aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar Kelvin M. Klann <kmk3.code@protonmail.com>2021-07-18 20:39:14 -0300
committerLibravatar Kelvin M. Klann <kmk3.code@protonmail.com>2021-07-18 20:39:14 -0300
commitf43382f1e9707b4fd5e63c7bfe881912aa4ee994 (patch)
tree499639bb962c8b071b153dcdad1b42af8286521d
parentAdd MS Edge Beta profile (diff)
downloadfirejail-f43382f1e9707b4fd5e63c7bfe881912aa4ee994.tar.gz
firejail-f43382f1e9707b4fd5e63c7bfe881912aa4ee994.tar.zst
firejail-f43382f1e9707b4fd5e63c7bfe881912aa4ee994.zip
Revert "move whitelist/blacklist to allow/deny"
This reverts commit fe0f975f447d59977d90c3226cc8c623b31b20b3. Note: This only reverts the changes from etc. The 4 aliases introduced on commit 45f2ba544 are mere, well, aliases. That is, they fail to address the different usability problems discussed on [#3447][3447] and in fact only make things more confusing (as has already been mentioned on [this][4379] and later comments). The main reason is that the aliases do not meaningfully map to the original commands. For example, the commands from each pair below seem like they would do the exact same thing: * `allow` and `nodeny` * `deny` and `noallow` Additionally, if these aliases are not the final commands, but only a test/work-in-progress, then keeping the wide-scale search/replace changes made on commit fe0f975f4 would only serve to cause confusion, as users of firejail-git, contributors and downstream projects might start changing the commands used on their profiles, only to later have to change them again, potentially to completely different commands. The sooner this is undone the better, as (besides the above reasons) the more profile changes there are between the original commit and the revert, the harder it is to e.g.: `git diff` versions of files across the following revision ranges: before the commit, after the commit but before the revert and after the revert. Note: This is still the case even if a commit is [ignored by `git blame`][4390]. So let us revert fe0f975f4 and only reapply similar large-scale changes once we have discussed and settled on better commands. How the revert was applied: Despite using the auto-generated message from `git revert`, to ensure correctness and to avoid conflicts the changes were reverted in different steps: Firstly, revert the files which can be safely reverted directly ("filestorevert"): # Find out which files have been changed on fe0f975f44, but have not # been changed afterwards and list them on "filestorevert" git show --pretty='' --name-only fe0f975f44 -- etc | LC_ALL=C sort >allfiles git diff --name-only fe0f975f44..master -- etc | LC_ALL=C sort >filestoignore comm -2 -3 allfiles filestoignore >filestorevert # Note: There are 3 extra files on filestoignore because they were # added after commit fe0f975f44 wc -l allfiles filestoignore filestorevert | head -n 3 # 797 allfiles # 8 filestoignore # 792 filestorevert # Automatically revert files in "filestorevert" # See https://stackoverflow.com/a/23401018/10095231 tr '\n' '\000' <filestorevert | xargs -0 git show fe0f975f44 -- | git apply --reverse printf 'Total files reverted:\n' git