${DOWNLOADS}
+nowhitelist ${DOWNLOADS}
 
 mkdir ${HOME}/.config/Jitsi Meet
-allow  ${HOME}/.config/Jitsi Meet
+whitelist ${HOME}/.config/Jitsi Meet
 
 private-bin bash,electron,electron[0-9],electron[0-9][0-9],jitsi-meet-desktop,sh
 private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg
diff --git a/etc/profile-a-l/jitsi.profile b/etc/profile-a-l/jitsi.profile
index f53e6ca3283..223c360b8cc 100644
--- a/etc/profile-a-l/jitsi.profile
+++ b/etc/profile-a-l/jitsi.profile
@@ -5,7 +5,7 @@ include jitsi.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.jitsi
+noblacklist ${HOME}/.jitsi
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/jumpnbump.profile b/etc/profile-a-l/jumpnbump.profile
index c0a78ecc095..9954b8aea42 100644
--- a/etc/profile-a-l/jumpnbump.profile
+++ b/etc/profile-a-l/jumpnbump.profile
@@ -6,7 +6,7 @@ include jumpnbump.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.jumpnbump
+noblacklist ${HOME}/.jumpnbump
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.jumpnbump
-allow  ${HOME}/.jumpnbump
-allow  /usr/share/jumpnbump
+whitelist ${HOME}/.jumpnbump
+whitelist /usr/share/jumpnbump
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/k3b.profile b/etc/profile-a-l/k3b.profile
index 73ce8670f29..5ae90dff691 100644
--- a/etc/profile-a-l/k3b.profile
+++ b/etc/profile-a-l/k3b.profile
@@ -6,11 +6,11 @@ include k3b.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/k3brc
-nodeny  ${HOME}/.kde/share/config/k3brc
-nodeny  ${HOME}/.kde4/share/config/k3brc
-nodeny  ${HOME}/.local/share/kxmlgui5/k3b
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.config/k3brc
+noblacklist ${HOME}/.kde/share/config/k3brc
+noblacklist ${HOME}/.kde4/share/config/k3brc
+noblacklist ${HOME}/.local/share/kxmlgui5/k3b
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kaffeine.profile b/etc/profile-a-l/kaffeine.profile
index e6a00e35010..d55fd22cb15 100644
--- a/etc/profile-a-l/kaffeine.profile
+++ b/etc/profile-a-l/kaffeine.profile
@@ -6,14 +6,14 @@ include kaffeine.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/kaffeinerc
-nodeny  ${HOME}/.kde/share/apps/kaffeine
-nodeny  ${HOME}/.kde/share/config/kaffeinerc
-nodeny  ${HOME}/.kde4/share/apps/kaffeine
-nodeny  ${HOME}/.kde4/share/config/kaffeinerc
-nodeny  ${HOME}/.local/share/kaffeine
-nodeny  ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${HOME}/.config/kaffeinerc
+noblacklist ${HOME}/.kde/share/apps/kaffeine
+noblacklist ${HOME}/.kde/share/config/kaffeinerc
+noblacklist ${HOME}/.kde4/share/apps/kaffeine
+noblacklist ${HOME}/.kde4/share/config/kaffeinerc
+noblacklist ${HOME}/.local/share/kaffeine
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kalgebra.profile b/etc/profile-a-l/kalgebra.profile
index 98b04353e66..503dac4b6b9 100644
--- a/etc/profile-a-l/kalgebra.profile
+++ b/etc/profile-a-l/kalgebra.profile
@@ -6,8 +6,8 @@ include kalgebra.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/kalgebrarc
-nodeny  ${HOME}/.local/share/kalgebra
+noblacklist ${HOME}/.config/kalgebrarc
+noblacklist ${HOME}/.local/share/kalgebra
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  /usr/share/kalgebramobile
+whitelist /usr/share/kalgebramobile
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/karbon.profile b/etc/profile-a-l/karbon.profile
index db53945503c..231299a2f2c 100644
--- a/etc/profile-a-l/karbon.profile
+++ b/etc/profile-a-l/karbon.profile
@@ -6,7 +6,7 @@ include karbon.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.local/share/kxmlgui5/karbon
+noblacklist ${HOME}/.local/share/kxmlgui5/karbon
 
 # Redirect
 include krita.profile
diff --git a/etc/profile-a-l/kate.profile b/etc/profile-a-l/kate.profile
index d2b18049217..27b87e7c376 100644
--- a/etc/profile-a-l/kate.profile
+++ b/etc/profile-a-l/kate.profile
@@ -8,20 +8,20 @@ include globals.local
 
 ignore noexec ${HOME}
 
-nodeny  ${HOME}/.config/katemetainfos
-nodeny  ${HOME}/.config/katepartrc
-nodeny  ${HOME}/.config/katerc
-nodeny  ${HOME}/.config/kateschemarc
-nodeny  ${HOME}/.config/katesyntaxhighlightingrc
-nodeny  ${HOME}/.config/katevirc
-nodeny  ${HOME}/.local/share/kate
-nodeny  ${HOME}/.local/share/kxmlgui5/kate
-nodeny  ${HOME}/.local/share/kxmlgui5/katefiletree
-nodeny  ${HOME}/.local/share/kxmlgui5/katekonsole
-nodeny  ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin
-nodeny  ${HOME}/.local/share/kxmlgui5/katepart
-nodeny  ${HOME}/.local/share/kxmlgui5/kateproject
-nodeny  ${HOME}/.local/share/kxmlgui5/katesearch
+noblacklist ${HOME}/.config/katemetainfos
+noblacklist ${HOME}/.config/katepartrc
+noblacklist ${HOME}/.config/katerc
+noblacklist ${HOME}/.config/kateschemarc
+noblacklist ${HOME}/.config/katesyntaxhighlightingrc
+noblacklist ${HOME}/.config/katevirc
+noblacklist ${HOME}/.local/share/kate
+noblacklist ${HOME}/.local/share/kxmlgui5/kate
+noblacklist ${HOME}/.local/share/kxmlgui5/katefiletree
+noblacklist ${HOME}/.local/share/kxmlgui5/katekonsole
+noblacklist ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin
+noblacklist ${HOME}/.local/share/kxmlgui5/katepart
+noblacklist ${HOME}/.local/share/kxmlgui5/kateproject
+noblacklist ${HOME}/.local/share/kxmlgui5/katesearch
 
 include disable-common.inc
 # include disable-devel.inc
diff --git a/etc/profile-a-l/kazam.profile b/etc/profile-a-l/kazam.profile
index a4e2e64f449..9795cf1683e 100644
--- a/etc/profile-a-l/kazam.profile
+++ b/etc/profile-a-l/kazam.profile
@@ -8,9 +8,9 @@ include globals.local
 
 ignore noexec ${HOME}
 
-nodeny  ${PICTURES}
-nodeny  ${VIDEOS}
-nodeny  ${HOME}/.config/kazam
+noblacklist ${PICTURES}
+noblacklist ${VIDEOS}
+noblacklist ${HOME}/.config/kazam
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -25,7 +25,7 @@ include disable-passwdmgr.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/kazam
+whitelist /usr/share/kazam
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/kcalc.profile b/etc/profile-a-l/kcalc.profile
index fcb168d4db3..e36ee5ed2b8 100644
--- a/etc/profile-a-l/kcalc.profile
+++ b/etc/profile-a-l/kcalc.profile
@@ -6,7 +6,7 @@ include kcalc.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/kxmlgui5/kcalc
+noblacklist ${HOME}/.local/share/kxmlgui5/kcalc
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,13 +21,13 @@ mkdir ${HOME}/.local/share/kxmlgui5/kcalc
 mkfile ${HOME}/.config/kcalcrc
 mkfile ${HOME}/.kde/share/config/kcalcrc
 mkfile ${HOME}/.kde4/share/config/kcalcrc
-allow  ${HOME}/.config/kcalcrc
-allow  ${HOME}/.kde/share/config/kcalcrc
-allow  ${HOME}/.kde4/share/config/kcalcrc
-allow  ${HOME}/.local/share/kxmlgui5/kcalc
-allow  /usr/share/config.kcfg/kcalc.kcfg
-allow  /usr/share/kcalc
-allow  /usr/share/kconf_update/kcalcrc.upd
+whitelist ${HOME}/.config/kcalcrc
+whitelist ${HOME}/.kde/share/config/kcalcrc
+whitelist ${HOME}/.kde4/share/config/kcalcrc
+whitelist ${HOME}/.local/share/kxmlgui5/kcalc
+whitelist /usr/share/config.kcfg/kcalc.kcfg
+whitelist /usr/share/kcalc
+whitelist /usr/share/kconf_update/kcalcrc.upd
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/kdenlive.profile b/etc/profile-a-l/kdenlive.profile
index 4acafbf2a60..d2a08a2698f 100644
--- a/etc/profile-a-l/kdenlive.profile
+++ b/etc/profile-a-l/kdenlive.profile
@@ -8,10 +8,10 @@ include globals.local
 
 ignore noexec ${HOME}
 
-nodeny  ${HOME}/.cache/kdenlive
-nodeny  ${HOME}/.config/kdenliverc
-nodeny  ${HOME}/.local/share/kdenlive
-nodeny  ${HOME}/.local/share/kxmlgui5/kdenlive
+noblacklist ${HOME}/.cache/kdenlive
+noblacklist ${HOME}/.config/kdenliverc
+noblacklist ${HOME}/.local/share/kdenlive
+noblacklist ${HOME}/.local/share/kxmlgui5/kdenlive
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kdiff3.profile b/etc/profile-a-l/kdiff3.profile
index 0c37f796817..7c1cb229415 100644
--- a/etc/profile-a-l/kdiff3.profile
+++ b/etc/profile-a-l/kdiff3.profile
@@ -6,14 +6,14 @@ include kdiff3.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/kdiff3fileitemactionrc
-nodeny  ${HOME}/.config/kdiff3rc
+noblacklist ${HOME}/.config/kdiff3fileitemactionrc
+noblacklist ${HOME}/.config/kdiff3rc
 
 # Add the next line to your kdiff3.local if you don't need to compare files in disable-common.inc.
 # By default we deny access only to .ssh and .gnupg.
 #include disable-common.inc
-deny  ${HOME}/.ssh
-deny  ${HOME}/.gnupg
+blacklist ${HOME}/.ssh
+blacklist ${HOME}/.gnupg
 
 include disable-devel.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/keepass.profile b/etc/profile-a-l/keepass.profile
index 9c06962bcbb..ae8971ab41b 100644
--- a/etc/profile-a-l/keepass.profile
+++ b/etc/profile-a-l/keepass.profile
@@ -6,14 +6,14 @@ include keepass.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/*.kdb
-nodeny  ${HOME}/*.kdbx
-nodeny  ${HOME}/.config/KeePass
-nodeny  ${HOME}/.config/keepass
-nodeny  ${HOME}/.keepass
-nodeny  ${HOME}/.local/share/KeePass
-nodeny  ${HOME}/.local/share/keepass
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/*.kdb
+noblacklist ${HOME}/*.kdbx
+noblacklist ${HOME}/.config/KeePass
+noblacklist ${HOME}/.config/keepass
+noblacklist ${HOME}/.keepass
+noblacklist ${HOME}/.local/share/KeePass
+noblacklist ${HOME}/.local/share/keepass
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/keepassx.profile b/etc/profile-a-l/keepassx.profile
index 2772fa8bfa9..ac364986d37 100644
--- a/etc/profile-a-l/keepassx.profile
+++ b/etc/profile-a-l/keepassx.profile
@@ -6,11 +6,11 @@ include keepassx.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/*.kdb
-nodeny  ${HOME}/*.kdbx
-nodeny  ${HOME}/.config/keepassx
-nodeny  ${HOME}/.keepassx
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/*.kdb
+noblacklist ${HOME}/*.kdbx
+noblacklist ${HOME}/.config/keepassx
+noblacklist ${HOME}/.keepassx
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile
index 9c530b20de2..f71dcf82b2b 100644
--- a/etc/profile-a-l/keepassxc.profile
+++ b/etc/profile-a-l/keepassxc.profile
@@ -6,23 +6,23 @@ include keepassxc.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/*.kdb
-nodeny  ${HOME}/*.kdbx
-nodeny  ${HOME}/.cache/keepassxc
-nodeny  ${HOME}/.config/keepassxc
-nodeny  ${HOME}/.config/KeePassXCrc
-nodeny  ${HOME}/.keepassxc
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/*.kdb
+noblacklist ${HOME}/*.kdbx
+noblacklist ${HOME}/.cache/keepassxc
+noblacklist ${HOME}/.config/keepassxc
+noblacklist ${HOME}/.config/KeePassXCrc
+noblacklist ${HOME}/.keepassxc
+noblacklist ${DOCUMENTS}
 
 # Allow browser profiles, required for browser integration.
-nodeny  ${HOME}/.config/BraveSoftware
-nodeny  ${HOME}/.config/chromium
-nodeny  ${HOME}/.config/google-chrome
-nodeny  ${HOME}/.config/vivaldi
-nodeny  ${HOME}/.local/share/torbrowser
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.config/BraveSoftware
+noblacklist ${HOME}/.config/chromium
+noblacklist ${HOME}/.config/google-chrome
+noblacklist ${HOME}/.config/vivaldi
+noblacklist ${HOME}/.local/share/torbrowser
+noblacklist ${HOME}/.mozilla
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -57,7 +57,7 @@ include disable-xdg.inc
 #whitelist ${HOME}/.config/KeePassXCrc
 #include whitelist-common.inc
 
-allow  /usr/share/keepassxc
+whitelist /usr/share/keepassxc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/kget.profile b/etc/profile-a-l/kget.profile
index 30c041cbc8e..2c684504b16 100644
--- a/etc/profile-a-l/kget.profile
+++ b/etc/profile-a-l/kget.profile
@@ -6,13 +6,13 @@ include kget.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/kgetrc
-nodeny  ${HOME}/.kde/share/apps/kget
-nodeny  ${HOME}/.kde/share/config/kgetrc
-nodeny  ${HOME}/.kde4/share/apps/kget
-nodeny  ${HOME}/.kde4/share/config/kgetrc
-nodeny  ${HOME}/.local/share/kget
-nodeny  ${HOME}/.local/share/kxmlgui5/kget
+noblacklist ${HOME}/.config/kgetrc
+noblacklist ${HOME}/.kde/share/apps/kget
+noblacklist ${HOME}/.kde/share/config/kgetrc
+noblacklist ${HOME}/.kde4/share/apps/kget
+noblacklist ${HOME}/.kde4/share/config/kgetrc
+noblacklist ${HOME}/.local/share/kget
+noblacklist ${HOME}/.local/share/kxmlgui5/kget
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kid3-qt.profile b/etc/profile-a-l/kid3-qt.profile
index 84d135fc3af..9bcede07728 100644
--- a/etc/profile-a-l/kid3-qt.profile
+++ b/etc/profile-a-l/kid3-qt.profile
@@ -2,7 +2,7 @@
 # This file is overwritten after every install/update
 include kid3-qt.local
 
-nodeny  ${HOME}/.config/Kid3
+noblacklist ${HOME}/.config/Kid3
 
 # Redirect
 include kid3.profile
diff --git a/etc/profile-a-l/kid3.profile b/etc/profile-a-l/kid3.profile
index 0ef2a784504..e18292e9965 100644
--- a/etc/profile-a-l/kid3.profile
+++ b/etc/profile-a-l/kid3.profile
@@ -6,9 +6,9 @@ include kid3.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${MUSIC}
-nodeny  ${HOME}/.config/kid3rc
-nodeny  ${HOME}/.local/share/kxmlgui5/kid3
+noblacklist ${MUSIC}
+noblacklist ${HOME}/.config/kid3rc
+noblacklist ${HOME}/.local/share/kxmlgui5/kid3
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kino.profile b/etc/profile-a-l/kino.profile
index 833c1d22a45..74014ffe666 100644
--- a/etc/profile-a-l/kino.profile
+++ b/etc/profile-a-l/kino.profile
@@ -6,8 +6,8 @@ include kino.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.kino-history
-nodeny  ${HOME}/.kinorc
+noblacklist ${HOME}/.kino-history
+noblacklist ${HOME}/.kinorc
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kiwix-desktop.profile b/etc/profile-a-l/kiwix-desktop.profile
index b188ba0e318..40ee0bbc7bb 100644
--- a/etc/profile-a-l/kiwix-desktop.profile
+++ b/etc/profile-a-l/kiwix-desktop.profile
@@ -6,8 +6,8 @@ include kiwix-desktop.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/kiwix
-nodeny  ${HOME}/.local/share/kiwix-desktop
+noblacklist ${HOME}/.local/share/kiwix
+noblacklist ${HOME}/.local/share/kiwix-desktop
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/kiwix
 mkdir ${HOME}/.local/share/kiwix-desktop
-allow  ${HOME}/.local/share/kiwix
-allow  ${HOME}/.local/share/kiwix-desktop
+whitelist ${HOME}/.local/share/kiwix
+whitelist ${HOME}/.local/share/kiwix-desktop
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/klatexformula.profile b/etc/profile-a-l/klatexformula.profile
index e087e497301..c6a9023f150 100644
--- a/etc/profile-a-l/klatexformula.profile
+++ b/etc/profile-a-l/klatexformula.profile
@@ -6,8 +6,8 @@ include klatexformula.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.kde/share/apps/klatexformula
-nodeny  ${HOME}/.klatexformula
+noblacklist ${HOME}/.kde/share/apps/klatexformula
+noblacklist ${HOME}/.klatexformula
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/klavaro.profile b/etc/profile-a-l/klavaro.profile
index ec39124193a..f5cd3a48c53 100644
--- a/etc/profile-a-l/klavaro.profile
+++ b/etc/profile-a-l/klavaro.profile
@@ -6,8 +6,8 @@ include klavaro.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/klavaro
-nodeny  ${HOME}/.local/share/klavaro
+noblacklist ${HOME}/.config/klavaro
+noblacklist ${HOME}/.local/share/klavaro
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/klavaro
 mkdir ${HOME}/.config/klavaro
-allow  ${HOME}/.local/share/klavaro
-allow  ${HOME}/.config/klavaro
+whitelist ${HOME}/.local/share/klavaro
+whitelist ${HOME}/.config/klavaro
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile
index 3c582c08cae..95ae98e5318 100644
--- a/etc/profile-a-l/kmail.profile
+++ b/etc/profile-a-l/kmail.profile
@@ -9,27 +9,27 @@ include globals.local
 # kmail has problems launching akonadi in debian and ubuntu.
 # one solution is to have akonadi already running when kmail is started
 
-nodeny  ${HOME}/.cache/akonadi*
-nodeny  ${HOME}/.cache/kmail2
-nodeny  ${HOME}/.config/akonadi*
-nodeny  ${HOME}/.config/baloorc
-nodeny  ${HOME}/.config/emaildefaults
-nodeny  ${HOME}/.config/emailidentities
-nodeny  ${HOME}/.config/kmail2rc
-nodeny  ${HOME}/.config/kmailsearchindexingrc
-nodeny  ${HOME}/.config/mailtransports
-nodeny  ${HOME}/.config/specialmailcollectionsrc
-nodeny  ${HOME}/.gnupg
-nodeny  ${HOME}/.local/share/akonadi*
-nodeny  ${HOME}/.local/share/apps/korganizer
-nodeny  ${HOME}/.local/share/contacts
-nodeny  ${HOME}/.local/share/emailidentities
-nodeny  ${HOME}/.local/share/kmail2
-nodeny  ${HOME}/.local/share/kxmlgui5/kmail
-nodeny  ${HOME}/.local/share/kxmlgui5/kmail2
-nodeny  ${HOME}/.local/share/local-mail
-nodeny  ${HOME}/.local/share/notes
-nodeny  /tmp/akonadi-*
+noblacklist ${HOME}/.cache/akonadi*
+noblacklist ${HOME}/.cache/kmail2
+noblacklist ${HOME}/.config/akonadi*
+noblacklist ${HOME}/.config/baloorc
+noblacklist ${HOME}/.config/emaildefaults
+noblacklist ${HOME}/.config/emailidentities
+noblacklist ${HOME}/.config/kmail2rc
+noblacklist ${HOME}/.config/kmailsearchindexingrc
+noblacklist ${HOME}/.config/mailtransports
+noblacklist ${HOME}/.config/specialmailcollectionsrc
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.local/share/akonadi*
+noblacklist ${HOME}/.local/share/apps/korganizer
+noblacklist ${HOME}/.local/share/contacts
+noblacklist ${HOME}/.local/share/emailidentities
+noblacklist ${HOME}/.local/share/kmail2
+noblacklist ${HOME}/.local/share/kxmlgui5/kmail
+noblacklist ${HOME}/.local/share/kxmlgui5/kmail2
+noblacklist ${HOME}/.local/share/local-mail
+noblacklist ${HOME}/.local/share/notes
+noblacklist /tmp/akonadi-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kmplayer.profile b/etc/profile-a-l/kmplayer.profile
index d2ce14ab620..e88b534997c 100644
--- a/etc/profile-a-l/kmplayer.profile
+++ b/etc/profile-a-l/kmplayer.profile
@@ -6,11 +6,11 @@ include kmplayer.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/kmplayerrc
-nodeny  ${HOME}/.kde/share/config/kmplayerrc
-nodeny  ${HOME}/.local/share/kmplayer
-nodeny  ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${HOME}/.config/kmplayerrc
+noblacklist ${HOME}/.kde/share/config/kmplayerrc
+noblacklist ${HOME}/.local/share/kmplayer
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/knotes.profile b/etc/profile-a-l/knotes.profile
index 5a9ac34dac6..f155d0ad600 100644
--- a/etc/profile-a-l/knotes.profile
+++ b/etc/profile-a-l/knotes.profile
@@ -10,9 +10,9 @@ include knotes.local
 # knotes has problems launching akonadi in debian and ubuntu.
 # one solution is to have akonadi already running when knotes is started
 
-nodeny  ${HOME}/.config/knotesrc
-nodeny  ${HOME}/.local/share/knotes
-nodeny  ${HOME}/.local/share/kxmlgui5/knotes
+noblacklist ${HOME}/.config/knotesrc
+noblacklist ${HOME}/.local/share/knotes
+noblacklist ${HOME}/.local/share/kxmlgui5/knotes
 
 # Redirect
 include kmail.profile
diff --git a/etc/profile-a-l/kodi.profile b/etc/profile-a-l/kodi.profile
index 2725c87bea8..b7091f1fc1c 100644
--- a/etc/profile-a-l/kodi.profile
+++ b/etc/profile-a-l/kodi.profile
@@ -13,10 +13,10 @@ ignore noexec ${HOME}
 #ignore noroot
 #ignore private-dev
 
-nodeny  ${HOME}/.kodi
-nodeny  ${MUSIC}
-nodeny  ${PICTURES}
-nodeny  ${VIDEOS}
+noblacklist ${HOME}/.kodi
+noblacklist ${MUSIC}
+noblacklist ${PICTURES}
+noblacklist ${VIDEOS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/konversation.profile b/etc/profile-a-l/konversation.profile
index d8ce3383832..5b5ed6e24e1 100644
--- a/etc/profile-a-l/konversation.profile
+++ b/etc/profile-a-l/konversation.profile
@@ -6,11 +6,11 @@ include konversation.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/konversationrc
-nodeny  ${HOME}/.config/konversation.notifyrc
-nodeny  ${HOME}/.kde/share/config/konversationrc
-nodeny  ${HOME}/.kde4/share/config/konversationrc
-nodeny  ${HOME}/.local/share/kxmlgui5/konversation
+noblacklist ${HOME}/.config/konversationrc
+noblacklist ${HOME}/.config/konversation.notifyrc
+noblacklist ${HOME}/.kde/share/config/konversationrc
+noblacklist ${HOME}/.kde4/share/config/konversationrc
+noblacklist ${HOME}/.local/share/kxmlgui5/konversation
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kopete.profile b/etc/profile-a-l/kopete.profile
index 749591f323b..88f47d1bfb9 100644
--- a/etc/profile-a-l/kopete.profile
+++ b/etc/profile-a-l/kopete.profile
@@ -6,11 +6,11 @@ include kopete.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.kde/share/apps/kopete
-nodeny  ${HOME}/.kde/share/config/kopeterc
-nodeny  ${HOME}/.kde4/share/apps/kopete
-nodeny  ${HOME}/.kde4/share/config/kopeterc
-nodeny  ${HOME}/.local/share/kxmlgui5/kopete
+noblacklist ${HOME}/.kde/share/apps/kopete
+noblacklist ${HOME}/.kde/share/config/kopeterc
+noblacklist ${HOME}/.kde4/share/apps/kopete
+noblacklist ${HOME}/.kde4/share/config/kopeterc
+noblacklist ${HOME}/.local/share/kxmlgui5/kopete
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-allow  /var/lib/winpopup
+whitelist /var/lib/winpopup
 include whitelist-var-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/krita.profile b/etc/profile-a-l/krita.profile
index 950341def31..8604e63d069 100644
--- a/etc/profile-a-l/krita.profile
+++ b/etc/profile-a-l/krita.profile
@@ -9,10 +9,10 @@ include globals.local
 # noexec ${HOME} may break krita, see issue #1953
 ignore noexec ${HOME}
 
-nodeny  ${HOME}/.config/kritarc
-nodeny  ${HOME}/.local/share/krita
-nodeny  ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.config/kritarc
+noblacklist ${HOME}/.local/share/krita
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/krunner.profile b/etc/profile-a-l/krunner.profile
index 7b325d273c9..9cb5eff877a 100644
--- a/etc/profile-a-l/krunner.profile
+++ b/etc/profile-a-l/krunner.profile
@@ -13,9 +13,9 @@ include globals.local
 # noblacklist ${HOME}/.cache/krunner
 # noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite*
 # noblacklist ${HOME}/.config/chromium
-nodeny  ${HOME}/.config/krunnerrc
-nodeny  ${HOME}/.kde/share/config/krunnerrc
-nodeny  ${HOME}/.kde4/share/config/krunnerrc
+noblacklist ${HOME}/.config/krunnerrc
+noblacklist ${HOME}/.kde/share/config/krunnerrc
+noblacklist ${HOME}/.kde4/share/config/krunnerrc
 # noblacklist ${HOME}/.local/share/baloo
 # noblacklist ${HOME}/.mozilla
 
diff --git a/etc/profile-a-l/ktorrent.profile b/etc/profile-a-l/ktorrent.profile
index ac9fee58560..5a85194e0d7 100644
--- a/etc/profile-a-l/ktorrent.profile
+++ b/etc/profile-a-l/ktorrent.profile
@@ -6,13 +6,13 @@ include ktorrent.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/ktorrentrc
-nodeny  ${HOME}/.kde/share/apps/ktorrent
-nodeny  ${HOME}/.kde/share/config/ktorrentrc
-nodeny  ${HOME}/.kde4/share/apps/ktorrent
-nodeny  ${HOME}/.kde4/share/config/ktorrentrc
-nodeny  ${HOME}/.local/share/ktorrent
-nodeny  ${HOME}/.local/share/kxmlgui5/ktorrent
+noblacklist ${HOME}/.config/ktorrentrc
+noblacklist ${HOME}/.kde/share/apps/ktorrent
+noblacklist ${HOME}/.kde/share/config/ktorrentrc
+noblacklist ${HOME}/.kde4/share/apps/ktorrent
+noblacklist ${HOME}/.kde4/share/config/ktorrentrc
+noblacklist ${HOME}/.local/share/ktorrent
+noblacklist ${HOME}/.local/share/kxmlgui5/ktorrent
 
 include disable-common.inc
 include disable-devel.inc
@@ -29,14 +29,14 @@ mkdir ${HOME}/.local/share/kxmlgui5/ktorrent
 mkfile ${HOME}/.config/ktorrentrc
 mkfile ${HOME}/.kde/share/config/ktorrentrc
 mkfile ${HOME}/.kde4/share/config/ktorrentrc
-allow  ${DOWNLOADS}
-allow  ${HOME}/.config/ktorrentrc
-allow  ${HOME}/.kde/share/apps/ktorrent
-allow  ${HOME}/.kde/share/config/ktorrentrc
-allow  ${HOME}/.kde4/share/apps/ktorrent
-allow  ${HOME}/.kde4/share/config/ktorrentrc
-allow  ${HOME}/.local/share/ktorrent
-allow  ${HOME}/.local/share/kxmlgui5/ktorrent
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.config/ktorrentrc
+whitelist ${HOME}/.kde/share/apps/ktorrent
+whitelist ${HOME}/.kde/share/config/ktorrentrc
+whitelist ${HOME}/.kde4/share/apps/ktorrent
+whitelist ${HOME}/.kde4/share/config/ktorrentrc
+whitelist ${HOME}/.local/share/ktorrent
+whitelist ${HOME}/.local/share/kxmlgui5/ktorrent
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/ktouch.profile b/etc/profile-a-l/ktouch.profile
index 71f8e497735..4cf72b74c5e 100644
--- a/etc/profile-a-l/ktouch.profile
+++ b/etc/profile-a-l/ktouch.profile
@@ -6,8 +6,8 @@ include ktouch.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/ktouch2rc
-nodeny  ${HOME}/.local/share/ktouch
+noblacklist ${HOME}/.config/ktouch2rc
+noblacklist ${HOME}/.local/share/ktouch
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,8 +20,8 @@ include disable-xdg.inc
 
 mkfile ${HOME}/.config/ktouch2rc
 mkdir ${HOME}/.local/share/ktouch
-allow  ${HOME}/.config/ktouch2rc
-allow  ${HOME}/.local/share/ktouch
+whitelist ${HOME}/.config/ktouch2rc
+whitelist ${HOME}/.local/share/ktouch
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile
index 74ffd11628d..4e9a12e5fd3 100644
--- a/etc/profile-a-l/kube.profile
+++ b/etc/profile-a-l/kube.profile
@@ -6,13 +6,13 @@ include kube.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.gnupg
-nodeny  ${HOME}/.mozilla
-nodeny  ${HOME}/.cache/kube
-nodeny  ${HOME}/.config/kube
-nodeny  ${HOME}/.config/sink
-nodeny  ${HOME}/.local/share/kube
-nodeny  ${HOME}/.local/share/sink
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.mozilla
+noblacklist ${HOME}/.cache/kube
+noblacklist ${HOME}/.config/kube
+noblacklist ${HOME}/.config/sink
+noblacklist ${HOME}/.local/share/kube
+noblacklist ${HOME}/.local/share/sink
 
 include disable-common.inc
 include disable-devel.inc
@@ -29,17 +29,17 @@ mkdir ${HOME}/.config/kube
 mkdir ${HOME}/.config/sink
 mkdir ${HOME}/.local/share/kube
 mkdir ${HOME}/.local/share/sink
-allow  ${HOME}/.gnupg
-allow  ${HOME}/.mozilla/firefox/profiles.ini
-allow  ${HOME}/.cache/kube
-allow  ${HOME}/.config/kube
-allow  ${HOME}/.config/sink
-allow  ${HOME}/.local/share/kube
-allow  ${HOME}/.local/share/sink
-allow  ${RUNUSER}/gnupg
-allow  /usr/share/kube
-allow  /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
+whitelist ${HOME}/.cache/kube
+whitelist ${HOME}/.config/kube
+whitelist ${HOME}/.config/sink
+whitelist ${HOME}/.local/share/kube
+whitelist ${HOME}/.local/share/sink
+whitelist ${RUNUSER}/gnupg
+whitelist /usr/share/kube
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/kwin_x11.profile b/etc/profile-a-l/kwin_x11.profile
index 580f937365e..15e7ceb17ad 100644
--- a/etc/profile-a-l/kwin_x11.profile
+++ b/etc/profile-a-l/kwin_x11.profile
@@ -8,10 +8,10 @@ include globals.local
 # fix automatical kwin_x11 sandboxing:
 # echo KDEWM=kwin_x11 >> ~/.pam_environment
 
-nodeny  ${HOME}/.cache/kwin
-nodeny  ${HOME}/.config/kwinrc
-nodeny  ${HOME}/.config/kwinrulesrc
-nodeny  ${HOME}/.local/share/kwin
+noblacklist ${HOME}/.cache/kwin
+noblacklist ${HOME}/.config/kwinrc
+noblacklist ${HOME}/.config/kwinrulesrc
+noblacklist ${HOME}/.local/share/kwin
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kwrite.profile b/etc/profile-a-l/kwrite.profile
index 08b0e022411..804ffafeba1 100644
--- a/etc/profile-a-l/kwrite.profile
+++ b/etc/profile-a-l/kwrite.profile
@@ -6,15 +6,15 @@ include kwrite.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/katepartrc
-nodeny  ${HOME}/.config/katerc
-nodeny  ${HOME}/.config/kateschemarc
-nodeny  ${HOME}/.config/katesyntaxhighlightingrc
-nodeny  ${HOME}/.config/katevirc
-nodeny  ${HOME}/.config/kwriterc
-nodeny  ${HOME}/.local/share/kwrite
-nodeny  ${HOME}/.local/share/kxmlgui5/kwrite
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.config/katepartrc
+noblacklist ${HOME}/.config/katerc
+noblacklist ${HOME}/.config/kateschemarc
+noblacklist ${HOME}/.config/katesyntaxhighlightingrc
+noblacklist ${HOME}/.config/katevirc
+noblacklist ${HOME}/.config/kwriterc
+noblacklist ${HOME}/.local/share/kwrite
+noblacklist ${HOME}/.local/share/kxmlgui5/kwrite
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/latex-common.profile b/etc/profile-a-l/latex-common.profile
index 91693bfc1e5..ac1b8785d1e 100644
--- a/etc/profile-a-l/latex-common.profile
+++ b/etc/profile-a-l/latex-common.profile
@@ -13,7 +13,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-allow  /var/lib
+whitelist /var/lib
 include whitelist-runuser-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/leafpad.profile b/etc/profile-a-l/leafpad.profile
index e154708ebfa..4bbb0a86d3f 100644
--- a/etc/profile-a-l/leafpad.profile
+++ b/etc/profile-a-l/leafpad.profile
@@ -6,7 +6,7 @@ include leafpad.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/leafpad
+noblacklist ${HOME}/.config/leafpad
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/less.profile b/etc/profile-a-l/less.profile
index abee392de0a..8eb5ad0c2d6 100644
--- a/etc/profile-a-l/less.profile
+++ b/etc/profile-a-l/less.profile
@@ -7,9 +7,9 @@ include less.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 
-nodeny  ${HOME}/.lesshst
+noblacklist ${HOME}/.lesshst
 
 include disable-devel.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/librecad.profile b/etc/profile-a-l/librecad.profile
index 8ec41eee3b0..c57eae73dca 100644
--- a/etc/profile-a-l/librecad.profile
+++ b/etc/profile-a-l/librecad.profile
@@ -4,8 +4,8 @@ include librecad.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/LibreCAD
-nodeny  ${HOME}/.local/share/LibreCAD
+noblacklist ${HOME}/.config/LibreCAD
+noblacklist ${HOME}/.local/share/LibreCAD
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/librecad
+whitelist /usr/share/librecad
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile
index ae01d39b895..b1a24888c63 100644
--- a/etc/profile-a-l/libreoffice.profile
+++ b/etc/profile-a-l/libreoffice.profile
@@ -6,15 +6,15 @@ include libreoffice.local
 # Persistent global definitions
 include globals.local
 
-nodeny  /usr/local/sbin
-nodeny  ${HOME}/.config/libreoffice
+noblacklist /usr/local/sbin
+noblacklist ${HOME}/.config/libreoffice
 
 # libreoffice uses java for some functionality.
 # Add 'ignore include allow-java.inc' to your libreoffice.local if you don't need that functionality.
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile
index 5c614ab8ef2..da047357a2c 100644
--- a/etc/profile-a-l/librewolf.profile
+++ b/etc/profile-a-l/librewolf.profile
@@ -6,13 +6,13 @@ include librewolf.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/librewolf
-nodeny  ${HOME}/.librewolf
+noblacklist ${HOME}/.cache/librewolf
+noblacklist ${HOME}/.librewolf
 
 mkdir ${HOME}/.cache/librewolf
 mkdir ${HOME}/.librewolf
-allow  ${HOME}/.cache/librewolf
-allow  ${HOME}/.librewolf
+whitelist ${HOME}/.cache/librewolf
+whitelist ${HOME}/.librewolf
 
 # Add the next lines to your librewolf.local if you want to use the migration wizard.
 #noblacklist ${HOME}/.mozilla
@@ -23,10 +23,10 @@ allow  ${HOME}/.librewolf
 #whitelist ${RUNUSER}/kpxc_server
 #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
 
-allow  /usr/share/doc
-allow  /usr/share/gtk-doc/html
-allow  /usr/share/mozilla
-allow  /usr/share/webext
+whitelist /usr/share/doc
+whitelist /usr/share/gtk-doc/html
+whitelist /usr/share/mozilla
+whitelist /usr/share/webext
 include whitelist-usr-share-common.inc
 
 # Add the next line to your librewolf.local to enable private-bin (Arch Linux).
diff --git a/etc/profile-a-l/liferea.profile b/etc/profile-a-l/liferea.profile
index 595ecc25796..7afca1d5f2a 100644
--- a/etc/profile-a-l/liferea.profile
+++ b/etc/profile-a-l/liferea.profile
@@ -6,9 +6,9 @@ include liferea.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/liferea
-nodeny  ${HOME}/.config/liferea
-nodeny  ${HOME}/.local/share/liferea
+noblacklist ${HOME}/.cache/liferea
+noblacklist ${HOME}/.config/liferea
+noblacklist ${HOME}/.local/share/liferea
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -24,10 +24,10 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/liferea
 mkdir ${HOME}/.config/liferea
 mkdir ${HOME}/.local/share/liferea
-allow  ${HOME}/.cache/liferea
-allow  ${HOME}/.config/liferea
-allow  ${HOME}/.local/share/liferea
-allow  /usr/share/liferea
+whitelist ${HOME}/.cache/liferea
+whitelist ${HOME}/.config/liferea
+whitelist ${HOME}/.local/share/liferea
+whitelist /usr/share/liferea
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/lightsoff.profile b/etc/profile-a-l/lightsoff.profile
index 58d5bcd6dcc..c065c44a9f1 100644
--- a/etc/profile-a-l/lightsoff.profile
+++ b/etc/profile-a-l/lightsoff.profile
@@ -6,7 +6,7 @@ include lightsoff.local
 # Persistent global definitions
 include globals.local
 
-allow  /usr/share/lightsoff
+whitelist /usr/share/lightsoff
 
 private-bin lightsoff
 
diff --git a/etc/profile-a-l/lincity-ng.profile b/etc/profile-a-l/lincity-ng.profile
index e14c50d773f..4254b7f3369 100644
--- a/etc/profile-a-l/lincity-ng.profile
+++ b/etc/profile-a-l/lincity-ng.profile
@@ -6,7 +6,7 @@ include lincity-ng.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.lincity-ng
+noblacklist ${HOME}/.lincity-ng
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.lincity-ng
-allow  ${HOME}/.lincity-ng
+whitelist ${HOME}/.lincity-ng
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/links-common.profile b/etc/profile-a-l/links-common.profile
index 51e3d5b94ff..cd885b1d497 100644
--- a/etc/profile-a-l/links-common.profile
+++ b/etc/profile-a-l/links-common.profile
@@ -4,8 +4,8 @@ include links-common.local
 
 # common profile for links browsers
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/links.profile b/etc/profile-a-l/links.profile
index ae57601ca63..8ce39cc7fcb 100644
--- a/etc/profile-a-l/links.profile
+++ b/etc/profile-a-l/links.profile
@@ -7,10 +7,10 @@ include links.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.links
+noblacklist ${HOME}/.links
 
 mkdir ${HOME}/.links
-allow  ${HOME}/.links
+whitelist ${HOME}/.links
 
 private-bin links
 
diff --git a/etc/profile-a-l/links2.profile b/etc/profile-a-l/links2.profile
index eb349c73aef..5f91dfcd268 100644
--- a/etc/profile-a-l/links2.profile
+++ b/etc/profile-a-l/links2.profile
@@ -7,10 +7,10 @@ include links2.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.links2
+noblacklist ${HOME}/.links2
 
 mkdir ${HOME}/.links2
-allow  ${HOME}/.links2
+whitelist ${HOME}/.links2
 
 private-bin links2
 
diff --git a/etc/profile-a-l/linphone.profile b/etc/profile-a-l/linphone.profile
index dd1dac05b3a..7ebdbef4c5c 100644
--- a/etc/profile-a-l/linphone.profile
+++ b/etc/profile-a-l/linphone.profile
@@ -6,10 +6,10 @@ include linphone.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/linphone
-nodeny  ${HOME}/.linphone-history.db
-nodeny  ${HOME}/.linphonerc
-nodeny  ${HOME}/.local/share/linphone
+noblacklist ${HOME}/.config/linphone
+noblacklist ${HOME}/.linphone-history.db
+noblacklist ${HOME}/.linphonerc
+noblacklist ${HOME}/.local/share/linphone
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,11 +23,11 @@ include disable-programs.inc
 # ${HOME}/.linphone-history.db and ${HOME}/.linphonerc but no longer mkfile.
 mkdir ${HOME}/.config/linphone
 mkdir ${HOME}/.local/share/linphone
-allow  ${HOME}/.config/linphone
-allow  ${HOME}/.linphone-history.db
-allow  ${HOME}/.linphonerc
-allow  ${HOME}/.local/share/linphone
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.config/linphone
+whitelist ${HOME}/.linphone-history.db
+whitelist ${HOME}/.linphonerc
+whitelist ${HOME}/.local/share/linphone
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/lmms.profile b/etc/profile-a-l/lmms.profile
index b22110fdcf6..48b0e14dce4 100644
--- a/etc/profile-a-l/lmms.profile
+++ b/etc/profile-a-l/lmms.profile
@@ -6,9 +6,9 @@ include lmms.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.lmmsrc.xml
-nodeny  ${DOCUMENTS}
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.lmmsrc.xml
+noblacklist ${DOCUMENTS}
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lollypop.profile b/etc/profile-a-l/lollypop.profile
index 0a7ce86e8ac..f2676fec575 100644
--- a/etc/profile-a-l/lollypop.profile
+++ b/etc/profile-a-l/lollypop.profile
@@ -6,8 +6,8 @@ include lollypop.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/lollypop
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.local/share/lollypop
+noblacklist ${MUSIC}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/lugaru.profile b/etc/profile-a-l/lugaru.profile
index 30802b3b75d..174c65a6584 100644
--- a/etc/profile-a-l/lugaru.profile
+++ b/etc/profile-a-l/lugaru.profile
@@ -8,8 +8,8 @@ include globals.local
 
 # note: crashes after entering
 
-nodeny  ${HOME}/.config/lugaru
-nodeny  ${HOME}/.local/share/lugaru
+noblacklist ${HOME}/.config/lugaru
+noblacklist ${HOME}/.local/share/lugaru
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,8 +22,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/lugaru
 mkdir ${HOME}/.local/share/lugaru
-allow  ${HOME}/.config/lugaru
-allow  ${HOME}/.local/share/lugaru
+whitelist ${HOME}/.config/lugaru
+whitelist ${HOME}/.local/share/lugaru
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/luminance-hdr.profile b/etc/profile-a-l/luminance-hdr.profile
index 73400dbd615..31067034e67 100644
--- a/etc/profile-a-l/luminance-hdr.profile
+++ b/etc/profile-a-l/luminance-hdr.profile
@@ -6,8 +6,8 @@ include luminance-hdr.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Luminance
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.config/Luminance
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lutris.profile b/etc/profile-a-l/lutris.profile
index 9d5169b802c..80a3aba86af 100644
--- a/etc/profile-a-l/lutris.profile
+++ b/etc/profile-a-l/lutris.profile
@@ -6,18 +6,18 @@ include lutris.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${PATH}/llvm*
-nodeny  ${HOME}/Games
-nodeny  ${HOME}/.cache/lutris
-nodeny  ${HOME}/.cache/winetricks
-nodeny  ${HOME}/.config/lutris
-nodeny  ${HOME}/.local/share/lutris
+noblacklist ${PATH}/llvm*
+noblacklist ${HOME}/Games
+noblacklist ${HOME}/.cache/lutris
+noblacklist ${HOME}/.cache/winetricks
+noblacklist ${HOME}/.config/lutris
+noblacklist ${HOME}/.local/share/lutris
 # noblacklist ${HOME}/.wine
-nodeny  /tmp/.wine-*
+noblacklist /tmp/.wine-*
 # Don't block access to /sbin and /usr/sbin to allow using ldconfig. Otherwise
 # Lutris won't even start.
-nodeny  /sbin
-nodeny  /usr/sbin
+noblacklist /sbin
+noblacklist /usr/sbin
 
 ignore noexec ${HOME}
 
@@ -39,15 +39,15 @@ mkdir ${HOME}/.cache/winetricks
 mkdir ${HOME}/.config/lutris
 mkdir ${HOME}/.local/share/lutris
 # mkdir ${HOME}/.wine
-allow  ${DOWNLOADS}
-allow  ${HOME}/Games
-allow  ${HOME}/.cache/lutris
-allow  ${HOME}/.cache/winetricks
-allow  ${HOME}/.config/lutris
-allow  ${HOME}/.local/share/lutris
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/Games
+whitelist ${HOME}/.cache/lutris
+whitelist ${HOME}/.cache/winetricks
+whitelist ${HOME}/.config/lutris
+whitelist ${HOME}/.local/share/lutris
 # whitelist ${HOME}/.wine
-allow  /usr/share/lutris
-allow  /usr/share/wine
+whitelist /usr/share/lutris
+whitelist /usr/share/wine
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/lximage-qt.profile b/etc/profile-a-l/lximage-qt.profile
index 43147211b32..b2a56012e2e 100644
--- a/etc/profile-a-l/lximage-qt.profile
+++ b/etc/profile-a-l/lximage-qt.profile
@@ -6,7 +6,7 @@ include lximage-qt.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/lximage-qt
+noblacklist ${HOME}/.config/lximage-qt
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lxmusic.profile b/etc/profile-a-l/lxmusic.profile
index c849f2ad262..cc4b9555151 100644
--- a/etc/profile-a-l/lxmusic.profile
+++ b/etc/profile-a-l/lxmusic.profile
@@ -6,9 +6,9 @@ include lxmusic.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/xmms2
-nodeny  ${HOME}/.config/xmms2
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.cache/xmms2
+noblacklist ${HOME}/.config/xmms2
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lynx.profile b/etc/profile-a-l/lynx.profile
index 15c8f1faa55..a919e924b5f 100644
--- a/etc/profile-a-l/lynx.profile
+++ b/etc/profile-a-l/lynx.profile
@@ -7,8 +7,8 @@ include lynx.local
 # Persistent global definitions
 include globals.local
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lyx.profile b/etc/profile-a-l/lyx.profile
index 358dbf2f2a7..fa69463d137 100644
--- a/etc/profile-a-l/lyx.profile
+++ b/etc/profile-a-l/lyx.profile
@@ -8,8 +8,8 @@ include globals.local
 
 ignore private-tmp
 
-nodeny  ${HOME}/.config/LyX
-nodeny  ${HOME}/.lyx
+noblacklist ${HOME}/.config/LyX
+noblacklist ${HOME}/.lyx
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -21,11 +21,11 @@ include allow-perl.inc
 include allow-python2.inc
 include allow-python3.inc
 
-allow  /usr/share/lyx
-allow  /usr/share/texinfo
-allow  /usr/share/texlive
-allow  /usr/share/texmf-dist
-allow  /usr/share/tlpkg
+whitelist /usr/share/lyx
+whitelist /usr/share/texinfo
+whitelist /usr/share/texlive
+whitelist /usr/share/texmf-dist
+whitelist /usr/share/tlpkg
 include whitelist-usr-share-common.inc
 
 apparmor
diff --git a/etc/profile-a-l/sway.profile b/etc/profile-a-l/sway.profile
index 3a4edcf69fb..4637419bf31 100644
--- a/etc/profile-a-l/sway.profile
+++ b/etc/profile-a-l/sway.profile
@@ -7,9 +7,9 @@ include sway.local
 include globals.local
 
 # all applications started in sway will run in this profile
-nodeny  ${HOME}/.config/sway
+noblacklist ${HOME}/.config/sway
 # sway uses ~/.config/i3 as fallback if there is no ~/.config/sway
-nodeny  ${HOME}/.config/i3
+noblacklist ${HOME}/.config/i3
 include disable-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/Maelstrom.profile b/etc/profile-m-z/Maelstrom.profile
index e6c43007db1..62d0a8b3a3e 100644
--- a/etc/profile-m-z/Maelstrom.profile
+++ b/etc/profile-m-z/Maelstrom.profile
@@ -6,7 +6,7 @@ include Maelstrom.local
 # Persistent global definitions
 include globals.local
 
-nodeny  /var/lib/games/Maelstrom-Scores
+noblacklist /var/lib/games/Maelstrom-Scores
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /var/lib/games
+whitelist /var/lib/games
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/Mathematica.profile b/etc/profile-m-z/Mathematica.profile
index bd929d21a79..c2734b1c16d 100644
--- a/etc/profile-m-z/Mathematica.profile
+++ b/etc/profile-m-z/Mathematica.profile
@@ -5,8 +5,8 @@ include Mathematica.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.Mathematica
-nodeny  ${HOME}/.Wolfram Research
+noblacklist ${HOME}/.Mathematica
+noblacklist ${HOME}/.Wolfram Research
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-programs.inc
 mkdir ${HOME}/.Mathematica
 mkdir ${HOME}/.Wolfram Research
 mkdir ${HOME}/Documents/Wolfram Mathematica
-allow  ${HOME}/.Mathematica
-allow  ${HOME}/.Wolfram Research
-allow  ${HOME}/Documents/Wolfram Mathematica
+whitelist ${HOME}/.Mathematica
+whitelist ${HOME}/.Wolfram Research
+whitelist ${HOME}/Documents/Wolfram Mathematica
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/PCSX2.profile b/etc/profile-m-z/PCSX2.profile
index f833b9446ba..e678b7204cd 100644
--- a/etc/profile-m-z/PCSX2.profile
+++ b/etc/profile-m-z/PCSX2.profile
@@ -8,7 +8,7 @@ include globals.local
 
 # Note: you must whitelist your games folder in your PCSX2.local.
 
-nodeny  ${HOME}/.config/PCSX2
+noblacklist ${HOME}/.config/PCSX2
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,7 +21,7 @@ include disable-write-mnt.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/PCSX2
-allow  ${HOME}/.config/PCSX2
+whitelist ${HOME}/.config/PCSX2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/QMediathekView.profile b/etc/profile-m-z/QMediathekView.profile
index d7b01fe06ef..86120587bad 100644
--- a/etc/profile-m-z/QMediathekView.profile
+++ b/etc/profile-m-z/QMediathekView.profile
@@ -6,18 +6,18 @@ include QMediathekView.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/QMediathekView
-nodeny  ${HOME}/.local/share/QMediathekView
-
-nodeny  ${HOME}/.config/mpv
-nodeny  ${HOME}/.config/smplayer
-nodeny  ${HOME}/.config/totem
-nodeny  ${HOME}/.config/vlc
-nodeny  ${HOME}/.config/xplayer
-nodeny  ${HOME}/.local/share/totem
-nodeny  ${HOME}/.local/share/xplayer
-nodeny  ${HOME}/.mplayer
-nodeny  ${VIDEOS}
+noblacklist ${HOME}/.config/QMediathekView
+noblacklist ${HOME}/.local/share/QMediathekView
+
+noblacklist ${HOME}/.config/mpv
+noblacklist ${HOME}/.config/smplayer
+noblacklist ${HOME}/.config/totem
+noblacklist ${HOME}/.config/vlc
+noblacklist ${HOME}/.config/xplayer
+noblacklist ${HOME}/.local/share/totem
+noblacklist ${HOME}/.local/share/xplayer
+noblacklist ${HOME}/.mplayer
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -28,7 +28,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/qtchooser
+whitelist /usr/share/qtchooser
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/QOwnNotes.profile b/etc/profile-m-z/QOwnNotes.profile
index 4ca42730a01..660378089ab 100644
--- a/etc/profile-m-z/QOwnNotes.profile
+++ b/etc/profile-m-z/QOwnNotes.profile
@@ -6,10 +6,10 @@ include QOwnNotes.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${DOCUMENTS}
-nodeny  ${HOME}/Nextcloud/Notes
-nodeny  ${HOME}/.config/PBE
-nodeny  ${HOME}/.local/share/PBE
+noblacklist ${DOCUMENTS}
+noblacklist ${HOME}/Nextcloud/Notes
+noblacklist ${HOME}/.config/PBE
+noblacklist ${HOME}/.local/share/PBE
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,10 +23,10 @@ include disable-xdg.inc
 mkdir ${HOME}/Nextcloud/Notes
 mkdir ${HOME}/.config/PBE
 mkdir ${HOME}/.local/share/PBE
-allow  ${DOCUMENTS}
-allow  ${HOME}/Nextcloud/Notes
-allow  ${HOME}/.config/PBE
-allow  ${HOME}/.local/share/PBE
+whitelist ${DOCUMENTS}
+whitelist ${HOME}/Nextcloud/Notes
+whitelist ${HOME}/.config/PBE
+whitelist ${HOME}/.local/share/PBE
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/Viber.profile b/etc/profile-m-z/Viber.profile
index b98847d3aee..3195e39fa45 100644
--- a/etc/profile-m-z/Viber.profile
+++ b/etc/profile-m-z/Viber.profile
@@ -5,8 +5,8 @@ include Viber.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.ViberPC
-nodeny  ${PATH}/dig
+noblacklist ${HOME}/.ViberPC
+noblacklist ${PATH}/dig
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.ViberPC
-allow  ${DOWNLOADS}
-allow  ${HOME}/.ViberPC
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.ViberPC
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/XMind.profile b/etc/profile-m-z/XMind.profile
index c9cf7adf76e..d78e045952c 100644
--- a/etc/profile-m-z/XMind.profile
+++ b/etc/profile-m-z/XMind.profile
@@ -5,7 +5,7 @@ include XMind.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.xmind
+noblacklist ${HOME}/.xmind
 
 include disable-common.inc
 include disable-devel.inc
@@ -15,8 +15,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.xmind
-allow  ${HOME}/.xmind
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.xmind
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/Xephyr.profile b/etc/profile-m-z/Xephyr.profile
index 7ba1cdac90a..5cf5161cedb 100644
--- a/etc/profile-m-z/Xephyr.profile
+++ b/etc/profile-m-z/Xephyr.profile
@@ -15,7 +15,7 @@ include globals.local
 # or run "sudo firecfg"
 #
 
-allow  /var/lib/xkb
+whitelist /var/lib/xkb
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/Xvfb.profile b/etc/profile-m-z/Xvfb.profile
index a246ccb2351..1acd430238b 100644
--- a/etc/profile-m-z/Xvfb.profile
+++ b/etc/profile-m-z/Xvfb.profile
@@ -18,7 +18,7 @@ include globals.local
 # some Linux distributions. Also, older versions of Xpra use Xvfb.
 #
 
-allow  /var/lib/xkb
+whitelist /var/lib/xkb
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/ZeGrapher.profile b/etc/profile-m-z/ZeGrapher.profile
index 4f65ad7d106..7686c3442a0 100644
--- a/etc/profile-m-z/ZeGrapher.profile
+++ b/etc/profile-m-z/ZeGrapher.profile
@@ -6,7 +6,7 @@ include ZeGrapher.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/ZeGrapher Project
+noblacklist ${HOME}/.config/ZeGrapher Project
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
 
-allow  /usr/share/ZeGrapher
+whitelist /usr/share/ZeGrapher
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/macrofusion.profile b/etc/profile-m-z/macrofusion.profile
index 763d475bb44..d1dcb6fe0ab 100644
--- a/etc/profile-m-z/macrofusion.profile
+++ b/etc/profile-m-z/macrofusion.profile
@@ -5,8 +5,8 @@ include macrofusion.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/mfusion
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.config/mfusion
+noblacklist ${PICTURES}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/magicor.profile b/etc/profile-m-z/magicor.profile
index d561a50955b..8a27b2626e4 100644
--- a/etc/profile-m-z/magicor.profile
+++ b/etc/profile-m-z/magicor.profile
@@ -6,7 +6,7 @@ include magicor.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.magicor
+noblacklist ${HOME}/.magicor
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -21,8 +21,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.magicor
-allow  ${HOME}/.magicor
-allow  /usr/share/magicor
+whitelist ${HOME}/.magicor
+whitelist /usr/share/magicor
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/makepkg.profile b/etc/profile-m-z/makepkg.profile
index a7c486c9f84..513fcae5546 100644
--- a/etc/profile-m-z/makepkg.profile
+++ b/etc/profile-m-z/makepkg.profile
@@ -6,8 +6,8 @@ include makepkg.local
 # Persistent global definitions
 include globals.local
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 # Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138
 # for potential issues and their solutions when Firejailing makepkg
@@ -17,18 +17,18 @@ deny  ${RUNUSER}/wayland-*
 # whitelist ${HOME}/.gnupg
 
 # Enable severely restricted access to ${HOME}/.gnupg
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
 read-only ${HOME}/.gnupg/gpg.conf
 read-only ${HOME}/.gnupg/trustdb.gpg
 read-only ${HOME}/.gnupg/pubring.kbx
-deny  ${HOME}/.gnupg/random_seed
-deny  ${HOME}/.gnupg/pubring.kbx~
-deny  ${HOME}/.gnupg/private-keys-v1.d
-deny  ${HOME}/.gnupg/crls.d
-deny  ${HOME}/.gnupg/openpgp-revocs.d
+blacklist ${HOME}/.gnupg/random_seed
+blacklist ${HOME}/.gnupg/pubring.kbx~
+blacklist ${HOME}/.gnupg/private-keys-v1.d
+blacklist ${HOME}/.gnupg/crls.d
+blacklist ${HOME}/.gnupg/openpgp-revocs.d
 
 # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only.
-nodeny  /var/lib/pacman
+noblacklist /var/lib/pacman
 
 include disable-common.inc
 include disable-exec.inc
diff --git a/etc/profile-m-z/man.profile b/etc/profile-m-z/man.profile
index 383eeeeb700..bd510fcac80 100644
--- a/etc/profile-m-z/man.profile
+++ b/etc/profile-m-z/man.profile
@@ -7,10 +7,10 @@ include man.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 
-nodeny  ${HOME}/.local/share/man
-nodeny  ${HOME}/.rustup
+noblacklist ${HOME}/.local/share/man
+noblacklist ${HOME}/.rustup
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,12 +23,12 @@ include disable-xdg.inc
 #mkdir ${HOME}/.local/share/man
 #whitelist ${HOME}/.local/share/man
 #whitelist ${HOME}/.manpath
-allow  /usr/share/groff
-allow  /usr/share/info
-allow  /usr/share/lintian
-allow  /usr/share/locale
-allow  /usr/share/man
-allow  /var/cache/man
+whitelist /usr/share/groff
+whitelist /usr/share/info
+whitelist /usr/share/lintian
+whitelist /usr/share/locale
+whitelist /usr/share/man
+whitelist /var/cache/man
 #include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/manaplus.profile b/etc/profile-m-z/manaplus.profile
index 67ee783a67f..f59a56ac6e0 100644
--- a/etc/profile-m-z/manaplus.profile
+++ b/etc/profile-m-z/manaplus.profile
@@ -6,8 +6,8 @@ include manaplus.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/mana
-nodeny  ${HOME}/.local/share/mana
+noblacklist ${HOME}/.config/mana
+noblacklist ${HOME}/.local/share/mana
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,8 +21,8 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/mana
 mkdir ${HOME}/.config/mana/mana
 mkdir ${HOME}/.local/share/mana
-allow  ${HOME}/.config/mana
-allow  ${HOME}/.local/share/mana
+whitelist ${HOME}/.config/mana
+whitelist ${HOME}/.local/share/mana
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/marker.profile b/etc/profile-m-z/marker.profile
index 7645ad3356e..bd56a822102 100644
--- a/etc/profile-m-z/marker.profile
+++ b/etc/profile-m-z/marker.profile
@@ -11,8 +11,8 @@ include globals.local
 #protocol unix,inet,inet6
 #private-etc ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf
 
-nodeny  ${HOME}/.cache/marker
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.cache/marker
+noblacklist ${DOCUMENTS}
 
 include allow-python3.inc
 
@@ -25,8 +25,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/libexec/webkit2gtk-4.0
-allow  /usr/share/com.github.fabiocolacio.marker
+whitelist /usr/libexec/webkit2gtk-4.0
+whitelist /usr/share/com.github.fabiocolacio.marker
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/masterpdfeditor.profile b/etc/profile-m-z/masterpdfeditor.profile
index d8b215b7fa6..de11350713c 100644
--- a/etc/profile-m-z/masterpdfeditor.profile
+++ b/etc/profile-m-z/masterpdfeditor.profile
@@ -6,8 +6,8 @@ include masterpdfeditor.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Code Industry
-nodeny  ${HOME}/.masterpdfeditor
+noblacklist ${HOME}/.config/Code Industry
+noblacklist ${HOME}/.masterpdfeditor
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mate-calc.profile b/etc/profile-m-z/mate-calc.profile
index 92832783e0b..39ee7439d00 100644
--- a/etc/profile-m-z/mate-calc.profile
+++ b/etc/profile-m-z/mate-calc.profile
@@ -6,7 +6,7 @@ include mate-calc.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/mate-calc
+noblacklist ${HOME}/.config/mate-calc
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/mate-calc
 mkdir ${HOME}/.config/caja
 mkdir ${HOME}/.config/mate-menu
-allow  ${HOME}/.cache/mate-calc
-allow  ${HOME}/.config/caja
-allow  ${HOME}/.config/mate-menu
+whitelist ${HOME}/.cache/mate-calc
+whitelist ${HOME}/.config/caja
+whitelist ${HOME}/.config/mate-menu
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/mate-dictionary.profile b/etc/profile-m-z/mate-dictionary.profile
index 90c9d0993e4..ae1fcbf62b8 100644
--- a/etc/profile-m-z/mate-dictionary.profile
+++ b/etc/profile-m-z/mate-dictionary.profile
@@ -5,7 +5,7 @@ include mate-dictionary.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/mate/mate-dictionary
+noblacklist ${HOME}/.config/mate/mate-dictionary
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.config/mate/mate-dictionary
-allow  ${HOME}/.config/mate/mate-dictionary
+whitelist ${HOME}/.config/mate/mate-dictionary
 include whitelist-common.inc
 
 apparmor
diff --git a/etc/profile-m-z/matrix-mirage.profile b/etc/profile-m-z/matrix-mirage.profile
index 8ee470a5059..b3080df88c5 100644
--- a/etc/profile-m-z/matrix-mirage.profile
+++ b/etc/profile-m-z/matrix-mirage.profile
@@ -7,16 +7,16 @@ include matrix-mirage.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.cache/matrix-mirage
-nodeny  ${HOME}/.config/matrix-mirage
-nodeny  ${HOME}/.local/share/matrix-mirage
+noblacklist ${HOME}/.cache/matrix-mirage
+noblacklist ${HOME}/.config/matrix-mirage
+noblacklist ${HOME}/.local/share/matrix-mirage
 
 mkdir ${HOME}/.cache/matrix-mirage
 mkdir ${HOME}/.config/matrix-mirage
 mkdir ${HOME}/.local/share/matrix-mirage
-allow  ${HOME}/.cache/matrix-mirage
-allow  ${HOME}/.config/matrix-mirage
-allow  ${HOME}/.local/share/matrix-mirage
+whitelist ${HOME}/.cache/matrix-mirage
+whitelist ${HOME}/.config/matrix-mirage
+whitelist ${HOME}/.local/share/matrix-mirage
 
 private-bin matrix-mirage
 
diff --git a/etc/profile-m-z/mattermost-desktop.profile b/etc/profile-m-z/mattermost-desktop.profile
index 01076a90a21..3c2bf4fa390 100644
--- a/etc/profile-m-z/mattermost-desktop.profile
+++ b/etc/profile-m-z/mattermost-desktop.profile
@@ -10,12 +10,12 @@ ignore apparmor
 ignore dbus-user none
 ignore dbus-system none
 
-nodeny  ${HOME}/.config/Mattermost
+noblacklist ${HOME}/.config/Mattermost
 
 include disable-shell.inc
 
 mkdir ${HOME}/.config/Mattermost
-allow  ${HOME}/.config/Mattermost
+whitelist ${HOME}/.config/Mattermost
 
 private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl
 
diff --git a/etc/profile-m-z/mcabber.profile b/etc/profile-m-z/mcabber.profile
index ae749114ad8..38d2d8d63bb 100644
--- a/etc/profile-m-z/mcabber.profile
+++ b/etc/profile-m-z/mcabber.profile
@@ -6,8 +6,8 @@ include mcabber.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.mcabber
-nodeny  ${HOME}/.mcabberrc
+noblacklist ${HOME}/.mcabber
+noblacklist ${HOME}/.mcabberrc
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mcomix.profile b/etc/profile-m-z/mcomix.profile
index d9e12fb5de7..fcd1e24e5d9 100644
--- a/etc/profile-m-z/mcomix.profile
+++ b/etc/profile-m-z/mcomix.profile
@@ -6,9 +6,9 @@ include mcomix.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/mcomix
-nodeny  ${HOME}/.local/share/mcomix
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.config/mcomix
+noblacklist ${HOME}/.local/share/mcomix
+noblacklist ${DOCUMENTS}
 
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -30,7 +30,7 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/mcomix
 mkdir ${HOME}/.local/share/mcomix
-allow  /usr/share/mcomix
+whitelist /usr/share/mcomix
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/mdr.profile b/etc/profile-m-z/mdr.profile
index 9e8656290bb..5d3f8dc41f8 100644
--- a/etc/profile-m-z/mdr.profile
+++ b/etc/profile-m-z/mdr.profile
@@ -5,7 +5,7 @@ include mdr.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/mediainfo.profile b/etc/profile-m-z/mediainfo.profile
index ae34ea32156..17363624f18 100644
--- a/etc/profile-m-z/mediainfo.profile
+++ b/etc/profile-m-z/mediainfo.profile
@@ -6,7 +6,7 @@ include mediainfo.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mediathekview.profile b/etc/profile-m-z/mediathekview.profile
index 3459ad4cf30..0063badd8db 100644
--- a/etc/profile-m-z/mediathekview.profile
+++ b/etc/profile-m-z/mediathekview.profile
@@ -6,16 +6,16 @@ include mediathekview.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/mpv
-nodeny  ${HOME}/.config/smplayer
-nodeny  ${HOME}/.config/totem
-nodeny  ${HOME}/.config/vlc
-nodeny  ${HOME}/.config/xplayer
-nodeny  ${HOME}/.local/share/totem
-nodeny  ${HOME}/.local/share/xplayer
-nodeny  ${HOME}/.mediathek3
-nodeny  ${HOME}/.mplayer
-nodeny  ${VIDEOS}
+noblacklist ${HOME}/.config/mpv
+noblacklist ${HOME}/.config/smplayer
+noblacklist ${HOME}/.config/totem
+noblacklist ${HOME}/.config/vlc
+noblacklist ${HOME}/.config/xplayer
+noblacklist ${HOME}/.local/share/totem
+noblacklist ${HOME}/.local/share/xplayer
+noblacklist ${HOME}/.mediathek3
+noblacklist ${HOME}/.mplayer
+noblacklist ${VIDEOS}
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-m-z/megaglest.profile b/etc/profile-m-z/megaglest.profile
index ad9094ddf9e..f07b9166a79 100644
--- a/etc/profile-m-z/megaglest.profile
+++ b/etc/profile-m-z/megaglest.profile
@@ -6,7 +6,7 @@ include megaglest.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.megaglest
+noblacklist ${HOME}/.megaglest
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.megaglest
-allow  ${HOME}/.megaglest
-allow  /usr/share/megaglest
-allow  /usr/share/games/megaglest	# Debian version
+whitelist ${HOME}/.megaglest
+whitelist /usr/share/megaglest
+whitelist /usr/share/games/megaglest	# Debian version
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/meld.profile b/etc/profile-m-z/meld.profile
index 06ee572c9af..2a8bb3acf99 100644
--- a/etc/profile-m-z/meld.profile
+++ b/etc/profile-m-z/meld.profile
@@ -13,12 +13,12 @@ include globals.local
 # Calling it by its absolute path (example for git mergetool):
 # $ git config --global mergetool.meld.cmd /usr/bin/meld
 
-nodeny  ${HOME}/.config/meld
-nodeny  ${HOME}/.config/git
-nodeny  ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
-nodeny  ${HOME}/.local/share/meld
-nodeny  ${HOME}/.subversion
+noblacklist ${HOME}/.config/meld
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+noblacklist ${HOME}/.local/share/meld
+noblacklist ${HOME}/.subversion
 
 # Allow python (blacklisted by disable-interpreters.inc)
 # Python 2 is EOL (see #3164). Add the next line to your meld.local if you understand the risks
@@ -29,7 +29,7 @@ include allow-python3.inc
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 # Add the next line to your meld.local if you don't need to compare files in disable-common.inc.
 #include disable-common.inc
diff --git a/etc/profile-m-z/mendeleydesktop.profile b/etc/profile-m-z/mendeleydesktop.profile
index e33d6c157aa..c0bdbb23076 100644
--- a/etc/profile-m-z/mendeleydesktop.profile
+++ b/etc/profile-m-z/mendeleydesktop.profile
@@ -6,13 +6,13 @@ include mendeleydesktop.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${DOCUMENTS}
-nodeny  ${HOME}/.cache/Mendeley Ltd.
-nodeny  ${HOME}/.config/Mendeley Ltd.
-nodeny  ${HOME}/.local/share/Mendeley Ltd.
-nodeny  ${HOME}/.local/share/data/Mendeley Ltd.
-nodeny  ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${DOCUMENTS}
+noblacklist ${HOME}/.cache/Mendeley Ltd.
+noblacklist ${HOME}/.config/Mendeley Ltd.
+noblacklist ${HOME}/.local/share/Mendeley Ltd.
+noblacklist ${HOME}/.local/share/data/Mendeley Ltd.
+noblacklist ${HOME}/.pki
+noblacklist ${HOME}/.local/share/pki
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/menulibre.profile b/etc/profile-m-z/menulibre.profile
index 52808a5b551..2081b8c964f 100644
--- a/etc/profile-m-z/menulibre.profile
+++ b/etc/profile-m-z/menulibre.profile
@@ -19,13 +19,13 @@ include disable-passwdmgr.inc
 include disable-xdg.inc
 
 # Whitelist your system icon directory,varies by distro
-allow  /usr/share/app-info
-allow  /usr/share/desktop-directories
-allow  /usr/share/icons
-allow  /usr/share/menulibre
-allow  /var/lib/app-info/icons
-allow  /var/lib/flatpak/exports/share/applications
-allow  /var/lib/flatpak/exports/share/icons
+whitelist /usr/share/app-info
+whitelist /usr/share/desktop-directories
+whitelist /usr/share/icons
+whitelist /usr/share/menulibre
+whitelist /var/lib/app-info/icons
+whitelist /var/lib/flatpak/exports/share/applications
+whitelist /var/lib/flatpak/exports/share/icons
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/meteo-qt.profile b/etc/profile-m-z/meteo-qt.profile
index 48f9366329c..85ed7bc7486 100644
--- a/etc/profile-m-z/meteo-qt.profile
+++ b/etc/profile-m-z/meteo-qt.profile
@@ -6,8 +6,8 @@ include meteo-qt.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/autostart
-nodeny  ${HOME}/.config/meteo-qt
+noblacklist ${HOME}/.config/autostart
+noblacklist ${HOME}/.config/meteo-qt
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
@@ -22,8 +22,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/meteo-qt
-allow  ${HOME}/.config/autostart
-allow  ${HOME}/.config/meteo-qt
+whitelist ${HOME}/.config/autostart
+whitelist ${HOME}/.config/meteo-qt
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/microsoft-edge-beta.profile b/etc/profile-m-z/microsoft-edge-beta.profile
index 259d39a5fa4..34d9f470a40 100644
--- a/etc/profile-m-z/microsoft-edge-beta.profile
+++ b/etc/profile-m-z/microsoft-edge-beta.profile
@@ -6,13 +6,13 @@ include microsoft-edge-beta.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/microsoft-edge-beta
-nodeny  ${HOME}/.config/microsoft-edge-beta
+noblacklist ${HOME}/.cache/microsoft-edge-beta
+noblacklist ${HOME}/.config/microsoft-edge-beta
 
 mkdir ${HOME}/.cache/microsoft-edge-beta
 mkdir ${HOME}/.config/microsoft-edge-beta
-allow  ${HOME}/.cache/microsoft-edge-beta
-allow  ${HOME}/.config/microsoft-edge-beta
+whitelist ${HOME}/.cache/microsoft-edge-beta
+whitelist ${HOME}/.config/microsoft-edge-beta
 
 private-opt microsoft
 
diff --git a/etc/profile-m-z/microsoft-edge-dev.profile b/etc/profile-m-z/microsoft-edge-dev.profile
index 96465866cd6..039cd36a80c 100644
--- a/etc/profile-m-z/microsoft-edge-dev.profile
+++ b/etc/profile-m-z/microsoft-edge-dev.profile
@@ -6,13 +6,13 @@ include microsoft-edge-dev.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/microsoft-edge-dev
-nodeny  ${HOME}/.config/microsoft-edge-dev
+noblacklist ${HOME}/.cache/microsoft-edge-dev
+noblacklist ${HOME}/.config/microsoft-edge-dev
 
 mkdir ${HOME}/.cache/microsoft-edge-dev
 mkdir ${HOME}/.config/microsoft-edge-dev
-allow  ${HOME}/.cache/microsoft-edge-dev
-allow  ${HOME}/.config/microsoft-edge-dev
+whitelist ${HOME}/.cache/microsoft-edge-dev
+whitelist ${HOME}/.config/microsoft-edge-dev
 
 private-opt microsoft
 
diff --git a/etc/profile-m-z/midori.profile b/etc/profile-m-z/midori.profile
index c4a444e0d6d..e152596083a 100644
--- a/etc/profile-m-z/midori.profile
+++ b/etc/profile-m-z/midori.profile
@@ -9,17 +9,17 @@ include globals.local
 # noexec ${HOME} breaks DRM binaries.
 ?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
 
-nodeny  ${HOME}/.cache/midori
-nodeny  ${HOME}/.config/midori
-nodeny  ${HOME}/.local/share/midori
+noblacklist ${HOME}/.cache/midori
+noblacklist ${HOME}/.config/midori
+noblacklist ${HOME}/.local/share/midori
 # noblacklist ${HOME}/.local/share/webkit
 # noblacklist ${HOME}/.local/share/webkitgtk
-nodeny  ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.pki
+noblacklist ${HOME}/.local/share/pki
 
-nodeny  ${HOME}/.cache/gnome-mplayer
-nodeny  ${HOME}/.config/gnome-mplayer
-nodeny  ${HOME}/.lastpass
+noblacklist ${HOME}/.cache/gnome-mplayer
+noblacklist ${HOME}/.config/gnome-mplayer
+noblacklist ${HOME}/.lastpass
 
 include disable-common.inc
 include disable-devel.inc
@@ -36,17 +36,17 @@ mkdir ${HOME}/.local/share/webkit
 mkdir ${HOME}/.local/share/webkitgtk
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
-allow  ${HOME}/.cache/gnome-mplayer/plugin
-allow  ${HOME}/.cache/midori
-allow  ${HOME}/.config/gnome-mplayer
-allow  ${HOME}/.config/midori
-allow  ${HOME}/.lastpass
-allow  ${HOME}/.local/share/midori
-allow  ${HOME}/.local/share/webkit
-allow  ${HOME}/.local/share/webkitgtk
-allow  ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.cache/midori
+whitelist ${HOME}/.config/gnome-mplayer
+whitelist ${HOME}/.config/midori
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.local/share/midori
+whitelist ${HOME}/.local/share/webkit
+whitelist ${HOME}/.local/share/webkitgtk
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.local/share/pki
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/min.profile b/etc/profile-m-z/min.profile
index 2143321845d..7f3aeab4475 100644
--- a/etc/profile-m-z/min.profile
+++ b/etc/profile-m-z/min.profile
@@ -6,10 +6,10 @@ include min.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Min
+noblacklist ${HOME}/.config/Min
 
 mkdir ${HOME}/.config/Min
-allow  ${HOME}/.config/Min
+whitelist ${HOME}/.config/Min
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-m-z/mindless.profile b/etc/profile-m-z/mindless.profile
index ee8402b87bb..fbf6b58e87e 100644
--- a/etc/profile-m-z/mindless.profile
+++ b/etc/profile-m-z/mindless.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/mindless
+whitelist /usr/share/mindless
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/minecraft-launcher.profile b/etc/profile-m-z/minecraft-launcher.profile
index 595313851af..1028e374ad5 100644
--- a/etc/profile-m-z/minecraft-launcher.profile
+++ b/etc/profile-m-z/minecraft-launcher.profile
@@ -11,7 +11,7 @@ include globals.local
 
 ignore noexec ${HOME}
 
-nodeny  ${HOME}/.minecraft
+noblacklist ${HOME}/.minecraft
 
 include allow-java.inc
 
@@ -25,7 +25,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.minecraft
-allow  ${HOME}/.minecraft
+whitelist ${HOME}/.minecraft
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/minetest.profile b/etc/profile-m-z/minetest.profile
index 11d0859b7c2..cad1adbda35 100644
--- a/etc/profile-m-z/minetest.profile
+++ b/etc/profile-m-z/minetest.profile
@@ -9,8 +9,8 @@ include globals.local
 # In order to save in-game screenshots to a persistent location edit ~/.minetest/minetest.conf:
 #   screenshot_path = /home/<USER>/.minetest/screenshots
 
-nodeny  ${HOME}/.cache/minetest
-nodeny  ${HOME}/.minetest
+noblacklist ${HOME}/.cache/minetest
+noblacklist ${HOME}/.minetest
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -26,10 +26,10 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/minetest
 mkdir ${HOME}/.minetest
-allow  ${HOME}/.cache/minetest
-allow  ${HOME}/.minetest
-allow  /usr/share/games/minetest
-allow  /usr/share/minetest
+whitelist ${HOME}/.cache/minetest
+whitelist ${HOME}/.minetest
+whitelist /usr/share/games/minetest
+whitelist /usr/share/minetest
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/minitube.profile b/etc/profile-m-z/minitube.profile
index 192913dbfdc..3fe3428d096 100644
--- a/etc/profile-m-z/minitube.profile
+++ b/etc/profile-m-z/minitube.profile
@@ -6,10 +6,10 @@ include minitube.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${PICTURES}
-nodeny  ${HOME}/.cache/Flavio Tordini
-nodeny  ${HOME}/.config/Flavio Tordini
-nodeny  ${HOME}/.local/share/Flavio Tordini
+noblacklist ${PICTURES}
+noblacklist ${HOME}/.cache/Flavio Tordini
+noblacklist ${HOME}/.config/Flavio Tordini
+noblacklist ${HOME}/.local/share/Flavio Tordini
 
 include allow-lua.inc
 
@@ -25,11 +25,11 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/Flavio Tordini
 mkdir ${HOME}/.config/Flavio Tordini
 mkdir ${HOME}/.local/share/Flavio Tordini
-allow  ${PICTURES}
-allow  ${HOME}/.cache/Flavio Tordini
-allow  ${HOME}/.config/Flavio Tordini
-allow  ${HOME}/.local/share/Flavio Tordini
-allow  /usr/share/minitube
+whitelist ${PICTURES}
+whitelist ${HOME}/.cache/Flavio Tordini
+whitelist ${HOME}/.config/Flavio Tordini
+whitelist ${HOME}/.local/share/Flavio Tordini
+whitelist /usr/share/minitube
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/mirage.profile b/etc/profile-m-z/mirage.profile
index b2f2cc5b142..50500928302 100644
--- a/etc/profile-m-z/mirage.profile
+++ b/etc/profile-m-z/mirage.profile
@@ -6,10 +6,10 @@ include mirage.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/mirage
-nodeny  ${HOME}/.config/mirage
-nodeny  ${HOME}/.local/share/mirage
-nodeny  /sbin
+noblacklist ${HOME}/.cache/mirage
+noblacklist ${HOME}/.config/mirage
+noblacklist ${HOME}/.local/share/mirage
+noblacklist /sbin
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -27,10 +27,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/mirage
 mkdir ${HOME}/.config/mirage
 mkdir ${HOME}/.local/share/mirage
-allow  ${HOME}/.cache/mirage
-allow  ${HOME}/.config/mirage
-allow  ${HOME}/.local/share/mirage
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.cache/mirage
+whitelist ${HOME}/.config/mirage
+whitelist ${HOME}/.local/share/mirage
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/mirrormagic.profile b/etc/profile-m-z/mirrormagic.profile
index d5ebfd4b09b..58dfd56f597 100644
--- a/etc/profile-m-z/mirrormagic.profile
+++ b/etc/profile-m-z/mirrormagic.profile
@@ -6,7 +6,7 @@ include mirrormagic.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.mirrormagic
+noblacklist ${HOME}/.mirrormagic
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.mirrormagic
-allow  ${HOME}/.mirrormagic
-allow  /usr/share/mirrormagic
+whitelist ${HOME}/.mirrormagic
+whitelist /usr/share/mirrormagic
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/mocp.profile b/etc/profile-m-z/mocp.profile
index b734bd7c020..e71ba456900 100644
--- a/etc/profile-m-z/mocp.profile
+++ b/etc/profile-m-z/mocp.profile
@@ -7,8 +7,8 @@ include mocp.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.moc
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.moc
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mousepad.profile b/etc/profile-m-z/mousepad.profile
index a02b29b6101..98063fa7c7e 100644
--- a/etc/profile-m-z/mousepad.profile
+++ b/etc/profile-m-z/mousepad.profile
@@ -6,7 +6,7 @@ include mousepad.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Mousepad
+noblacklist ${HOME}/.config/Mousepad
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mp3splt-gtk.profile b/etc/profile-m-z/mp3splt-gtk.profile
index f47384753f6..37ce60e042b 100644
--- a/etc/profile-m-z/mp3splt-gtk.profile
+++ b/etc/profile-m-z/mp3splt-gtk.profile
@@ -6,7 +6,7 @@ include mp3splt-gtk.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.mp3splt-gtk
+noblacklist ${HOME}/.mp3splt-gtk
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mp3splt.profile b/etc/profile-m-z/mp3splt.profile
index 8a2ab15bdb8..070de845194 100644
--- a/etc/profile-m-z/mp3splt.profile
+++ b/etc/profile-m-z/mp3splt.profile
@@ -6,9 +6,9 @@ include mp3splt.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mpDris2.profile b/etc/profile-m-z/mpDris2.profile
index 6994b04292e..55a0b589725 100644
--- a/etc/profile-m-z/mpDris2.profile
+++ b/etc/profile-m-z/mpDris2.profile
@@ -6,13 +6,13 @@ include mpDris2.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/mpDris2
+noblacklist ${HOME}/.config/mpDris2
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
 include allow-python3.inc
 
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,10 +23,10 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  ${MUSIC}
+whitelist ${MUSIC}
 
 mkdir ${HOME}/.config/mpDris2
-allow  ${HOME}/.config/mpDris2
+whitelist ${HOME}/.config/mpDris2
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/mpd.profile b/etc/profile-m-z/mpd.profile
index 8b3350ac808..b517d4ab254 100644
--- a/etc/profile-m-z/mpd.profile
+++ b/etc/profile-m-z/mpd.profile
@@ -6,10 +6,10 @@ include mpd.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/mpd
-nodeny  ${HOME}/.mpd
-nodeny  ${HOME}/.mpdconf
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.config/mpd
+noblacklist ${HOME}/.mpd
+noblacklist ${HOME}/.mpdconf
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mpg123.profile b/etc/profile-m-z/mpg123.profile
index 03bd44daaef..25187e89429 100644
--- a/etc/profile-m-z/mpg123.profile
+++ b/etc/profile-m-z/mpg123.profile
@@ -7,7 +7,7 @@ include mpg123.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mplayer.profile b/etc/profile-m-z/mplayer.profile
index 84754aeb250..5d023b7f11c 100644
--- a/etc/profile-m-z/mplayer.profile
+++ b/etc/profile-m-z/mplayer.profile
@@ -6,7 +6,7 @@ include mplayer.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.mplayer
+noblacklist ${HOME}/.mplayer
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 
 read-only ${DESKTOP}
 mkdir ${HOME}/.mplayer
-allow  ${HOME}/.mplayer
+whitelist ${HOME}/.mplayer
 include whitelist-common.inc
 include whitelist-player-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/mpsyt.profile b/etc/profile-m-z/mpsyt.profile
index d355191035e..bfe57a132e9 100644
--- a/etc/profile-m-z/mpsyt.profile
+++ b/etc/profile-m-z/mpsyt.profile
@@ -6,12 +6,12 @@ include mpsyt.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/mps-youtube
-nodeny  ${HOME}/.config/mpv
-nodeny  ${HOME}/.config/youtube-dl
-nodeny  ${HOME}/.mplayer
-nodeny  ${HOME}/.netrc
-nodeny  ${HOME}/mps
+noblacklist ${HOME}/.config/mps-youtube
+noblacklist ${HOME}/.config/mpv
+noblacklist ${HOME}/.config/youtube-dl
+noblacklist ${HOME}/.mplayer
+noblacklist ${HOME}/.netrc
+noblacklist ${HOME}/mps
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -20,8 +20,8 @@ include allow-lua.inc
 include allow-python2.inc
 include allow-python3.inc
 