diff --name-only | wc -l # 792 Secondly, do some search/replace on the rest: tr '\n' '\000' <filestoignore | xargs -0 sed -i.bak \ -e 's/allow /whitelist /' -e 's/noallow /nowhitelist /' \ -e 's/deny /blacklist /' -e 's/nodeny /noblacklist /' \ -e 's/deny-nolog /blacklist-nolog /' find etc -name '*.bak' -print0 | xargs -0 rm Thirdly, verify the result. The following command shows the difference between all the changes in etc from before fe0f975f44 and this commit (inclusive): git diff fe0f975f44~1 -- etc From the output, it looks like all alias changes are fully reverted and that the other changes to etc (from after fe0f975f44) remain, so the revert seems to be done correctly. [3447]: https://github.com/netblue30/firejail/issues/3447 [4379]: https://github.com/netblue30/firejail/issues/4379#issuecomment-876460222 [4390]: https://github.com/netblue30/firejail/issues/4390
-rw-r--r--etc/inc/allow-bin-sh.inc6
-rw-r--r--etc/inc/allow-common-devel.inc36
-rw-r--r--etc/inc/allow-gjs.inc16
-rw-r--r--etc/inc/allow-java.inc10
-rw-r--r--etc/inc/allow-lua.inc16
-rw-r--r--etc/inc/allow-nodejs.inc4
-rw-r--r--etc/inc/allow-opengl-game.inc4
-rw-r--r--etc/inc/allow-perl.inc16
-rw-r--r--etc/inc/allow-php.inc6
-rw-r--r--etc/inc/allow-python2.inc10
-rw-r--r--etc/inc/allow-python3.inc12
-rw-r--r--etc/inc/allow-ruby.inc4
-rw-r--r--etc/inc/allow-ssh.inc8
-rw-r--r--etc/inc/disable-common.inc710
-rw-r--r--etc/inc/disable-devel.inc80
-rw-r--r--etc/inc/disable-interpreters.inc84
-rw-r--r--etc/inc/disable-passwdmgr.inc30
-rw-r--r--etc/inc/disable-programs.inc2184
-rw-r--r--etc/inc/disable-shell.inc22
-rw-r--r--etc/inc/disable-xdg.inc8
-rw-r--r--etc/inc/whitelist-1793-workaround.inc46
-rw-r--r--etc/inc/whitelist-common.inc130
-rw-r--r--etc/inc/whitelist-player-common.inc10
-rw-r--r--etc/inc/whitelist-runuser-common.inc20
-rw-r--r--etc/inc/whitelist-usr-share-common.inc126
-rw-r--r--etc/inc/whitelist-var-common.inc18
-rw-r--r--etc/profile-a-l/0ad.profile18
-rw-r--r--etc/profile-a-l/2048-qt.profile8
-rw-r--r--etc/profile-a-l/Cryptocat.profile2
-rw-r--r--etc/profile-a-l/Discord.profile4
-rw-r--r--etc/profile-a-l/DiscordCanary.profile4
-rw-r--r--etc/profile-a-l/Fritzing.profile4
-rw-r--r--etc/profile-a-l/JDownloader.profile6
-rw-r--r--etc/profile-a-l/abiword.profile4
-rw-r--r--etc/profile-a-l/abrowser.profile8
-rw-r--r--etc/profile-a-l/agetpkg.profile6
-rw-r--r--etc/profile-a-l/akonadi_control.profile32
-rw-r--r--etc/profile-a-l/akregator.profile14
-rw-r--r--etc/profile-a-l/alacarte.profile14
-rw-r--r--etc/profile-a-l/alienarena.profile6
-rw-r--r--etc/profile-a-l/alpine.profile46
-rw-r--r--etc/profile-a-l/amarok.profile2
-rw-r--r--etc/profile-a-l/amule.profile6
-rw-r--r--etc/profile-a-l/android-studio.profile14
-rw-r--r--etc/profile-a-l/anki.profile8
-rw-r--r--etc/profile-a-l/anydesk.profile4
-rw-r--r--etc/profile-a-l/aosp.profile14
-rw-r--r--etc/profile-a-l/apostrophe.profile18
-rw-r--r--etc/profile-a-l/arch-audit.profile4
-rw-r--r--etc/profile-a-l/archaudit-report.profile2
-rw-r--r--etc/profile-a-l/archiver-common.profile2
-rw-r--r--etc/profile-a-l/ardour5.profile12
-rw-r--r--etc/profile-a-l/arduino.profile6
-rw-r--r--etc/profile-a-l/aria2c.profile10
-rw-r--r--etc/profile-a-l/ark.profile6
-rw-r--r--etc/profile-a-l/arm.profile4
-rw-r--r--etc/profile-a-l/artha.profile14
-rw-r--r--etc/profile-a-l/assogiate.profile4
-rw-r--r--etc/profile-a-l/asunder.profile10
-rw-r--r--etc/profile-a-l/atom.profile4
-rw-r--r--etc/profile-a-l/atril.profile6
-rw-r--r--etc/profile-a-l/audacious.profile6
-rw-r--r--etc/profile-a-l/audacity.profile6
-rw-r--r--etc/profile-a-l/audio-recorder.profile10
-rw-r--r--etc/profile-a-l/authenticator-rs.profile8
-rw-r--r--etc/profile-a-l/authenticator.profile4
-rw-r--r--etc/profile-a-l/autokey-common.profile4
-rw-r--r--etc/profile-a-l/avidemux.profile12
-rw-r--r--etc/profile-a-l/aweather.profile4
-rw-r--r--etc/profile-a-l/awesome.profile2
-rw-r--r--etc/profile-a-l/ballbuster.profile6
-rw-r--r--etc/profile-a-l/baloo_file.profile12
-rw-r--r--etc/profile-a-l/balsa.profile36
-rw-r--r--etc/profile-a-l/barrier.profile6
-rw-r--r--etc/profile-a-l/basilisk.profile8
-rw-r--r--etc/profile-a-l/bcompare.profile4
-rw-r--r--etc/profile-a-l/beaker.profile4
-rw-r--r--etc/profile-a-l/bibletime.profile20
-rw-r--r--etc/profile-a-l/bijiben.profile14
-rw-r--r--etc/profile-a-l/bitcoin-qt.profile8
-rw-r--r--etc/profile-a-l/bitlbee.profile4
-rw-r--r--etc/profile-a-l/bitwarden.profile4
-rw-r--r--etc/profile-a-l/blackbox.profile2
-rw-r--r--etc/profile-a-l/blender.profile6
-rw-r--r--etc/profile-a-l/bless.profile2
-rw-r--r--etc/profile-a-l/blobby.profile6
-rw-r--r--etc/profile-a-l/blobwars.profile6
-rw-r--r--etc/profile-a-l/bnox.profile8
-rw-r--r--etc/profile-a-l/brackets.profile2
-rw-r--r--etc/profile-a-l/brasero.profile2
-rw-r--r--etc/profile-a-l/brave.profile22
-rw-r--r--etc/profile-a-l/bzflag.profile4
-rw-r--r--etc/profile-a-l/calibre.profile6
-rw-r--r--etc/profile-a-l/calligra.profile2
-rw-r--r--etc/profile-a-l/calligragemini.profile2
-rw-r--r--etc/profile-a-l/calligraplan.profile2
-rw-r--r--etc/profile-a-l/calligraplanwork.profile2
-rw-r--r--etc/profile-a-l/calligrasheets.profile2
-rw-r--r--etc/profile-a-l/calligrastage.profile2
-rw-r--r--etc/profile-a-l/calligrawords.profile2
-rw-r--r--etc/profile-a-l/cameramonitor.profile2
-rw-r--r--etc/profile-a-l/cantata.profile8
-rw-r--r--etc/profile-a-l/cargo.profile10
-rw-r--r--etc/profile-a-l/catfish.profile4
-rw-r--r--etc/profile-a-l/cawbird.profile2
-rw-r--r--etc/profile-a-l/celluloid.profile14
-rw-r--r--etc/profile-a-l/checkbashisms.profile4
-rw-r--r--etc/profile-a-l/cheese.profile10
-rw-r--r--etc/profile-a-l/cherrytree.profile4
-rw-r--r--etc/profile-a-l/chromium-browser-privacy.profile10
-rw-r--r--etc/profile-a-l/chromium-common.profile10
-rw-r--r--etc/profile-a-l/chromium.profile16
-rw-r--r--etc/profile-a-l/cin.profile2
-rw-r--r--etc/profile-a-l/clamav.profile2
-rw-r--r--etc/profile-a-l/claws-mail.profile6
-rw-r--r--etc/profile-a-l/clawsker.profile4
-rw-r--r--etc/profile-a-l/clementine.profile6
-rw-r--r--etc/profile-a-l/clion.profile20
-rw-r--r--etc/profile-a-l/clipgrab.profile6
-rw-r--r--etc/profile-a-l/clipit.profile8
-rw-r--r--etc/profile-a-l/cliqz.profile12
-rw-r--r--etc/profile-a-l/cmus.profile4
-rw-r--r--etc/profile-a-l/code.profile8