-nodeny  ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -37,12 +37,12 @@ mkdir ${HOME}/.config/mpv
 mkdir ${HOME}/.config/youtube-dl
 mkdir ${HOME}/.mplayer
 mkdir ${HOME}/mps
-allow  ${HOME}/.config/mps-youtube
-allow  ${HOME}/.config/mpv
-allow  ${HOME}/.config/youtube-dl
-allow  ${HOME}/.mplayer
-allow  ${HOME}/.netrc
-allow  ${HOME}/mps
+whitelist ${HOME}/.config/mps-youtube
+whitelist ${HOME}/.config/mpv
+whitelist ${HOME}/.config/youtube-dl
+whitelist ${HOME}/.mplayer
+whitelist ${HOME}/.netrc
+whitelist ${HOME}/mps
 include whitelist-common.inc
 include whitelist-player-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/mpv.profile b/etc/profile-m-z/mpv.profile
index 4ea2dd34846..af5c214f792 100644
--- a/etc/profile-m-z/mpv.profile
+++ b/etc/profile-m-z/mpv.profile
@@ -24,9 +24,9 @@ include globals.local
 #include allow-bin-sh.inc
 #private-bin sh
 
-nodeny  ${HOME}/.config/mpv
-nodeny  ${HOME}/.config/youtube-dl
-nodeny  ${HOME}/.netrc
+noblacklist ${HOME}/.config/mpv
+noblacklist ${HOME}/.config/youtube-dl
+noblacklist ${HOME}/.netrc
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -35,7 +35,7 @@ include allow-lua.inc
 include allow-python2.inc
 include allow-python3.inc
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -49,14 +49,14 @@ read-only ${DESKTOP}
 mkdir ${HOME}/.config/mpv
 mkdir ${HOME}/.config/youtube-dl
 mkfile ${HOME}/.netrc
-allow  ${HOME}/.config/mpv
-allow  ${HOME}/.config/youtube-dl
-allow  ${HOME}/.netrc
+whitelist ${HOME}/.config/mpv
+whitelist ${HOME}/.config/youtube-dl
+whitelist ${HOME}/.netrc
 include whitelist-common.inc
 include whitelist-player-common.inc
-allow  /usr/share/lua
-allow  /usr/share/lua*
-allow  /usr/share/vulkan
+whitelist /usr/share/lua
+whitelist /usr/share/lua*
+whitelist /usr/share/vulkan
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/mrrescue.profile b/etc/profile-m-z/mrrescue.profile
index a8c49a69087..e3ceb3bd450 100644
--- a/etc/profile-m-z/mrrescue.profile
+++ b/etc/profile-m-z/mrrescue.profile
@@ -6,7 +6,7 @@ include mrrescue.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/love
+noblacklist ${HOME}/.local/share/love
 
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -14,7 +14,7 @@ include allow-bin-sh.inc
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -26,8 +26,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/love
-allow  ${HOME}/.local/share/love
-allow  /usr/share/mrrescue
+whitelist ${HOME}/.local/share/love
+whitelist /usr/share/mrrescue
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/ms-excel.profile b/etc/profile-m-z/ms-excel.profile
index 5fea86ae7f2..db24e8f9bbc 100644
--- a/etc/profile-m-z/ms-excel.profile
+++ b/etc/profile-m-z/ms-excel.profile
@@ -6,7 +6,7 @@ include ms-excel.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.cache/ms-excel-online
+noblacklist ${HOME}/.cache/ms-excel-online
 private-bin ms-excel
 
 # Redirect
diff --git a/etc/profile-m-z/ms-office.profile b/etc/profile-m-z/ms-office.profile
index 4033627f757..38fc84ecca5 100644
--- a/etc/profile-m-z/ms-office.profile
+++ b/etc/profile-m-z/ms-office.profile
@@ -5,8 +5,8 @@ include ms-office.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/ms-office-online
-nodeny  ${HOME}/.jak
+noblacklist ${HOME}/.cache/ms-office-online
+noblacklist ${HOME}/.jak
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/ms-onenote.profile b/etc/profile-m-z/ms-onenote.profile
index 805de5102ab..9ea0637bdea 100644
--- a/etc/profile-m-z/ms-onenote.profile
+++ b/etc/profile-m-z/ms-onenote.profile
@@ -6,7 +6,7 @@ include ms-onenote.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.cache/ms-onenote-online
+noblacklist ${HOME}/.cache/ms-onenote-online
 private-bin ms-onenote
 
 # Redirect
diff --git a/etc/profile-m-z/ms-outlook.profile b/etc/profile-m-z/ms-outlook.profile
index bd14fb7d3e3..fc3e7c0090c 100644
--- a/etc/profile-m-z/ms-outlook.profile
+++ b/etc/profile-m-z/ms-outlook.profile
@@ -6,7 +6,7 @@ include ms-outlook.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.cache/ms-outlook-online
+noblacklist ${HOME}/.cache/ms-outlook-online
 private-bin ms-outlook
 
 # Redirect
diff --git a/etc/profile-m-z/ms-powerpoint.profile b/etc/profile-m-z/ms-powerpoint.profile
index 02a7424e225..dadcd5b1e6f 100644
--- a/etc/profile-m-z/ms-powerpoint.profile
+++ b/etc/profile-m-z/ms-powerpoint.profile
@@ -6,7 +6,7 @@ include ms-powerpoint.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.cache/ms-powerpoint-online
+noblacklist ${HOME}/.cache/ms-powerpoint-online
 private-bin ms-powerpoint
 
 # Redirect
diff --git a/etc/profile-m-z/ms-skype.profile b/etc/profile-m-z/ms-skype.profile
index 01729f9a201..df16183610b 100644
--- a/etc/profile-m-z/ms-skype.profile
+++ b/etc/profile-m-z/ms-skype.profile
@@ -8,7 +8,7 @@ include ms-skype.local
 
 ignore novideo
 
-nodeny  ${HOME}/.cache/ms-skype-online
+noblacklist ${HOME}/.cache/ms-skype-online
 
 private-bin ms-skype
 
diff --git a/etc/profile-m-z/ms-word.profile b/etc/profile-m-z/ms-word.profile
index 34cf02128f6..5a617a89327 100644
--- a/etc/profile-m-z/ms-word.profile
+++ b/etc/profile-m-z/ms-word.profile
@@ -6,7 +6,7 @@ include ms-word.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.cache/ms-word-online
+noblacklist ${HOME}/.cache/ms-word-online
 private-bin ms-word
 
 # Redirect
diff --git a/etc/profile-m-z/mtpaint.profile b/etc/profile-m-z/mtpaint.profile
index ec7cd5d04b1..85c3ee9f2a0 100644
--- a/etc/profile-m-z/mtpaint.profile
+++ b/etc/profile-m-z/mtpaint.profile
@@ -6,7 +6,7 @@ include mtpaint.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/multimc5.profile b/etc/profile-m-z/multimc5.profile
index 447e7753f17..6df681df181 100644
--- a/etc/profile-m-z/multimc5.profile
+++ b/etc/profile-m-z/multimc5.profile
@@ -5,9 +5,9 @@ include multimc5.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/multimc
-nodeny  ${HOME}/.local/share/multimc5
-nodeny  ${HOME}/.multimc5
+noblacklist ${HOME}/.local/share/multimc
+noblacklist ${HOME}/.local/share/multimc5
+noblacklist ${HOME}/.multimc5
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -22,9 +22,9 @@ include disable-programs.inc
 mkdir ${HOME}/.local/share/multimc
 mkdir ${HOME}/.local/share/multimc5
 mkdir ${HOME}/.multimc5
-allow  ${HOME}/.local/share/multimc
-allow  ${HOME}/.local/share/multimc5
-allow  ${HOME}/.multimc5
+whitelist ${HOME}/.local/share/multimc
+whitelist ${HOME}/.local/share/multimc5
+whitelist ${HOME}/.multimc5
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/mumble.profile b/etc/profile-m-z/mumble.profile
index 1d72e07b87f..c7f59c5eea5 100644
--- a/etc/profile-m-z/mumble.profile
+++ b/etc/profile-m-z/mumble.profile
@@ -6,9 +6,9 @@ include mumble.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Mumble
-nodeny  ${HOME}/.local/share/data/Mumble
-nodeny  ${HOME}/.local/share/Mumble
+noblacklist ${HOME}/.config/Mumble
+noblacklist ${HOME}/.local/share/data/Mumble
+noblacklist ${HOME}/.local/share/Mumble
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,9 +21,9 @@ include disable-shell.inc
 mkdir ${HOME}/.config/Mumble
 mkdir ${HOME}/.local/share/data/Mumble
 mkdir ${HOME}/.local/share/Mumble
-allow  ${HOME}/.config/Mumble
-allow  ${HOME}/.local/share/data/Mumble
-allow  ${HOME}/.local/share/Mumble
+whitelist ${HOME}/.config/Mumble
+whitelist ${HOME}/.local/share/data/Mumble
+whitelist ${HOME}/.local/share/Mumble
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/mupdf-gl.profile b/etc/profile-m-z/mupdf-gl.profile
index c208a5e542e..be94a908314 100644
--- a/etc/profile-m-z/mupdf-gl.profile
+++ b/etc/profile-m-z/mupdf-gl.profile
@@ -7,7 +7,7 @@ include mupdf-gl.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.mupdf.history
+noblacklist ${HOME}/.mupdf.history
 
 # Redirect
 include mupdf.profile
diff --git a/etc/profile-m-z/mupdf.profile b/etc/profile-m-z/mupdf.profile
index e602b14290b..9e4609c4839 100644
--- a/etc/profile-m-z/mupdf.profile
+++ b/etc/profile-m-z/mupdf.profile
@@ -6,7 +6,7 @@ include mupdf.local
 # Persistent global definitions
 #include globals.local
 
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mupen64plus.profile b/etc/profile-m-z/mupen64plus.profile
index ecc7e2957a2..00983a8f3e9 100644
--- a/etc/profile-m-z/mupen64plus.profile
+++ b/etc/profile-m-z/mupen64plus.profile
@@ -6,8 +6,8 @@ include mupen64plus.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/mupen64plus
-nodeny  ${HOME}/.local/share/mupen64plus
+noblacklist ${HOME}/.config/mupen64plus
+noblacklist ${HOME}/.local/share/mupen64plus
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 # you'll need to manually whitelist ROM files
 mkdir ${HOME}/.config/mupen64plus
 mkdir ${HOME}/.local/share/mupen64plus
-allow  ${HOME}/.config/mupen64plus
-allow  ${HOME}/.local/share/mupen64plus
+whitelist ${HOME}/.config/mupen64plus
+whitelist ${HOME}/.local/share/mupen64plus
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/musescore.profile b/etc/profile-m-z/musescore.profile
index aa141f9c086..679e82ae8d9 100644
--- a/etc/profile-m-z/musescore.profile
+++ b/etc/profile-m-z/musescore.profile
@@ -6,12 +6,12 @@ include musescore.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/MusE
-nodeny  ${HOME}/.config/MuseScore
-nodeny  ${HOME}/.local/share/data/MusE
-nodeny  ${HOME}/.local/share/data/MuseScore
-nodeny  ${DOCUMENTS}
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.config/MusE
+noblacklist ${HOME}/.config/MuseScore
+noblacklist ${HOME}/.local/share/data/MusE
+noblacklist ${HOME}/.local/share/data/MuseScore
+noblacklist ${DOCUMENTS}
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/musictube.profile b/etc/profile-m-z/musictube.profile
index 5ab1303a27e..04500ac6a8e 100644
--- a/etc/profile-m-z/musictube.profile
+++ b/etc/profile-m-z/musictube.profile
@@ -6,9 +6,9 @@ include musictube.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/Flavio Tordini
-nodeny  ${HOME}/.config/Flavio Tordini
-nodeny  ${HOME}/.local/share/Flavio Tordini
+noblacklist ${HOME}/.cache/Flavio Tordini
+noblacklist ${HOME}/.config/Flavio Tordini
+noblacklist ${HOME}/.local/share/Flavio Tordini
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,10 +22,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/Flavio Tordini
 mkdir ${HOME}/.config/Flavio Tordini
 mkdir ${HOME}/.local/share/Flavio Tordini
-allow  ${HOME}/.cache/Flavio Tordini
-allow  ${HOME}/.config/Flavio Tordini
-allow  ${HOME}/.local/share/Flavio Tordini
-allow  /usr/share/musictube
+whitelist ${HOME}/.cache/Flavio Tordini
+whitelist ${HOME}/.config/Flavio Tordini
+whitelist ${HOME}/.local/share/Flavio Tordini
+whitelist /usr/share/musictube
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/musixmatch.profile b/etc/profile-m-z/musixmatch.profile
index 9390f9dcf3e..74b3e9a5ffb 100644
--- a/etc/profile-m-z/musixmatch.profile
+++ b/etc/profile-m-z/musixmatch.profile
@@ -5,7 +5,7 @@ include musixmatch.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile
index 91606bdfab9..debf816598f 100644
--- a/etc/profile-m-z/mutt.profile
+++ b/etc/profile-m-z/mutt.profile
@@ -7,36 +7,36 @@ include mutt.local
 # Persistent global definitions
 include globals.local
 
-nodeny  /var/mail
-nodeny  /var/spool/mail
-nodeny  ${DOCUMENTS}
-nodeny  ${HOME}/.Mail
-nodeny  ${HOME}/.bogofilter
-nodeny  ${HOME}/.cache/mutt
-nodeny  ${HOME}/.config/mutt
-nodeny  ${HOME}/.config/nano
-nodeny  ${HOME}/.elinks
-nodeny  ${HOME}/.emacs
-nodeny  ${HOME}/.emacs.d
-nodeny  ${HOME}/.gnupg
-nodeny  ${HOME}/.mail
-nodeny  ${HOME}/.mailcap
-nodeny  ${HOME}/.msmtprc
-nodeny  ${HOME}/.mutt
-nodeny  ${HOME}/.muttrc
-nodeny  ${HOME}/.nanorc
-nodeny  ${HOME}/.signature
-nodeny  ${HOME}/.vim
-nodeny  ${HOME}/.viminfo
-nodeny  ${HOME}/.vimrc
-nodeny  ${HOME}/.w3m
-nodeny  ${HOME}/Mail
-nodeny  ${HOME}/mail
-nodeny  ${HOME}/postponed
-nodeny  ${HOME}/sent
+noblacklist /var/mail
+noblacklist /var/spool/mail
+noblacklist ${DOCUMENTS}
+noblacklist ${HOME}/.Mail
+noblacklist ${HOME}/.bogofilter
+noblacklist ${HOME}/.cache/mutt
+noblacklist ${HOME}/.config/mutt
+noblacklist ${HOME}/.config/nano
+noblacklist ${HOME}/.elinks
+noblacklist ${HOME}/.emacs
+noblacklist ${HOME}/.emacs.d
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.mail
+noblacklist ${HOME}/.mailcap
+noblacklist ${HOME}/.msmtprc
+noblacklist ${HOME}/.mutt
+noblacklist ${HOME}/.muttrc
+noblacklist ${HOME}/.nanorc
+noblacklist ${HOME}/.signature
+noblacklist ${HOME}/.vim
+noblacklist ${HOME}/.viminfo
+noblacklist ${HOME}/.vimrc
+noblacklist ${HOME}/.w3m
+noblacklist ${HOME}/Mail
+noblacklist ${HOME}/mail
+noblacklist ${HOME}/postponed
+noblacklist ${HOME}/sent
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 # Add the next lines to your mutt.local for oauth.py,S/MIME support.
 #include allow-perl.inc
@@ -75,37 +75,37 @@ mkfile ${HOME}/.nanorc
 mkfile ${HOME}/.signature
 mkfile ${HOME}/.viminfo
 mkfile ${HOME}/.vimrc
-allow  ${DOCUMENTS}
-allow  ${DOWNLOADS}
-allow  ${HOME}/.Mail
-allow  ${HOME}/.bogofilter
-allow  ${HOME}/.cache/mutt
-allow  ${HOME}/.config/mutt
-allow  ${HOME}/.config/nano
-allow  ${HOME}/.elinks
-allow  ${HOME}/.emacs
-allow  ${HOME}/.emacs.d
-allow  ${HOME}/.gnupg
-allow  ${HOME}/.mail
-allow  ${HOME}/.mailcap
-allow  ${HOME}/.msmtprc
-allow  ${HOME}/.mutt
-allow  ${HOME}/.muttrc
-allow  ${HOME}/.nanorc
-allow  ${HOME}/.signature
-allow  ${HOME}/.vim
-allow  ${HOME}/.viminfo
-allow  ${HOME}/.vimrc
-allow  ${HOME}/.w3m
-allow  ${HOME}/Mail
-allow  ${HOME}/mail
-allow  ${HOME}/postponed
-allow  ${HOME}/sent
-allow  /usr/share/gnupg
-allow  /usr/share/gnupg2
-allow  /usr/share/mutt
-allow  /var/mail
-allow  /var/spool/mail
+whitelist ${DOCUMENTS}
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.Mail
+whitelist ${HOME}/.bogofilter
+whitelist ${HOME}/.cache/mutt
+whitelist ${HOME}/.config/mutt
+whitelist ${HOME}/.config/nano
+whitelist ${HOME}/.elinks
+whitelist ${HOME}/.emacs
+whitelist ${HOME}/.emacs.d
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.mail
+whitelist ${HOME}/.mailcap
+whitelist ${HOME}/.msmtprc
+whitelist ${HOME}/.mutt
+whitelist ${HOME}/.muttrc
+whitelist ${HOME}/.nanorc
+whitelist ${HOME}/.signature
+whitelist ${HOME}/.vim
+whitelist ${HOME}/.viminfo
+whitelist ${HOME}/.vimrc
+whitelist ${HOME}/.w3m
+whitelist ${HOME}/Mail
+whitelist ${HOME}/mail
+whitelist ${HOME}/postponed
+whitelist ${HOME}/sent
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
+whitelist /usr/share/mutt
+whitelist /var/mail
+whitelist /var/spool/mail
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/mypaint.profile b/etc/profile-m-z/mypaint.profile
index 19af474987d..d8d487fe79a 100644
--- a/etc/profile-m-z/mypaint.profile
+++ b/etc/profile-m-z/mypaint.profile
@@ -6,10 +6,10 @@ include mypaint.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/mypaint
-nodeny  ${HOME}/.config/mypaint
-nodeny  ${HOME}/.local/share/mypaint
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.cache/mypaint
+noblacklist ${HOME}/.config/mypaint
+noblacklist ${HOME}/.local/share/mypaint
+noblacklist ${PICTURES}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/nano.profile b/etc/profile-m-z/nano.profile
index f0553bed5dd..4698c22872d 100644
--- a/etc/profile-m-z/nano.profile
+++ b/etc/profile-m-z/nano.profile
@@ -7,10 +7,10 @@ include nano.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  ${HOME}/.config/nano
-nodeny  ${HOME}/.nanorc
+noblacklist ${HOME}/.config/nano
+noblacklist ${HOME}/.nanorc
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-allow  /usr/share/nano
+whitelist /usr/share/nano
 include whitelist-usr-share-common.inc
 
 apparmor
diff --git a/etc/profile-m-z/natron.profile b/etc/profile-m-z/natron.profile
index 35d15274852..5bf152f8447 100644
--- a/etc/profile-m-z/natron.profile
+++ b/etc/profile-m-z/natron.profile
@@ -5,9 +5,9 @@ include natron.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.Natron
-nodeny  ${HOME}/.cache/INRIA/Natron
-nodeny  ${HOME}/.config/INRIA
+noblacklist ${HOME}/.Natron
+noblacklist ${HOME}/.cache/INRIA/Natron
+noblacklist ${HOME}/.config/INRIA
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/ncdu.profile b/etc/profile-m-z/ncdu.profile
index 38646dc90b9..063e30366c8 100644
--- a/etc/profile-m-z/ncdu.profile
+++ b/etc/profile-m-z/ncdu.profile
@@ -6,7 +6,7 @@ include ncdu.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
 include disable-exec.inc
 
diff --git a/etc/profile-m-z/neochat.profile b/etc/profile-m-z/neochat.profile
index ceb88590862..9f00448c819 100644
--- a/etc/profile-m-z/neochat.profile
+++ b/etc/profile-m-z/neochat.profile
@@ -6,12 +6,12 @@ include neochat.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/KDE/neochat
-nodeny  ${HOME}/.config/KDE
-nodeny  ${HOME}/.config/KDE/neochat
-nodeny  ${HOME}/.config/neochatrc
-nodeny  ${HOME}/.config/neochat.notifyrc
-nodeny  ${HOME}/.local/share/KDE/neochat
+noblacklist ${HOME}/.cache/KDE/neochat
+noblacklist ${HOME}/.config/KDE
+noblacklist ${HOME}/.config/KDE/neochat
+noblacklist ${HOME}/.config/neochatrc
+noblacklist ${HOME}/.config/neochat.notifyrc
+noblacklist ${HOME}/.local/share/KDE/neochat
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,9 +24,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/KDE/neochat
 mkdir ${HOME}/.local/share/KDE/neochat
-allow  ${HOME}/.cache/KDE/neochat
-allow  ${HOME}/.local/share/KDE/neochat
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.cache/KDE/neochat
+whitelist ${HOME}/.local/share/KDE/neochat
+whitelist ${DOWNLOADS}
 include whitelist-1793-workaround.inc
 include whitelist-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile
index 939d6f111d2..fafa129e4ab 100644
--- a/etc/profile-m-z/neomutt.profile
+++ b/etc/profile-m-z/neomutt.profile
@@ -7,38 +7,38 @@ include neomutt.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${DOCUMENTS}
-nodeny  ${HOME}/.Mail
-nodeny  ${HOME}/.bogofilter
-nodeny  ${HOME}/.config/mutt
-nodeny  ${HOME}/.config/nano
-nodeny  ${HOME}/.config/neomutt
-nodeny  ${HOME}/.elinks
-nodeny  ${HOME}/.emacs
-nodeny  ${HOME}/.emacs.d
-nodeny  ${HOME}/.gnupg
-nodeny  ${HOME}/.mail
-nodeny  ${HOME}/.mailcap
-nodeny  ${HOME}/.msmtprc
-nodeny  ${HOME}/.mutt
-nodeny  ${HOME}/.muttrc
-nodeny  ${HOME}/.nanorc
-nodeny  ${HOME}/.neomutt
-nodeny  ${HOME}/.neomuttrc
-nodeny  ${HOME}/.signature
-nodeny  ${HOME}/.vim
-nodeny  ${HOME}/.viminfo
-nodeny  ${HOME}/.vimrc
-nodeny  ${HOME}/.w3m
-nodeny  ${HOME}/Mail
-nodeny  ${HOME}/mail
-nodeny  ${HOME}/postponed
-nodeny  ${HOME}/sent
-nodeny  /var/mail
-nodeny  /var/spool/mail
+noblacklist ${DOCUMENTS}
+noblacklist ${HOME}/.Mail
+noblacklist ${HOME}/.bogofilter
+noblacklist ${HOME}/.config/mutt
+noblacklist ${HOME}/.config/nano
+noblacklist ${HOME}/.config/neomutt
+noblacklist ${HOME}/.elinks
+noblacklist ${HOME}/.emacs
+noblacklist ${HOME}/.emacs.d
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.mail
+noblacklist ${HOME}/.mailcap
+noblacklist ${HOME}/.msmtprc
+noblacklist ${HOME}/.mutt
+noblacklist ${HOME}/.muttrc
+noblacklist ${HOME}/.nanorc
+noblacklist ${HOME}/.neomutt
+noblacklist ${HOME}/.neomuttrc
+noblacklist ${HOME}/.signature
+noblacklist ${HOME}/.vim
+noblacklist ${HOME}/.viminfo
+noblacklist ${HOME}/.vimrc
+noblacklist ${HOME}/.w3m
+noblacklist ${HOME}/Mail
+noblacklist ${HOME}/mail
+noblacklist ${HOME}/postponed
+noblacklist ${HOME}/sent
+noblacklist /var/mail
+noblacklist /var/spool/mail
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include allow-lua.inc
 
@@ -76,39 +76,39 @@ mkfile ${HOME}/.neomuttrc
 mkfile ${HOME}/.signature
 mkfile ${HOME}/.viminfo
 mkfile ${HOME}/.vimrc
-allow  ${DOCUMENTS}
-allow  ${DOWNLOADS}
-allow  ${HOME}/.Mail
-allow  ${HOME}/.bogofilter
-allow  ${HOME}/.config/mutt
-allow  ${HOME}/.config/nano
-allow  ${HOME}/.config/neomutt
-allow  ${HOME}/.elinks
-allow  ${HOME}/.emacs
-allow  ${HOME}/.emacs.d
-allow  ${HOME}/.gnupg
-allow  ${HOME}/.mail
-allow  ${HOME}/.mailcap
-allow  ${HOME}/.msmtprc
-allow  ${HOME}/.mutt
-allow  ${HOME}/.muttrc
-allow  ${HOME}/.nanorc
-allow  ${HOME}/.neomutt
-allow  ${HOME}/.neomuttrc
-allow  ${HOME}/.signature
-allow  ${HOME}/.vim
-allow  ${HOME}/.viminfo
-allow  ${HOME}/.vimrc
-allow  ${HOME}/.w3m
-allow  ${HOME}/Mail
-allow  ${HOME}/mail
-allow  ${HOME}/postponed
-allow  ${HOME}/sent
-allow  /usr/share/gnupg
-allow  /usr/share/gnupg2
-allow  /usr/share/neomutt
-allow  /var/mail
-allow  /var/spool/mail
+whitelist ${DOCUMENTS}
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.Mail
+whitelist ${HOME}/.bogofilter
+whitelist ${HOME}/.config/mutt
+whitelist ${HOME}/.config/nano
+whitelist ${HOME}/.config/neomutt
+whitelist ${HOME}/.elinks
+whitelist ${HOME}/.emacs
+whitelist ${HOME}/.emacs.d
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.mail
+whitelist ${HOME}/.mailcap
+whitelist ${HOME}/.msmtprc
+whitelist ${HOME}/.mutt
+whitelist ${HOME}/.muttrc
+whitelist ${HOME}/.nanorc
+whitelist ${HOME}/.neomutt
+whitelist ${HOME}/.neomuttrc
+whitelist ${HOME}/.signature
+whitelist ${HOME}/.vim
+whitelist ${HOME}/.viminfo
+whitelist ${HOME}/.vimrc
+whitelist ${HOME}/.w3m
+whitelist ${HOME}/Mail
+whitelist ${HOME}/mail
+whitelist ${HOME}/postponed
+whitelist ${HOME}/sent
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
+whitelist /usr/share/neomutt
+whitelist /var/mail
+whitelist /var/spool/mail
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/netactview.profile b/etc/profile-m-z/netactview.profile
index 68297c11096..5d45dd7bc53 100644
--- a/etc/profile-m-z/netactview.profile
+++ b/etc/profile-m-z/netactview.profile
@@ -6,7 +6,7 @@ include netactview.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.netactview
+noblacklist ${HOME}/.netactview
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/.netactview
-allow  ${HOME}/.netactview
-allow  /usr/share/netactview
+whitelist ${HOME}/.netactview
+whitelist /usr/share/netactview
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/nethack-vultures.profile b/etc/profile-m-z/nethack-vultures.profile
index d5bf8a52a8c..c9a53737016 100644
--- a/etc/profile-m-z/nethack-vultures.profile
+++ b/etc/profile-m-z/nethack-vultures.profile
@@ -6,7 +6,7 @@ include nethack.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.vultures
+noblacklist ${HOME}/.vultures
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.vultures
-allow  ${HOME}/.vultures
-allow  /var/log/vultures
+whitelist ${HOME}/.vultures
+whitelist /var/log/vultures
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/nethack.profile b/etc/profile-m-z/nethack.profile
index 23b57bb5245..b57abe260bc 100644
--- a/etc/profile-m-z/nethack.profile
+++ b/etc/profile-m-z/nethack.profile
@@ -6,7 +6,7 @@ include nethack.local
 # Persistent global definitions
 include globals.local
 
-nodeny  /var/games/nethack
+noblacklist /var/games/nethack
 
 include disable-common.inc
 include disable-devel.inc
@@ -15,7 +15,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-allow  /var/games/nethack
+whitelist /var/games/nethack
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/netsurf.profile b/etc/profile-m-z/netsurf.profile
index b099d6f0c8f..0ddb7bbbe51 100644
--- a/etc/profile-m-z/netsurf.profile
+++ b/etc/profile-m-z/netsurf.profile
@@ -6,8 +6,8 @@ include netsurf.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/netsurf
-nodeny  ${HOME}/.config/netsurf
+noblacklist ${HOME}/.cache/netsurf
+noblacklist ${HOME}/.config/netsurf
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-programs.inc
 
 mkdir ${HOME}/.cache/netsurf
 mkdir ${HOME}/.config/netsurf
-allow  ${DOWNLOADS}
-allow  ${HOME}/.cache/netsurf
-allow  ${HOME}/.config/netsurf
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/netsurf
+whitelist ${HOME}/.config/netsurf
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/neverball.profile b/etc/profile-m-z/neverball.profile
index dad90a66ccb..ecfbb14e4f3 100644
--- a/etc/profile-m-z/neverball.profile
+++ b/etc/profile-m-z/neverball.profile
@@ -6,7 +6,7 @@ include neverball.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.neverball
+noblacklist ${HOME}/.neverball
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.neverball
-allow  ${HOME}/.neverball
-allow  /usr/share/neverball
+whitelist ${HOME}/.neverball
+whitelist /usr/share/neverball
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/newsbeuter.profile b/etc/profile-m-z/newsbeuter.profile
index c26ba4be00b..6efb19502d4 100644
--- a/etc/profile-m-z/newsbeuter.profile
+++ b/etc/profile-m-z/newsbeuter.profile
@@ -11,15 +11,15 @@ ignore include newsboat.local
 ignore mkdir ${HOME}/.config/newsboat
 ignore mkdir ${HOME}/.local/share/newsboat
 ignore mkdir ${HOME}/.newsboat
-deny  ${PATH}/newsboat
+blacklist ${PATH}/newsboat
 
-deny  ${HOME}/.config/newsboat
-deny  ${HOME}/.local/share/newsboat
-deny  ${HOME}/.newsboat
+blacklist ${HOME}/.config/newsboat
+blacklist ${HOME}/.local/share/newsboat
+blacklist ${HOME}/.newsboat
 
-noallow  ${HOME}/.config/newsboat
-noallow  ${HOME}/.local/share/newsboat
-noallow  ${HOME}/.newsboat
+nowhitelist ${HOME}/.config/newsboat
+nowhitelist ${HOME}/.local/share/newsboat
+nowhitelist ${HOME}/.newsboat
 
 mkdir ${HOME}/.config/newsbeuter
 mkdir ${HOME}/.local/share/newsbeuter
diff --git a/etc/profile-m-z/newsboat.profile b/etc/profile-m-z/newsboat.profile
index e34752b556b..13bc3a61581 100644
--- a/etc/profile-m-z/newsboat.profile
+++ b/etc/profile-m-z/newsboat.profile
@@ -6,12 +6,12 @@ include newsboat.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/newsbeuter
-nodeny  ${HOME}/.config/newsboat
-nodeny  ${HOME}/.local/share/newsbeuter
-nodeny  ${HOME}/.local/share/newsboat
-nodeny  ${HOME}/.newsbeuter
-nodeny  ${HOME}/.newsboat
+noblacklist ${HOME}/.config/newsbeuter
+noblacklist ${HOME}/.config/newsboat
+noblacklist ${HOME}/.local/share/newsbeuter
+noblacklist ${HOME}/.local/share/newsboat
+noblacklist ${HOME}/.newsbeuter
+noblacklist ${HOME}/.newsboat
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,12 +24,12 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/newsboat
 mkdir ${HOME}/.local/share/newsboat
 mkdir ${HOME}/.newsboat
-allow  ${HOME}/.config/newsbeuter
-allow  ${HOME}/.config/newsboat
-allow  ${HOME}/.local/share/newsbeuter
-allow  ${HOME}/.local/share/newsboat
-allow  ${HOME}/.newsbeuter
-allow  ${HOME}/.newsboat
+whitelist ${HOME}/.config/newsbeuter
+whitelist ${HOME}/.config/newsboat
+whitelist ${HOME}/.local/share/newsbeuter
+whitelist ${HOME}/.local/share/newsboat
+whitelist ${HOME}/.newsbeuter
+whitelist ${HOME}/.newsboat
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/newsflash.profile b/etc/profile-m-z/newsflash.profile
index 273628ea278..18d8c6ed4c4 100644
--- a/etc/profile-m-z/newsflash.profile
+++ b/etc/profile-m-z/newsflash.profile
@@ -6,9 +6,9 @@ include newsflash.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/NewsFlashGTK
-nodeny  ${HOME}/.config/news-flash
-nodeny  ${HOME}/.local/share/news-flash
+noblacklist ${HOME}/.cache/NewsFlashGTK
+noblacklist ${HOME}/.config/news-flash
+noblacklist ${HOME}/.local/share/news-flash
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,9 +22,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/NewsFlashGTK
 mkdir ${HOME}/.config/news-flash
 mkdir ${HOME}/.local/share/news-flash
-allow  ${HOME}/.cache/NewsFlashGTK
-allow  ${HOME}/.config/news-flash
-allow  ${HOME}/.local/share/news-flash
+whitelist ${HOME}/.cache/NewsFlashGTK
+whitelist ${HOME}/.config/news-flash
+whitelist ${HOME}/.local/share/news-flash
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/nextcloud.profile b/etc/profile-m-z/nextcloud.profile
index 7ba46691db1..9fd76fbe7cd 100644
--- a/etc/profile-m-z/nextcloud.profile
+++ b/etc/profile-m-z/nextcloud.profile
@@ -6,9 +6,9 @@ include nextcloud.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/Nextcloud
-nodeny  ${HOME}/.config/Nextcloud
-nodeny  ${HOME}/.local/share/Nextcloud
+noblacklist ${HOME}/Nextcloud
+noblacklist ${HOME}/.config/Nextcloud
+noblacklist ${HOME}/.local/share/Nextcloud
 # Add the next lines to your nextcloud.local to allow sync in more directories.
 #noblacklist ${DOCUMENTS}
 #noblacklist ${MUSIC}
@@ -27,9 +27,9 @@ include disable-xdg.inc
 mkdir ${HOME}/Nextcloud
 mkdir ${HOME}/.config/Nextcloud
 mkdir ${HOME}/.local/share/Nextcloud
-allow  ${HOME}/Nextcloud
-allow  ${HOME}/.config/Nextcloud
-allow  ${HOME}/.local/share/Nextcloud
+whitelist ${HOME}/Nextcloud
+whitelist ${HOME}/.config/Nextcloud
+whitelist ${HOME}/.local/share/Nextcloud
 # Add the next lines to your nextcloud.local to allow sync in more directories.
 #whitelist ${DOCUMENTS}
 #whitelist ${MUSIC}
diff --git a/etc/profile-m-z/nheko.profile b/etc/profile-m-z/nheko.profile
index 0149e0737f0..f8062891c5b 100644
--- a/etc/profile-m-z/nheko.profile
+++ b/etc/profile-m-z/nheko.profile
@@ -6,9 +6,9 @@ include nheko.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/nheko
-nodeny  ${HOME}/.config/nheko
-nodeny  ${HOME}/.local/share/nheko
+noblacklist ${HOME}/.cache/nheko
+noblacklist ${HOME}/.config/nheko
+noblacklist ${HOME}/.local/share/nheko
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,10 +22,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/nheko
 mkdir ${HOME}/.config/nheko
 mkdir ${HOME}/.local/share/nheko
-allow  ${HOME}/.cache/nheko
-allow  ${HOME}/.config/nheko
-allow  ${HOME}/.local/share/nheko
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.cache/nheko
+whitelist ${HOME}/.config/nheko
+whitelist ${HOME}/.local/share/nheko
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/nicotine.profile b/etc/profile-m-z/nicotine.profile
index b31a7babf6d..1c7dbc0092b 100644
--- a/etc/profile-m-z/nicotine.profile
+++ b/etc/profile-m-z/nicotine.profile
@@ -6,7 +6,7 @@ include nicotine.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.nicotine
+noblacklist ${HOME}/.nicotine
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -21,9 +21,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.nicotine
-allow  ${DOWNLOADS}
-allow  ${HOME}/.nicotine
-allow  /usr/share/GeoIP
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.nicotine
+whitelist /usr/share/GeoIP
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/nitroshare.profile b/etc/profile-m-z/nitroshare.profile
index 70fffd5d4f3..8dba84f02b9 100644
--- a/etc/profile-m-z/nitroshare.profile
+++ b/etc/profile-m-z/nitroshare.profile
@@ -6,8 +6,8 @@ include nitroshare.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Nathan Osman
-nodeny  ${HOME}/.config/NitroShare
+noblacklist ${HOME}/.config/Nathan Osman
+noblacklist ${HOME}/.config/NitroShare
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile
index 7981ba6ae9c..fa69f9214a7 100644
--- a/etc/profile-m-z/nodejs-common.profile
+++ b/etc/profile-m-z/nodejs-common.profile
@@ -7,22 +7,22 @@ include nodejs-common.local
 # added by caller profile
 #include globals.local
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
 
 ignore read-only ${HOME}/.npm-packages
 ignore read-only ${HOME}/.npmrc
 ignore read-only ${HOME}/.nvm
 ignore read-only ${HOME}/.yarnrc
 
-nodeny  ${HOME}/.node-gyp
-nodeny  ${HOME}/.npm
-nodeny  ${HOME}/.npmrc
-nodeny  ${HOME}/.nvm
-nodeny  ${HOME}/.yarn
-nodeny  ${HOME}/.yarn-config
-nodeny  ${HOME}/.yarncache
-nodeny  ${HOME}/.yarnrc
+noblacklist ${HOME}/.node-gyp
+noblacklist ${HOME}/.npm
+noblacklist ${HOME}/.npmrc
+noblacklist ${HOME}/.nvm
+noblacklist ${HOME}/.yarn
+noblacklist ${HOME}/.yarn-config
+noblacklist ${HOME}/.yarncache
+noblacklist ${HOME}/.yarnrc
 
 ignore noexec ${HOME}
 
@@ -58,9 +58,9 @@ include disable-xdg.inc
 #whitelist ${HOME}/Projects
 #include whitelist-common.inc
 
-allow  /usr/share/doc/node
-allow  /usr/share/nvm
-allow  /usr/share/systemtap/tapset/node.stp
+whitelist /usr/share/doc/node
+whitelist /usr/share/nvm
+whitelist /usr/share/systemtap/tapset/node.stp
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/nomacs.profile b/etc/profile-m-z/nomacs.profile
index 80fbd0fcb57..a36dee87428 100644
--- a/etc/profile-m-z/nomacs.profile
+++ b/etc/profile-m-z/nomacs.profile
@@ -6,10 +6,10 @@ include nomacs.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/nomacs
-nodeny  ${HOME}/.local/share/nomacs
-nodeny  ${HOME}/.local/share/data/nomacs
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.config/nomacs
+noblacklist ${HOME}/.local/share/nomacs
+noblacklist ${HOME}/.local/share/data/nomacs
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/notify-send.profile b/etc/profile-m-z/notify-send.profile
index a3bcc040c82..650118c9852 100644
--- a/etc/profile-m-z/notify-send.profile
+++ b/etc/profile-m-z/notify-send.profile
@@ -7,7 +7,7 @@ include notify-send.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/nslookup.profile b/etc/profile-m-z/nslookup.profile
index b3002ad0ed4..c7a131a2c86 100644
--- a/etc/profile-m-z/nslookup.profile
+++ b/etc/profile-m-z/nslookup.profile
@@ -7,10 +7,10 @@ include nslookup.local
 # Persistent global definitions
 include globals.local
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
 
-nodeny  ${PATH}/nslookup
+noblacklist ${PATH}/nslookup
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,7 +20,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  ${HOME}/.nslookuprc
+whitelist ${HOME}/.nslookuprc
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/nuclear.profile b/etc/profile-m-z/nuclear.profile
index 67f54f9fca8..886403b9ef9 100644
--- a/etc/profile-m-z/nuclear.profile
+++ b/etc/profile-m-z/nuclear.profile
@@ -8,12 +8,12 @@ include globals.local
 
 ignore dbus-user
 
-nodeny  ${HOME}/.config/nuclear
+noblacklist ${HOME}/.config/nuclear
 
 include disable-shell.inc
 
 mkdir ${HOME}/.config/nuclear
-allow  ${HOME}/.config/nuclear
+whitelist ${HOME}/.config/nuclear
 
 no3d
 
diff --git a/etc/profile-m-z/nylas.profile b/etc/profile-m-z/nylas.profile
index ee7710b9cd2..fe0c2116b2f 100644
--- a/etc/profile-m-z/nylas.profile
+++ b/etc/profile-m-z/nylas.profile
@@ -5,8 +5,8 @@ include nylas.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Nylas Mail
-nodeny  ${HOME}/.nylas-mail
+noblacklist ${HOME}/.config/Nylas Mail
+noblacklist ${HOME}/.nylas-mail
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-programs.inc
 
 mkdir ${HOME}/.config/Nylas Mail
 mkdir ${HOME}/.nylas-mail
-allow  ${DOWNLOADS}
-allow  ${HOME}/.config/Nylas Mail
-allow  ${HOME}/.nylas-mail
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.config/Nylas Mail
+whitelist ${HOME}/.nylas-mail
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/nyx.profile b/etc/profile-m-z/nyx.profile
index 1d606f70c0e..d040d42af94 100644
--- a/etc/profile-m-z/nyx.profile
+++ b/etc/profile-m-z/nyx.profile
@@ -10,7 +10,7 @@ include globals.local
 include allow-python2.inc
 include allow-python3.inc
 
-nodeny  ${HOME}/.nyx
+noblacklist ${HOME}/.nyx
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,7 +22,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.nyx
-allow  ${HOME}/.nyx
+whitelist ${HOME}/.nyx
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/obs.profile b/etc/profile-m-z/obs.profile
index f70bdc55af5..9345cee4fff 100644
--- a/etc/profile-m-z/obs.profile
+++ b/etc/profile-m-z/obs.profile
@@ -5,10 +5,10 @@ include obs.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/obs-studio
-nodeny  ${MUSIC}
-nodeny  ${PICTURES}
-nodeny  ${VIDEOS}
+noblacklist ${HOME}/.config/obs-studio
+noblacklist ${MUSIC}
+noblacklist ${PICTURES}
+noblacklist ${VIDEOS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/ocenaudio.profile b/etc/profile-m-z/ocenaudio.profile
index 792c2ffc6ca..7be68a20148 100644
--- a/etc/profile-m-z/ocenaudio.profile
+++ b/etc/profile-m-z/ocenaudio.profile
@@ -6,9 +6,9 @@ include ocenaudio.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/ocenaudio
-nodeny  ${DOCUMENTS}
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.local/share/ocenaudio
+noblacklist ${DOCUMENTS}
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/odt2txt.profile b/etc/profile-m-z/odt2txt.profile
index 61b71ec10ce..6163d2e22c8 100644
--- a/etc/profile-m-z/odt2txt.profile
+++ b/etc/profile-m-z/odt2txt.profile
@@ -6,9 +6,9 @@ include odt2txt.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/okular.profile b/etc/profile-m-z/okular.profile
index feeed86cb5a..ab8ccf623d3 100644
--- a/etc/profile-m-z/okular.profile
+++ b/etc/profile-m-z/okular.profile
@@ -6,18 +6,18 @@ include okular.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/okular
-nodeny  ${HOME}/.config/okularpartrc
-nodeny  ${HOME}/.config/okularrc
-nodeny  ${HOME}/.kde/share/apps/okular
-nodeny  ${HOME}/.kde/share/config/okularpartrc
-nodeny  ${HOME}/.kde/share/config/okularrc
-nodeny  ${HOME}/.kde4/share/apps/okular
-nodeny  ${HOME}/.kde4/share/config/okularpartrc
-nodeny  ${HOME}/.kde4/share/config/okularrc
-nodeny  ${HOME}/.local/share/kxmlgui5/okular
-nodeny  ${HOME}/.local/share/okular
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.cache/okular
+noblacklist ${HOME}/.config/okularpartrc
+noblacklist ${HOME}/.config/okularrc
+noblacklist ${HOME}/.kde/share/apps/okular
+noblacklist ${HOME}/.kde/share/config/okularpartrc
+noblacklist ${HOME}/.kde/share/config/okularrc
+noblacklist ${HOME}/.kde4/share/apps/okular
+noblacklist ${HOME}/.kde4/share/config/okularpartrc
+noblacklist ${HOME}/.kde4/share/config/okularrc
+noblacklist ${HOME}/.local/share/kxmlgui5/okular
+noblacklist ${HOME}/.local/share/okular
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -28,15 +28,15 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/config.kcfg/gssettings.kcfg
-allow  /usr/share/config.kcfg/pdfsettings.kcfg
-allow  /usr/share/config.kcfg/okular.kcfg
-allow  /usr/share/config.kcfg/okular_core.kcfg
-allow  /usr/share/ghostscript
-allow  /usr/share/kconf_update/okular.upd
-allow  /usr/share/kxmlgui5/okular
-allow  /usr/share/okular
-allow  /usr/share/poppler
+whitelist /usr/share/config.kcfg/gssettings.kcfg
+whitelist /usr/share/config.kcfg/pdfsettings.kcfg
+whitelist /usr/share/config.kcfg/okular.kcfg
+whitelist /usr/share/config.kcfg/okular_core.kcfg
+whitelist /usr/share/ghostscript
+whitelist /usr/share/kconf_update/okular.upd
+whitelist /usr/share/kxmlgui5/okular
+whitelist /usr/share/okular
+whitelist /usr/share/poppler
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/onboard.profile b/etc/profile-m-z/onboard.profile
index 748d1799574..5b367b639bd 100644
--- a/etc/profile-m-z/onboard.profile
+++ b/etc/profile-m-z/onboard.profile
@@ -6,7 +6,7 @@ include onboard.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/onboard
+noblacklist ${HOME}/.config/onboard
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,8 +22,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/onboard
-allow  ${HOME}/.config/onboard
-allow  /usr/share/onboard
+whitelist ${HOME}/.config/onboard
+whitelist /usr/share/onboard
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/onionshare-gui.profile b/etc/profile-m-z/onionshare-gui.profile
index 188818a7f13..960df903484 100644
--- a/etc/profile-m-z/onionshare-gui.profile
+++ b/etc/profile-m-z/onionshare-gui.profile
@@ -5,7 +5,7 @@ include onionshare-gui.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/onionshare
+noblacklist ${HOME}/.config/onionshare
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
diff --git a/etc/profile-m-z/open-invaders.profile b/etc/profile-m-z/open-invaders.profile
index 6e2b31def01..7a840d4a923 100644
--- a/etc/profile-m-z/open-invaders.profile
+++ b/etc/profile-m-z/open-invaders.profile
@@ -6,7 +6,7 @@ include open-invaders.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.openinvaders
+noblacklist ${HOME}/.openinvaders
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.openinvaders
-allow  ${HOME}/.openinvaders
+whitelist ${HOME}/.openinvaders
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/openarena.profile b/etc/profile-m-z/openarena.profile
index dfc78e5a986..36ce0316f7f 100644
--- a/etc/profile-m-z/openarena.profile
+++ b/etc/profile-m-z/openarena.profile
@@ -6,7 +6,7 @@ include openarena.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.openarena
+noblacklist ${HOME}/.openarena
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.openarena
-allow  ${HOME}/.openarena
-allow  /usr/share/openarena
+whitelist ${HOME}/.openarena
+whitelist /usr/share/openarena
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/openbox.profile b/etc/profile-m-z/openbox.profile
index 5a6b378f028..b49fd9932a8 100644
--- a/etc/profile-m-z/openbox.profile
+++ b/etc/profile-m-z/openbox.profile
@@ -7,7 +7,7 @@ include openbox.local
 include globals.local
 
 # all applications started in openbox will run in this profile
-nodeny  ${HOME}/.config/openbox
+noblacklist ${HOME}/.config/openbox
 include disable-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/opencity.profile b/etc/profile-m-z/opencity.profile
index 268e7cee34c..a3d371e15b9 100644
--- a/etc/profile-m-z/opencity.profile
+++ b/etc/profile-m-z/opencity.profile
@@ -6,7 +6,7 @@ include opencity.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.opencity
+noblacklist ${HOME}/.opencity
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.opencity
-allow  ${HOME}/.opencity
+whitelist ${HOME}/.opencity
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/openclonk.profile b/etc/profile-m-z/openclonk.profile
index 588191cb3ac..32b40df4265 100644
--- a/etc/profile-m-z/openclonk.profile
+++ b/etc/profile-m-z/openclonk.profile
@@ -6,7 +6,7 @@ include openclonk.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.clonk
+noblacklist ${HOME}/.clonk
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.clonk
-allow  ${HOME}/.clonk
+whitelist ${HOME}/.clonk
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/openmw.profile b/etc/profile-m-z/openmw.profile
index 95d507c98c8..d1fe67aed19 100644
--- a/etc/profile-m-z/openmw.profile
+++ b/etc/profile-m-z/openmw.profile
@@ -6,8 +6,8 @@ include openmw.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/openmw
-nodeny  ${HOME}/.local/share/openmw
+noblacklist ${HOME}/.config/openmw
+noblacklist ${HOME}/.local/share/openmw
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,11 +21,11 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/openmw
 mkdir ${HOME}/.local/share/openmw
-allow  ${HOME}/.config/openmw
+whitelist ${HOME}/.config/openmw
 # Copy Morrowind data files into ${HOME}/.local/share/openmw or load them from /mnt.
 # Alternatively you can whitelist custom paths in your openmw.local.
-allow  ${HOME}/.local/share/openmw
-allow  /usr/share/openmw
+whitelist ${HOME}/.local/share/openmw
+whitelist /usr/share/openmw
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/openshot.profile b/etc/profile-m-z/openshot.profile
index ebb536b3ecf..6118630c467 100644
--- a/etc/profile-m-z/openshot.profile
+++ b/etc/profile-m-z/openshot.profile
@@ -6,8 +6,8 @@ include openshot.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.openshot
-nodeny  ${HOME}/.openshot_qt
+noblacklist ${HOME}/.openshot
+noblacklist ${HOME}/.openshot_qt
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
@@ -19,8 +19,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-allow  /usr/share/blender
-allow  /usr/share/inkscape
+whitelist /usr/share/blender
+whitelist /usr/share/inkscape
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/openttd.profile b/etc/profile-m-z/openttd.profile
index 79c1f8ffa45..546958bb781 100644
--- a/etc/profile-m-z/openttd.profile
+++ b/etc/profile-m-z/openttd.profile
@@ -6,7 +6,7 @@ include openttd.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.openttd
+noblacklist ${HOME}/.openttd
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.openttd
-allow  ${HOME}/.openttd
+whitelist ${HOME}/.openttd
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/opera-beta.profile b/etc/profile-m-z/opera-beta.profile
index 548afc0b4e0..551f1aba4fa 100644
--- a/etc/profile-m-z/opera-beta.profile
+++ b/etc/profile-m-z/opera-beta.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-nodeny  ${HOME}/.cache/opera
-nodeny  ${HOME}/.config/opera-beta
+noblacklist ${HOME}/.cache/opera
+noblacklist ${HOME}/.config/opera-beta
 
 mkdir ${HOME}/.cache/opera
 mkdir ${HOME}/.config/opera-beta
-allow  ${HOME}/.cache/opera
-allow  ${HOME}/.config/opera-beta
+whitelist ${HOME}/.cache/opera
+whitelist ${HOME}/.config/opera-beta
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-m-z/opera.profile b/etc/profile-m-z/opera.profile
index 5a3fe064e31..2c7c5fc35bf 100644
--- a/etc/profile-m-z/opera.profile
+++ b/etc/profile-m-z/opera.profile
@@ -11,16 +11,16 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-nodeny  ${HOME}/.cache/opera
-nodeny  ${HOME}/.config/opera
-nodeny  ${HOME}/.opera
+noblacklist ${HOME}/.cache/opera
+noblacklist ${HOME}/.config/opera
+noblacklist ${HOME}/.opera
 
 mkdir ${HOME}/.cache/opera
 mkdir ${HOME}/.config/opera
 mkdir ${HOME}/.opera
-allow  ${HOME}/.cache/opera
-allow  ${HOME}/.config/opera
-allow  ${HOME}/.opera
+whitelist ${HOME}/.cache/opera
+whitelist ${HOME}/.config/opera
+whitelist ${HOME}/.opera
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-m-z/orage.profile b/etc/profile-m-z/orage.profile
index a49cbdb91e2..4e4d8bea5bf 100644
--- a/etc/profile-m-z/orage.profile
+++ b/etc/profile-m-z/orage.profile
@@ -6,8 +6,8 @@ include orage.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/orage
-nodeny  ${HOME}/.local/share/orage
+noblacklist ${HOME}/.config/orage
+noblacklist ${HOME}/.local/share/orage
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/ostrichriders.profile b/etc/profile-m-z/ostrichriders.profile
index ed881816e43..310b9091996 100644
--- a/etc/profile-m-z/ostrichriders.profile
+++ b/etc/profile-m-z/ostrichriders.profile
@@ -6,7 +6,7 @@ include ostrichriders.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.ostrichriders
+noblacklist ${HOME}/.ostrichriders
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.ostrichriders
-allow  ${HOME}/.ostrichriders
-allow  /usr/share/ostrichriders
+whitelist ${HOME}/.ostrichriders
+whitelist /usr/share/ostrichriders
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/otter-browser.profile b/etc/profile-m-z/otter-browser.profile
index bc9e730a1aa..20a4e25ede9 100644
--- a/etc/profile-m-z/otter-browser.profile
+++ b/etc/profile-m-z/otter-browser.profile
@@ -8,10 +8,10 @@ include globals.local
 
 ?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
 
-nodeny  ${HOME}/.cache/Otter
-nodeny  ${HOME}/.config/otter
-nodeny  ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.cache/Otter
+noblacklist ${HOME}/.config/otter
+noblacklist ${HOME}/.pki
+noblacklist ${HOME}/.local/share/pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -25,12 +25,12 @@ mkdir ${HOME}/.cache/Otter
 mkdir ${HOME}/.config/otter
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
-allow  ${HOME}/.cache/Otter
-allow  ${HOME}/.config/otter
-allow  ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
-allow  /usr/share/otter-browser
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/Otter
+whitelist ${HOME}/.config/otter
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.local/share/pki
+whitelist /usr/share/otter-browser
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/palemoon.profile b/etc/profile-m-z/palemoon.profile
index 503c141d898..acb2ce1765c 100644
--- a/etc/profile-m-z/palemoon.profile
+++ b/etc/profile-m-z/palemoon.profile
@@ -5,13 +5,13 @@ include palemoon.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/moonchild productions/pale moon
-nodeny  ${HOME}/.moonchild productions/pale moon
+noblacklist ${HOME}/.cache/moonchild productions/pale moon
+noblacklist ${HOME}/.moonchild productions/pale moon
 
 mkdir ${HOME}/.cache/moonchild productions/pale moon
 mkdir ${HOME}/.moonchild productions
-allow  ${HOME}/.cache/moonchild productions/pale moon
-allow  ${HOME}/.moonchild productions
+whitelist ${HOME}/.cache/moonchild productions/pale moon
+whitelist ${HOME}/.moonchild productions
 
 # Palemoon can use the full firejail seccomp filter (unlike firefox >= 60)
 seccomp
diff --git a/etc/profile-m-z/pandoc.profile b/etc/profile-m-z/pandoc.profile
index a59f532982b..513b4119ebd 100644
--- a/etc/profile-m-z/pandoc.profile
+++ b/etc/profile-m-z/pandoc.profile
@@ -7,9 +7,9 @@ include pandoc.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/parole.profile b/etc/profile-m-z/parole.profile
index a277d1cbcb5..0a4422a7376 100644
--- a/etc/profile-m-z/parole.profile
+++ b/etc/profile-m-z/parole.profile
@@ -6,8 +6,8 @@ include parole.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/patch.profile b/etc/profile-m-z/patch.profile
index 156c3956da3..0de9681858e 100644
--- a/etc/profile-m-z/patch.profile
+++ b/etc/profile-m-z/patch.profile
@@ -7,9 +7,9 @@ include patch.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/pavucontrol-qt.profile b/etc/profile-m-z/pavucontrol-qt.profile
index dcd69cdd02d..f96ba14d2cb 100644
--- a/etc/profile-m-z/pavucontrol-qt.profile
+++ b/etc/profile-m-z/pavucontrol-qt.profile
@@ -7,10 +7,10 @@ include pavucontrol-qt.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.config/pavucontrol-qt
+noblacklist ${HOME}/.config/pavucontrol-qt
 
 mkdir ${HOME}/.config/pavucontrol-qt
-allow  ${HOME}/.config/pavucontrol-qt
+whitelist ${HOME}/.config/pavucontrol-qt
 
 private-bin pavucontrol-qt
 ignore private-lib
diff --git a/etc/profile-m-z/pavucontrol.profile b/etc/profile-m-z/pavucontrol.profile
index f44730c3335..b46fb302668 100644
--- a/etc/profile-m-z/pavucontrol.profile
+++ b/etc/profile-m-z/pavucontrol.profile
@@ -6,7 +6,7 @@ include pavucontrol.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/pavucontrol.ini
+noblacklist ${HOME}/.config/pavucontrol.ini
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 # whitelisting in ${HOME} is broken, see #3112
 #mkfile ${HOME}/.config/pavucontrol.ini
 #whitelist ${HOME}/.config/pavucontrol.ini
-allow  /usr/share/pavucontrol
-allow  /usr/share/pavucontrol-qt
+whitelist /usr/share/pavucontrol
+whitelist /usr/share/pavucontrol-qt
 #include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/pcsxr.profile b/etc/profile-m-z/pcsxr.profile
index 3f920ced8a6..a6dab2a9ae2 100644
--- a/etc/profile-m-z/pcsxr.profile
+++ b/etc/profile-m-z/pcsxr.profile
@@ -8,7 +8,7 @@ include globals.local
 
 # Note: you must whitelist your games folder in your pcsxr.local
 
-nodeny  ${HOME}/.pcsxr
+noblacklist ${HOME}/.pcsxr
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,7 +21,7 @@ include disable-write-mnt.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.pcsxr
-allow  ${HOME}/.pcsxr
+whitelist ${HOME}/.pcsxr
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/pdfchain.profile b/etc/profile-m-z/pdfchain.profile
index 13a0110723c..d72417914e5 100644
--- a/etc/profile-m-z/pdfchain.profile
+++ b/etc/profile-m-z/pdfchain.profile
@@ -5,7 +5,7 @@ include pdfchain.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/pdfmod.profile b/etc/profile-m-z/pdfmod.profile
index e49ce8073c1..a19826555d3 100644
--- a/etc/profile-m-z/pdfmod.profile
+++ b/etc/profile-m-z/pdfmod.profile
@@ -6,9 +6,9 @@ include pdfmod.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/pdfmod
-nodeny  ${HOME}/.config/pdfmod
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.cache/pdfmod
+noblacklist ${HOME}/.config/pdfmod
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/pdfsam.profile b/etc/profile-m-z/pdfsam.profile
index 67c14bbc3c2..e2808d4d221 100644
--- a/etc/profile-m-z/pdfsam.profile
+++ b/etc/profile-m-z/pdfsam.profile
@@ -6,7 +6,7 @@ include pdfsam.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-m-z/pdftotext.profile b/etc/profile-m-z/pdftotext.profile
index 1c7ebfad54d..d3902a51cac 100644
--- a/etc/profile-m-z/pdftotext.profile
+++ b/etc/profile-m-z/pdftotext.profile
@@ -6,9 +6,9 @@ include pdftotext.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  ${DOCUMENTS}
-allow  ${DOWNLOADS}
-allow  /usr/share/poppler
+whitelist ${DOCUMENTS}
+whitelist ${DOWNLOADS}
+whitelist /usr/share/poppler
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/peek.profile b/etc/profile-m-z/peek.profile
index e809625ad6a..c3395368792 100644
--- a/etc/profile-m-z/peek.profile
+++ b/etc/profile-m-z/peek.profile
@@ -5,9 +5,9 @@ include peek.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/peek
-nodeny  ${PICTURES}
-nodeny  ${VIDEOS}
+noblacklist ${HOME}/.cache/peek
+noblacklist ${PICTURES}
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/penguin-command.profile b/etc/profile-m-z/penguin-command.profile
index 5ebd7b46237..f5ad0321d9d 100644
--- a/etc/profile-m-z/penguin-command.profile
+++ b/etc/profile-m-z/penguin-command.profile
@@ -6,7 +6,7 @@ include penguin-command.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.penguin-command
+noblacklist ${HOME}/.penguin-command
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
 
-allow  ${HOME}/.penguin-command
+whitelist ${HOME}/.penguin-command
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/photoflare.profile b/etc/profile-m-z/photoflare.profile
index 8dd506850ba..40068ff78ab 100644
--- a/etc/profile-m-z/photoflare.profile
+++ b/etc/profile-m-z/photoflare.profile
@@ -6,7 +6,7 @@ include photoflare.local
 # Persistent global definitions
 include photoflare.local
 
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/picard.profile b/etc/profile-m-z/picard.profile
index ac178ee6cee..a5ea470880b 100644
--- a/etc/profile-m-z/picard.profile
+++ b/etc/profile-m-z/picard.profile
@@ -6,9 +6,9 @@ include picard.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/MusicBrainz
-nodeny  ${HOME}/.config/MusicBrainz
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.cache/MusicBrainz
+noblacklist ${HOME}/.config/MusicBrainz
+noblacklist ${MUSIC}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/pidgin.profile b/etc/profile-m-z/pidgin.profile
index a65abeb2ede..26872e9a121 100644
--- a/etc/profile-m-z/pidgin.profile
+++ b/etc/profile-m-z/pidgin.profile
@@ -9,7 +9,7 @@ include globals.local
 ignore noexec ${RUNUSER}
 ignore noexec /dev/shm
 
-nodeny  ${HOME}/.purple
+noblacklist ${HOME}/.purple
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.purple
-allow  ${HOME}/.purple
-allow  ${DOWNLOADS}
-allow  ${PICTURES}
+whitelist ${HOME}/.purple
+whitelist ${DOWNLOADS}
+whitelist ${PICTURES}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/pinball.profile b/etc/profile-m-z/pinball.profile
index 41e4fb6c09e..2e17be2ce30 100644
--- a/etc/profile-m-z/pinball.profile
+++ b/etc/profile-m-z/pinball.profile
@@ -6,7 +6,7 @@ include pinball.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/emilia
+noblacklist ${HOME}/.config/emilia
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,11 +18,11 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/emilia
-allow  ${HOME}/.config/emilia
+whitelist ${HOME}/.config/emilia
 
-allow  /usr/share/pinball
+whitelist /usr/share/pinball
 # on debian games are stored under /usr/share/games
-allow  /usr/share/games/pinball
+whitelist /usr/share/games/pinball
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/ping.profile b/etc/profile-m-z/ping.profile
index 65e77abfadc..e914007c092 100644
--- a/etc/profile-m-z/ping.profile
+++ b/etc/profile-m-z/ping.profile
@@ -7,8 +7,8 @@ include ping.local
 # Persistent global definitions
 include globals.local
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/pingus.profile b/etc/profile-m-z/pingus.profile
index aa2cfe203b1..f1fdfcbad52 100644
--- a/etc/profile-m-z/pingus.profile
+++ b/etc/profile-m-z/pingus.profile
@@ -6,12 +6,12 @@ include pingus.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.pingus
+noblacklist ${HOME}/.pingus
 
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,8 +23,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.pingus
-allow  ${HOME}/.pingus
-allow  /usr/share/pingus
+whitelist ${HOME}/.pingus
+whitelist /usr/share/pingus
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/pinta.profile b/etc/profile-m-z/pinta.profile
index d0d4f1fce13..19406c3991c 100644
--- a/etc/profile-m-z/pinta.profile
+++ b/etc/profile-m-z/pinta.profile
@@ -6,9 +6,9 @@ include pinta.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Pinta
-nodeny  ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.config/Pinta
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/pioneer.profile b/etc/profile-m-z/pioneer.profile
index 6cfea28b602..721b3944a07 100644
--- a/etc/profile-m-z/pioneer.profile
+++ b/etc/profile-m-z/pioneer.profile
@@ -6,7 +6,7 @@ include pioneer.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.pioneer
+noblacklist ${HOME}/.pioneer
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.pioneer
-allow  ${HOME}/.pioneer
+whitelist ${HOME}/.pioneer
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/pipe-viewer.profile b/etc/profile-m-z/pipe-viewer.profile
index acd7eeaf2d6..3de064311fb 100644
--- a/etc/profile-m-z/pipe-viewer.profile
+++ b/etc/profile-m-z/pipe-viewer.profile
@@ -7,13 +7,13 @@ include pipe-viewer.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/pipe-viewer
-nodeny  ${HOME}/.config/pipe-viewer
+noblacklist ${HOME}/.cache/pipe-viewer
+noblacklist ${HOME}/.config/pipe-viewer
 
 mkdir ${HOME}/.config/pipe-viewer
 mkdir ${HOME}/.cache/pipe-viewer
-allow  ${HOME}/.cache/pipe-viewer
-allow  ${HOME}/.config/pipe-viewer
+whitelist ${HOME}/.cache/pipe-viewer
+whitelist ${HOME}/.config/pipe-viewer
 
 private-bin gtk-pipe-viewer,pipe-viewer
 
diff --git a/etc/profile-m-z/pitivi.profile b/etc/profile-m-z/pitivi.profile
index abce4c9111a..a2dd809c490 100644
--- a/etc/profile-m-z/pitivi.profile
+++ b/etc/profile-m-z/pitivi.profile
@@ -6,7 +6,7 @@ include pitivi.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/pitivi
+noblacklist ${HOME}/.config/pitivi
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/pix.profile b/etc/profile-m-z/pix.profile
index 63451d352f0..81d3e9370b8 100644
--- a/etc/profile-m-z/pix.profile
+++ b/etc/profile-m-z/pix.profile
@@ -5,10 +5,10 @@ include pix.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/pix
-nodeny  ${HOME}/.local/share/pix
-nodeny  ${HOME}/.Steam
-nodeny  ${HOME}/.steam
+noblacklist ${HOME}/.config/pix
+noblacklist ${HOME}/.local/share/pix
+noblacklist ${HOME}/.Steam
+noblacklist ${HOME}/.steam
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/pkglog.profile b/etc/profile-m-z/pkglog.profile
index 13d7db7f7cb..4eb41b3bd53 100644
--- a/etc/profile-m-z/pkglog.profile
+++ b/etc/profile-m-z/pkglog.profile
@@ -17,9 +17,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  /var/log/apt/history.log
-allow  /var/log/dnf.rpm.log
-allow  /var/log/pacman.log
+whitelist /var/log/apt/history.log
+whitelist /var/log/dnf.rpm.log
+whitelist /var/log/pacman.log
 
 apparmor
 caps.drop all
diff --git a/etc/profile-m-z/playonlinux.profile b/etc/profile-m-z/playonlinux.profile
index 9c23841e2e4..8e98905b542 100644
--- a/etc/profile-m-z/playonlinux.profile
+++ b/etc/profile-m-z/playonlinux.profile
@@ -7,10 +7,10 @@ include playonlinux.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.PlayOnLinux
+noblacklist ${HOME}/.PlayOnLinux
 
 # nc is needed to run playonlinux
-nodeny  ${PATH}/nc
+noblacklist ${PATH}/nc
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
diff --git a/etc/profile-m-z/pluma.profile b/etc/profile-m-z/pluma.profile
index ab7e0c64bd5..10e12e5b14b 100644
--- a/etc/profile-m-z/pluma.profile
+++ b/etc/profile-m-z/pluma.profile
@@ -6,8 +6,8 @@ include pluma.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/enchant
-nodeny  ${HOME}/.config/pluma
+noblacklist ${HOME}/.config/enchant
+noblacklist ${HOME}/.config/pluma
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-m-z/plv.profile b/etc/profile-m-z/plv.profile
index 02cb83ef60c..5201fd8530e 100644
--- a/etc/profile-m-z/plv.profile
+++ b/etc/profile-m-z/plv.profile
@@ -6,7 +6,7 @@ include plv.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/PacmanLogViewer
+noblacklist ${HOME}/.config/PacmanLogViewer
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/PacmanLogViewer
-allow  ${HOME}/.config/PacmanLogViewer
-allow  /var/log/pacman.log
+whitelist ${HOME}/.config/PacmanLogViewer
+whitelist /var/log/pacman.log
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/pngquant.profile b/etc/profile-m-z/pngquant.profile
index 2c4dda43ed7..8a181d5a845 100644
--- a/etc/profile-m-z/pngquant.profile
+++ b/etc/profile-m-z/pngquant.profile
@@ -7,9 +7,9 @@ include pngquant.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/polari.profile b/etc/profile-m-z/polari.profile
index 115ac36ab6b..a3d4f985140 100644
--- a/etc/profile-m-z/polari.profile
+++ b/etc/profile-m-z/polari.profile
@@ -21,12 +21,12 @@ mkdir ${HOME}/.local/share/Empathy
 mkdir ${HOME}/.local/share/TpLogger
 mkdir ${HOME}/.local/share/telepathy
 mkdir ${HOME}/.purple
-allow  ${HOME}/.cache/telepathy
-allow  ${HOME}/.config/telepathy-account-widgets
-allow  ${HOME}/.local/share/Empathy
-allow  ${HOME}/.local/share/TpLogger
-allow  ${HOME}/.local/share/telepathy
-allow  ${HOME}/.purple
+whitelist ${HOME}/.cache/telepathy
+whitelist ${HOME}/.config/telepathy-account-widgets
+whitelist ${HOME}/.local/share/Empathy
+whitelist ${HOME}/.local/share/TpLogger
+whitelist ${HOME}/.local/share/telepathy
+whitelist ${HOME}/.purple
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 
diff --git a/etc/profile-m-z/ppsspp.profile b/etc/profile-m-z/ppsspp.profile
index 10c59ea3249..1f73c1d8984 100644
--- a/etc/profile-m-z/ppsspp.profile
+++ b/etc/profile-m-z/ppsspp.profile
@@ -8,7 +8,7 @@ include globals.local
 
 # Note: you must whitelist your games folder in your ppsspp.local.
 
-nodeny  ${HOME}/.config/ppsspp
+noblacklist ${HOME}/.config/ppsspp
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,8 +20,8 @@ include disable-write-mnt.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/ppsspp
-allow  ${HOME}/.config/ppsspp
-allow  /usr/share/ppsspp
+whitelist ${HOME}/.config/ppsspp
+whitelist /usr/share/ppsspp
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/pragha.profile b/etc/profile-m-z/pragha.profile
index 9b03bf63256..f138d785e33 100644
--- a/etc/profile-m-z/pragha.profile
+++ b/etc/profile-m-z/pragha.profile
@@ -6,8 +6,8 @@ include pragha.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/pragha
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.config/pragha
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/profanity.profile b/etc/profile-m-z/profanity.profile
index 137b4cb2079..743458725f0 100644
--- a/etc/profile-m-z/profanity.profile
+++ b/etc/profile-m-z/profanity.profile
@@ -7,8 +7,8 @@ include profanity.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/profanity
-nodeny  ${HOME}/.local/share/profanity
+noblacklist ${HOME}/.config/profanity
+noblacklist ${HOME}/.local/share/profanity
 
 # Allow Python
 include allow-python2.inc
diff --git a/etc/profile-m-z/psi-plus.profile b/etc/profile-m-z/psi-plus.profile
index b0e28baf7b7..5ac58b0acef 100644
--- a/etc/profile-m-z/psi-plus.profile
+++ b/etc/profile-m-z/psi-plus.profile
@@ -6,8 +6,8 @@ include psi-plus.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/psi+
-nodeny  ${HOME}/.local/share/psi+
+noblacklist ${HOME}/.config/psi+
+noblacklist ${HOME}/.local/share/psi+
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,10 +19,10 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/psi+
 mkdir ${HOME}/.config/psi+
 mkdir ${HOME}/.local/share/psi+
-allow  ${DOWNLOADS}
-allow  ${HOME}/.cache/psi+
-allow  ${HOME}/.config/psi+
-allow  ${HOME}/.local/share/psi+
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/psi+
+whitelist ${HOME}/.config/psi+
+whitelist ${HOME}/.local/share/psi+
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/psi.profile b/etc/profile-m-z/psi.profile
index 2588c3b75c7..7e0ef99fccd 100644
--- a/etc/profile-m-z/psi.profile
+++ b/etc/profile-m-z/psi.profile
@@ -8,11 +8,11 @@ include globals.local
 
 # Add the next line to your psi.local to enable GPG support.
 #noblacklist ${HOME}/.gnupg
-nodeny  ${HOME}/.cache/psi
-nodeny  ${HOME}/.cache/Psi
-nodeny  ${HOME}/.config/psi
-nodeny  ${HOME}/.local/share/psi
-nodeny  ${HOME}/.local/share/Psi
+noblacklist ${HOME}/.cache/psi
+noblacklist ${HOME}/.cache/Psi
+noblacklist ${HOME}/.config/psi
+noblacklist ${HOME}/.local/share/psi
+noblacklist ${HOME}/.local/share/Psi
 
 include disable-common.inc
 include disable-devel.inc
@@ -32,16 +32,16 @@ mkdir ${HOME}/.local/share/psi
 mkdir ${HOME}/.local/share/Psi
 # Add the next line to your psi.local to enable GPG support.
 #whitelist ${HOME}/.gnupg
-allow  ${HOME}/.cache/psi
-allow  ${HOME}/.cache/Psi
-allow  ${HOME}/.config/psi
-allow  ${HOME}/.local/share/psi
-allow  ${HOME}/.local/share/Psi
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.cache/psi
+whitelist ${HOME}/.cache/Psi
+whitelist ${HOME}/.config/psi
+whitelist ${HOME}/.local/share/psi
+whitelist ${HOME}/.local/share/Psi
+whitelist ${DOWNLOADS}
 # Add the next lines to your psi.local to enable GPG support.
 #whitelist /usr/share/gnupg
 #whitelist /usr/share/gnupg2
-allow  /usr/share/psi
+whitelist /usr/share/psi
 # Add the next lines to your psi.local to enable GPG support.
 #whitelist ${RUNUSER}/gnupg
 #whitelist ${RUNUSER}/keyring
diff --git a/etc/profile-m-z/pybitmessage.profile b/etc/profile-m-z/pybitmessage.profile
index 1f0e83ab62c..60ae3793077 100644
--- a/etc/profile-m-z/pybitmessage.profile
+++ b/etc/profile-m-z/pybitmessage.profile
@@ -5,9 +5,9 @@ include pybitmessage.local
 # Persistent global definitions
 include globals.local
 
-nodeny  /sbin
-nodeny  /usr/local/sbin
-nodeny  /usr/sbin
+noblacklist /sbin
+noblacklist /usr/local/sbin
+noblacklist /usr/sbin
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/pycharm-community.profile b/etc/profile-m-z/pycharm-community.profile
index b6c08290e0a..00d7239ae6e 100644
--- a/etc/profile-m-z/pycharm-community.profile
+++ b/etc/profile-m-z/pycharm-community.profile
@@ -5,7 +5,7 @@ include pycharm-community.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.PyCharmCE*
+noblacklist ${HOME}/.PyCharmCE*
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-m-z/pycharm-professional.profile b/etc/profile-m-z/pycharm-professional.profile
index fa0932cc012..b754a18c944 100644
--- a/etc/profile-m-z/pycharm-professional.profile
+++ b/etc/profile-m-z/pycharm-professional.profile
@@ -6,7 +6,7 @@ include pyucharm-professional.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.PyCharm*
+noblacklist ${HOME}/.PyCharm*
 
 # Redirect
 include pycharm-community.profile
diff --git a/etc/profile-m-z/qbittorrent.profile b/etc/profile-m-z/qbittorrent.profile
index fb8e622b085..506b738ccc6 100644
--- a/etc/profile-m-z/qbittorrent.profile
+++ b/etc/profile-m-z/qbittorrent.profile
@@ -6,10 +6,10 @@ include qbittorrent.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/qBittorrent
-nodeny  ${HOME}/.config/qBittorrent
-nodeny  ${HOME}/.config/qBittorrentrc
-nodeny  ${HOME}/.local/share/data/qBittorrent
+noblacklist ${HOME}/.cache/qBittorrent
+noblacklist ${HOME}/.config/qBittorrent
+noblacklist ${HOME}/.config/qBittorrentrc
+noblacklist ${HOME}/.local/share/data/qBittorrent
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -27,11 +27,11 @@ mkdir ${HOME}/.cache/qBittorrent
 mkdir ${HOME}/.config/qBittorrent
 mkfile ${HOME}/.config/qBittorrentrc
 mkdir ${HOME}/.local/share/data/qBittorrent
-allow  ${DOWNLOADS}
-allow  ${HOME}/.cache/qBittorrent
-allow  ${HOME}/.config/qBittorrent
-allow  ${HOME}/.config/qBittorrentrc
-allow  ${HOME}/.local/share/data/qBittorrent
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/qBittorrent
+whitelist ${HOME}/.config/qBittorrent
+whitelist ${HOME}/.config/qBittorrentrc
+whitelist ${HOME}/.local/share/data/qBittorrent
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/qcomicbook.profile b/etc/profile-m-z/qcomicbook.profile
index 7bcc4b06562..0e52d7fc474 100644
--- a/etc/profile-m-z/qcomicbook.profile
+++ b/etc/profile-m-z/qcomicbook.profile
@@ -6,10 +6,10 @@ include qcomicbook.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/PawelStolowski
-nodeny  ${HOME}/.config/PawelStolowski
-nodeny  ${HOME}/.local/share/PawelStolowski
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.cache/PawelStolowski
+noblacklist ${HOME}/.config/PawelStolowski
+noblacklist ${HOME}/.local/share/PawelStolowski
+noblacklist ${DOCUMENTS}
 
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -27,7 +27,7 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/PawelStolowski
 mkdir ${HOME}/.config/PawelStolowski
 mkdir ${HOME}/.local/share/PawelStolowski
-allow  /usr/share/qcomicbook
+whitelist /usr/share/qcomicbook
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/qemu-launcher.profile b/etc/profile-m-z/qemu-launcher.profile
index d527a2b8264..ac60384fd3b 100644
--- a/etc/profile-m-z/qemu-launcher.profile
+++ b/etc/profile-m-z/qemu-launcher.profile
@@ -5,7 +5,7 @@ include qemu-launcher.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.qemu-launcher
+noblacklist ${HOME}/.qemu-launcher
 
 include disable-common.inc
 include disable-passwdmgr.inc
diff --git a/etc/profile-m-z/qgis.profile b/etc/profile-m-z/qgis.profile
index e99140c22c4..2e97daea25f 100644
--- a/etc/profile-m-z/qgis.profile
+++ b/etc/profile-m-z/qgis.profile
@@ -6,10 +6,10 @@ include qgis.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/QGIS
-nodeny  ${HOME}/.local/share/QGIS
-nodeny  ${HOME}/.qgis2
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.config/QGIS
+noblacklist ${HOME}/.local/share/QGIS
+noblacklist ${HOME}/.qgis2
+noblacklist ${DOCUMENTS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
@@ -25,10 +25,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.local/share/QGIS
 mkdir ${HOME}/.qgis2
 mkdir ${HOME}/.config/QGIS
-allow  ${HOME}/.local/share/QGIS
-allow  ${HOME}/.qgis2
-allow  ${HOME}/.config/QGIS
-allow  ${DOCUMENTS}
+whitelist ${HOME}/.local/share/QGIS
+whitelist ${HOME}/.qgis2
+whitelist ${HOME}/.config/QGIS
+whitelist ${DOCUMENTS}
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/qlipper.profile b/etc/profile-m-z/qlipper.profile
index 75dc58ae408..6e94d58453a 100644
--- a/etc/profile-m-z/qlipper.profile
+++ b/etc/profile-m-z/qlipper.profile
@@ -6,7 +6,7 @@ include qlipper.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Qlipper
+noblacklist ${HOME}/.config/Qlipper
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/qmmp.profile b/etc/profile-m-z/qmmp.profile
index d37fce997ed..c3d982c1756 100644
--- a/etc/profile-m-z/qmmp.profile
+++ b/etc/profile-m-z/qmmp.profile
@@ -6,8 +6,8 @@ include qmmp.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.qmmp
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.qmmp
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/qnapi.profile b/etc/profile-m-z/qnapi.profile
index f1234005294..ca11df5be82 100644
--- a/etc/profile-m-z/qnapi.profile
+++ b/etc/profile-m-z/qnapi.profile
@@ -6,7 +6,7 @@ include qnapi.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/qnapi.ini
+noblacklist ${HOME}/.config/qnapi.ini
 
 ignore noexec /tmp
 
@@ -20,8 +20,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/.config/qnapi.ini
-allow  ${HOME}/.config/qnapi.ini
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.config/qnapi.ini
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/qpdfview.profile b/etc/profile-m-z/qpdfview.profile
index 62fae324cf7..be690ffa41a 100644
--- a/etc/profile-m-z/qpdfview.profile
+++ b/etc/profile-m-z/qpdfview.profile
@@ -6,9 +6,9 @@ include qpdfview.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/qpdfview
-nodeny  ${HOME}/.local/share/qpdfview
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.config/qpdfview
+noblacklist ${HOME}/.local/share/qpdfview
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/qrencode.profile b/etc/profile-m-z/qrencode.profile
index 5f0aec80405..6cbf8519feb 100644
--- a/etc/profile-m-z/qrencode.profile
+++ b/etc/profile-m-z/qrencode.profile
@@ -7,7 +7,7 @@ include qrencode.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/qtox.profile b/etc/profile-m-z/qtox.profile
index 1ad46814ec9..8ffe24d11a7 100644
--- a/etc/profile-m-z/qtox.profile
+++ b/etc/profile-m-z/qtox.profile
@@ -6,8 +6,8 @@ include qtox.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/Tox
-nodeny  ${HOME}/.config/tox
+noblacklist ${HOME}/.cache/Tox
+noblacklist ${HOME}/.config/tox
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/tox
-allow  ${DOWNLOADS}
-allow  ${HOME}/.config/tox
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.config/tox
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/quadrapassel.profile b/etc/profile-m-z/quadrapassel.profile
index aee24925c5e..91e0d9d0d7f 100644
--- a/etc/profile-m-z/quadrapassel.profile
+++ b/etc/profile-m-z/quadrapassel.profile
@@ -6,11 +6,11 @@ include quadrapassel.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/quadrapassel
+noblacklist ${HOME}/.local/share/quadrapassel
 
 mkdir ${HOME}/.local/share/quadrapassel
-allow  ${HOME}/.local/share/quadrapassel
-allow  /usr/share/quadrapassel
+whitelist ${HOME}/.local/share/quadrapassel
+whitelist /usr/share/quadrapassel
 
 private-bin quadrapassel
 
diff --git a/etc/profile-m-z/quaternion.profile b/etc/profile-m-z/quaternion.profile
index a319e1e1230..1d146aa3984 100644
--- a/etc/profile-m-z/quaternion.profile
+++ b/etc/profile-m-z/quaternion.profile
@@ -6,8 +6,8 @@ include quaternion.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/Quotient/quaternion
-nodeny  ${HOME}/.config/Quotient
+noblacklist ${HOME}/.cache/Quotient/quaternion
+noblacklist ${HOME}/.config/Quotient
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,10 +20,10 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/Quotient/quaternion
 mkdir ${HOME}/.config/Quotient
-allow  ${HOME}/.cache/Quotient/quaternion
-allow  ${HOME}/.config/Quotient
-allow  ${DOWNLOADS}
-allow  /usr/share/Quotient/quaternion
+whitelist ${HOME}/.cache/Quotient/quaternion
+whitelist ${HOME}/.config/Quotient
+whitelist ${DOWNLOADS}
+whitelist /usr/share/Quotient/quaternion
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/quiterss.profile b/etc/profile-m-z/quiterss.profile
index 2693f2ed522..9490089b2c9 100644
--- a/etc/profile-m-z/quiterss.profile
+++ b/etc/profile-m-z/quiterss.profile
@@ -6,10 +6,10 @@ include quiterss.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/QuiteRss
-nodeny  ${HOME}/.config/QuiteRss
-nodeny  ${HOME}/.config/QuiteRssrc
-nodeny  ${HOME}/.local/share/QuiteRss
+noblacklist ${HOME}/.cache/QuiteRss
+noblacklist ${HOME}/.config/QuiteRss
+noblacklist ${HOME}/.config/QuiteRssrc
+noblacklist ${HOME}/.local/share/QuiteRss
 
 include disable-common.inc
 include disable-devel.inc
@@ -25,12 +25,12 @@ mkdir ${HOME}/.local/share/data
 mkdir ${HOME}/.local/share/data/QuiteRss
 mkdir ${HOME}/.local/share/QuiteRss
 mkfile ${HOME}/quiterssfeeds.opml
-allow  ${HOME}/.cache/QuiteRss
-allow  ${HOME}/.config/QuiteRss
-allow  ${HOME}/.config/QuiteRssrc
-allow  ${HOME}/.local/share/data/QuiteRss
-allow  ${HOME}/.local/share/QuiteRss
-allow  ${HOME}/quiterssfeeds.opml
+whitelist ${HOME}/.cache/QuiteRss
+whitelist ${HOME}/.config/QuiteRss
+whitelist ${HOME}/.config/QuiteRssrc
+whitelist ${HOME}/.local/share/data/QuiteRss
+whitelist ${HOME}/.local/share/QuiteRss
+whitelist ${HOME}/quiterssfeeds.opml
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/quodlibet.profile b/etc/profile-m-z/quodlibet.profile
index 52c120c080c..92b02b2bfc9 100644
--- a/etc/profile-m-z/quodlibet.profile
+++ b/etc/profile-m-z/quodlibet.profile
@@ -6,10 +6,10 @@ include quodlibet.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/quodlibet
-nodeny  ${HOME}/.config/quodlibet
-nodeny  ${HOME}/.quodlibet
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.cache/quodlibet
+noblacklist ${HOME}/.config/quodlibet
+noblacklist ${HOME}/.quodlibet
+noblacklist ${MUSIC}
 
 include allow-bin-sh.inc
 
@@ -30,11 +30,11 @@ mkdir ${HOME}/.cache/quodlibet
 mkdir ${HOME}/.config/quodlibet
 mkdir ${HOME}/.quodlibet
 
-allow  ${HOME}/.cache/quodlibet
-allow  ${HOME}/.config/quodlibet
-allow  ${HOME}/.quodlibet
-allow  ${DOWNLOADS}
-allow  ${MUSIC}
+whitelist ${HOME}/.cache/quodlibet
+whitelist ${HOME}/.config/quodlibet
+whitelist ${HOME}/.quodlibet
+whitelist ${DOWNLOADS}
+whitelist ${MUSIC}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/qupzilla.profile b/etc/profile-m-z/qupzilla.profile
index 9bc91808bf3..7aa71c8488c 100644
--- a/etc/profile-m-z/qupzilla.profile
+++ b/etc/profile-m-z/qupzilla.profile
@@ -6,8 +6,8 @@ include qupzilla.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.cache/qupzilla
-nodeny  ${HOME}/.config/qupzilla
+noblacklist ${HOME}/.cache/qupzilla
+noblacklist ${HOME}/.config/qupzilla
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.cache/qupzilla
 mkdir ${HOME}/.config/qupzilla
-allow  ${HOME}/.cache/qupzilla
-allow  ${HOME}/.config/qupzilla
+whitelist ${HOME}/.cache/qupzilla
+whitelist ${HOME}/.config/qupzilla
 
 # Redirect
 include falkon.profile
diff --git a/etc/profile-m-z/qutebrowser.profile b/etc/profile-m-z/qutebrowser.profile
index a342e2acd59..fc910b589c3 100644
--- a/etc/profile-m-z/qutebrowser.profile
+++ b/etc/profile-m-z/qutebrowser.profile
@@ -6,9 +6,9 @@ include qutebrowser.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/qutebrowser
-nodeny  ${HOME}/.config/qutebrowser
-nodeny  ${HOME}/.local/share/qutebrowser
+noblacklist ${HOME}/.cache/qutebrowser
+noblacklist ${HOME}/.config/qutebrowser
+noblacklist ${HOME}/.local/share/qutebrowser
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,10 +22,10 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/qutebrowser
 mkdir ${HOME}/.config/qutebrowser
 mkdir ${HOME}/.local/share/qutebrowser
-allow  ${DOWNLOADS}
-allow  ${HOME}/.cache/qutebrowser
-allow  ${HOME}/.config/qutebrowser
-allow  ${HOME}/.local/share/qutebrowser
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/qutebrowser
+whitelist ${HOME}/.config/qutebrowser
+whitelist ${HOME}/.local/share/qutebrowser
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/rambox.profile b/etc/profile-m-z/rambox.profile
index b1059cee8c4..ffa2022eec5 100644
--- a/etc/profile-m-z/rambox.profile
+++ b/etc/profile-m-z/rambox.profile
@@ -6,9 +6,9 @@ include rambox.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Rambox
-nodeny  ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.config/Rambox
+noblacklist ${HOME}/.pki
+noblacklist ${HOME}/.local/share/pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,10 +18,10 @@ include disable-programs.inc
 mkdir ${HOME}/.config/Rambox
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
-allow  ${HOME}/.config/Rambox
-allow  ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.config/Rambox
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.local/share/pki
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/redeclipse.profile b/etc/profile-m-z/redeclipse.profile
index 3b56f651f14..9bc196a161a 100644
--- a/etc/profile-m-z/redeclipse.profile
+++ b/etc/profile-m-z/redeclipse.profile
@@ -6,7 +6,7 @@ include redeclipse.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.redeclipse
+noblacklist ${HOME}/.redeclipse
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.redeclipse
-allow  ${HOME}/.redeclipse
-allow  /usr/share/redeclipse
+whitelist ${HOME}/.redeclipse
+whitelist /usr/share/redeclipse
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/redshift.profile b/etc/profile-m-z/redshift.profile
index 3035e1d74c1..f87c5f67cb7 100644
--- a/etc/profile-m-z/redshift.profile
+++ b/etc/profile-m-z/redshift.profile
@@ -7,8 +7,8 @@ include redshift.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/redshift
-nodeny  ${HOME}/.config/redshift.conf
+noblacklist ${HOME}/.config/redshift
+noblacklist ${HOME}/.config/redshift.conf
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/redshift
-allow  ${HOME}/.config/redshift
-allow  ${HOME}/.config/redshift.conf
+whitelist ${HOME}/.config/redshift
+whitelist ${HOME}/.config/redshift.conf
 include whitelist-var-common.inc
 
 apparmor
diff --git a/etc/profile-m-z/regextester.profile b/etc/profile-m-z/regextester.profile
index 82feafab9d4..f5131c5d099 100644
--- a/etc/profile-m-z/regextester.profile
+++ b/etc/profile-m-z/regextester.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/com.github.artemanufrij.regextester
+whitelist /usr/share/com.github.artemanufrij.regextester
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/remmina.profile b/etc/profile-m-z/remmina.profile
index 3f385f60240..aca22f18706 100644
--- a/etc/profile-m-z/remmina.profile
+++ b/etc/profile-m-z/remmina.profile
@@ -6,9 +6,9 @@ include remmina.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.remmina
-nodeny  ${HOME}/.config/remmina
-nodeny  ${HOME}/.local/share/remmina
+noblacklist ${HOME}/.remmina
+noblacklist ${HOME}/.config/remmina
+noblacklist ${HOME}/.local/share/remmina
 
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
diff --git a/etc/profile-m-z/rhythmbox.profile b/etc/profile-m-z/rhythmbox.profile
index c532d3dc185..970e8ffbaf1 100644
--- a/etc/profile-m-z/rhythmbox.profile
+++ b/etc/profile-m-z/rhythmbox.profile
@@ -6,9 +6,9 @@ include rhythmbox.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${MUSIC}
-nodeny  ${HOME}/.cache/rhythmbox
-nodeny  ${HOME}/.local/share/rhythmbox
+noblacklist ${MUSIC}
+noblacklist ${HOME}/.cache/rhythmbox
+noblacklist ${HOME}/.local/share/rhythmbox
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -26,10 +26,10 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/rhythmbox
-allow  /usr/share/lua
-allow  /usr/share/libquvi-scripts
-allow  /usr/share/tracker
+whitelist /usr/share/rhythmbox
+whitelist /usr/share/lua
+whitelist /usr/share/libquvi-scripts
+whitelist /usr/share/tracker
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/ricochet.profile b/etc/profile-m-z/ricochet.profile
index c3ee57ef320..b664a2be375 100644
--- a/etc/profile-m-z/ricochet.profile
+++ b/etc/profile-m-z/ricochet.profile
@@ -5,7 +5,7 @@ include ricochet.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/Ricochet
+noblacklist ${HOME}/.local/share/Ricochet
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,8 +16,8 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.local/share/Ricochet
-allow  ${DOWNLOADS}
-allow  ${HOME}/.local/share/Ricochet
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.local/share/Ricochet
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/riot-web.profile b/etc/profile-m-z/riot-web.profile
index 782396a5054..687c943b09d 100644
--- a/etc/profile-m-z/riot-web.profile
+++ b/etc/profile-m-z/riot-web.profile
@@ -8,11 +8,11 @@ include globals.local
 
 ignore noexec /tmp
 
-nodeny  ${HOME}/.config/Riot
+noblacklist ${HOME}/.config/Riot
 
 mkdir ${HOME}/.config/Riot
-allow  ${HOME}/.config/Riot
-allow  /usr/share/webapps/element
+whitelist ${HOME}/.config/Riot
+whitelist /usr/share/webapps/element
 
 # Redirect
 include electron.profile
diff --git a/etc/profile-m-z/ripperx.profile b/etc/profile-m-z/ripperx.profile
index c97ac80905f..be815e7144c 100644
--- a/etc/profile-m-z/ripperx.profile
+++ b/etc/profile-m-z/ripperx.profile
@@ -6,8 +6,8 @@ include ripperx.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.ripperXrc
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.ripperXrc
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/ristretto.profile b/etc/profile-m-z/ristretto.profile
index 109d2f8f13a..5572cab5a74 100644
--- a/etc/profile-m-z/ristretto.profile
+++ b/etc/profile-m-z/ristretto.profile
@@ -6,9 +6,9 @@ include ristretto.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/ristretto
-nodeny  ${HOME}/.Steam
-nodeny  ${HOME}/.steam
+noblacklist ${HOME}/.config/ristretto
+noblacklist ${HOME}/.Steam
+noblacklist ${HOME}/.steam
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/rocketchat.profile b/etc/profile-m-z/rocketchat.profile
index 1a76c4211ed..8d3607c75bd 100644
--- a/etc/profile-m-z/rocketchat.profile
+++ b/etc/profile-m-z/rocketchat.profile
@@ -21,10 +21,10 @@ ignore private-cache
 ignore private-dev
 ignore private-tmp
 
-nodeny  ${HOME}/.config/Rocket.Chat
+noblacklist ${HOME}/.config/Rocket.Chat
 
 mkdir ${HOME}/.config/Rocket.Chat
-allow  ${HOME}/.config/Rocket.Chat
+whitelist ${HOME}/.config/Rocket.Chat
 
 # Redirect
 include electron.profile
diff --git a/etc/profile-m-z/rsync-download_only.profile b/etc/profile-m-z/rsync-download_only.profile
index 4807b7d36fe..690b44bb18a 100644
--- a/etc/profile-m-z/rsync-download_only.profile
+++ b/etc/profile-m-z/rsync-download_only.profile
@@ -11,8 +11,8 @@ include globals.local
 # not as a daemon (rsync --daemon) nor to create backups.
 # Usage: firejail --profile=rsync-download_only rsync
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/rtv-addons.profile b/etc/profile-m-z/rtv-addons.profile
index 6b7d6b15599..cc6db504326 100644
--- a/etc/profile-m-z/rtv-addons.profile
+++ b/etc/profile-m-z/rtv-addons.profile
@@ -11,16 +11,16 @@ ignore nosound
 ignore private-bin
 ignore dbus-user none
 
-nodeny  ${HOME}/.config/mpv
-nodeny  ${HOME}/.mailcap
-nodeny  ${HOME}/.netrc
-nodeny  ${HOME}/.w3m
+noblacklist ${HOME}/.config/mpv
+noblacklist ${HOME}/.mailcap
+noblacklist ${HOME}/.netrc
+noblacklist ${HOME}/.w3m
 
-allow  ${HOME}/.cache/youtube-dl/youtube-sigfuncs
-allow  ${HOME}/.config/mpv
-allow  ${HOME}/.mailcap
-allow  ${HOME}/.netrc
-allow  ${HOME}/.w3m
+whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs
+whitelist ${HOME}/.config/mpv
+whitelist ${HOME}/.mailcap
+whitelist ${HOME}/.netrc
+whitelist ${HOME}/.w3m
 
 #private-bin w3m,mpv,youtube-dl
 
diff --git a/etc/profile-m-z/rtv.profile b/etc/profile-m-z/rtv.profile
index 074050792b9..2f1fe015599 100644
--- a/etc/profile-m-z/rtv.profile
+++ b/etc/profile-m-z/rtv.profile
@@ -6,11 +6,11 @@ include rtv.local
 # Persistent global definitions
 include globals.local
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  ${HOME}/.config/rtv
-nodeny  ${HOME}/.local/share/rtv
+noblacklist ${HOME}/.config/rtv
+noblacklist ${HOME}/.local/share/rtv
 
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -33,8 +33,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/rtv
 mkdir ${HOME}/.local/share/rtv
-allow  ${HOME}/.config/rtv
-allow  ${HOME}/.local/share/rtv
+whitelist ${HOME}/.config/rtv
+whitelist ${HOME}/.local/share/rtv
 include whitelist-var-common.inc
 
 apparmor
diff --git a/etc/profile-m-z/sayonara.profile b/etc/profile-m-z/sayonara.profile
index 963f5da02bc..de79913cc09 100644
--- a/etc/profile-m-z/sayonara.profile
+++ b/etc/profile-m-z/sayonara.profile
@@ -5,8 +5,8 @@ include sayonara.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.Sayonara
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.Sayonara
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/scallion.profile b/etc/profile-m-z/scallion.profile
index 26550b5e0c5..eb8468c3baf 100644
--- a/etc/profile-m-z/scallion.profile
+++ b/etc/profile-m-z/scallion.profile
@@ -6,10 +6,10 @@ include scallion.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${PATH}/llvm*
-nodeny  ${PATH}/openssl
-nodeny  ${PATH}/openssl-1.0
-nodeny  ${DOCUMENTS}
+noblacklist ${PATH}/llvm*
+noblacklist ${PATH}/openssl
+noblacklist ${PATH}/openssl-1.0
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-exec.inc
diff --git a/etc/profile-m-z/scorched3d.profile b/etc/profile-m-z/scorched3d.profile
index 921efb49e0b..b1989e474c2 100644
--- a/etc/profile-m-z/scorched3d.profile
+++ b/etc/profile-m-z/scorched3d.profile
@@ -6,7 +6,7 @@ include scorched3d.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.scorched3d
+noblacklist ${HOME}/.scorched3d
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.scorched3d
-allow  ${HOME}/.scorched3d
-allow  /usr/share/scorched3d
-allow  /usr/share/games/scorched3d
+whitelist ${HOME}/.scorched3d
+whitelist /usr/share/scorched3d
+whitelist /usr/share/games/scorched3d
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/scorchwentbonkers.profile b/etc/profile-m-z/scorchwentbonkers.profile
index 54a6c3a012e..2cb1df6b553 100644
--- a/etc/profile-m-z/scorchwentbonkers.profile
+++ b/etc/profile-m-z/scorchwentbonkers.profile
@@ -6,7 +6,7 @@ include scorchwentbonkers.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.swb.ini
+noblacklist ${HOME}/.swb.ini
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.swb.ini
-allow  ${HOME}/.swb.ini
-allow  /usr/share/scorchwentbonkers
+whitelist ${HOME}/.swb.ini
+whitelist /usr/share/scorchwentbonkers
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/scribus.profile b/etc/profile-m-z/scribus.profile
index 6519f8e8748..1fdeaa14575 100644
--- a/etc/profile-m-z/scribus.profile
+++ b/etc/profile-m-z/scribus.profile
@@ -7,24 +7,24 @@ include scribus.local
 include globals.local
 
 # Support for PDF readers comes with Scribus 1.5 and higher
-nodeny  ${HOME}/.cache/okular
-nodeny  ${HOME}/.config/GIMP
-nodeny  ${HOME}/.config/okularpartrc
-nodeny  ${HOME}/.config/okularrc
-nodeny  ${HOME}/.config/scribus
-nodeny  ${HOME}/.config/scribusrc
-nodeny  ${HOME}/.gimp*
-nodeny  ${HOME}/.kde/share/apps/okular
-nodeny  ${HOME}/.kde/share/config/okularpartrc
-nodeny  ${HOME}/.kde/share/config/okularrc
-nodeny  ${HOME}/.kde4/share/apps/okular
-nodeny  ${HOME}/.kde4/share/config/okularpartrc
-nodeny  ${HOME}/.kde4/share/config/okularrc
-nodeny  ${HOME}/.local/share/okular
-nodeny  ${HOME}/.local/share/scribus
-nodeny  ${HOME}/.scribus
-nodeny  ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.cache/okular
+noblacklist ${HOME}/.config/GIMP
+noblacklist ${HOME}/.config/okularpartrc
+noblacklist ${HOME}/.config/okularrc
+noblacklist ${HOME}/.config/scribus
+noblacklist ${HOME}/.config/scribusrc
+noblacklist ${HOME}/.gimp*
+noblacklist ${HOME}/.kde/share/apps/okular
+noblacklist ${HOME}/.kde/share/config/okularpartrc
+noblacklist ${HOME}/.kde/share/config/okularrc
+noblacklist ${HOME}/.kde4/share/apps/okular
+noblacklist ${HOME}/.kde4/share/config/okularpartrc
+noblacklist ${HOME}/.kde4/share/config/okularrc
+noblacklist ${HOME}/.local/share/okular
+noblacklist ${HOME}/.local/share/scribus
+noblacklist ${HOME}/.scribus
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/seahorse-adventures.profile b/etc/profile-m-z/seahorse-adventures.profile
index 95cedac3fd5..7799ab7edee 100644
--- a/etc/profile-m-z/seahorse-adventures.profile
+++ b/etc/profile-m-z/seahorse-adventures.profile
@@ -22,8 +22,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/seahorse-adventures
-allow  /usr/share/games/seahorse-adventures
+whitelist /usr/share/seahorse-adventures
+whitelist /usr/share/games/seahorse-adventures
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/seahorse.profile b/etc/profile-m-z/seahorse.profile
index 66605173b64..d3d8e453f7c 100644
--- a/etc/profile-m-z/seahorse.profile
+++ b/etc/profile-m-z/seahorse.profile
@@ -6,9 +6,9 @@ include seahorse.local
 # Persistent global definitions
 include globals.local
 
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
 
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
 
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
@@ -27,13 +27,13 @@ include disable-xdg.inc
 #mkdir ${HOME}/.ssh
 #whitelist ${HOME}/.gnupg
 #whitelist ${HOME}/.ssh
-allow  /tmp/ssh-*
-allow  /usr/share/gnupg
-allow  /usr/share/gnupg2
-allow  /usr/share/seahorse
-allow  /usr/share/seahorse-nautilus
-allow  ${RUNUSER}/gnupg
-allow  ${RUNUSER}/keyring
+whitelist /tmp/ssh-*
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
+whitelist /usr/share/seahorse
+whitelist /usr/share/seahorse-nautilus
+whitelist ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/keyring
 #include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/seamonkey.profile b/etc/profile-m-z/seamonkey.profile
index c9867719a63..807effbebe9 100644
--- a/etc/profile-m-z/seamonkey.profile
+++ b/etc/profile-m-z/seamonkey.profile
@@ -6,10 +6,10 @@ include seamonkey.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/mozilla
-nodeny  ${HOME}/.mozilla
-nodeny  ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.mozilla
+noblacklist ${HOME}/.pki
+noblacklist ${HOME}/.local/share/pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,25 +20,25 @@ mkdir ${HOME}/.cache/mozilla
 mkdir ${HOME}/.mozilla
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
-allow  ${HOME}/.cache/gnome-mplayer/plugin
-allow  ${HOME}/.cache/mozilla
-allow  ${HOME}/.config/gnome-mplayer
-allow  ${HOME}/.config/pipelight-silverlight5.1
-allow  ${HOME}/.config/pipelight-widevine
-allow  ${HOME}/.keysnail.js
-allow  ${HOME}/.lastpass
-allow  ${HOME}/.mozilla
-allow  ${HOME}/.pentadactyl
-allow  ${HOME}/.pentadactylrc
-allow  ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
-allow  ${HOME}/.vimperator
-allow  ${HOME}/.vimperatorrc
-allow  ${HOME}/.wine-pipelight
-allow  ${HOME}/.wine-pipelight64
-allow  ${HOME}/.zotero
-allow  ${HOME}/dwhelper
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.cache/mozilla
+whitelist ${HOME}/.config/gnome-mplayer
+whitelist ${HOME}/.config/pipelight-silverlight5.1
+whitelist ${HOME}/.config/pipelight-widevine
+whitelist ${HOME}/.keysnail.js
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.mozilla
+whitelist ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactylrc
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.local/share/pki
+whitelist ${HOME}/.vimperator
+whitelist ${HOME}/.vimperatorrc
+whitelist ${HOME}/.wine-pipelight
+whitelist ${HOME}/.wine-pipelight64
+whitelist ${HOME}/.zotero
+whitelist ${HOME}/dwhelper
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/server.profile b/etc/profile-m-z/server.profile
index 23f46463791..7d56684dbbc 100644
--- a/etc/profile-m-z/server.profile
+++ b/etc/profile-m-z/server.profile
@@ -32,12 +32,12 @@ include globals.local
 # it allows /sbin and /usr/sbin directories - this is where servers are installed
 # depending on your usage, you can enable some of the commands below:
 
-nodeny  /sbin
-nodeny  /usr/sbin
+noblacklist /sbin
+noblacklist /usr/sbin
 # noblacklist /var/opt
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 # include disable-devel.inc
diff --git a/etc/profile-m-z/shellcheck.profile b/etc/profile-m-z/shellcheck.profile
index 0cb9de45a9f..b7f398f454d 100644
--- a/etc/profile-m-z/shellcheck.profile
+++ b/etc/profile-m-z/shellcheck.profile
@@ -7,9 +7,9 @@ include shellcheck.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  /usr/share/shellcheck
+whitelist /usr/share/shellcheck
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/shortwave.profile b/etc/profile-m-z/shortwave.profile
index a8e5f6b1854..d629240ecf4 100644
--- a/etc/profile-m-z/shortwave.profile
+++ b/etc/profile-m-z/shortwave.profile
@@ -6,8 +6,8 @@ include shortwave.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/Shortwave
-nodeny  ${HOME}/.local/share/Shortwave
+noblacklist ${HOME}/.cache/Shortwave
+noblacklist ${HOME}/.local/share/Shortwave
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/Shortwave
 mkdir ${HOME}/.local/share/Shortwave
-allow  ${HOME}/.cache/Shortwave
-allow  ${HOME}/.local/share/Shortwave
-allow  /usr/share/shortwave
+whitelist ${HOME}/.cache/Shortwave
+whitelist ${HOME}/.local/share/Shortwave
+whitelist /usr/share/shortwave
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/shotcut.profile b/etc/profile-m-z/shotcut.profile
index 1f3c39c4617..63af4d3675c 100644
--- a/etc/profile-m-z/shotcut.profile
+++ b/etc/profile-m-z/shotcut.profile
@@ -8,7 +8,7 @@ include globals.local
 
 ignore noexec ${HOME}
 
-nodeny  ${HOME}/.config/Meltytech
+noblacklist ${HOME}/.config/Meltytech
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/shotwell.profile b/etc/profile-m-z/shotwell.profile
index b653930c3b0..ddc8a774310 100644
--- a/etc/profile-m-z/shotwell.profile
+++ b/etc/profile-m-z/shotwell.profile
@@ -6,10 +6,10 @@ include shotwell.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/shotwell
-nodeny  ${HOME}/.local/share/shotwell
+noblacklist ${HOME}/.cache/shotwell
+noblacklist ${HOME}/.local/share/shotwell
 
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -21,9 +21,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/shotwell
 mkdir ${HOME}/.local/share/shotwell
-allow  ${HOME}/.cache/shotwell
-allow  ${HOME}/.local/share/shotwell
-allow  ${PICTURES}
+whitelist ${HOME}/.cache/shotwell
+whitelist ${HOME}/.local/share/shotwell
+whitelist ${PICTURES}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/signal-cli.profile b/etc/profile-m-z/signal-cli.profile
index 8a46899f1bf..478377344fb 100644
--- a/etc/profile-m-z/signal-cli.profile
+++ b/etc/profile-m-z/signal-cli.profile
@@ -6,10 +6,10 @@ include signal-cli.local
 # Persistent global definitions
 include globals.local
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  ${HOME}/.local/share/signal-cli
+noblacklist ${HOME}/.local/share/signal-cli
 
 include allow-java.inc
 
@@ -22,7 +22,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/signal-cli
-allow  ${HOME}/.local/share/signal-cli
+whitelist ${HOME}/.local/share/signal-cli
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/signal-desktop.profile b/etc/profile-m-z/signal-desktop.profile
index a120807484a..77a7f5b3882 100644
--- a/etc/profile-m-z/signal-desktop.profile
+++ b/etc/profile-m-z/signal-desktop.profile
@@ -9,15 +9,15 @@ ignore novideo
 
 ignore noexec /tmp
 
-nodeny  ${HOME}/.config/Signal
+noblacklist ${HOME}/.config/Signal
 
 # These lines are needed to allow Firefox to open links
-nodeny  ${HOME}/.mozilla
-allow  ${HOME}/.mozilla/firefox/profiles.ini
+noblacklist ${HOME}/.mozilla
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
 read-only ${HOME}/.mozilla/firefox/profiles.ini
 
 mkdir ${HOME}/.config/Signal
-allow  ${HOME}/.config/Signal
+whitelist ${HOME}/.config/Signal
 
 private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl
 
diff --git a/etc/profile-m-z/simple-scan.profile b/etc/profile-m-z/simple-scan.profile
index 589a44ffc7b..17920677b7a 100644
--- a/etc/profile-m-z/simple-scan.profile
+++ b/etc/profile-m-z/simple-scan.profile
@@ -6,8 +6,8 @@ include simple-scan.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/simple-scan
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.cache/simple-scan
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  /usr/share/hplip
-allow  /usr/share/simple-scan
+whitelist /usr/share/hplip
+whitelist /usr/share/simple-scan
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/simplescreenrecorder.profile b/etc/profile-m-z/simplescreenrecorder.profile
index 83f833508c1..d664f8bf5e8 100644
--- a/etc/profile-m-z/simplescreenrecorder.profile
+++ b/etc/profile-m-z/simplescreenrecorder.profile
@@ -6,8 +6,8 @@ include simplescreenrecorder.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${VIDEOS}
-nodeny  ${HOME}/.ssr
+noblacklist ${VIDEOS}
+noblacklist ${HOME}/.ssr
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  /usr/share/simplescreenrecorder
+whitelist /usr/share/simplescreenrecorder
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/simutrans.profile b/etc/profile-m-z/simutrans.profile
index 1d7f415798c..afaa0f6d8b1 100644
--- a/etc/profile-m-z/simutrans.profile
+++ b/etc/profile-m-z/simutrans.profile
@@ -6,7 +6,7 @@ include simutrans.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.simutrans
+noblacklist ${HOME}/.simutrans
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.simutrans
-allow  ${HOME}/.simutrans
+whitelist ${HOME}/.simutrans
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/skanlite.profile b/etc/profile-m-z/skanlite.profile
index 98ed624f915..093a6139869 100644
--- a/etc/profile-m-z/skanlite.profile
+++ b/etc/profile-m-z/skanlite.profile
@@ -6,7 +6,7 @@ include skanlite.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/skypeforlinux.profile b/etc/profile-m-z/skypeforlinux.profile
index e7f70eebe98..ed04eda8e9e 100644
--- a/etc/profile-m-z/skypeforlinux.profile
+++ b/etc/profile-m-z/skypeforlinux.profile
@@ -21,7 +21,7 @@ ignore dbus-system none
 ignore apparmor
 ignore noexec /tmp
 
-nodeny  ${HOME}/.config/skypeforlinux
+noblacklist ${HOME}/.config/skypeforlinux
 
 # private-dev - needs /dev/disk
 
diff --git a/etc/profile-m-z/slack.profile b/etc/profile-m-z/slack.profile
index b8299add3c3..51f6c8b00bd 100644
--- a/etc/profile-m-z/slack.profile
+++ b/etc/profile-m-z/slack.profile
@@ -16,14 +16,14 @@ ignore private-tmp
 ignore dbus-user none
 ignore dbus-system none
 
-nodeny  ${HOME}/.config/Slack
+noblacklist ${HOME}/.config/Slack
 
 include allow-bin-sh.inc
 
 include disable-shell.inc
 
 mkdir ${HOME}/.config/Slack
-allow  ${HOME}/.config/Slack
+whitelist ${HOME}/.config/Slack
 
 private-bin electron,electron[0-9],electron[0-9][0-9],locale,sh,slack
 private-etc alternatives,asound.conf,ca-certificates,crypto-policies,debian_version,fedora-release,fonts,group,ld.so.cache,ld.so.conf,localtime,machine-id,os-release,passwd,pki,pulse,redhat-release,resolv.conf,ssl,system-release,system-release-cpe
diff --git a/etc/profile-m-z/slashem.profile b/etc/profile-m-z/slashem.profile
index 36a0044dcd4..c5a31c237e2 100644
--- a/etc/profile-m-z/slashem.profile
+++ b/etc/profile-m-z/slashem.profile
@@ -6,7 +6,7 @@ include slashem.local
 # Persistent global definitions
 include globals.local
 
-nodeny  /var/games/slashem
+noblacklist /var/games/slashem
 
 include disable-common.inc
 include disable-devel.inc
@@ -15,7 +15,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-allow  /var/games/slashem
+whitelist /var/games/slashem
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/smplayer.profile b/etc/profile-m-z/smplayer.profile
index 4e4334dc0a0..01547e5c16a 100644
--- a/etc/profile-m-z/smplayer.profile
+++ b/etc/profile-m-z/smplayer.profile
@@ -6,9 +6,9 @@ include smplayer.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/smplayer
-nodeny  ${HOME}/.config/youtube-dl
-nodeny  ${HOME}/.mplayer
+noblacklist ${HOME}/.config/smplayer
+noblacklist ${HOME}/.config/youtube-dl
+noblacklist ${HOME}/.mplayer
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -17,8 +17,8 @@ include allow-lua.inc
 include allow-python2.inc
 include allow-python3.inc
 
-nodeny  ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -29,9 +29,9 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/lua*
-allow  /usr/share/smplayer
-allow  /usr/share/vulkan
+whitelist /usr/share/lua*
+whitelist /usr/share/smplayer
+whitelist /usr/share/vulkan
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/smtube.profile b/etc/profile-m-z/smtube.profile
index 99d02ffdf2a..196950eafeb 100644
--- a/etc/profile-m-z/smtube.profile
+++ b/etc/profile-m-z/smtube.profile
@@ -6,14 +6,14 @@ include smtube.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/smplayer
-nodeny  ${HOME}/.config/smtube
-nodeny  ${HOME}/.config/mpv
-nodeny  ${HOME}/.mplayer
-nodeny  ${HOME}/.config/vlc
-nodeny  ${HOME}/.local/share/vlc
-nodeny  ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${HOME}/.config/smplayer
+noblacklist ${HOME}/.config/smtube
+noblacklist ${HOME}/.config/mpv
+noblacklist ${HOME}/.mplayer
+noblacklist ${HOME}/.config/vlc
+noblacklist ${HOME}/.local/share/vlc
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,8 +23,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  /usr/share/smplayer
-allow  /usr/share/smtube
+whitelist /usr/share/smplayer
+whitelist /usr/share/smtube
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/smuxi-frontend-gnome.profile b/etc/profile-m-z/smuxi-frontend-gnome.profile
index 3a79890cc6b..c3a9bb85899 100644
--- a/etc/profile-m-z/smuxi-frontend-gnome.profile
+++ b/etc/profile-m-z/smuxi-frontend-gnome.profile
@@ -6,9 +6,9 @@ include smuxi-frontend-gnome.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/smuxi
-nodeny  ${HOME}/.config/smuxi
-nodeny  ${HOME}/.local/share/smuxi
+noblacklist ${HOME}/.cache/smuxi
+noblacklist ${HOME}/.config/smuxi
+noblacklist ${HOME}/.local/share/smuxi
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,10 +21,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/smuxi
 mkdir ${HOME}/.config/smuxi
 mkdir ${HOME}/.local/share/smuxi
-allow  ${HOME}/.cache/smuxi
-allow  ${HOME}/.config/smuxi
-allow  ${HOME}/.local/share/smuxi
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.cache/smuxi
+whitelist ${HOME}/.config/smuxi
+whitelist ${HOME}/.local/share/smuxi
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/snox.profile b/etc/profile-m-z/snox.profile
index 1d315404ebf..83493652ca8 100644
--- a/etc/profile-m-z/snox.profile
+++ b/etc/profile-m-z/snox.profile
@@ -10,15 +10,15 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-nodeny  ${HOME}/.cache/snox
-nodeny  ${HOME}/.config/snox
+noblacklist ${HOME}/.cache/snox
+noblacklist ${HOME}/.config/snox
 
 #mkdir ${HOME}/.cache/dnox
 #mkdir ${HOME}/.config/dnox
 mkdir ${HOME}/.cache/snox
 mkdir ${HOME}/.config/snox
-allow  ${HOME}/.cache/snox
-allow  ${HOME}/.config/snox
+whitelist ${HOME}/.cache/snox
+whitelist ${HOME}/.config/snox
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-m-z/softmaker-common.profile b/etc/profile-m-z/softmaker-common.profile
index bd4991e8125..83315231f80 100644
--- a/etc/profile-m-z/softmaker-common.profile
+++ b/etc/profile-m-z/softmaker-common.profile
@@ -10,7 +10,7 @@ include softmaker-common.local
 # with an absolute Exec line. These files are NOT handelt by firecfg,
 # therefore you must manualy copy them in you home and remove '/usr/bin/'.
 
-nodeny  ${HOME}/SoftMaker
+noblacklist ${HOME}/SoftMaker
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-allow  /usr/share/office2018
-allow  /usr/share/freeoffice2018
+whitelist /usr/share/office2018
+whitelist /usr/share/freeoffice2018
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/sound-juicer.profile b/etc/profile-m-z/sound-juicer.profile
index 16ee39e09df..ef00fdffff1 100644
--- a/etc/profile-m-z/sound-juicer.profile
+++ b/etc/profile-m-z/sound-juicer.profile
@@ -6,8 +6,8 @@ include sound-juicer.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/sound-juicer
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.config/sound-juicer
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/soundconverter.profile b/etc/profile-m-z/soundconverter.profile
index 46da7a45306..4dbf3410076 100644
--- a/etc/profile-m-z/soundconverter.profile
+++ b/etc/profile-m-z/soundconverter.profile
@@ -10,7 +10,7 @@ include globals.local
 include allow-python2.inc
 include allow-python3.inc
 
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  ${DOWNLOADS}
-allow  ${MUSIC}
-allow  /usr/share/soundconverter
+whitelist ${DOWNLOADS}
+whitelist ${MUSIC}
+whitelist /usr/share/soundconverter
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/spectacle.profile b/etc/profile-m-z/spectacle.profile
index 08adb5861f4..4468f21e7eb 100644
--- a/etc/profile-m-z/spectacle.profile
+++ b/etc/profile-m-z/spectacle.profile
@@ -12,8 +12,8 @@ include globals.local
 #private-etc ca-certificates,crypto-policies,pki,resolv.conf,ssl
 #protocol unix,inet,inet6
 
-nodeny  ${HOME}/.config/spectaclerc
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.config/spectaclerc
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,10 +24,10 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkfile  ${HOME}/.config/spectaclerc
-allow  ${HOME}/.config/spectaclerc
-allow  ${PICTURES}
-allow  /usr/share/kconf_update/spectacle_newConfig.upd
-allow  /usr/share/kconf_update/spectacle_shortcuts.upd
+whitelist ${HOME}/.config/spectaclerc
+whitelist ${PICTURES}
+whitelist /usr/share/kconf_update/spectacle_newConfig.upd
+whitelist /usr/share/kconf_update/spectacle_shortcuts.upd
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/spectral.profile b/etc/profile-m-z/spectral.profile
index 4c1b2d3e1a2..283674517a3 100644
--- a/etc/profile-m-z/spectral.profile
+++ b/etc/profile-m-z/spectral.profile
@@ -6,8 +6,8 @@ include spectral.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/ENCOM/Spectral
-nodeny  ${HOME}/.config/ENCOM
+noblacklist ${HOME}/.cache/ENCOM/Spectral
+noblacklist ${HOME}/.config/ENCOM
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/ENCOM/Spectral
 mkdir ${HOME}/.config/ENCOM
-allow  ${HOME}/.cache/ENCOM/Spectral
-allow  ${HOME}/.config/ENCOM
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.cache/ENCOM/Spectral
+whitelist ${HOME}/.config/ENCOM
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/spectre-meltdown-checker.profile b/etc/profile-m-z/spectre-meltdown-checker.profile
index 3a3fd838d6b..984461f9030 100644
--- a/etc/profile-m-z/spectre-meltdown-checker.profile
+++ b/etc/profile-m-z/spectre-meltdown-checker.profile
@@ -6,10 +6,10 @@ include spectre-meltdown-checker.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  ${PATH}/mount
-nodeny  ${PATH}/umount
+noblacklist ${PATH}/mount
+noblacklist ${PATH}/umount
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
diff --git a/etc/profile-m-z/spotify.profile b/etc/profile-m-z/spotify.profile
index e1c830268ca..01bc2bc05de 100644
--- a/etc/profile-m-z/spotify.profile
+++ b/etc/profile-m-z/spotify.profile
@@ -5,11 +5,11 @@ include spotify.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/spotify
-nodeny  ${HOME}/.config/spotify
-nodeny  ${HOME}/.local/share/spotify
+noblacklist ${HOME}/.cache/spotify
+noblacklist ${HOME}/.config/spotify
+noblacklist ${HOME}/.local/share/spotify
 
-deny  ${HOME}/.bashrc
+blacklist ${HOME}/.bashrc
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,9 +21,9 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/spotify
 mkdir ${HOME}/.config/spotify
 mkdir ${HOME}/.local/share/spotify
-allow  ${HOME}/.cache/spotify
-allow  ${HOME}/.config/spotify
-allow  ${HOME}/.local/share/spotify
+whitelist ${HOME}/.cache/spotify
+whitelist ${HOME}/.config/spotify
+whitelist ${HOME}/.local/share/spotify
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/sqlitebrowser.profile b/etc/profile-m-z/sqlitebrowser.profile
index aa577b63a33..4dd2c7262b8 100644
--- a/etc/profile-m-z/sqlitebrowser.profile
+++ b/etc/profile-m-z/sqlitebrowser.profile
@@ -6,8 +6,8 @@ include sqlitebrowser.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/sqlitebrowser
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.config/sqlitebrowser
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/ssh-agent.profile b/etc/profile-m-z/ssh-agent.profile
index e456ebe073a..5802299a35b 100644
--- a/etc/profile-m-z/ssh-agent.profile
+++ b/etc/profile-m-z/ssh-agent.profile
@@ -9,8 +9,8 @@ include globals.local
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-passwdmgr.inc
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile
index 8a0d8615022..a5864219236 100644
--- a/etc/profile-m-z/ssh.profile
+++ b/etc/profile-m-z/ssh.profile
@@ -8,8 +8,8 @@ include ssh.local
 include globals.local
 
 # nc can be used as ProxyCommand, e.g. when using tor
-nodeny  ${PATH}/nc
-nodeny  ${PATH}/ncat
+noblacklist ${PATH}/nc
+noblacklist ${PATH}/ncat
 
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
@@ -19,8 +19,8 @@ include disable-exec.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-allow  ${RUNUSER}/gnupg/S.gpg-agent.ssh
-allow  ${RUNUSER}/keyring/ssh
+whitelist ${RUNUSER}/gnupg/S.gpg-agent.ssh
+whitelist ${RUNUSER}/keyring/ssh
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
 
diff --git a/etc/profile-m-z/standardnotes-desktop.profile b/etc/profile-m-z/standardnotes-desktop.profile
index 75de118abc1..48a532876e7 100644
--- a/etc/profile-m-z/standardnotes-desktop.profile
+++ b/etc/profile-m-z/standardnotes-desktop.profile
@@ -5,8 +5,8 @@ include standardnotes-desktop.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/Standard Notes Backups
-nodeny  ${HOME}/.config/Standard Notes
+noblacklist ${HOME}/Standard Notes Backups
+noblacklist ${HOME}/.config/Standard Notes
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/Standard Notes Backups
 mkdir ${HOME}/.config/Standard Notes
-allow  ${HOME}/Standard Notes Backups
-allow  ${HOME}/.config/Standard Notes
+whitelist ${HOME}/Standard Notes Backups
+whitelist ${HOME}/.config/Standard Notes
 include whitelist-var-common.inc
 
 apparmor
diff --git a/etc/profile-m-z/start-tor-browser.desktop.profile b/etc/profile-m-z/start-tor-browser.desktop.profile
index 8f75365e861..2f73c9feec8 100644
--- a/etc/profile-m-z/start-tor-browser.desktop.profile
+++ b/etc/profile-m-z/start-tor-browser.desktop.profile
@@ -6,71 +6,71 @@ include start-tor-browser.desktop.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser*
+noblacklist ${HOME}/.tor-browser*
 
-allow  ${HOME}/.tor-browser-ar
-allow  ${HOME}/.tor-browser-ca
-allow  ${HOME}/.tor-browser-cs
-allow  ${HOME}/.tor-browser-da
-allow  ${HOME}/.tor-browser-de
-allow  ${HOME}/.tor-browser-el
-allow  ${HOME}/.tor-browser-en
-allow  ${HOME}/.tor-browser-en-us
-allow  ${HOME}/.tor-browser-es
-allow  ${HOME}/.tor-browser-es-es
-allow  ${HOME}/.tor-browser-fa
-allow  ${HOME}/.tor-browser-fr
-allow  ${HOME}/.tor-browser-ga-ie
-allow  ${HOME}/.tor-browser-he
-allow  ${HOME}/.tor-browser-hu
-allow  ${HOME}/.tor-browser-id
-allow  ${HOME}/.tor-browser-is
-allow  ${HOME}/.tor-browser-it
-allow  ${HOME}/.tor-browser-ja
-allow  ${HOME}/.tor-browser-ka
-allow  ${HOME}/.tor-browser-ko
-allow  ${HOME}/.tor-browser-nb
-allow  ${HOME}/.tor-browser-nl
-allow  ${HOME}/.tor-browser-pl
-allow  ${HOME}/.tor-browser-pt-br
-allow  ${HOME}/.tor-browser-ru
-allow  ${HOME}/.tor-browser-sv-se
-allow  ${HOME}/.tor-browser-tr
-allow  ${HOME}/.tor-browser-vi
-allow  ${HOME}/.tor-browser-zh-cn
-allow  ${HOME}/.tor-browser-zh-tw
+whitelist ${HOME}/.tor-browser-ar
+whitelist ${HOME}/.tor-browser-ca
+whitelist ${HOME}/.tor-browser-cs
+whitelist ${HOME}/.tor-browser-da
+whitelist ${HOME}/.tor-browser-de
+whitelist ${HOME}/.tor-browser-el
+whitelist ${HOME}/.tor-browser-en
+whitelist ${HOME}/.tor-browser-en-us
+whitelist ${HOME}/.tor-browser-es
+whitelist ${HOME}/.tor-browser-es-es
+whitelist ${HOME}/.tor-browser-fa
+whitelist ${HOME}/.tor-browser-fr
+whitelist ${HOME}/.tor-browser-ga-ie
+whitelist ${HOME}/.tor-browser-he
+whitelist ${HOME}/.tor-browser-hu
+whitelist ${HOME}/.tor-browser-id
+whitelist ${HOME}/.tor-browser-is
+whitelist ${HOME}/.tor-browser-it
+whitelist ${HOME}/.tor-browser-ja
+whitelist ${HOME}/.tor-browser-ka
+whitelist ${HOME}/.tor-browser-ko
+whitelist ${HOME}/.tor-browser-nb
+whitelist ${HOME}/.tor-browser-nl
+whitelist ${HOME}/.tor-browser-pl
+whitelist ${HOME}/.tor-browser-pt-br
+whitelist ${HOME}/.tor-browser-ru
+whitelist ${HOME}/.tor-browser-sv-se
+whitelist ${HOME}/.tor-browser-tr
+whitelist ${HOME}/.tor-browser-vi
+whitelist ${HOME}/.tor-browser-zh-cn
+whitelist ${HOME}/.tor-browser-zh-tw
 
-allow  ${HOME}/.tor-browser_ar
-allow  ${HOME}/.tor-browser_ca
-allow  ${HOME}/.tor-browser_cs
-allow  ${HOME}/.tor-browser_da
-allow  ${HOME}/.tor-browser_de
-allow  ${HOME}/.tor-browser_el
-allow  ${HOME}/.tor-browser_en
-allow  ${HOME}/.tor-browser_en_US
-allow  ${HOME}/.tor-browser_es
-allow  ${HOME}/.tor-browser_es-ES
-allow  ${HOME}/.tor-browser_fa
-allow  ${HOME}/.tor-browser_fr
-allow  ${HOME}/.tor-browser_ga-IE
-allow  ${HOME}/.tor-browser_he
-allow  ${HOME}/.tor-browser_hu
-allow  ${HOME}/.tor-browser_id
-allow  ${HOME}/.tor-browser_is
-allow  ${HOME}/.tor-browser_it
-allow  ${HOME}/.tor-browser_ja
-allow  ${HOME}/.tor-browser_ka
-allow  ${HOME}/.tor-browser_ko
-allow  ${HOME}/.tor-browser_nb
-allow  ${HOME}/.tor-browser_nl
-allow  ${HOME}/.tor-browser_pl
-allow  ${HOME}/.tor-browser_pt-BR
-allow  ${HOME}/.tor-browser_ru
-allow  ${HOME}/.tor-browser_sv-SE
-allow  ${HOME}/.tor-browser_tr
-allow  ${HOME}/.tor-browser_vi
-allow  ${HOME}/.tor-browser_zh-CN
-allow  ${HOME}/.tor-browser_zh-TW
+whitelist ${HOME}/.tor-browser_ar
+whitelist ${HOME}/.tor-browser_ca
+whitelist ${HOME}/.tor-browser_cs
+whitelist ${HOME}/.tor-browser_da
+whitelist ${HOME}/.tor-browser_de
+whitelist ${HOME}/.tor-browser_el
+whitelist ${HOME}/.tor-browser_en
+whitelist ${HOME}/.tor-browser_en_US
+whitelist ${HOME}/.tor-browser_es
+whitelist ${HOME}/.tor-browser_es-ES
+whitelist ${HOME}/.tor-browser_fa
+whitelist ${HOME}/.tor-browser_fr
+whitelist ${HOME}/.tor-browser_ga-IE
+whitelist ${HOME}/.tor-browser_he
+whitelist ${HOME}/.tor-browser_hu
+whitelist ${HOME}/.tor-browser_id
+whitelist ${HOME}/.tor-browser_is
+whitelist ${HOME}/.tor-browser_it
+whitelist ${HOME}/.tor-browser_ja
+whitelist ${HOME}/.tor-browser_ka
+whitelist ${HOME}/.tor-browser_ko
+whitelist ${HOME}/.tor-browser_nb
+whitelist ${HOME}/.tor-browser_nl
+whitelist ${HOME}/.tor-browser_pl
+whitelist ${HOME}/.tor-browser_pt-BR
+whitelist ${HOME}/.tor-browser_ru
+whitelist ${HOME}/.tor-browser_sv-SE
+whitelist ${HOME}/.tor-browser_tr
+whitelist ${HOME}/.tor-browser_vi
+whitelist ${HOME}/.tor-browser_zh-CN
+whitelist ${HOME}/.tor-browser_zh-TW
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile
index 09e29373de9..06d08f3a21b 100644
--- a/etc/profile-m-z/steam.profile
+++ b/etc/profile-m-z/steam.profile
@@ -6,40 +6,40 @@ include steam.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Epic
-nodeny  ${HOME}/.config/Loop_Hero
-nodeny  ${HOME}/.config/ModTheSpire
-nodeny  ${HOME}/.config/RogueLegacy
-nodeny  ${HOME}/.config/RogueLegacyStorageContainer
-nodeny  ${HOME}/.killingfloor
-nodeny  ${HOME}/.klei
-nodeny  ${HOME}/.local/share/3909/PapersPlease
-nodeny  ${HOME}/.local/share/aspyr-media
-nodeny  ${HOME}/.local/share/bohemiainteractive
-nodeny  ${HOME}/.local/share/cdprojektred
-nodeny  ${HOME}/.local/share/Dredmor
-nodeny  ${HOME}/.local/share/FasterThanLight
-nodeny  ${HOME}/.local/share/feral-interactive
-nodeny  ${HOME}/.local/share/IntoTheBreach
-nodeny  ${HOME}/.local/share/Paradox Interactive
-nodeny  ${HOME}/.local/share/PillarsOfEternity
-nodeny  ${HOME}/.local/share/RogueLegacy
-nodeny  ${HOME}/.local/share/RogueLegacyStorageContainer
-nodeny  ${HOME}/.local/share/Steam
-nodeny  ${HOME}/.local/share/SteamWorldDig
-nodeny  ${HOME}/.local/share/SteamWorld Dig 2
-nodeny  ${HOME}/.local/share/SuperHexagon
-nodeny  ${HOME}/.local/share/Terraria
-nodeny  ${HOME}/.local/share/vpltd
-nodeny  ${HOME}/.local/share/vulkan
-nodeny  ${HOME}/.mbwarband
-nodeny  ${HOME}/.paradoxinteractive
-nodeny  ${HOME}/.steam
-nodeny  ${HOME}/.steampath
-nodeny  ${HOME}/.steampid
+noblacklist ${HOME}/.config/Epic
+noblacklist ${HOME}/.config/Loop_Hero
+noblacklist ${HOME}/.config/ModTheSpire
+noblacklist ${HOME}/.config/RogueLegacy
+noblacklist ${HOME}/.config/RogueLegacyStorageContainer
+noblacklist ${HOME}/.killingfloor
+noblacklist ${HOME}/.klei
+noblacklist ${HOME}/.local/share/3909/PapersPlease
+noblacklist ${HOME}/.local/share/aspyr-media
+noblacklist ${HOME}/.local/share/bohemiainteractive
+noblacklist ${HOME}/.local/share/cdprojektred
+noblacklist ${HOME}/.local/share/Dredmor
+noblacklist ${HOME}/.local/share/FasterThanLight
+noblacklist ${HOME}/.local/share/feral-interactive
+noblacklist ${HOME}/.local/share/IntoTheBreach
+noblacklist ${HOME}/.local/share/Paradox Interactive
+noblacklist ${HOME}/.local/share/PillarsOfEternity
+noblacklist ${HOME}/.local/share/RogueLegacy
+noblacklist ${HOME}/.local/share/RogueLegacyStorageContainer
+noblacklist ${HOME}/.local/share/Steam
+noblacklist ${HOME}/.local/share/SteamWorldDig
+noblacklist ${HOME}/.local/share/SteamWorld Dig 2
+noblacklist ${HOME}/.local/share/SuperHexagon
+noblacklist ${HOME}/.local/share/Terraria
+noblacklist ${HOME}/.local/share/vpltd
+noblacklist ${HOME}/.local/share/vulkan
+noblacklist ${HOME}/.mbwarband
+noblacklist ${HOME}/.paradoxinteractive
+noblacklist ${HOME}/.steam
+noblacklist ${HOME}/.steampath
+noblacklist ${HOME}/.steampid
 # needed for STEAM_RUNTIME_PREFER_HOST_LIBRARIES=1 to work
-nodeny  /sbin
-nodeny  /usr/sbin
+noblacklist /sbin
+noblacklist /usr/sbin
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -84,38 +84,38 @@ mkdir ${HOME}/.paradoxinteractive
 mkdir ${HOME}/.steam
 mkfile ${HOME}/.steampath
 mkfile ${HOME}/.steampid
-allow  ${HOME}/.config/Epic
-allow  ${HOME}/.config/Loop_Hero
-allow  ${HOME}/.config/ModTheSpire
-allow  ${HOME}/.config/RogueLegacy
-allow  ${HOME}/.config/RogueLegacyStorageContainer
-allow  ${HOME}/.config/unity3d
-allow  ${HOME}/.killingfloor
-allow  ${HOME}/.klei
-allow  ${HOME}/.local/share/3909/PapersPlease
-allow  ${HOME}/.local/share/aspyr-media
-allow  ${HOME}/.local/share/bohemiainteractive
-allow  ${HOME}/.local/share/cdprojektred
-allow  ${HOME}/.local/share/Dredmor
-allow  ${HOME}/.local/share/FasterThanLight
-allow  ${HOME}/.local/share/feral-interactive
-allow  ${HOME}/.local/share/IntoTheBreach
-allow  ${HOME}/.local/share/Paradox Interactive
-allow  ${HOME}/.local/share/PillarsOfEternity
-allow  ${HOME}/.local/share/RogueLegacy
-allow  ${HOME}/.local/share/RogueLegacyStorageContainer
-allow  ${HOME}/.local/share/Steam
-allow  ${HOME}/.local/share/SteamWorldDig
-allow  ${HOME}/.local/share/SteamWorld Dig 2
-allow  ${HOME}/.local/share/SuperHexagon
-allow  ${HOME}/.local/share/Terraria
-allow  ${HOME}/.local/share/vpltd
-allow  ${HOME}/.local/share/vulkan
-allow  ${HOME}/.mbwarband
-allow  ${HOME}/.paradoxinteractive
-allow  ${HOME}/.steam
-allow  ${HOME}/.steampath
-allow  ${HOME}/.steampid
+whitelist ${HOME}/.config/Epic
+whitelist ${HOME}/.config/Loop_Hero
+whitelist ${HOME}/.config/ModTheSpire
+whitelist ${HOME}/.config/RogueLegacy
+whitelist ${HOME}/.config/RogueLegacyStorageContainer
+whitelist ${HOME}/.config/unity3d
+whitelist ${HOME}/.killingfloor
+whitelist ${HOME}/.klei
+whitelist ${HOME}/.local/share/3909/PapersPlease
+whitelist ${HOME}/.local/share/aspyr-media
+whitelist ${HOME}/.local/share/bohemiainteractive
+whitelist ${HOME}/.local/share/cdprojektred
+whitelist ${HOME}/.local/share/Dredmor
+whitelist ${HOME}/.local/share/FasterThanLight
+whitelist ${HOME}/.local/share/feral-interactive
+whitelist ${HOME}/.local/share/IntoTheBreach
+whitelist ${HOME}/.local/share/Paradox Interactive
+whitelist ${HOME}/.local/share/PillarsOfEternity
+whitelist ${HOME}/.local/share/RogueLegacy
+whitelist ${HOME}/.local/share/RogueLegacyStorageContainer
+whitelist ${HOME}/.local/share/Steam
+whitelist ${HOME}/.local/share/SteamWorldDig
+whitelist ${HOME}/.local/share/SteamWorld Dig 2
+whitelist ${HOME}/.local/share/SuperHexagon
+whitelist ${HOME}/.local/share/Terraria
+whitelist ${HOME}/.local/share/vpltd
+whitelist ${HOME}/.local/share/vulkan
+whitelist ${HOME}/.mbwarband
+whitelist ${HOME}/.paradoxinteractive
+whitelist ${HOME}/.steam
+whitelist ${HOME}/.steampath
+whitelist ${HOME}/.steampid
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/stellarium.profile b/etc/profile-m-z/stellarium.profile
index 003d3a07948..a752ab53c77 100644
--- a/etc/profile-m-z/stellarium.profile
+++ b/etc/profile-m-z/stellarium.profile
@@ -6,8 +6,8 @@ include stellarium.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/stellarium
-nodeny  ${HOME}/.stellarium
+noblacklist ${HOME}/.config/stellarium
+noblacklist ${HOME}/.stellarium
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-shell.inc
 
 mkdir ${HOME}/.config/stellarium
 mkdir ${HOME}/.stellarium
-allow  ${HOME}/.config/stellarium
-allow  ${HOME}/.stellarium
+whitelist ${HOME}/.config/stellarium
+whitelist ${HOME}/.stellarium
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/straw-viewer.profile b/etc/profile-m-z/straw-viewer.profile
index dd643bc2044..d73927f2a8e 100644
--- a/etc/profile-m-z/straw-viewer.profile
+++ b/etc/profile-m-z/straw-viewer.profile
@@ -7,13 +7,13 @@ include straw-viewer.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/straw-viewer
-nodeny  ${HOME}/.config/straw-viewer
+noblacklist ${HOME}/.cache/straw-viewer
+noblacklist ${HOME}/.config/straw-viewer
 
 mkdir ${HOME}/.config/straw-viewer
 mkdir ${HOME}/.cache/straw-viewer
-allow  ${HOME}/.cache/straw-viewer
-allow  ${HOME}/.config/straw-viewer
+whitelist ${HOME}/.cache/straw-viewer
+whitelist ${HOME}/.config/straw-viewer
 
 private-bin gtk-straw-viewer,straw-viewer
 
diff --git a/etc/profile-m-z/strawberry.profile b/etc/profile-m-z/strawberry.profile
index aed0b7910e6..b87906f5508 100644
--- a/etc/profile-m-z/strawberry.profile
+++ b/etc/profile-m-z/strawberry.profile
@@ -6,10 +6,10 @@ include strawberry.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/strawberry
-nodeny  ${HOME}/.config/strawberry
-nodeny  ${HOME}/.local/share/strawberry
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.cache/strawberry
+noblacklist ${HOME}/.config/strawberry
+noblacklist ${HOME}/.local/share/strawberry
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/strings.profile b/etc/profile-m-z/strings.profile
index 5c820ef81e9..1ebcded7f51 100644
--- a/etc/profile-m-z/strings.profile
+++ b/etc/profile-m-z/strings.profile
@@ -7,7 +7,7 @@ include strings.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 
 #include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/subdownloader.profile b/etc/profile-m-z/subdownloader.profile
index 0d07b5ea74d..bbe92fd38f4 100644
--- a/etc/profile-m-z/subdownloader.profile
+++ b/etc/profile-m-z/subdownloader.profile
@@ -6,8 +6,8 @@ include subdownloader.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/SubDownloader
-nodeny  ${VIDEOS}
+noblacklist ${HOME}/.config/SubDownloader
+noblacklist ${VIDEOS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/supertux2.profile b/etc/profile-m-z/supertux2.profile
index 8cc54780532..cfd7a63ead9 100644
--- a/etc/profile-m-z/supertux2.profile
+++ b/etc/profile-m-z/supertux2.profile
@@ -6,7 +6,7 @@ include supertux2.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/supertux2
+noblacklist ${HOME}/.local/share/supertux2
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/supertux2
-allow  ${HOME}/.local/share/supertux2
-allow  /usr/share/supertux2
-allow  /usr/share/games/supertux2	# Debian version
+whitelist ${HOME}/.local/share/supertux2
+whitelist /usr/share/supertux2
+whitelist /usr/share/games/supertux2	# Debian version
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/supertuxkart.profile b/etc/profile-m-z/supertuxkart.profile
index 44dc1524fd3..4eb8f921c80 100644
--- a/etc/profile-m-z/supertuxkart.profile
+++ b/etc/profile-m-z/supertuxkart.profile
@@ -6,11 +6,11 @@ include supertuxkart.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/supertuxkart
-nodeny  ${HOME}/.cache/supertuxkart
-nodeny  ${HOME}/.local/share/supertuxkart
+noblacklist ${HOME}/.config/supertuxkart
+noblacklist ${HOME}/.cache/supertuxkart
+noblacklist ${HOME}/.local/share/supertuxkart
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,11 +24,11 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/supertuxkart
 mkdir ${HOME}/.cache/supertuxkart
 mkdir ${HOME}/.local/share/supertuxkart
-allow  ${HOME}/.config/supertuxkart
-allow  ${HOME}/.cache/supertuxkart
-allow  ${HOME}/.local/share/supertuxkart
-allow  /usr/share/supertuxkart
-allow  /usr/share/games/supertuxkart	# Debian version
+whitelist ${HOME}/.config/supertuxkart
+whitelist ${HOME}/.cache/supertuxkart
+whitelist ${HOME}/.local/share/supertuxkart
+whitelist /usr/share/supertuxkart
+whitelist /usr/share/games/supertuxkart	# Debian version
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/surf.profile b/etc/profile-m-z/surf.profile
index fd1e7f9e974..8db7d243397 100644
--- a/etc/profile-m-z/surf.profile
+++ b/etc/profile-m-z/surf.profile
@@ -6,7 +6,7 @@ include surf.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.surf
+noblacklist ${HOME}/.surf
 
 include disable-common.inc
 include disable-devel.inc
@@ -15,8 +15,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.surf
-allow  ${HOME}/.surf
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.surf
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/swell-foop.profile b/etc/profile-m-z/swell-foop.profile
index 55cd0965a25..9efae815d66 100644
--- a/etc/profile-m-z/swell-foop.profile
+++ b/etc/profile-m-z/swell-foop.profile
@@ -6,12 +6,12 @@ include swell-foop.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/swell-foop
+noblacklist ${HOME}/.local/share/swell-foop
 
 mkdir ${HOME}/.local/share/swell-foop
-allow  ${HOME}/.local/share/swell-foop
+whitelist ${HOME}/.local/share/swell-foop
 
-allow  /usr/share/swell-foop
+whitelist /usr/share/swell-foop
 
 private-bin swell-foop
 
diff --git a/etc/profile-m-z/sylpheed.profile b/etc/profile-m-z/sylpheed.profile
index 447cdc99e85..328812b04be 100644
--- a/etc/profile-m-z/sylpheed.profile
+++ b/etc/profile-m-z/sylpheed.profile
@@ -6,12 +6,12 @@ include sylpheed.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.sylpheed-2.0
+noblacklist ${HOME}/.sylpheed-2.0
 
 mkdir ${HOME}/.sylpheed-2.0
-allow  ${HOME}/.sylpheed-2.0
+whitelist ${HOME}/.sylpheed-2.0
 
-allow  /usr/share/sylpheed
+whitelist /usr/share/sylpheed
 
 # private-bin curl,gpg,gpg2,gpg-agent,gpgsm,pinentry,pinentry-gtk-2,sylpheed
 
diff --git a/etc/profile-m-z/synfigstudio.profile b/etc/profile-m-z/synfigstudio.profile
index 7cbbafd543a..c60186c42c0 100644
--- a/etc/profile-m-z/synfigstudio.profile
+++ b/etc/profile-m-z/synfigstudio.profile
@@ -6,8 +6,8 @@ include synfigstudio.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/synfig
-nodeny  ${HOME}/.synfig
+noblacklist ${HOME}/.config/synfig
+noblacklist ${HOME}/.synfig
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/sysprof.profile b/etc/profile-m-z/sysprof.profile
index f20f8879184..b52b25b963c 100644
--- a/etc/profile-m-z/sysprof.profile
+++ b/etc/profile-m-z/sysprof.profile
@@ -6,7 +6,7 @@ include sysprof.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -24,15 +24,15 @@ include disable-xdg.inc
 #nowhitelist /usr/share/yelp-tools
 #nowhitelist /usr/share/yelp-xsl
 
-nodeny  ${HOME}/.config/yelp
+noblacklist ${HOME}/.config/yelp
 mkdir ${HOME}/.config/yelp
-allow  ${HOME}/.config/yelp
-allow  /usr/share/help/C/sysprof
-allow  /usr/share/yelp
-allow  /usr/share/yelp-tools
-allow  /usr/share/yelp-xsl
+whitelist ${HOME}/.config/yelp
+whitelist /usr/share/help/C/sysprof
+whitelist /usr/share/yelp
+whitelist /usr/share/yelp-tools
+whitelist /usr/share/yelp-xsl
 
-allow  ${DOCUMENTS}
+whitelist ${DOCUMENTS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/tar.profile b/etc/profile-m-z/tar.profile
index 74c8a084950..0d3a900e90e 100644
--- a/etc/profile-m-z/tar.profile
+++ b/etc/profile-m-z/tar.profile
@@ -12,7 +12,7 @@ ignore include disable-shell.inc
 
 # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop
 # all capabilities this is automatically read-only.
-nodeny  /var/lib/pacman
+noblacklist /var/lib/pacman
 
 private-etc alternatives,group,localtime,login.defs,passwd
 #private-lib libfakeroot,liblzma.so.*,libreadline.so.*
diff --git a/etc/profile-m-z/tb-starter-wrapper.profile b/etc/profile-m-z/tb-starter-wrapper.profile
index 691c3319174..ffe9605b648 100644
--- a/etc/profile-m-z/tb-starter-wrapper.profile
+++ b/etc/profile-m-z/tb-starter-wrapper.profile
@@ -8,10 +8,10 @@ include tb-starter-wrapper.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tb
+noblacklist ${HOME}/.tb
 
 mkdir ${HOME}/.tb
-allow  ${HOME}/.tb
+whitelist ${HOME}/.tb
 
 private-bin tb-starter-wrapper
 
diff --git a/etc/profile-m-z/tcpdump.profile b/etc/profile-m-z/tcpdump.profile
index b4c4873b3c2..e2ba5893c02 100644
--- a/etc/profile-m-z/tcpdump.profile
+++ b/etc/profile-m-z/tcpdump.profile
@@ -6,9 +6,9 @@ include tcpdump.local
 # Persistent global definitions
 include globals.local
 
-nodeny  /sbin
-nodeny  /usr/sbin
-nodeny  ${PATH}/tcpdump
+noblacklist /sbin
+noblacklist /usr/sbin
+noblacklist ${PATH}/tcpdump
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/teams-for-linux.profile b/etc/profile-m-z/teams-for-linux.profile
index 24cbb42da6c..eee0833326a 100644
--- a/etc/profile-m-z/teams-for-linux.profile
+++ b/etc/profile-m-z/teams-for-linux.profile
@@ -14,10 +14,10 @@ ignore include whitelist-usr-share-common.inc
 ignore dbus-user none
 ignore dbus-system none
 
-nodeny  ${HOME}/.config/teams-for-linux
+noblacklist ${HOME}/.config/teams-for-linux
 
 mkdir ${HOME}/.config/teams-for-linux
-allow  ${HOME}/.config/teams-for-linux
+whitelist ${HOME}/.config/teams-for-linux
 
 private-bin bash,cut,echo,egrep,grep,head,sed,sh,teams-for-linux,tr,xdg-mime,xdg-open,zsh
 private-etc ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,resolv.conf,ssl
diff --git a/etc/profile-m-z/teams.profile b/etc/profile-m-z/teams.profile
index 8639edbc8fd..c8d98cbaa2c 100644
--- a/etc/profile-m-z/teams.profile
+++ b/etc/profile-m-z/teams.profile
@@ -18,13 +18,13 @@ ignore apparmor
 ignore dbus-user none
 ignore dbus-system none
 
-nodeny  ${HOME}/.config/teams
-nodeny  ${HOME}/.config/Microsoft
+noblacklist ${HOME}/.config/teams
+noblacklist ${HOME}/.config/Microsoft
 
 mkdir ${HOME}/.config/teams
 mkdir ${HOME}/.config/Microsoft
-allow  ${HOME}/.config/teams
-allow  ${HOME}/.config/Microsoft
+whitelist ${HOME}/.config/teams
+whitelist ${HOME}/.config/Microsoft
 
 # Redirect
 include electron.profile
diff --git a/etc/profile-m-z/teamspeak3.profile b/etc/profile-m-z/teamspeak3.profile
index 781a5f4ebc1..02a2c8ae409 100644
--- a/etc/profile-m-z/teamspeak3.profile
+++ b/etc/profile-m-z/teamspeak3.profile
@@ -6,8 +6,8 @@ include teamspeak3.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.ts3client
-nodeny  ${PATH}/openssl
+noblacklist ${HOME}/.ts3client
+noblacklist ${PATH}/openssl
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.ts3client
-allow  ${DOWNLOADS}
-allow  ${HOME}/.ts3client
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.ts3client
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/teeworlds.profile b/etc/profile-m-z/teeworlds.profile
index c9c444ffc41..be01aee12fb 100644
--- a/etc/profile-m-z/teeworlds.profile
+++ b/etc/profile-m-z/teeworlds.profile
@@ -6,7 +6,7 @@ include teeworlds.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.teeworlds
+noblacklist ${HOME}/.teeworlds
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.teeworlds
-allow  ${HOME}/.teeworlds
+whitelist ${HOME}/.teeworlds
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/telegram.profile b/etc/profile-m-z/telegram.profile
index 92689a46159..e7580938d9c 100644
--- a/etc/profile-m-z/telegram.profile
+++ b/etc/profile-m-z/telegram.profile
@@ -5,8 +5,8 @@ include telegram.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.TelegramDesktop
-nodeny  ${HOME}/.local/share/TelegramDesktop
+noblacklist ${HOME}/.TelegramDesktop
+noblacklist ${HOME}/.local/share/TelegramDesktop
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.TelegramDesktop
 mkdir ${HOME}/.local/share/TelegramDesktop
-allow  ${HOME}/.TelegramDesktop
-allow  ${HOME}/.local/share/TelegramDesktop
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.TelegramDesktop
+whitelist ${HOME}/.local/share/TelegramDesktop
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/terasology.profile b/etc/profile-m-z/terasology.profile
index b2f98fbac1c..ce2ca1d1761 100644
--- a/etc/profile-m-z/terasology.profile
+++ b/etc/profile-m-z/terasology.profile
@@ -7,7 +7,7 @@ include globals.local
 
 ignore noexec /tmp
 
-nodeny  ${HOME}/.local/share/terasology
+noblacklist ${HOME}/.local/share/terasology
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -21,8 +21,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.java
 mkdir ${HOME}/.local/share/terasology
-allow  ${HOME}/.java
-allow  ${HOME}/.local/share/terasology
+whitelist ${HOME}/.java
+whitelist ${HOME}/.local/share/terasology
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/thunderbird.profile b/etc/profile-m-z/thunderbird.profile
index a539cadf82b..b478fbe1ea2 100644
--- a/etc/profile-m-z/thunderbird.profile
+++ b/etc/profile-m-z/thunderbird.profile
@@ -22,14 +22,14 @@ writable-run-user
 #writable-var
 
 # These lines are needed to allow Firefox to load your profile when clicking a link in an email
-nodeny  ${HOME}/.mozilla
-allow  ${HOME}/.mozilla/firefox/profiles.ini
+noblacklist ${HOME}/.mozilla
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
 read-only ${HOME}/.mozilla/firefox/profiles.ini
 
-nodeny  ${HOME}/.cache/thunderbird
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.cache/thunderbird
+noblacklist ${HOME}/.gnupg
 # noblacklist ${HOME}/.icedove
-nodeny  ${HOME}/.thunderbird
+noblacklist ${HOME}/.thunderbird
 
 include disable-passwdmgr.inc
 include disable-xdg.inc
@@ -42,15 +42,15 @@ mkdir ${HOME}/.cache/thunderbird
 mkdir ${HOME}/.gnupg
 # mkdir ${HOME}/.icedove
 mkdir ${HOME}/.thunderbird
-allow  ${HOME}/.cache/thunderbird
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.cache/thunderbird
+whitelist ${HOME}/.gnupg
 # whitelist ${HOME}/.icedove
-allow  ${HOME}/.thunderbird
+whitelist ${HOME}/.thunderbird
 
-allow  /usr/share/gnupg
-allow  /usr/share/mozilla
-allow  /usr/share/thunderbird
-allow  /usr/share/webext
+whitelist /usr/share/gnupg
+whitelist /usr/share/mozilla
+whitelist /usr/share/thunderbird
+whitelist /usr/share/webext
 include whitelist-usr-share-common.inc
 
 # machine-id breaks audio in browsers; enable or put it in your thunderbird.local when sound is not required
diff --git a/etc/profile-m-z/tilp.profile b/etc/profile-m-z/tilp.profile
index b0fa54f08a9..dd4a372c459 100644
--- a/etc/profile-m-z/tilp.profile
+++ b/etc/profile-m-z/tilp.profile
@@ -5,7 +5,7 @@ include tilp.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.tilp
+noblacklist ${HOME}/.tilp
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/tin.profile b/etc/profile-m-z/tin.profile
index 3ee696b8ba8..e0ed3090a99 100644
--- a/etc/profile-m-z/tin.profile
+++ b/etc/profile-m-z/tin.profile
@@ -6,12 +6,12 @@ include tin.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.newsrc
-nodeny  ${HOME}/.tin
+noblacklist ${HOME}/.newsrc
+noblacklist ${HOME}/.tin
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}
-deny  /usr/libexec
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/tmux.profile b/etc/profile-m-z/tmux.profile
index d2e90e3567c..0139d75153f 100644
--- a/etc/profile-m-z/tmux.profile
+++ b/etc/profile-m-z/tmux.profile
@@ -7,10 +7,10 @@ include tmux.local
 # Persistent global definitions
 include globals.local
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
 
-nodeny  /tmp/tmux-*
+noblacklist /tmp/tmux-*
 
 # include disable-common.inc
 # include disable-devel.inc
diff --git a/etc/profile-m-z/tor-browser-ar.profile b/etc/profile-m-z/tor-browser-ar.profile
index 49158b93e53..59f1bc3b139 100644
--- a/etc/profile-m-z/tor-browser-ar.profile
+++ b/etc/profile-m-z/tor-browser-ar.profile
@@ -6,10 +6,10 @@ include tor-browser-ar.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-ar
+noblacklist ${HOME}/.tor-browser-ar
 
 mkdir ${HOME}/.tor-browser-ar
-allow  ${HOME}/.tor-browser-ar
+whitelist ${HOME}/.tor-browser-ar
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ca.profile b/etc/profile-m-z/tor-browser-ca.profile
index 612f8bd7c8f..68577e35208 100644
--- a/etc/profile-m-z/tor-browser-ca.profile
+++ b/etc/profile-m-z/tor-browser-ca.profile
@@ -6,10 +6,10 @@ include tor-browser-ca.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-ca
+noblacklist ${HOME}/.tor-browser-ca
 
 mkdir ${HOME}/.tor-browser-ca
-allow  ${HOME}/.tor-browser-ca
+whitelist ${HOME}/.tor-browser-ca
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-cs.profile b/etc/profile-m-z/tor-browser-cs.profile
index a400fde0564..33e51fcd080 100644
--- a/etc/profile-m-z/tor-browser-cs.profile
+++ b/etc/profile-m-z/tor-browser-cs.profile
@@ -6,10 +6,10 @@ include tor-browser-cs.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-cs
+noblacklist ${HOME}/.tor-browser-cs
 
 mkdir ${HOME}/.tor-browser-cs
-allow  ${HOME}/.tor-browser-cs
+whitelist ${HOME}/.tor-browser-cs
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-da.profile b/etc/profile-m-z/tor-browser-da.profile
index 9010025e3d6..440bb7fc359 100644
--- a/etc/profile-m-z/tor-browser-da.profile
+++ b/etc/profile-m-z/tor-browser-da.profile
@@ -6,10 +6,10 @@ include tor-browser-da.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-da
+noblacklist ${HOME}/.tor-browser-da
 
 mkdir ${HOME}/.tor-browser-da
-allow  ${HOME}/.tor-browser-da
+whitelist ${HOME}/.tor-browser-da
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-de.profile b/etc/profile-m-z/tor-browser-de.profile
index cd556c32bb8..b2b98cf8279 100644
--- a/etc/profile-m-z/tor-browser-de.profile
+++ b/etc/profile-m-z/tor-browser-de.profile
@@ -6,10 +6,10 @@ include tor-browser-de.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-de
+noblacklist ${HOME}/.tor-browser-de
 
 mkdir ${HOME}/.tor-browser-de
-allow  ${HOME}/.tor-browser-de
+whitelist ${HOME}/.tor-browser-de
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-el.profile b/etc/profile-m-z/tor-browser-el.profile
index ee2b0fea741..626757dd5c1 100644
--- a/etc/profile-m-z/tor-browser-el.profile
+++ b/etc/profile-m-z/tor-browser-el.profile
@@ -6,10 +6,10 @@ include tor-browser-el.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-el
+noblacklist ${HOME}/.tor-browser-el
 
 mkdir ${HOME}/.tor-browser-el
-allow  ${HOME}/.tor-browser-el
+whitelist ${HOME}/.tor-browser-el
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-en-us.profile b/etc/profile-m-z/tor-browser-en-us.profile
index 2be71a5aa54..15e6907485c 100644
--- a/etc/profile-m-z/tor-browser-en-us.profile
+++ b/etc/profile-m-z/tor-browser-en-us.profile
@@ -6,10 +6,10 @@ include tor-browser-en-us.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-en-us
+noblacklist ${HOME}/.tor-browser-en-us
 
 mkdir ${HOME}/.tor-browser-en-us
-allow  ${HOME}/.tor-browser-en-us
+whitelist ${HOME}/.tor-browser-en-us
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-en.profile b/etc/profile-m-z/tor-browser-en.profile
index 633c2f4f951..ef8c1eb8be5 100644
--- a/etc/profile-m-z/tor-browser-en.profile
+++ b/etc/profile-m-z/tor-browser-en.profile
@@ -6,10 +6,10 @@ include tor-browser-en.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-en
+noblacklist ${HOME}/.tor-browser-en
 
 mkdir ${HOME}/.tor-browser-en
-allow  ${HOME}/.tor-browser-en
+whitelist ${HOME}/.tor-browser-en
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-es-es.profile b/etc/profile-m-z/tor-browser-es-es.profile
index f7c2302a734..ad734662e74 100644
--- a/etc/profile-m-z/tor-browser-es-es.profile
+++ b/etc/profile-m-z/tor-browser-es-es.profile
@@ -6,10 +6,10 @@ include tor-browser-es-es.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-es-es
+noblacklist ${HOME}/.tor-browser-es-es
 
 mkdir ${HOME}/.tor-browser-es-es
-allow  ${HOME}/.tor-browser-es-es
+whitelist ${HOME}/.tor-browser-es-es
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-es.profile b/etc/profile-m-z/tor-browser-es.profile
index d88dcdec121..97d8d857713 100644
--- a/etc/profile-m-z/tor-browser-es.profile
+++ b/etc/profile-m-z/tor-browser-es.profile
@@ -6,10 +6,10 @@ include tor-browser-es.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-es
+noblacklist ${HOME}/.tor-browser-es
 
 mkdir ${HOME}/.tor-browser-es
-allow  ${HOME}/.tor-browser-es
+whitelist ${HOME}/.tor-browser-es
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-fa.profile b/etc/profile-m-z/tor-browser-fa.profile
index 3f7074fdb99..095be69e452 100644
--- a/etc/profile-m-z/tor-browser-fa.profile
+++ b/etc/profile-m-z/tor-browser-fa.profile
@@ -6,10 +6,10 @@ include tor-browser-fa.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-fa
+noblacklist ${HOME}/.tor-browser-fa
 
 mkdir ${HOME}/.tor-browser-fa
-allow  ${HOME}/.tor-browser-fa
+whitelist ${HOME}/.tor-browser-fa
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-fr.profile b/etc/profile-m-z/tor-browser-fr.profile
index ef14f44a21b..37f61fc3add 100644
--- a/etc/profile-m-z/tor-browser-fr.profile
+++ b/etc/profile-m-z/tor-browser-fr.profile
@@ -6,10 +6,10 @@ include tor-browser-fr.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-fr
+noblacklist ${HOME}/.tor-browser-fr
 
 mkdir ${HOME}/.tor-browser-fr
-allow  ${HOME}/.tor-browser-fr
+whitelist ${HOME}/.tor-browser-fr
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ga-ie.profile b/etc/profile-m-z/tor-browser-ga-ie.profile
index 06baaf34f41..ab7141fc476 100644
--- a/etc/profile-m-z/tor-browser-ga-ie.profile
+++ b/etc/profile-m-z/tor-browser-ga-ie.profile
@@ -6,10 +6,10 @@ include tor-browser-ga-ie.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-ga-ie
+noblacklist ${HOME}/.tor-browser-ga-ie
 
 mkdir ${HOME}/.tor-browser-ga-ie
-allow  ${HOME}/.tor-browser-ga-ie
+whitelist ${HOME}/.tor-browser-ga-ie
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-he.profile b/etc/profile-m-z/tor-browser-he.profile
index 57588ffc77b..ae56f3b7f6a 100644
--- a/etc/profile-m-z/tor-browser-he.profile
+++ b/etc/profile-m-z/tor-browser-he.profile
@@ -6,10 +6,10 @@ include tor-browser-he.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-he
+noblacklist ${HOME}/.tor-browser-he
 
 mkdir ${HOME}/.tor-browser-he
-allow  ${HOME}/.tor-browser-he
+whitelist ${HOME}/.tor-browser-he
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-hu.profile b/etc/profile-m-z/tor-browser-hu.profile
index a10b66a24a5..65cd18ac819 100644
--- a/etc/profile-m-z/tor-browser-hu.profile
+++ b/etc/profile-m-z/tor-browser-hu.profile
@@ -6,10 +6,10 @@ include tor-browser-hu.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-hu
+noblacklist ${HOME}/.tor-browser-hu
 
 mkdir ${HOME}/.tor-browser-hu
-allow  ${HOME}/.tor-browser-hu
+whitelist ${HOME}/.tor-browser-hu
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-id.profile b/etc/profile-m-z/tor-browser-id.profile
index fcdb822cd5a..57fe09f4715 100644
--- a/etc/profile-m-z/tor-browser-id.profile
+++ b/etc/profile-m-z/tor-browser-id.profile
@@ -6,10 +6,10 @@ include tor-browser-id.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-id
+noblacklist ${HOME}/.tor-browser-id
 
 mkdir ${HOME}/.tor-browser-id
-allow  ${HOME}/.tor-browser-id
+whitelist ${HOME}/.tor-browser-id
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-is.profile b/etc/profile-m-z/tor-browser-is.profile
index 45b47c10862..54f1df42d91 100644
--- a/etc/profile-m-z/tor-browser-is.profile
+++ b/etc/profile-m-z/tor-browser-is.profile
@@ -6,10 +6,10 @@ include tor-browser-is.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-is
+noblacklist ${HOME}/.tor-browser-is
 
 mkdir ${HOME}/.tor-browser-is
-allow  ${HOME}/.tor-browser-is
+whitelist ${HOME}/.tor-browser-is
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-it.profile b/etc/profile-m-z/tor-browser-it.profile
index b5a2f7c13e1..a7d46e875ba 100644
--- a/etc/profile-m-z/tor-browser-it.profile
+++ b/etc/profile-m-z/tor-browser-it.profile
@@ -6,10 +6,10 @@ include tor-browser-it.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-it
+noblacklist ${HOME}/.tor-browser-it
 
 mkdir ${HOME}/.tor-browser-it
-allow  ${HOME}/.tor-browser-it
+whitelist ${HOME}/.tor-browser-it
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ja.profile b/etc/profile-m-z/tor-browser-ja.profile
index e1f023bd494..b89016141ac 100644
--- a/etc/profile-m-z/tor-browser-ja.profile
+++ b/etc/profile-m-z/tor-browser-ja.profile
@@ -6,10 +6,10 @@ include tor-browser-ja.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-ja
+noblacklist ${HOME}/.tor-browser-ja
 
 mkdir ${HOME}/.tor-browser-ja
-allow  ${HOME}/.tor-browser-ja
+whitelist ${HOME}/.tor-browser-ja
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ka.profile b/etc/profile-m-z/tor-browser-ka.profile
index 17930b58e92..b57cf10decd 100644
--- a/etc/profile-m-z/tor-browser-ka.profile
+++ b/etc/profile-m-z/tor-browser-ka.profile
@@ -6,10 +6,10 @@ include tor-browser-ka.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-ka
+noblacklist ${HOME}/.tor-browser-ka
 
 mkdir ${HOME}/.tor-browser-ka
-allow  ${HOME}/.tor-browser-ka
+whitelist ${HOME}/.tor-browser-ka
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ko.profile b/etc/profile-m-z/tor-browser-ko.profile
index b33d1edb4c5..a9bedb6fd6a 100644
--- a/etc/profile-m-z/tor-browser-ko.profile
+++ b/etc/profile-m-z/tor-browser-ko.profile
@@ -6,10 +6,10 @@ include tor-browser-ko.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-ko
+noblacklist ${HOME}/.tor-browser-ko
 
 mkdir ${HOME}/.tor-browser-ko
-allow  ${HOME}/.tor-browser-ko
+whitelist ${HOME}/.tor-browser-ko
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-nb.profile b/etc/profile-m-z/tor-browser-nb.profile
index b462eb9acb5..fbe9f92bde4 100644
--- a/etc/profile-m-z/tor-browser-nb.profile
+++ b/etc/profile-m-z/tor-browser-nb.profile
@@ -6,10 +6,10 @@ include tor-browser-nb.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-nb
+noblacklist ${HOME}/.tor-browser-nb
 
 mkdir ${HOME}/.tor-browser-nb
-allow  ${HOME}/.tor-browser-nb
+whitelist ${HOME}/.tor-browser-nb
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-nl.profile b/etc/profile-m-z/tor-browser-nl.profile
index 0225eb6fd9a..678ac171311 100644
--- a/etc/profile-m-z/tor-browser-nl.profile
+++ b/etc/profile-m-z/tor-browser-nl.profile
@@ -6,10 +6,10 @@ include tor-browser-nl.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-nl
+noblacklist ${HOME}/.tor-browser-nl
 
 mkdir ${HOME}/.tor-browser-nl
-allow  ${HOME}/.tor-browser-nl
+whitelist ${HOME}/.tor-browser-nl
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-pl.profile b/etc/profile-m-z/tor-browser-pl.profile
index 75604b458b4..25d473b1a92 100644
--- a/etc/profile-m-z/tor-browser-pl.profile
+++ b/etc/profile-m-z/tor-browser-pl.profile
@@ -6,10 +6,10 @@ include tor-browser-pl.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-pl
+noblacklist ${HOME}/.tor-browser-pl
 
 mkdir ${HOME}/.tor-browser-pl
-allow  ${HOME}/.tor-browser-pl
+whitelist ${HOME}/.tor-browser-pl
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-pt-br.profile b/etc/profile-m-z/tor-browser-pt-br.profile
index 4d50d80341a..55adbd5ea4a 100644
--- a/etc/profile-m-z/tor-browser-pt-br.profile
+++ b/etc/profile-m-z/tor-browser-pt-br.profile
@@ -6,10 +6,10 @@ include tor-browser-pt-br.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-pt-br
+noblacklist ${HOME}/.tor-browser-pt-br
 
 mkdir ${HOME}/.tor-browser-pt-br
-allow  ${HOME}/.tor-browser-pt-br
+whitelist ${HOME}/.tor-browser-pt-br
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ru.profile b/etc/profile-m-z/tor-browser-ru.profile
index 4bca3c46fc4..aea13be9d9b 100644
--- a/etc/profile-m-z/tor-browser-ru.profile
+++ b/etc/profile-m-z/tor-browser-ru.profile
@@ -6,10 +6,10 @@ include tor-browser-ru.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-ru
+noblacklist ${HOME}/.tor-browser-ru
 
 mkdir ${HOME}/.tor-browser-ru
-allow  ${HOME}/.tor-browser-ru
+whitelist ${HOME}/.tor-browser-ru
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-sv-se.profile b/etc/profile-m-z/tor-browser-sv-se.profile
index 1b319dc43fd..b7882bd04d7 100644
--- a/etc/profile-m-z/tor-browser-sv-se.profile
+++ b/etc/profile-m-z/tor-browser-sv-se.profile
@@ -6,10 +6,10 @@ include tor-browser-sv-se.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-sv-se
+noblacklist ${HOME}/.tor-browser-sv-se
 
 mkdir ${HOME}/.tor-browser-sv-se
-allow  ${HOME}/.tor-browser-sv-se
+whitelist ${HOME}/.tor-browser-sv-se
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-tr.profile b/etc/profile-m-z/tor-browser-tr.profile
index 0775a0c086f..c52e8c4c448 100644
--- a/etc/profile-m-z/tor-browser-tr.profile
+++ b/etc/profile-m-z/tor-browser-tr.profile
@@ -6,10 +6,10 @@ include tor-browser-tr.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-tr
+noblacklist ${HOME}/.tor-browser-tr
 
 mkdir ${HOME}/.tor-browser-tr
-allow  ${HOME}/.tor-browser-tr
+whitelist ${HOME}/.tor-browser-tr
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-vi.profile b/etc/profile-m-z/tor-browser-vi.profile
index c4d5a7a7636..d5bf7665597 100644
--- a/etc/profile-m-z/tor-browser-vi.profile
+++ b/etc/profile-m-z/tor-browser-vi.profile
@@ -6,10 +6,10 @@ include tor-browser-vi.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-vi
+noblacklist ${HOME}/.tor-browser-vi
 
 mkdir ${HOME}/.tor-browser-vi
-allow  ${HOME}/.tor-browser-vi
+whitelist ${HOME}/.tor-browser-vi
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-zh-cn.profile b/etc/profile-m-z/tor-browser-zh-cn.profile
index 4cd287e5dd4..6c8925a4a3e 100644
--- a/etc/profile-m-z/tor-browser-zh-cn.profile
+++ b/etc/profile-m-z/tor-browser-zh-cn.profile
@@ -6,10 +6,10 @@ include tor-browser-zh-cn.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-zh-cn
+noblacklist ${HOME}/.tor-browser-zh-cn
 
 mkdir ${HOME}/.tor-browser-zh-cn
-allow  ${HOME}/.tor-browser-zh-cn
+whitelist ${HOME}/.tor-browser-zh-cn
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-zh-tw.profile b/etc/profile-m-z/tor-browser-zh-tw.profile
index c75baf522ad..141a6701edc 100644
--- a/etc/profile-m-z/tor-browser-zh-tw.profile
+++ b/etc/profile-m-z/tor-browser-zh-tw.profile
@@ -6,10 +6,10 @@ include tor-browser-zh-tw.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser-zh-tw
+noblacklist ${HOME}/.tor-browser-zh-tw
 
 mkdir ${HOME}/.tor-browser-zh-tw
-allow  ${HOME}/.tor-browser-zh-tw
+whitelist ${HOME}/.tor-browser-zh-tw
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser.profile b/etc/profile-m-z/tor-browser.profile
index 8a2dbda53dd..76a0e1fa505 100644
--- a/etc/profile-m-z/tor-browser.profile
+++ b/etc/profile-m-z/tor-browser.profile
@@ -6,10 +6,10 @@ include tor-browser.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser
+noblacklist ${HOME}/.tor-browser
 
 mkdir ${HOME}/.tor-browser
-allow  ${HOME}/.tor-browser
+whitelist ${HOME}/.tor-browser
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ar.profile b/etc/profile-m-z/tor-browser_ar.profile
index 90b5a09603a..d811b754982 100644
--- a/etc/profile-m-z/tor-browser_ar.profile
+++ b/etc/profile-m-z/tor-browser_ar.profile
@@ -6,10 +6,10 @@ include tor-browser_ar.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_ar
+noblacklist ${HOME}/.tor-browser_ar
 
 mkdir ${HOME}/.tor-browser_ar
-allow  ${HOME}/.tor-browser_ar
+whitelist ${HOME}/.tor-browser_ar
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ca.profile b/etc/profile-m-z/tor-browser_ca.profile
index a04207ccd66..8bf1f7cd4ae 100644
--- a/etc/profile-m-z/tor-browser_ca.profile
+++ b/etc/profile-m-z/tor-browser_ca.profile
@@ -6,10 +6,10 @@ include tor-browser_ca.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_ca
+noblacklist ${HOME}/.tor-browser_ca
 
 mkdir ${HOME}/.tor-browser_ca
-allow  ${HOME}/.tor-browser_ca
+whitelist ${HOME}/.tor-browser_ca
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_cs.profile b/etc/profile-m-z/tor-browser_cs.profile
index b99ad14a82b..b41107bf1f4 100644
--- a/etc/profile-m-z/tor-browser_cs.profile
+++ b/etc/profile-m-z/tor-browser_cs.profile
@@ -6,10 +6,10 @@ include tor-browser_cs.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_cs
+noblacklist ${HOME}/.tor-browser_cs
 
 mkdir ${HOME}/.tor-browser_cs
-allow  ${HOME}/.tor-browser_cs
+whitelist ${HOME}/.tor-browser_cs
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_da.profile b/etc/profile-m-z/tor-browser_da.profile
index 545e53b7e86..cbec4ee2e0c 100644
--- a/etc/profile-m-z/tor-browser_da.profile
+++ b/etc/profile-m-z/tor-browser_da.profile
@@ -6,10 +6,10 @@ include tor-browser_da.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_da
+noblacklist ${HOME}/.tor-browser_da
 
 mkdir ${HOME}/.tor-browser_da
-allow  ${HOME}/.tor-browser_da
+whitelist ${HOME}/.tor-browser_da
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_de.profile b/etc/profile-m-z/tor-browser_de.profile
index 545f82f7285..ea26765d33b 100644
--- a/etc/profile-m-z/tor-browser_de.profile
+++ b/etc/profile-m-z/tor-browser_de.profile
@@ -6,10 +6,10 @@ include tor-browser_de.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_de
+noblacklist ${HOME}/.tor-browser_de
 
 mkdir ${HOME}/.tor-browser_de
-allow  ${HOME}/.tor-browser_de
+whitelist ${HOME}/.tor-browser_de
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_el.profile b/etc/profile-m-z/tor-browser_el.profile
index 3120b17016a..ff57a872277 100644
--- a/etc/profile-m-z/tor-browser_el.profile
+++ b/etc/profile-m-z/tor-browser_el.profile
@@ -6,10 +6,10 @@ include tor-browser_el.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_el
+noblacklist ${HOME}/.tor-browser_el
 
 mkdir ${HOME}/.tor-browser_el
-allow  ${HOME}/.tor-browser_el
+whitelist ${HOME}/.tor-browser_el
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_en-US.profile b/etc/profile-m-z/tor-browser_en-US.profile
index 6719ac05705..18c92b6386b 100644
--- a/etc/profile-m-z/tor-browser_en-US.profile
+++ b/etc/profile-m-z/tor-browser_en-US.profile
@@ -6,10 +6,10 @@ include tor-browser_en-US.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_en-US
+noblacklist ${HOME}/.tor-browser_en-US
 
 mkdir ${HOME}/.tor-browser_en-US
-allow  ${HOME}/.tor-browser_en-US
+whitelist ${HOME}/.tor-browser_en-US
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_en.profile b/etc/profile-m-z/tor-browser_en.profile
index 4cbd3710963..ebba83cc4cf 100644
--- a/etc/profile-m-z/tor-browser_en.profile
+++ b/etc/profile-m-z/tor-browser_en.profile
@@ -6,10 +6,10 @@ include tor-browser_en.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_en
+noblacklist ${HOME}/.tor-browser_en
 
 mkdir ${HOME}/.tor-browser_en
-allow  ${HOME}/.tor-browser_en
+whitelist ${HOME}/.tor-browser_en
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_es-ES.profile b/etc/profile-m-z/tor-browser_es-ES.profile
index 6c8a5987cba..aecab38d568 100644
--- a/etc/profile-m-z/tor-browser_es-ES.profile
+++ b/etc/profile-m-z/tor-browser_es-ES.profile
@@ -6,10 +6,10 @@ include tor-browser_es-ES.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_es-ES
+noblacklist ${HOME}/.tor-browser_es-ES
 
 mkdir ${HOME}/.tor-browser_es-ES
-allow  ${HOME}/.tor-browser_es-ES
+whitelist ${HOME}/.tor-browser_es-ES
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_es.profile b/etc/profile-m-z/tor-browser_es.profile
index 7d358b7caa2..e19e9b5e685 100644
--- a/etc/profile-m-z/tor-browser_es.profile
+++ b/etc/profile-m-z/tor-browser_es.profile
@@ -6,10 +6,10 @@ include tor-browser_es.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_es
+noblacklist ${HOME}/.tor-browser_es
 
 mkdir ${HOME}/.tor-browser_es
-allow  ${HOME}/.tor-browser_es
+whitelist ${HOME}/.tor-browser_es
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_fa.profile b/etc/profile-m-z/tor-browser_fa.profile
index fc4285c5d33..68414c277e1 100644
--- a/etc/profile-m-z/tor-browser_fa.profile
+++ b/etc/profile-m-z/tor-browser_fa.profile
@@ -6,10 +6,10 @@ include tor-browser_fa.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_fa
+noblacklist ${HOME}/.tor-browser_fa
 
 mkdir ${HOME}/.tor-browser_fa
-allow  ${HOME}/.tor-browser_fa
+whitelist ${HOME}/.tor-browser_fa
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_fr.profile b/etc/profile-m-z/tor-browser_fr.profile
index 2d0c0ff1fb9..0a8bb30b753 100644
--- a/etc/profile-m-z/tor-browser_fr.profile
+++ b/etc/profile-m-z/tor-browser_fr.profile
@@ -6,10 +6,10 @@ include tor-browser_fr.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_fr
+noblacklist ${HOME}/.tor-browser_fr
 
 mkdir ${HOME}/.tor-browser_fr
-allow  ${HOME}/.tor-browser_fr
+whitelist ${HOME}/.tor-browser_fr
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ga-IE.profile b/etc/profile-m-z/tor-browser_ga-IE.profile
index 2880e1e2ab5..12354b900d7 100644
--- a/etc/profile-m-z/tor-browser_ga-IE.profile
+++ b/etc/profile-m-z/tor-browser_ga-IE.profile
@@ -6,10 +6,10 @@ include tor-browser_ga-IE.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_ga-IE
+noblacklist ${HOME}/.tor-browser_ga-IE
 
 mkdir ${HOME}/.tor-browser_ga-IE
-allow  ${HOME}/.tor-browser_ga-IE
+whitelist ${HOME}/.tor-browser_ga-IE
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_he.profile b/etc/profile-m-z/tor-browser_he.profile
index ac699301945..19cbb080922 100644
--- a/etc/profile-m-z/tor-browser_he.profile
+++ b/etc/profile-m-z/tor-browser_he.profile
@@ -6,10 +6,10 @@ include tor-browser_he.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_he
+noblacklist ${HOME}/.tor-browser_he
 
 mkdir ${HOME}/.tor-browser_he
-allow  ${HOME}/.tor-browser_he
+whitelist ${HOME}/.tor-browser_he
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_hu.profile b/etc/profile-m-z/tor-browser_hu.profile
index 6877a6be4a9..62b55e170c2 100644
--- a/etc/profile-m-z/tor-browser_hu.profile
+++ b/etc/profile-m-z/tor-browser_hu.profile
@@ -6,10 +6,10 @@ include tor-browser_hu.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_hu
+noblacklist ${HOME}/.tor-browser_hu
 
 mkdir ${HOME}/.tor-browser_hu
-allow  ${HOME}/.tor-browser_hu
+whitelist ${HOME}/.tor-browser_hu
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_id.profile b/etc/profile-m-z/tor-browser_id.profile
index 5f5601f7491..2970a7747ae 100644
--- a/etc/profile-m-z/tor-browser_id.profile
+++ b/etc/profile-m-z/tor-browser_id.profile
@@ -6,10 +6,10 @@ include tor-browser_id.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_id
+noblacklist ${HOME}/.tor-browser_id
 
 mkdir ${HOME}/.tor-browser_id
-allow  ${HOME}/.tor-browser_id
+whitelist ${HOME}/.tor-browser_id
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_is.profile b/etc/profile-m-z/tor-browser_is.profile
index f0814d16ea0..f922c764438 100644
--- a/etc/profile-m-z/tor-browser_is.profile
+++ b/etc/profile-m-z/tor-browser_is.profile
@@ -6,10 +6,10 @@ include tor-browser_is.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_is
+noblacklist ${HOME}/.tor-browser_is
 
 mkdir ${HOME}/.tor-browser_is
-allow  ${HOME}/.tor-browser_is
+whitelist ${HOME}/.tor-browser_is
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_it.profile b/etc/profile-m-z/tor-browser_it.profile
index fa01f6bcad2..40690175976 100644
--- a/etc/profile-m-z/tor-browser_it.profile
+++ b/etc/profile-m-z/tor-browser_it.profile
@@ -6,10 +6,10 @@ include tor-browser_it.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_it
+noblacklist ${HOME}/.tor-browser_it
 
 mkdir ${HOME}/.tor-browser_it
-allow  ${HOME}/.tor-browser_it
+whitelist ${HOME}/.tor-browser_it
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ja.profile b/etc/profile-m-z/tor-browser_ja.profile
index dde107dd393..8f9d8d751b4 100644
--- a/etc/profile-m-z/tor-browser_ja.profile
+++ b/etc/profile-m-z/tor-browser_ja.profile
@@ -6,10 +6,10 @@ include tor-browser_ja.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_ja
+noblacklist ${HOME}/.tor-browser_ja
 
 mkdir ${HOME}/.tor-browser_ja
-allow  ${HOME}/.tor-browser_ja
+whitelist ${HOME}/.tor-browser_ja
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ka.profile b/etc/profile-m-z/tor-browser_ka.profile
index 7de4dff6583..4de4135e13a 100644
--- a/etc/profile-m-z/tor-browser_ka.profile
+++ b/etc/profile-m-z/tor-browser_ka.profile
@@ -6,10 +6,10 @@ include tor-browser_ka.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_ka
+noblacklist ${HOME}/.tor-browser_ka
 
 mkdir ${HOME}/.tor-browser_ka
-allow  ${HOME}/.tor-browser_ka
+whitelist ${HOME}/.tor-browser_ka
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ko.profile b/etc/profile-m-z/tor-browser_ko.profile
index 7e3ceb4d9e4..125c733ce73 100644
--- a/etc/profile-m-z/tor-browser_ko.profile
+++ b/etc/profile-m-z/tor-browser_ko.profile
@@ -6,10 +6,10 @@ include tor-browser_ko.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_ko
+noblacklist ${HOME}/.tor-browser_ko
 
 mkdir ${HOME}/.tor-browser_ko
-allow  ${HOME}/.tor-browser_ko
+whitelist ${HOME}/.tor-browser_ko
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_nb.profile b/etc/profile-m-z/tor-browser_nb.profile
index c1100196085..dc6ac876bac 100644
--- a/etc/profile-m-z/tor-browser_nb.profile
+++ b/etc/profile-m-z/tor-browser_nb.profile
@@ -6,10 +6,10 @@ include tor-browser_nb.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_nb
+noblacklist ${HOME}/.tor-browser_nb
 
 mkdir ${HOME}/.tor-browser_nb
-allow  ${HOME}/.tor-browser_nb
+whitelist ${HOME}/.tor-browser_nb
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_nl.profile b/etc/profile-m-z/tor-browser_nl.profile
index 2d1044f9db5..2a3a5b5193a 100644
--- a/etc/profile-m-z/tor-browser_nl.profile
+++ b/etc/profile-m-z/tor-browser_nl.profile
@@ -6,10 +6,10 @@ include tor-browser_nl.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_nl
+noblacklist ${HOME}/.tor-browser_nl
 
 mkdir ${HOME}/.tor-browser_nl
-allow  ${HOME}/.tor-browser_nl
+whitelist ${HOME}/.tor-browser_nl
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_pl.profile b/etc/profile-m-z/tor-browser_pl.profile
index 2818320a06b..b7dec32db09 100644
--- a/etc/profile-m-z/tor-browser_pl.profile
+++ b/etc/profile-m-z/tor-browser_pl.profile
@@ -6,10 +6,10 @@ include tor-browser_pl.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_pl
+noblacklist ${HOME}/.tor-browser_pl
 
 mkdir ${HOME}/.tor-browser_pl
-allow  ${HOME}/.tor-browser_pl
+whitelist ${HOME}/.tor-browser_pl
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_pt-BR.profile b/etc/profile-m-z/tor-browser_pt-BR.profile
index 8c33e254580..7a7d4726c8d 100644
--- a/etc/profile-m-z/tor-browser_pt-BR.profile
+++ b/etc/profile-m-z/tor-browser_pt-BR.profile
@@ -6,10 +6,10 @@ include tor-browser_pt-BR.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_pt-BR
+noblacklist ${HOME}/.tor-browser_pt-BR
 
 mkdir ${HOME}/.tor-browser_pt-BR
-allow  ${HOME}/.tor-browser_pt-BR
+whitelist ${HOME}/.tor-browser_pt-BR
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ru.profile b/etc/profile-m-z/tor-browser_ru.profile
index 2553bb03108..7d2e6bc9787 100644
--- a/etc/profile-m-z/tor-browser_ru.profile
+++ b/etc/profile-m-z/tor-browser_ru.profile
@@ -6,10 +6,10 @@ include tor-browser_ru.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_ru
+noblacklist ${HOME}/.tor-browser_ru
 
 mkdir ${HOME}/.tor-browser_ru
-allow  ${HOME}/.tor-browser_ru
+whitelist ${HOME}/.tor-browser_ru
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_sv-SE.profile b/etc/profile-m-z/tor-browser_sv-SE.profile
index 3152cb65899..585925e81cd 100644
--- a/etc/profile-m-z/tor-browser_sv-SE.profile
+++ b/etc/profile-m-z/tor-browser_sv-SE.profile
@@ -6,10 +6,10 @@ include tor-browser_sv-SE.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_sv-SE
+noblacklist ${HOME}/.tor-browser_sv-SE
 
 mkdir ${HOME}/.tor-browser_sv-SE
-allow  ${HOME}/.tor-browser_sv-SE
+whitelist ${HOME}/.tor-browser_sv-SE
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_tr.profile b/etc/profile-m-z/tor-browser_tr.profile
index 9808d4725bc..4b0cc3821d6 100644
--- a/etc/profile-m-z/tor-browser_tr.profile
+++ b/etc/profile-m-z/tor-browser_tr.profile
@@ -6,10 +6,10 @@ include tor-browser_tr.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_tr
+noblacklist ${HOME}/.tor-browser_tr
 
 mkdir ${HOME}/.tor-browser_tr
-allow  ${HOME}/.tor-browser_tr
+whitelist ${HOME}/.tor-browser_tr
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_vi.profile b/etc/profile-m-z/tor-browser_vi.profile
index 364fca40bb9..4dcfbf56df6 100644
--- a/etc/profile-m-z/tor-browser_vi.profile
+++ b/etc/profile-m-z/tor-browser_vi.profile
@@ -6,10 +6,10 @@ include tor-browser_vi.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_vi
+noblacklist ${HOME}/.tor-browser_vi
 
 mkdir ${HOME}/.tor-browser_vi
-allow  ${HOME}/.tor-browser_vi
+whitelist ${HOME}/.tor-browser_vi
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_zh-CN.profile b/etc/profile-m-z/tor-browser_zh-CN.profile
index 193e8a3998e..1e03b8d6bcb 100644
--- a/etc/profile-m-z/tor-browser_zh-CN.profile
+++ b/etc/profile-m-z/tor-browser_zh-CN.profile
@@ -6,10 +6,10 @@ include tor-browser_zh-CN.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_zh-CN
+noblacklist ${HOME}/.tor-browser_zh-CN
 
 mkdir ${HOME}/.tor-browser_zh-CN
-allow  ${HOME}/.tor-browser_zh-CN
+whitelist ${HOME}/.tor-browser_zh-CN
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_zh-TW.profile b/etc/profile-m-z/tor-browser_zh-TW.profile
index 047be9b8ecb..a2dcf5cf1aa 100644
--- a/etc/profile-m-z/tor-browser_zh-TW.profile
+++ b/etc/profile-m-z/tor-browser_zh-TW.profile
@@ -6,10 +6,10 @@ include tor-browser_zh-TW.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.tor-browser_zh-TW
+noblacklist ${HOME}/.tor-browser_zh-TW
 
 mkdir ${HOME}/.tor-browser_zh-TW
-allow  ${HOME}/.tor-browser_zh-TW
+whitelist ${HOME}/.tor-browser_zh-TW
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/torbrowser-launcher.profile b/etc/profile-m-z/torbrowser-launcher.profile
index 65a37db5fa5..7659ed1e920 100644
--- a/etc/profile-m-z/torbrowser-launcher.profile
+++ b/etc/profile-m-z/torbrowser-launcher.profile
@@ -8,15 +8,15 @@ include globals.local
 
 ignore noexec ${HOME}
 
-nodeny  ${HOME}/.config/torbrowser
-nodeny  ${HOME}/.local/share/torbrowser
+noblacklist ${HOME}/.config/torbrowser
+noblacklist ${HOME}/.local/share/torbrowser
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
 include allow-python3.inc
 
-deny  /opt
-deny  /srv
+blacklist /opt
+blacklist /srv
 
 include disable-common.inc
 include disable-devel.inc
@@ -28,10 +28,10 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/torbrowser
 mkdir ${HOME}/.local/share/torbrowser
-allow  ${DOWNLOADS}
-allow  ${HOME}/.config/torbrowser
-allow  ${HOME}/.local/share/torbrowser
-allow  /usr/share/torbrowser-launcher
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.config/torbrowser
+whitelist ${HOME}/.local/share/torbrowser
+whitelist /usr/share/torbrowser-launcher
 include whitelist-common.inc
 include whitelist-var-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/torcs.profile b/etc/profile-m-z/torcs.profile
index c5d89c3e3b6..0f98a8f64c4 100644
--- a/etc/profile-m-z/torcs.profile
+++ b/etc/profile-m-z/torcs.profile
@@ -6,7 +6,7 @@ include torcs.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.torcs
+noblacklist ${HOME}/.torcs
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.torcs
-allow  ${HOME}/.torcs
-allow  /usr/share/games/torcs
-allow  /var/games/torcs
+whitelist ${HOME}/.torcs
+whitelist /usr/share/games/torcs
+whitelist /var/games/torcs
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/totem.profile b/etc/profile-m-z/totem.profile
index 77d3c55f83e..70d9e0aee01 100644
--- a/etc/profile-m-z/totem.profile
+++ b/etc/profile-m-z/totem.profile
@@ -13,8 +13,8 @@ include allow-lua.inc
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
 
-nodeny  ${HOME}/.config/totem
-nodeny  ${HOME}/.local/share/totem
+noblacklist ${HOME}/.config/totem
+noblacklist ${HOME}/.local/share/totem
 
 include disable-common.inc
 include disable-devel.inc
@@ -27,9 +27,9 @@ include disable-shell.inc
 read-only ${DESKTOP}
 mkdir ${HOME}/.config/totem
 mkdir ${HOME}/.local/share/totem
-allow  ${HOME}/.config/totem
-allow  ${HOME}/.local/share/totem
-allow  /usr/share/totem
+whitelist ${HOME}/.config/totem
+whitelist ${HOME}/.local/share/totem
+whitelist /usr/share/totem
 include whitelist-common.inc
 include whitelist-player-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/tracker.profile b/etc/profile-m-z/tracker.profile
index 26f4abd0b08..87c5de07646 100644
--- a/etc/profile-m-z/tracker.profile
+++ b/etc/profile-m-z/tracker.profile
@@ -8,8 +8,8 @@ include globals.local
 
 # Tracker is started by systemd on most systems. Therefore it is not firejailed by default
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/transgui.profile b/etc/profile-m-z/transgui.profile
index d5920e2a2cc..ea118a9f09d 100644
--- a/etc/profile-m-z/transgui.profile
+++ b/etc/profile-m-z/transgui.profile
@@ -6,7 +6,7 @@ include transgui.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/transgui
+noblacklist ${HOME}/.config/transgui
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/transgui
-allow  ${HOME}/.config/transgui
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.config/transgui
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/transmission-common.profile b/etc/profile-m-z/transmission-common.profile
index 5c2cf9d9a51..82671b70902 100644
--- a/etc/profile-m-z/transmission-common.profile
+++ b/etc/profile-m-z/transmission-common.profile
@@ -7,8 +7,8 @@ include transmission-common.local
 # added by caller profile
 #include globals.local
 
-nodeny  ${HOME}/.cache/transmission
-nodeny  ${HOME}/.config/transmission
+noblacklist ${HOME}/.cache/transmission
+noblacklist ${HOME}/.config/transmission
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-programs.inc
 
 mkdir ${HOME}/.cache/transmission
 mkdir ${HOME}/.config/transmission
-allow  ${DOWNLOADS}
-allow  ${HOME}/.cache/transmission
-allow  ${HOME}/.config/transmission
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/transmission
+whitelist ${HOME}/.config/transmission
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/transmission-daemon.profile b/etc/profile-m-z/transmission-daemon.profile
index 9f0c464fc68..348d3cb8009 100644
--- a/etc/profile-m-z/transmission-daemon.profile
+++ b/etc/profile-m-z/transmission-daemon.profile
@@ -10,8 +10,8 @@ include globals.local
 ignore caps.drop all
 
 mkdir ${HOME}/.config/transmission-daemon
-allow  ${HOME}/.config/transmission-daemon
-allow  /var/lib/transmission
+whitelist ${HOME}/.config/transmission-daemon
+whitelist /var/lib/transmission
 
 caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
 protocol packet
diff --git a/etc/profile-m-z/transmission-remote-gtk.profile b/etc/profile-m-z/transmission-remote-gtk.profile
index 7c8eddcbcc4..a6400e2c0b9 100644
--- a/etc/profile-m-z/transmission-remote-gtk.profile
+++ b/etc/profile-m-z/transmission-remote-gtk.profile
@@ -7,10 +7,10 @@ include transmission-remote-gtk.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/transmission-remote-gtk
+noblacklist ${HOME}/.config/transmission-remote-gtk
 
 mkdir ${HOME}/.config/transmission-remote-gtk
-allow  ${HOME}/.config/transmission-remote-gtk
+whitelist ${HOME}/.config/transmission-remote-gtk
 
 private-etc fonts,hostname,hosts,resolv.conf
 # Problems with private-lib (see issue #2889)
diff --git a/etc/profile-m-z/tremulous.profile b/etc/profile-m-z/tremulous.profile
index c2797ddaa48..aba563fac30 100644
--- a/etc/profile-m-z/tremulous.profile
+++ b/etc/profile-m-z/tremulous.profile
@@ -6,7 +6,7 @@ include tremulous.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.tremulous
+noblacklist ${HOME}/.tremulous
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.tremulous
-allow  ${HOME}/.tremulous
-allow  /usr/share/tremulous
+whitelist ${HOME}/.tremulous
+whitelist /usr/share/tremulous
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/trojita.profile b/etc/profile-m-z/trojita.profile
index 95f39b35d14..2d95081f652 100644
--- a/etc/profile-m-z/trojita.profile
+++ b/etc/profile-m-z/trojita.profile
@@ -6,10 +6,10 @@ include trojita.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.abook
-nodeny  ${HOME}/.mozilla
-nodeny  ${HOME}/.cache/flaska.net/trojita
-nodeny  ${HOME}/.config/flaska.net
+noblacklist ${HOME}/.abook
+noblacklist ${HOME}/.mozilla
+noblacklist ${HOME}/.cache/flaska.net/trojita
+noblacklist ${HOME}/.config/flaska.net
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,10 +23,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.abook
 mkdir ${HOME}/.cache/flaska.net/trojita
 mkdir ${HOME}/.config/flaska.net
-allow  ${HOME}/.abook
-allow  ${HOME}/.mozilla/firefox/profiles.ini
-allow  ${HOME}/.cache/flaska.net/trojita
-allow  ${HOME}/.config/flaska.net
+whitelist ${HOME}/.abook
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
+whitelist ${HOME}/.cache/flaska.net/trojita
+whitelist ${HOME}/.config/flaska.net
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/truecraft.profile b/etc/profile-m-z/truecraft.profile
index 76f289a27f4..749626475d5 100644
--- a/etc/profile-m-z/truecraft.profile
+++ b/etc/profile-m-z/truecraft.profile
@@ -5,8 +5,8 @@ include truecraft.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/mono
-nodeny  ${HOME}/.config/truecraft
+noblacklist ${HOME}/.config/mono
+noblacklist ${HOME}/.config/truecraft
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.config/mono
 mkdir ${HOME}/.config/truecraft
-allow  ${HOME}/.config/mono
-allow  ${HOME}/.config/truecraft
+whitelist ${HOME}/.config/mono
+whitelist ${HOME}/.config/truecraft
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/ts3client_runscript.sh.profile b/etc/profile-m-z/ts3client_runscript.sh.profile
index cd6ae96df7d..8d467545475 100644
--- a/etc/profile-m-z/ts3client_runscript.sh.profile
+++ b/etc/profile-m-z/ts3client_runscript.sh.profile
@@ -9,11 +9,11 @@ include ts3client_runscript.sh.local
 
 ignore noexec ${HOME}
 
-nodeny  ${HOME}/TeamSpeak3-Client-linux_x86
-nodeny  ${HOME}/TeamSpeak3-Client-linux_amd64
+noblacklist ${HOME}/TeamSpeak3-Client-linux_x86
+noblacklist ${HOME}/TeamSpeak3-Client-linux_amd64
 
-allow  ${HOME}/TeamSpeak3-Client-linux_x86
-allow  ${HOME}/TeamSpeak3-Client-linux_amd64
+whitelist ${HOME}/TeamSpeak3-Client-linux_x86
+whitelist ${HOME}/TeamSpeak3-Client-linux_amd64
 
 # Redirect
 include teamspeak3.profile
diff --git a/etc/profile-m-z/tutanota-desktop.profile b/etc/profile-m-z/tutanota-desktop.profile
index e59a86ce607..d2cb0cc8ac5 100644
--- a/etc/profile-m-z/tutanota-desktop.profile
+++ b/etc/profile-m-z/tutanota-desktop.profile
@@ -6,8 +6,8 @@ include tutanota-desktop.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/tuta_integration
-nodeny  ${HOME}/.config/tutanota-desktop
+noblacklist ${HOME}/.config/tuta_integration
+noblacklist ${HOME}/.config/tutanota-desktop
 
 ignore noexec /tmp
 
@@ -15,12 +15,12 @@ include disable-shell.inc
 
 mkdir ${HOME}/.config/tuta_integration
 mkdir ${HOME}/.config/tutanota-desktop
-allow  ${HOME}/.config/tuta_integration
-allow  ${HOME}/.config/tutanota-desktop
+whitelist ${HOME}/.config/tuta_integration
+whitelist ${HOME}/.config/tutanota-desktop
 
 # These lines are needed to allow Firefox to open links
-nodeny  ${HOME}/.mozilla
-allow  ${HOME}/.mozilla/firefox/profiles.ini
+noblacklist ${HOME}/.mozilla
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
 read-only ${HOME}/.mozilla/firefox/profiles.ini
 
 ?HAS_APPIMAGE: ignore private-dev
diff --git a/etc/profile-m-z/tuxguitar.profile b/etc/profile-m-z/tuxguitar.profile
index 5bb97e1613a..3cd49641221 100644
--- a/etc/profile-m-z/tuxguitar.profile
+++ b/etc/profile-m-z/tuxguitar.profile
@@ -9,9 +9,9 @@ include globals.local
 # tuxguitar fails to launch
 ignore noexec ${HOME}
 
-nodeny  ${HOME}/.tuxguitar*
-nodeny  ${DOCUMENTS}
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.tuxguitar*
+noblacklist ${DOCUMENTS}
+noblacklist ${MUSIC}
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-m-z/tvbrowser.profile b/etc/profile-m-z/tvbrowser.profile
index 8febcd337ff..dae7d86da13 100644
--- a/etc/profile-m-z/tvbrowser.profile
+++ b/etc/profile-m-z/tvbrowser.profile
@@ -6,8 +6,8 @@ include tvbrowser.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/tvbrowser
-nodeny  ${HOME}/.tvbrowser
+noblacklist ${HOME}/.config/tvbrowser
+noblacklist ${HOME}/.tvbrowser
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -22,9 +22,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/tvbrowser
 mkdir ${HOME}/.tvbrowser
-allow  ${HOME}/.config/tvbrowser
-allow  ${HOME}/.tvbrowser
-allow  /usr/share/tvbrowser
+whitelist ${HOME}/.config/tvbrowser
+whitelist ${HOME}/.tvbrowser
+whitelist /usr/share/tvbrowser
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/twitch.profile b/etc/profile-m-z/twitch.profile
index abcc885e61c..2f573c872f6 100644
--- a/etc/profile-m-z/twitch.profile
+++ b/etc/profile-m-z/twitch.profile
@@ -10,12 +10,12 @@ include globals.local
 ignore nou2f
 ignore novideo
 
-nodeny  ${HOME}/.config/Twitch
+noblacklist ${HOME}/.config/Twitch
 
 include disable-shell.inc
 
 mkdir ${HOME}/.config/Twitch
-allow  ${HOME}/.config/Twitch
+whitelist ${HOME}/.config/Twitch
 
 private-bin twitch
 private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
diff --git a/etc/profile-m-z/uefitool.profile b/etc/profile-m-z/uefitool.profile
index 8c705c95fe5..3e4fdbb03e7 100644
--- a/etc/profile-m-z/uefitool.profile
+++ b/etc/profile-m-z/uefitool.profile
@@ -5,7 +5,7 @@ include uefitool.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/uget-gtk.profile b/etc/profile-m-z/uget-gtk.profile
index eed2db5415f..4420099ffe9 100644
--- a/etc/profile-m-z/uget-gtk.profile
+++ b/etc/profile-m-z/uget-gtk.profile
@@ -5,7 +5,7 @@ include uget-gtk.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/uGet
+noblacklist ${HOME}/.config/uGet
 
 include disable-common.inc
 include disable-devel.inc
@@ -14,8 +14,8 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.config/uGet
-allow  ${DOWNLOADS}
-allow  ${HOME}/.config/uGet
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.config/uGet
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/unbound.profile b/etc/profile-m-z/unbound.profile
index 7e7b3fbec2f..0c077babfdb 100644
--- a/etc/profile-m-z/unbound.profile
+++ b/etc/profile-m-z/unbound.profile
@@ -6,11 +6,11 @@ include unbound.local
 # Persistent global definitions
 include globals.local
 
-nodeny  /sbin
-nodeny  /usr/sbin
+noblacklist /sbin
+noblacklist /usr/sbin
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,8 +22,8 @@ include disable-xdg.inc
 
 include whitelist-usr-share-common.inc
 
-allow  /var/lib/unbound
-allow  /var/run
+whitelist /var/lib/unbound
+whitelist /var/run
 
 caps.keep net_admin,net_bind_service,setgid,setuid,sys_chroot,sys_resource
 ipc-namespace
diff --git a/etc/profile-m-z/unf.profile b/etc/profile-m-z/unf.profile
index 84627197186..6db7ba3627d 100644
--- a/etc/profile-m-z/unf.profile
+++ b/etc/profile-m-z/unf.profile
@@ -7,7 +7,7 @@ include unf.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/unknown-horizons.profile b/etc/profile-m-z/unknown-horizons.profile
index 3e1c6264dc8..956492f526a 100644
--- a/etc/profile-m-z/unknown-horizons.profile
+++ b/etc/profile-m-z/unknown-horizons.profile
@@ -6,7 +6,7 @@ include unknown-horizons.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.unknown-horizons
+noblacklist ${HOME}/.unknown-horizons
 
 include disable-common.inc
 include disable-exec.inc
@@ -14,10 +14,10 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.unknown-horizons
-allow  ${HOME}/.unknown-horizons
+whitelist ${HOME}/.unknown-horizons
 include whitelist-common.inc
 include whitelist-runuser-common.inc
-allow  /usr/share/unknown-horizons
+whitelist /usr/share/unknown-horizons
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/unzip.profile b/etc/profile-m-z/unzip.profile
index 99d2415cafb..0231e3dbad2 100644
--- a/etc/profile-m-z/unzip.profile
+++ b/etc/profile-m-z/unzip.profile
@@ -8,7 +8,7 @@ include unzip.local
 include globals.local
 
 # GNOME Shell integration (chrome-gnome-shell)
-nodeny  ${HOME}/.local/share/gnome-shell
+noblacklist ${HOME}/.local/share/gnome-shell
 
 private-etc alternatives,group,localtime,passwd
 
diff --git a/etc/profile-m-z/utox.profile b/etc/profile-m-z/utox.profile
index 3b0f7c646f1..dd881f091e1 100644
--- a/etc/profile-m-z/utox.profile
+++ b/etc/profile-m-z/utox.profile
@@ -6,8 +6,8 @@ include utox.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/Tox
-nodeny  ${HOME}/.config/tox
+noblacklist ${HOME}/.cache/Tox
+noblacklist ${HOME}/.config/tox
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/tox
-allow  ${DOWNLOADS}
-allow  ${HOME}/.config/tox
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.config/tox
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/uudeview.profile b/etc/profile-m-z/uudeview.profile
index 3bda7166620..2adc044e537 100644
--- a/etc/profile-m-z/uudeview.profile
+++ b/etc/profile-m-z/uudeview.profile
@@ -7,7 +7,7 @@ include uudeview.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/uzbl-browser.profile b/etc/profile-m-z/uzbl-browser.profile
index 6899f4bf720..41487a8f2bd 100644
--- a/etc/profile-m-z/uzbl-browser.profile
+++ b/etc/profile-m-z/uzbl-browser.profile
@@ -5,9 +5,9 @@ include uzbl-browser.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/uzbl
-nodeny  ${HOME}/.gnupg
-nodeny  ${HOME}/.local/share/uzbl
+noblacklist ${HOME}/.config/uzbl
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.local/share/uzbl
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,11 +22,11 @@ mkdir ${HOME}/.config/uzbl
 mkdir ${HOME}/.gnupg
 mkdir ${HOME}/.local/share/uzbl
 mkdir ${HOME}/.password-store
-allow  ${DOWNLOADS}
-allow  ${HOME}/.config/uzbl
-allow  ${HOME}/.gnupg
-allow  ${HOME}/.local/share/uzbl
-allow  ${HOME}/.password-store
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.config/uzbl
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.local/share/uzbl
+whitelist ${HOME}/.password-store
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/viewnior.profile b/etc/profile-m-z/viewnior.profile
index e0bf02706bd..a9ba344ddc2 100644
--- a/etc/profile-m-z/viewnior.profile
+++ b/etc/profile-m-z/viewnior.profile
@@ -6,11 +6,11 @@ include viewnior.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.Steam
-nodeny  ${HOME}/.config/viewnior
-nodeny  ${HOME}/.steam
+noblacklist ${HOME}/.Steam
+noblacklist ${HOME}/.config/viewnior
+noblacklist ${HOME}/.steam
 
-deny  ${HOME}/.bashrc
+blacklist ${HOME}/.bashrc
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/viking.profile b/etc/profile-m-z/viking.profile
index b16f691d6ab..8f8ef5939b1 100644
--- a/etc/profile-m-z/viking.profile
+++ b/etc/profile-m-z/viking.profile
@@ -6,9 +6,9 @@ include viking.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.viking
-nodeny  ${HOME}/.viking-maps
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.viking
+noblacklist ${HOME}/.viking-maps
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/vim.profile b/etc/profile-m-z/vim.profile
index b535225dd3c..c3cfe598012 100644
--- a/etc/profile-m-z/vim.profile
+++ b/etc/profile-m-z/vim.profile
@@ -6,9 +6,9 @@ include vim.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.vim
-nodeny  ${HOME}/.viminfo
-nodeny  ${HOME}/.vimrc
+noblacklist ${HOME}/.vim
+noblacklist ${HOME}/.viminfo
+noblacklist ${HOME}/.vimrc
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-m-z/virtualbox.profile b/etc/profile-m-z/virtualbox.profile
index f288283384b..c22fb0ff989 100644
--- a/etc/profile-m-z/virtualbox.profile
+++ b/etc/profile-m-z/virtualbox.profile
@@ -6,12 +6,12 @@ include virtualbox.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.VirtualBox
-nodeny  ${HOME}/.config/VirtualBox
-nodeny  ${HOME}/VirtualBox VMs
+noblacklist ${HOME}/.VirtualBox
+noblacklist ${HOME}/.config/VirtualBox
+noblacklist ${HOME}/VirtualBox VMs
 # noblacklist /usr/bin/virtualbox
-nodeny  /usr/lib/virtualbox
-nodeny  /usr/lib64/virtualbox
+noblacklist /usr/lib/virtualbox
+noblacklist /usr/lib64/virtualbox
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,10 +23,10 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/VirtualBox
 mkdir ${HOME}/VirtualBox VMs
-allow  ${HOME}/.config/VirtualBox
-allow  ${HOME}/VirtualBox VMs
-allow  ${DOWNLOADS}
-allow  /usr/share/virtualbox
+whitelist ${HOME}/.config/VirtualBox
+whitelist ${HOME}/VirtualBox VMs
+whitelist ${DOWNLOADS}
+whitelist /usr/share/virtualbox
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/vivaldi.profile b/etc/profile-m-z/vivaldi.profile
index 3858405db2a..fdeb0307fbd 100644
--- a/etc/profile-m-z/vivaldi.profile
+++ b/etc/profile-m-z/vivaldi.profile
@@ -8,26 +8,26 @@ include globals.local
 # Allow HTML5 Proprietary Media & DRM/EME (Widevine)
 ignore apparmor
 ignore noexec /var
-nodeny  /var/opt
-allow  /var/opt/vivaldi
+noblacklist /var/opt
+whitelist /var/opt/vivaldi
 writable-var
 
-nodeny  ${HOME}/.cache/vivaldi
-nodeny  ${HOME}/.cache/vivaldi-snapshot
-nodeny  ${HOME}/.config/vivaldi
-nodeny  ${HOME}/.config/vivaldi-snapshot
-nodeny  ${HOME}/.local/lib/vivaldi
+noblacklist ${HOME}/.cache/vivaldi
+noblacklist ${HOME}/.cache/vivaldi-snapshot
+noblacklist ${HOME}/.config/vivaldi
+noblacklist ${HOME}/.config/vivaldi-snapshot
+noblacklist ${HOME}/.local/lib/vivaldi
 
 mkdir ${HOME}/.cache/vivaldi
 mkdir ${HOME}/.cache/vivaldi-snapshot
 mkdir ${HOME}/.config/vivaldi
 mkdir ${HOME}/.config/vivaldi-snapshot
 mkdir ${HOME}/.local/lib/vivaldi
-allow  ${HOME}/.cache/vivaldi
-allow  ${HOME}/.cache/vivaldi-snapshot
-allow  ${HOME}/.config/vivaldi
-allow  ${HOME}/.config/vivaldi-snapshot
-allow  ${HOME}/.local/lib/vivaldi
+whitelist ${HOME}/.cache/vivaldi
+whitelist ${HOME}/.cache/vivaldi-snapshot
+whitelist ${HOME}/.config/vivaldi
+whitelist ${HOME}/.config/vivaldi-snapshot
+whitelist ${HOME}/.local/lib/vivaldi
 
 #private-bin bash,cat,dirname,readlink,rm,vivaldi,vivaldi-stable,vivaldi-snapshot
 
diff --git a/etc/profile-m-z/vlc.profile b/etc/profile-m-z/vlc.profile
index ede2d4525d3..cd7dccd8abc 100644
--- a/etc/profile-m-z/vlc.profile
+++ b/etc/profile-m-z/vlc.profile
@@ -6,10 +6,10 @@ include vlc.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/vlc
-nodeny  ${HOME}/.config/vlc
-nodeny  ${HOME}/.config/aacs
-nodeny  ${HOME}/.local/share/vlc
+noblacklist ${HOME}/.cache/vlc
+noblacklist ${HOME}/.config/vlc
+noblacklist ${HOME}/.config/aacs
+noblacklist ${HOME}/.local/share/vlc
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,10 +22,10 @@ read-only ${DESKTOP}
 mkdir ${HOME}/.cache/vlc
 mkdir ${HOME}/.config/vlc
 mkdir ${HOME}/.local/share/vlc
-allow  ${HOME}/.cache/vlc
-allow  ${HOME}/.config/vlc
-allow  ${HOME}/.config/aacs
-allow  ${HOME}/.local/share/vlc
+whitelist ${HOME}/.cache/vlc
+whitelist ${HOME}/.config/vlc
+whitelist ${HOME}/.config/aacs
+whitelist ${HOME}/.local/share/vlc
 include whitelist-common.inc
 include whitelist-player-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/vmware-view.profile b/etc/profile-m-z/vmware-view.profile
index f23e90e8402..f07c31b68d7 100644
--- a/etc/profile-m-z/vmware-view.profile
+++ b/etc/profile-m-z/vmware-view.profile
@@ -6,10 +6,10 @@ include vmware-view.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.vmware
+noblacklist ${HOME}/.vmware
 
-nodeny  /sbin
-nodeny  /usr/sbin
+noblacklist /sbin
+noblacklist /usr/sbin
 
 include allow-bin-sh.inc
 
@@ -23,7 +23,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.vmware
-allow  ${HOME}/.vmware
+whitelist ${HOME}/.vmware
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/vmware.profile b/etc/profile-m-z/vmware.profile
index 3a535588f86..5241e27b3da 100644
--- a/etc/profile-m-z/vmware.profile
+++ b/etc/profile-m-z/vmware.profile
@@ -6,8 +6,8 @@ include vmware.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/vmware
-nodeny  ${HOME}/.vmware
+noblacklist ${HOME}/.cache/vmware
+noblacklist ${HOME}/.vmware
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/vmware
 mkdir ${HOME}/.vmware
-allow  ${HOME}/.cache/vmware
-allow  ${HOME}/.vmware
+whitelist ${HOME}/.cache/vmware
+whitelist ${HOME}/.vmware
 # Add the next lines to your vmware.local if you need to use "shared VM".
 #whitelist /var/lib/vmware
 #writable-var
diff --git a/etc/profile-m-z/vscodium.profile b/etc/profile-m-z/vscodium.profile
index 7996113f5b2..a4a4fb7d83b 100644
--- a/etc/profile-m-z/vscodium.profile
+++ b/etc/profile-m-z/vscodium.profile
@@ -6,7 +6,7 @@ include vscodium.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.VSCodium
+noblacklist ${HOME}/.VSCodium
 
 # Redirect
 include code.profile
diff --git a/etc/profile-m-z/vulturesclaw.profile b/etc/profile-m-z/vulturesclaw.profile
index a6c38c1f1b5..fa6ddf1fb29 100644
--- a/etc/profile-m-z/vulturesclaw.profile
+++ b/etc/profile-m-z/vulturesclaw.profile
@@ -6,8 +6,8 @@ include vulturesclaw.local
 # added by included profile
 #include globals.local
 
-nodeny  /var/games/vulturesclaw
-allow  /var/games/vulturesclaw
+noblacklist /var/games/vulturesclaw
+whitelist /var/games/vulturesclaw
 
 # Redirect
 include nethack-vultures.profile
diff --git a/etc/profile-m-z/vultureseye.profile b/etc/profile-m-z/vultureseye.profile
index 763c50bf6cb..49d3fa94fbc 100644
--- a/etc/profile-m-z/vultureseye.profile
+++ b/etc/profile-m-z/vultureseye.profile
@@ -6,8 +6,8 @@ include vultureseye.local
 # added by included profile
 #include globals.local
 
-nodeny  /var/games/vultureseye
-allow  /var/games/vultureseye
+noblacklist /var/games/vultureseye
+whitelist /var/games/vultureseye
 
 # Redirect
 include nethack-vultures.profile
diff --git a/etc/profile-m-z/vym.profile b/etc/profile-m-z/vym.profile
index 1f2462c3297..5421c4e4bee 100644
--- a/etc/profile-m-z/vym.profile
+++ b/etc/profile-m-z/vym.profile
@@ -6,7 +6,7 @@ include vym.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/InSilmaril
+noblacklist ${HOME}/.config/InSilmaril
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/w3m.profile b/etc/profile-m-z/w3m.profile
index 6b38bbf1308..69b2c6c59a0 100644
--- a/etc/profile-m-z/w3m.profile
+++ b/etc/profile-m-z/w3m.profile
@@ -12,10 +12,10 @@ include globals.local
 #ignore private-dev
 #ignore private-etc
 
-nodeny  ${HOME}/.w3m
+noblacklist ${HOME}/.w3m
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -33,9 +33,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.w3m
-allow  /usr/share/w3m
-allow  ${DOWNLOADS}
-allow  ${HOME}/.w3m
+whitelist /usr/share/w3m
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.w3m
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/warmux.profile b/etc/profile-m-z/warmux.profile
index 6658ac5db48..1227a202c57 100644
--- a/etc/profile-m-z/warmux.profile
+++ b/etc/profile-m-z/warmux.profile
@@ -6,9 +6,9 @@ include warmux.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/wormux
-nodeny  ${HOME}/.local/share/wormux
-nodeny  ${HOME}/.wormux
+noblacklist ${HOME}/.config/wormux
+noblacklist ${HOME}/.local/share/wormux
+noblacklist ${HOME}/.wormux
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,10 +22,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/wormux
 mkdir ${HOME}/.local/share/wormux
 mkdir ${HOME}/.wormux
-allow  ${HOME}/.config/wormux
-allow  ${HOME}/.local/share/wormux
-allow  ${HOME}/.wormux
-allow  /usr/share/warmux
+whitelist ${HOME}/.config/wormux
+whitelist ${HOME}/.local/share/wormux
+whitelist ${HOME}/.wormux
+whitelist /usr/share/warmux
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/warsow.profile b/etc/profile-m-z/warsow.profile
index fac4d05557d..e0cd3daad80 100644
--- a/etc/profile-m-z/warsow.profile
+++ b/etc/profile-m-z/warsow.profile
@@ -8,8 +8,8 @@ include globals.local
 
 ignore noexec ${HOME}
 
-nodeny  ${HOME}/.cache/warsow-2.1
-nodeny  ${HOME}/.local/share/warsow-2.1
+noblacklist ${HOME}/.cache/warsow-2.1
+noblacklist ${HOME}/.local/share/warsow-2.1
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,9 +22,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/warsow-2.1
 mkdir ${HOME}/.local/share/warsow-2.1
-allow  ${HOME}/.cache/warsow-2.1
-allow  ${HOME}/.local/share/warsow-2.1
-allow  /usr/share/warsow
+whitelist ${HOME}/.cache/warsow-2.1
+whitelist ${HOME}/.local/share/warsow-2.1
+whitelist /usr/share/warsow
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/warzone2100.profile b/etc/profile-m-z/warzone2100.profile
index 081ae349be7..420e8927e35 100644
--- a/etc/profile-m-z/warzone2100.profile
+++ b/etc/profile-m-z/warzone2100.profile
@@ -6,7 +6,7 @@ include warzone2100.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.warzone2100-3.*
+noblacklist ${HOME}/.warzone2100-3.*
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
 
 mkdir ${HOME}/.warzone2100-3.1
 mkdir ${HOME}/.warzone2100-3.2
-allow  ${HOME}/.warzone2100-3.1
-allow  ${HOME}/.warzone2100-3.2
-allow  /usr/share/games
+whitelist ${HOME}/.warzone2100-3.1
+whitelist ${HOME}/.warzone2100-3.2
+whitelist /usr/share/games
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/waterfox.profile b/etc/profile-m-z/waterfox.profile
index 4081b29b9b0..18f1ca79a80 100644
--- a/etc/profile-m-z/waterfox.profile
+++ b/etc/profile-m-z/waterfox.profile
@@ -5,13 +5,13 @@ include waterfox.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/waterfox
-nodeny  ${HOME}/.waterfox
+noblacklist ${HOME}/.cache/waterfox
+noblacklist ${HOME}/.waterfox
 
 mkdir ${HOME}/.cache/waterfox
 mkdir ${HOME}/.waterfox
-allow  ${HOME}/.cache/waterfox
-allow  ${HOME}/.waterfox
+whitelist ${HOME}/.cache/waterfox
+whitelist ${HOME}/.waterfox
 
 # Add the next lines to your watefox.local if you want to use the migration wizard.
 #noblacklist ${HOME}/.mozilla
diff --git a/etc/profile-m-z/webstorm.profile b/etc/profile-m-z/webstorm.profile
index 1f42dae2ce2..69e96d0cdce 100644
--- a/etc/profile-m-z/webstorm.profile
+++ b/etc/profile-m-z/webstorm.profile
@@ -5,12 +5,12 @@ include webstorm.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.WebStorm*
-nodeny  ${HOME}/.android
-nodeny  ${HOME}/.local/share/JetBrains
-nodeny  ${HOME}/.tooling
+noblacklist ${HOME}/.WebStorm*
+noblacklist ${HOME}/.android
+noblacklist ${HOME}/.local/share/JetBrains
+noblacklist ${HOME}/.tooling
 # Allow KDE file manager to open with log directories (blacklisted by disable-programs.inc)
-nodeny  ${HOME}/.config/dolphinrc
+noblacklist ${HOME}/.config/dolphinrc
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
@@ -18,8 +18,8 @@ include allow-common-devel.inc
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
 
-nodeny  ${PATH}/node
-nodeny  ${HOME}/.nvm
+noblacklist ${PATH}/node
+noblacklist ${HOME}/.nvm
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/webui-aria2.profile b/etc/profile-m-z/webui-aria2.profile
index d1bbcfb674d..d5a998f3521 100644
--- a/etc/profile-m-z/webui-aria2.profile
+++ b/etc/profile-m-z/webui-aria2.profile
@@ -6,7 +6,7 @@ include webui-aria2.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${PATH}/node
+noblacklist ${PATH}/node
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/weechat.profile b/etc/profile-m-z/weechat.profile
index 99941a5908a..76935212f4a 100644
--- a/etc/profile-m-z/weechat.profile
+++ b/etc/profile-m-z/weechat.profile
@@ -6,12 +6,12 @@ include weechat.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.weechat
+noblacklist ${HOME}/.weechat
 
 include disable-common.inc
 include disable-programs.inc
 
-allow  /usr/share/weechat
+whitelist /usr/share/weechat
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/wesnoth.profile b/etc/profile-m-z/wesnoth.profile
index 47b923e6a70..199b3c6f0cb 100644
--- a/etc/profile-m-z/wesnoth.profile
+++ b/etc/profile-m-z/wesnoth.profile
@@ -6,9 +6,9 @@ include wesnoth.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/wesnoth
-nodeny  ${HOME}/.config/wesnoth
-nodeny  ${HOME}/.local/share/wesnoth
+noblacklist ${HOME}/.cache/wesnoth
+noblacklist ${HOME}/.config/wesnoth
+noblacklist ${HOME}/.local/share/wesnoth
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/wesnoth
 mkdir ${HOME}/.config/wesnoth
 mkdir ${HOME}/.local/share/wesnoth
-allow  ${HOME}/.cache/wesnoth
-allow  ${HOME}/.config/wesnoth
-allow  ${HOME}/.local/share/wesnoth
+whitelist ${HOME}/.cache/wesnoth
+whitelist ${HOME}/.config/wesnoth
+whitelist ${HOME}/.local/share/wesnoth
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/wget.profile b/etc/profile-m-z/wget.profile
index 3c4a4eb631f..53c4711bd0f 100644
--- a/etc/profile-m-z/wget.profile
+++ b/etc/profile-m-z/wget.profile
@@ -7,12 +7,12 @@ include wget.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.netrc
-nodeny  ${HOME}/.wget-hsts
-nodeny  ${HOME}/.wgetrc
+noblacklist ${HOME}/.netrc
+noblacklist ${HOME}/.wget-hsts
+noblacklist ${HOME}/.wgetrc
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/whalebird.profile b/etc/profile-m-z/whalebird.profile
index fdbd406c2cd..22a84274d57 100644
--- a/etc/profile-m-z/whalebird.profile
+++ b/etc/profile-m-z/whalebird.profile
@@ -13,10 +13,10 @@ ignore include whitelist-usr-share-common.inc
 ignore dbus-user none
 ignore dbus-system none
 
-nodeny  ${HOME}/.config/Whalebird
+noblacklist ${HOME}/.config/Whalebird
 
 mkdir ${HOME}/.config/Whalebird
-allow  ${HOME}/.config/Whalebird
+whitelist ${HOME}/.config/Whalebird
 
 no3d
 
diff --git a/etc/profile-m-z/whois.profile b/etc/profile-m-z/whois.profile
index 35d7fe9cbce..93871a5a400 100644
--- a/etc/profile-m-z/whois.profile
+++ b/etc/profile-m-z/whois.profile
@@ -7,8 +7,8 @@ include whois.local
 # Persistent global definitions
 include globals.local
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/widelands.profile b/etc/profile-m-z/widelands.profile
index 8f5adb0fcdb..0dc26b11dc8 100644
--- a/etc/profile-m-z/widelands.profile
+++ b/etc/profile-m-z/widelands.profile
@@ -6,7 +6,7 @@ include widelands.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.widelands
+noblacklist ${HOME}/.widelands
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.widelands
-allow  ${HOME}/.widelands
+whitelist ${HOME}/.widelands
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/wine.profile b/etc/profile-m-z/wine.profile
index 6bc68c82966..0ea24aafd4c 100644
--- a/etc/profile-m-z/wine.profile
+++ b/etc/profile-m-z/wine.profile
@@ -6,13 +6,13 @@ include wine.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/winetricks
-nodeny  ${HOME}/.Steam
-nodeny  ${HOME}/.local/share/Steam
-nodeny  ${HOME}/.local/share/steam
-nodeny  ${HOME}/.steam
-nodeny  ${HOME}/.wine
-nodeny  /tmp/.wine-*
+noblacklist ${HOME}/.cache/winetricks
+noblacklist ${HOME}/.Steam
+noblacklist ${HOME}/.local/share/Steam
+noblacklist ${HOME}/.local/share/steam
+noblacklist ${HOME}/.steam
+noblacklist ${HOME}/.wine
+noblacklist /tmp/.wine-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/wire-desktop.profile b/etc/profile-m-z/wire-desktop.profile
index 5f40bbd4823..151cd2adbd9 100644
--- a/etc/profile-m-z/wire-desktop.profile
+++ b/etc/profile-m-z/wire-desktop.profile
@@ -20,10 +20,10 @@ ignore private-cache
 ignore dbus-user none
 ignore dbus-system none
 
-nodeny  ${HOME}/.config/Wire
+noblacklist ${HOME}/.config/Wire
 
 mkdir ${HOME}/.config/Wire
-allow  ${HOME}/.config/Wire
+whitelist ${HOME}/.config/Wire
 
 private-bin bash,electron,electron[0-9],electron[0-9][0-9],env,sh,wire-desktop
 private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl
diff --git a/etc/profile-m-z/wireshark.profile b/etc/profile-m-z/wireshark.profile
index f3f3472835d..1824026a84c 100644
--- a/etc/profile-m-z/wireshark.profile
+++ b/etc/profile-m-z/wireshark.profile
@@ -6,9 +6,9 @@ include wireshark.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/wireshark
-nodeny  ${HOME}/.wireshark
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.config/wireshark
+noblacklist ${HOME}/.wireshark
+noblacklist ${DOCUMENTS}
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -21,7 +21,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  /usr/share/wireshark
+whitelist /usr/share/wireshark
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/wordwarvi.profile b/etc/profile-m-z/wordwarvi.profile
index 1f1541a20f8..9c724a5d2fd 100644
--- a/etc/profile-m-z/wordwarvi.profile
+++ b/etc/profile-m-z/wordwarvi.profile
@@ -6,7 +6,7 @@ include wordwarvi.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.wordwarvi
+noblacklist ${HOME}/.wordwarvi
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.wordwarvi
-allow  ${HOME}/.wordwarvi
-allow  /usr/share/wordwarvi
+whitelist ${HOME}/.wordwarvi
+whitelist /usr/share/wordwarvi
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/wps.profile b/etc/profile-m-z/wps.profile
index 6d16dfb04b0..a44b6490ec6 100644
--- a/etc/profile-m-z/wps.profile
+++ b/etc/profile-m-z/wps.profile
@@ -6,9 +6,9 @@ include wps.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.kingsoft
-nodeny  ${HOME}/.config/Kingsoft
-nodeny  ${HOME}/.local/share/Kingsoft
+noblacklist ${HOME}/.kingsoft
+noblacklist ${HOME}/.config/Kingsoft
+noblacklist ${HOME}/.local/share/Kingsoft
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/x2goclient.profile b/etc/profile-m-z/x2goclient.profile
index 311746cd9fe..557f07cd9b2 100644
--- a/etc/profile-m-z/x2goclient.profile
+++ b/etc/profile-m-z/x2goclient.profile
@@ -6,8 +6,8 @@ include x2goclient.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.x2go
-nodeny  ${HOME}/.x2goclient
+noblacklist ${HOME}/.x2go
+noblacklist ${HOME}/.x2goclient
 
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
diff --git a/etc/profile-m-z/xbill.profile b/etc/profile-m-z/xbill.profile
index e545aa3a048..384f76acc4f 100644
--- a/etc/profile-m-z/xbill.profile
+++ b/etc/profile-m-z/xbill.profile
@@ -15,8 +15,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/xbill
-allow  /var/games/xbill/scores
+whitelist /usr/share/xbill
+whitelist /var/games/xbill/scores
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/xchat.profile b/etc/profile-m-z/xchat.profile
index 7d0adbcc292..a94444aaba4 100644
--- a/etc/profile-m-z/xchat.profile
+++ b/etc/profile-m-z/xchat.profile
@@ -6,7 +6,7 @@ include xchat.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/xchat
+noblacklist ${HOME}/.config/xchat
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xed.profile b/etc/profile-m-z/xed.profile
index 5db709bd134..4a3022e83b5 100644
--- a/etc/profile-m-z/xed.profile
+++ b/etc/profile-m-z/xed.profile
@@ -5,10 +5,10 @@ include xed.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/xed
-nodeny  ${HOME}/.python-history
-nodeny  ${HOME}/.python_history
-nodeny  ${HOME}/.pythonhist
+noblacklist ${HOME}/.config/xed
+noblacklist ${HOME}/.python-history
+noblacklist ${HOME}/.python_history
+noblacklist ${HOME}/.pythonhist
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/xfburn.profile b/etc/profile-m-z/xfburn.profile
index 297ff616493..cd9561e7492 100644
--- a/etc/profile-m-z/xfburn.profile
+++ b/etc/profile-m-z/xfburn.profile
@@ -6,7 +6,7 @@ include xfburn.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/xfburn
+noblacklist ${HOME}/.config/xfburn
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xfce4-dict.profile b/etc/profile-m-z/xfce4-dict.profile
index 8ecd84116c0..ecd321c7e65 100644
--- a/etc/profile-m-z/xfce4-dict.profile
+++ b/etc/profile-m-z/xfce4-dict.profile
@@ -6,7 +6,7 @@ include xfce4-dict.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/xfce4-dict
+noblacklist ${HOME}/.config/xfce4-dict
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xfce4-mixer.profile b/etc/profile-m-z/xfce4-mixer.profile
index 8a6f9e9219b..bb38dbebd97 100644
--- a/etc/profile-m-z/xfce4-mixer.profile
+++ b/etc/profile-m-z/xfce4-mixer.profile
@@ -6,7 +6,7 @@ include xfce4-mixer.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
+noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,10 +18,10 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
-allow  ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
-allow  /usr/share/gstreamer-*
-allow  /usr/share/xfce4
-allow  /usr/share/xfce4-mixer
+whitelist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
+whitelist /usr/share/gstreamer-*
+whitelist /usr/share/xfce4
+whitelist /usr/share/xfce4-mixer
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/xfce4-notes.profile b/etc/profile-m-z/xfce4-notes.profile
index fe88f9b2799..ebfb4333cbf 100644
--- a/etc/profile-m-z/xfce4-notes.profile
+++ b/etc/profile-m-z/xfce4-notes.profile
@@ -6,9 +6,9 @@ include xfce4-notes.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/xfce4/xfce4-notes.gtkrc
-nodeny  ${HOME}/.config/xfce4/xfce4-notes.rc
-nodeny  ${HOME}/.local/share/notes
+noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc
+noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc
+noblacklist ${HOME}/.local/share/notes
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xfce4-screenshooter.profile b/etc/profile-m-z/xfce4-screenshooter.profile
index baf2223541c..b1e5bafbfed 100644
--- a/etc/profile-m-z/xfce4-screenshooter.profile
+++ b/etc/profile-m-z/xfce4-screenshooter.profile
@@ -6,7 +6,7 @@ include xfce4-screenshooter.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/xfce4
+whitelist /usr/share/xfce4
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/xiphos.profile b/etc/profile-m-z/xiphos.profile
index 5c11cbd66de..81d98db7a0b 100644
--- a/etc/profile-m-z/xiphos.profile
+++ b/etc/profile-m-z/xiphos.profile
@@ -6,10 +6,10 @@ include xiphos.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.sword
-nodeny  ${HOME}/.xiphos
+noblacklist ${HOME}/.sword
+noblacklist ${HOME}/.xiphos
 
-deny  ${HOME}/.bashrc
+blacklist ${HOME}/.bashrc
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,8 +21,8 @@ include disable-shell.inc
 
 mkdir ${HOME}/.sword
 mkdir ${HOME}/.xiphos
-allow  ${HOME}/.sword
-allow  ${HOME}/.xiphos
+whitelist ${HOME}/.sword
+whitelist ${HOME}/.xiphos
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/xlinks.profile b/etc/profile-m-z/xlinks.profile
index da480110127..d5e25cfe71f 100644
--- a/etc/profile-m-z/xlinks.profile
+++ b/etc/profile-m-z/xlinks.profile
@@ -7,7 +7,7 @@ include xlinks.local
 # added by included profile
 #include globals.local
 
-nodeny  /tmp/.X11-unix
+noblacklist /tmp/.X11-unix
 
 include whitelist-common.inc
 
diff --git a/etc/profile-m-z/xlinks2 b/etc/profile-m-z/xlinks2
index a7612cb2aa4..1ae6a60ca4b 100644
--- a/etc/profile-m-z/xlinks2
+++ b/etc/profile-m-z/xlinks2
@@ -7,7 +7,7 @@ include xlinks2.local
 # added by included profile
 #include globals.local
 
-nodeny  /tmp/.X11-unix
+noblacklist /tmp/.X11-unix
 
 include whitelist-common.inc
 
diff --git a/etc/profile-m-z/xmms.profile b/etc/profile-m-z/xmms.profile
index 1ed35f29a5b..25261d925bd 100644
--- a/etc/profile-m-z/xmms.profile
+++ b/etc/profile-m-z/xmms.profile
@@ -5,8 +5,8 @@ include xmms.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.xmms
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.xmms
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xmr-stak.profile b/etc/profile-m-z/xmr-stak.profile
index c97c12f560f..e7020f36b32 100644
--- a/etc/profile-m-z/xmr-stak.profile
+++ b/etc/profile-m-z/xmr-stak.profile
@@ -5,7 +5,7 @@ include xmr-stak.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.xmr-stak
+noblacklist ${HOME}/.xmr-stak
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xonotic.profile b/etc/profile-m-z/xonotic.profile
index 94a09198c8b..53c9a0a089c 100644
--- a/etc/profile-m-z/xonotic.profile
+++ b/etc/profile-m-z/xonotic.profile
@@ -6,7 +6,7 @@ include xonotic.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.xonotic
+noblacklist ${HOME}/.xonotic
 
 include allow-bin-sh.inc
 include allow-opengl-game.inc
@@ -21,8 +21,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.xonotic
-allow  ${HOME}/.xonotic
-allow  /usr/share/xonotic
+whitelist ${HOME}/.xonotic
+whitelist /usr/share/xonotic
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/xournal.profile b/etc/profile-m-z/xournal.profile
index 34a188a4ecd..c4f092d50cb 100644
--- a/etc/profile-m-z/xournal.profile
+++ b/etc/profile-m-z/xournal.profile
@@ -6,7 +6,7 @@ include xournal.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/xournal
-allow  /usr/share/poppler
+whitelist /usr/share/xournal
+whitelist /usr/share/poppler
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/xournalpp.profile b/etc/profile-m-z/xournalpp.profile
index f82d2a5d3e6..988b878b93d 100644
--- a/etc/profile-m-z/xournalpp.profile
+++ b/etc/profile-m-z/xournalpp.profile
@@ -7,13 +7,13 @@ include xournalpp.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.xournalpp
+noblacklist ${HOME}/.xournalpp
 
 include allow-lua.inc
 
-allow  /usr/share/texlive
-allow  /usr/share/xournalpp
-allow  /var/lib/texmf
+whitelist /usr/share/texlive
+whitelist /usr/share/xournalpp
+whitelist /var/lib/texmf
 include whitelist-runuser-common.inc
 
 #mkdir ${HOME}/.xournalpp
diff --git a/etc/profile-m-z/xpdf.profile b/etc/profile-m-z/xpdf.profile
index 9da63b52a8f..1447ec9a749 100644
--- a/etc/profile-m-z/xpdf.profile
+++ b/etc/profile-m-z/xpdf.profile
@@ -6,8 +6,8 @@ include xpdf.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.xpdfrc
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.xpdfrc
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xplayer.profile b/etc/profile-m-z/xplayer.profile
index 4af4586e3b4..c3bb3292c3b 100644
--- a/etc/profile-m-z/xplayer.profile
+++ b/etc/profile-m-z/xplayer.profile
@@ -5,8 +5,8 @@ include xplayer.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/xplayer
-nodeny  ${HOME}/.local/share/xplayer
+noblacklist ${HOME}/.config/xplayer
+noblacklist ${HOME}/.local/share/xplayer
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,8 +22,8 @@ include disable-programs.inc
 read-only ${DESKTOP}
 mkdir ${HOME}/.config/xplayer
 mkdir ${HOME}/.local/share/xplayer
-allow  ${HOME}/.config/xplayer
-allow  ${HOME}/.local/share/xplayer
+whitelist ${HOME}/.config/xplayer
+whitelist ${HOME}/.local/share/xplayer
 include whitelist-common.inc
 include whitelist-player-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/xpra.profile b/etc/profile-m-z/xpra.profile
index 28fbc94dd85..6e409e1aa82 100644
--- a/etc/profile-m-z/xpra.profile
+++ b/etc/profile-m-z/xpra.profile
@@ -25,7 +25,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-allow  /var/lib/xkb
+whitelist /var/lib/xkb
 # whitelisting home directory, or including whitelist-common.inc
 # will crash xpra on some platforms
 
diff --git a/etc/profile-m-z/xreader.profile b/etc/profile-m-z/xreader.profile
index 440f26af2b4..3ab35edfc23 100644
--- a/etc/profile-m-z/xreader.profile
+++ b/etc/profile-m-z/xreader.profile
@@ -6,9 +6,9 @@ include xreader.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/xreader
-nodeny  ${HOME}/.config/xreader
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.cache/xreader
+noblacklist ${HOME}/.config/xreader
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xviewer.profile b/etc/profile-m-z/xviewer.profile
index 671e0cf5b42..4d454f81c90 100644
--- a/etc/profile-m-z/xviewer.profile
+++ b/etc/profile-m-z/xviewer.profile
@@ -5,10 +5,10 @@ include xviewer.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.Steam
-nodeny  ${HOME}/.config/xviewer
-nodeny  ${HOME}/.local/share/Trash
-nodeny  ${HOME}/.steam
+noblacklist ${HOME}/.Steam
+noblacklist ${HOME}/.config/xviewer
+noblacklist ${HOME}/.local/share/Trash
+noblacklist ${HOME}/.steam
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/yandex-browser.profile b/etc/profile-m-z/yandex-browser.profile
index 27d0eb41153..81cd021f7a9 100644
--- a/etc/profile-m-z/yandex-browser.profile
+++ b/etc/profile-m-z/yandex-browser.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-nodeny  ${HOME}/.cache/yandex-browser
-nodeny  ${HOME}/.cache/yandex-browser-beta
-nodeny  ${HOME}/.config/yandex-browser
-nodeny  ${HOME}/.config/yandex-browser-beta
+noblacklist ${HOME}/.cache/yandex-browser
+noblacklist ${HOME}/.cache/yandex-browser-beta
+noblacklist ${HOME}/.config/yandex-browser
+noblacklist ${HOME}/.config/yandex-browser-beta
 
 mkdir ${HOME}/.cache/yandex-browser
 mkdir ${HOME}/.cache/yandex-browser-beta
 mkdir ${HOME}/.config/yandex-browser
 mkdir ${HOME}/.config/yandex-browser-beta
-allow  ${HOME}/.cache/yandex-browser
-allow  ${HOME}/.cache/yandex-browser-beta
-allow  ${HOME}/.config/yandex-browser
-allow  ${HOME}/.config/yandex-browser-beta
+whitelist ${HOME}/.cache/yandex-browser
+whitelist ${HOME}/.cache/yandex-browser-beta
+whitelist ${HOME}/.config/yandex-browser
+whitelist ${HOME}/.config/yandex-browser-beta
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-m-z/yelp.profile b/etc/profile-m-z/yelp.profile
index b288993f2af..dee154409af 100644
--- a/etc/profile-m-z/yelp.profile
+++ b/etc/profile-m-z/yelp.profile
@@ -6,7 +6,7 @@ include yelp.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/yelp
+noblacklist ${HOME}/.config/yelp
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,15 +18,15 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/yelp
-allow  ${HOME}/.config/yelp
-allow  /usr/libexec/webkit2gtk-4.0
-allow  /usr/share/doc
-allow  /usr/share/groff
-allow  /usr/share/help
-allow  /usr/share/man
-allow  /usr/share/yelp
-allow  /usr/share/yelp-tools
-allow  /usr/share/yelp-xsl
+whitelist ${HOME}/.config/yelp
+whitelist /usr/libexec/webkit2gtk-4.0
+whitelist /usr/share/doc
+whitelist /usr/share/groff
+whitelist /usr/share/help
+whitelist /usr/share/man
+whitelist /usr/share/yelp
+whitelist /usr/share/yelp-tools
+whitelist /usr/share/yelp-xsl
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/youtube-dl-gui.profile b/etc/profile-m-z/youtube-dl-gui.profile
index 26ea3acaa9c..b52271a2ce9 100644
--- a/etc/profile-m-z/youtube-dl-gui.profile
+++ b/etc/profile-m-z/youtube-dl-gui.profile
@@ -8,7 +8,7 @@ include globals.local
 include allow-python2.inc
 include allow-python3.inc
 
-nodeny  ${HOME}/.config/youtube-dlg
+noblacklist ${HOME}/.config/youtube-dlg
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,8 +20,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/youtube-dlg
-allow  ${HOME}/.config/youtube-dlg
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.config/youtube-dlg
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/youtube-dl.profile b/etc/profile-m-z/youtube-dl.profile
index 37f87d0b538..24c4d6db33f 100644
--- a/etc/profile-m-z/youtube-dl.profile
+++ b/etc/profile-m-z/youtube-dl.profile
@@ -10,18 +10,18 @@ include globals.local
 # breaks when installed under ${HOME} via `pip install --user` (see #2833)
 ignore noexec ${HOME}
 
-nodeny  ${HOME}/.cache/youtube-dl
-nodeny  ${HOME}/.config/youtube-dl
-nodeny  ${HOME}/.netrc
-nodeny  ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${HOME}/.cache/youtube-dl
+noblacklist ${HOME}/.config/youtube-dl
+noblacklist ${HOME}/.netrc
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
 include allow-python3.inc
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/youtube-viewer.profile b/etc/profile-m-z/youtube-viewer.profile
index 84b8bbc6afc..b54dd37ad66 100644
--- a/etc/profile-m-z/youtube-viewer.profile
+++ b/etc/profile-m-z/youtube-viewer.profile
@@ -7,13 +7,13 @@ include youtube-viewer.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/youtube-viewer
-nodeny  ${HOME}/.config/youtube-viewer
+noblacklist ${HOME}/.cache/youtube-viewer
+noblacklist ${HOME}/.config/youtube-viewer
 
 mkdir ${HOME}/.cache/youtube-viewer
 mkdir ${HOME}/.config/youtube-viewer
-allow  ${HOME}/.cache/youtube-viewer
-allow  ${HOME}/.config/youtube-viewer
+whitelist ${HOME}/.cache/youtube-viewer
+whitelist ${HOME}/.config/youtube-viewer
 
 private-bin gtk-youtube-viewer,gtk2-youtube-viewer,gtk3-youtube-viewer,youtube-viewer
 
diff --git a/etc/profile-m-z/youtube-viewers-common.profile b/etc/profile-m-z/youtube-viewers-common.profile
index f531f815e48..25a073d4af4 100644
--- a/etc/profile-m-z/youtube-viewers-common.profile
+++ b/etc/profile-m-z/youtube-viewers-common.profile
@@ -7,7 +7,7 @@ include youtube-viewers-common.local
 # added by caller profile
 #include globals.local
 
-nodeny  ${HOME}/.cache/youtube-dl
+noblacklist ${HOME}/.cache/youtube-dl
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -27,8 +27,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  ${DOWNLOADS}
-allow  ${HOME}/.cache/youtube-dl/youtube-sigfuncs
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/youtube.profile b/etc/profile-m-z/youtube.profile
index b015fb01347..ad7ceaee4c5 100644
--- a/etc/profile-m-z/youtube.profile
+++ b/etc/profile-m-z/youtube.profile
@@ -9,12 +9,12 @@ include globals.local
 # Disabled until someone reported positive feedback
 ignore nou2f
 
-nodeny  ${HOME}/.config/Youtube
+noblacklist ${HOME}/.config/Youtube
 
 include disable-shell.inc
 
 mkdir ${HOME}/.config/Youtube
-allow  ${HOME}/.config/Youtube
+whitelist ${HOME}/.config/Youtube
 
 private-bin youtube
 private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
diff --git a/etc/profile-m-z/youtubemusic-nativefier.profile b/etc/profile-m-z/youtubemusic-nativefier.profile
index d594a3d0f38..74b0e38b938 100644
--- a/etc/profile-m-z/youtubemusic-nativefier.profile
+++ b/etc/profile-m-z/youtubemusic-nativefier.profile
@@ -6,12 +6,12 @@ include youtube.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/youtubemusic-nativefier-040164
+noblacklist ${HOME}/.config/youtubemusic-nativefier-040164
 
 include disable-shell.inc
 
 mkdir ${HOME}/.config/youtubemusic-nativefier-040164
-allow  ${HOME}/.config/youtubemusic-nativefier-040164
+whitelist ${HOME}/.config/youtubemusic-nativefier-040164
 
 private-bin youtubemusic-nativefier
 private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
diff --git a/etc/profile-m-z/ytmdesktop.profile b/etc/profile-m-z/ytmdesktop.profile
index 9987c953e7e..ab46fccc2d9 100644
--- a/etc/profile-m-z/ytmdesktop.profile
+++ b/etc/profile-m-z/ytmdesktop.profile
@@ -8,10 +8,10 @@ include globals.local
 
 ignore dbus-user none
 
-nodeny  ${HOME}/.config/youtube-music-desktop-app
+noblacklist ${HOME}/.config/youtube-music-desktop-app
 
 mkdir ${HOME}/.config/youtube-music-desktop-app
-allow  ${HOME}/.config/youtube-music-desktop-app
+whitelist ${HOME}/.config/youtube-music-desktop-app
 
 # private-bin env,ytmdesktop
 private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
diff --git a/etc/profile-m-z/zaproxy.profile b/etc/profile-m-z/zaproxy.profile
index 2f18a8c45ff..5a168feb6c3 100644
--- a/etc/profile-m-z/zaproxy.profile
+++ b/etc/profile-m-z/zaproxy.profile
@@ -6,7 +6,7 @@ include zaproxy.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.ZAP
+noblacklist ${HOME}/.ZAP
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -20,8 +20,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.java
 mkdir ${HOME}/.ZAP
-allow  ${HOME}/.java
-allow  ${HOME}/.ZAP
+whitelist ${HOME}/.java
+whitelist ${HOME}/.ZAP
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/zart.profile b/etc/profile-m-z/zart.profile
index 32ff4f8ed6b..10f83aa3035 100644
--- a/etc/profile-m-z/zart.profile
+++ b/etc/profile-m-z/zart.profile
@@ -6,8 +6,8 @@ include zart.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/zathura.profile b/etc/profile-m-z/zathura.profile
index 4bc841f636e..d0e68c980ef 100644
--- a/etc/profile-m-z/zathura.profile
+++ b/etc/profile-m-z/zathura.profile
@@ -6,9 +6,9 @@ include zathura.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/zathura
-nodeny  ${HOME}/.local/share/zathura
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.config/zathura
+noblacklist ${HOME}/.local/share/zathura
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,8 +22,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/zathura
 mkdir ${HOME}/.local/share/zathura
-allow  /usr/share/doc
-allow  /usr/share/zathura
+whitelist /usr/share/doc
+whitelist /usr/share/zathura
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/zcat.profile b/etc/profile-m-z/zcat.profile
index 904ea9f05db..5de13ab905f 100644
--- a/etc/profile-m-z/zcat.profile
+++ b/etc/profile-m-z/zcat.profile
@@ -9,7 +9,7 @@ include zcat.local
 
 # Allow running kernel config check
 ignore include disable-shell.inc
-nodeny  /proc/config.gz
+noblacklist /proc/config.gz
 
 # Redirect
 include gzip.profile
diff --git a/etc/profile-m-z/zeal.profile b/etc/profile-m-z/zeal.profile
index 458df2a4629..2c6f6910fde 100644
--- a/etc/profile-m-z/zeal.profile
+++ b/etc/profile-m-z/zeal.profile
@@ -6,9 +6,9 @@ include zeal.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Zeal
-nodeny  ${HOME}/.cache/Zeal
-nodeny  ${HOME}/.local/share/Zeal
+noblacklist ${HOME}/.config/Zeal
+noblacklist ${HOME}/.cache/Zeal
+noblacklist ${HOME}/.local/share/Zeal
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,9 +23,9 @@ mkdir ${HOME}/.cache/Zeal
 mkdir ${HOME}/.config/qt5ct
 mkdir ${HOME}/.config/Zeal
 mkdir ${HOME}/.local/share/Zeal
-allow  ${HOME}/.cache/Zeal
-allow  ${HOME}/.config/Zeal
-allow  ${HOME}/.local/share/Zeal
+whitelist ${HOME}/.cache/Zeal
+whitelist ${HOME}/.config/Zeal
+whitelist ${HOME}/.local/share/Zeal
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/zgrep.profile b/etc/profile-m-z/zgrep.profile
index e2dfbd10530..f63dc871fef 100644
--- a/etc/profile-m-z/zgrep.profile
+++ b/etc/profile-m-z/zgrep.profile
@@ -9,7 +9,7 @@ include zgrep.local
 
 # Allow running kernel config check
 ignore include disable-shell.inc
-nodeny  /proc/config.gz
+noblacklist /proc/config.gz
 
 # Redirect
 include gzip.profile
diff --git a/etc/profile-m-z/zoom.profile b/etc/profile-m-z/zoom.profile
index 6b0417b56a4..ac615d8614f 100644
--- a/etc/profile-m-z/zoom.profile
+++ b/etc/profile-m-z/zoom.profile
@@ -16,17 +16,17 @@ ignore dbus-system none
 # If you use such a system, add 'ignore nogroups' to your zoom.local.
 #ignore nogroups
 
-nodeny  ${HOME}/.config/zoomus.conf
-nodeny  ${HOME}/.zoom
+noblacklist ${HOME}/.config/zoomus.conf
+noblacklist ${HOME}/.zoom
 
-noallow  ${DOWNLOADS}
+nowhitelist ${DOWNLOADS}
 
 mkdir ${HOME}/.cache/zoom
 mkfile ${HOME}/.config/zoomus.conf
 mkdir ${HOME}/.zoom
-allow  ${HOME}/.cache/zoom
-allow  ${HOME}/.config/zoomus.conf
-allow  ${HOME}/.zoom
+whitelist ${HOME}/.cache/zoom
+whitelist ${HOME}/.config/zoomus.conf
+whitelist ${HOME}/.zoom
 
 # Disable for now, see https://github.com/netblue30/firejail/issues/3726
 #private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl
diff --git a/etc/profile-m-z/zulip.profile b/etc/profile-m-z/zulip.profile
index cdbbdccf132..093da521236 100644
--- a/etc/profile-m-z/zulip.profile
+++ b/etc/profile-m-z/zulip.profile
@@ -8,7 +8,7 @@ include globals.local
 
 ignore noexec /tmp
 
-nodeny  ${HOME}/.config/Zulip
+noblacklist ${HOME}/.config/Zulip
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,8 +20,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/Zulip
-allow  ${HOME}/.config/Zulip
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.config/Zulip
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-var-common.inc