-rw-r--r--etc/profile-a-l/colorful.profile6
-rw-r--r--etc/profile-a-l/com.github.bleakgrey.tootle.profile6
-rw-r--r--etc/profile-a-l/com.github.dahenson.agenda.profile12
-rw-r--r--etc/profile-a-l/com.github.johnfactotum.Foliate.profile18
-rw-r--r--etc/profile-a-l/com.github.phase1geo.minder.profile14
-rw-r--r--etc/profile-a-l/conkeror.profile22
-rw-r--r--etc/profile-a-l/conky.profile2
-rw-r--r--etc/profile-a-l/corebird.profile2
-rw-r--r--etc/profile-a-l/cower.profile4
-rw-r--r--etc/profile-a-l/coyim.profile4
-rw-r--r--etc/profile-a-l/cpio.profile4
-rw-r--r--etc/profile-a-l/crawl.profile4
-rw-r--r--etc/profile-a-l/crow.profile4
-rw-r--r--etc/profile-a-l/curl.profile8
-rw-r--r--etc/profile-a-l/cyberfox.profile8
-rw-r--r--etc/profile-a-l/d-feet.profile6
-rw-r--r--etc/profile-a-l/darktable.profile6
-rw-r--r--etc/profile-a-l/dbus-send.profile4
-rw-r--r--etc/profile-a-l/dconf-editor.profile2
-rw-r--r--etc/profile-a-l/dconf.profile4
-rw-r--r--etc/profile-a-l/ddgtk.profile4
-rw-r--r--etc/profile-a-l/deadbeef.profile4
-rw-r--r--etc/profile-a-l/deluge.profile6
-rw-r--r--etc/profile-a-l/desktopeditors.profile6
-rw-r--r--etc/profile-a-l/devhelp.profile6
-rw-r--r--etc/profile-a-l/devilspie.profile6
-rw-r--r--etc/profile-a-l/devilspie2.profile8
-rw-r--r--etc/profile-a-l/dia.profile6
-rw-r--r--etc/profile-a-l/dig.profile10
-rw-r--r--etc/profile-a-l/digikam.profile12
-rw-r--r--etc/profile-a-l/dillo.profile8
-rw-r--r--etc/profile-a-l/dino.profile6
-rw-r--r--etc/profile-a-l/discord-canary.profile4
-rw-r--r--etc/profile-a-l/discord-common.profile4
-rw-r--r--etc/profile-a-l/discord.profile4
-rw-r--r--etc/profile-a-l/display.profile2
-rw-r--r--etc/profile-a-l/dnox.profile8
-rw-r--r--etc/profile-a-l/dnscrypt-proxy.profile10
-rw-r--r--etc/profile-a-l/dnsmasq.profile8
-rw-r--r--etc/profile-a-l/dolphin-emu.profile14
-rw-r--r--etc/profile-a-l/dooble.profile6
-rw-r--r--etc/profile-a-l/dosbox.profile4
-rw-r--r--etc/profile-a-l/dragon.profile8
-rw-r--r--etc/profile-a-l/drawio.profile6
-rw-r--r--etc/profile-a-l/drill.profile6
-rw-r--r--etc/profile-a-l/dropbox.profile14
-rw-r--r--etc/profile-a-l/easystroke.profile4
-rw-r--r--etc/profile-a-l/electron-mail.profile6
-rw-r--r--etc/profile-a-l/electron.profile2
-rw-r--r--etc/profile-a-l/electrum.profile4
-rw-r--r--etc/profile-a-l/element-desktop.profile6
-rw-r--r--etc/profile-a-l/elinks.profile4
-rw-r--r--etc/profile-a-l/emacs.profile4
-rw-r--r--etc/profile-a-l/email-common.profile30
-rw-r--r--etc/profile-a-l/enchant.profile6
-rw-r--r--etc/profile-a-l/enox.profile8
-rw-r--r--etc/profile-a-l/enpass.profile20
-rw-r--r--etc/profile-a-l/eo-common.profile8
-rw-r--r--etc/profile-a-l/eog.profile4
-rw-r--r--etc/profile-a-l/eom.profile4
-rw-r--r--etc/profile-a-l/ephemeral.profile10
-rw-r--r--etc/profile-a-l/epiphany.profile14
-rw-r--r--etc/profile-a-l/equalx.profile18
-rw-r--r--etc/profile-a-l/etr.profile10
-rw-r--r--etc/profile-a-l/evince.profile14
-rw-r--r--etc/profile-a-l/evolution.profile18
-rw-r--r--etc/profile-a-l/exiftool.profile4
-rw-r--r--etc/profile-a-l/falkon.profile12
-rw-r--r--etc/profile-a-l/fbreader.profile4
-rw-r--r--etc/profile-a-l/fdns.profile8
-rw-r--r--etc/profile-a-l/feedreader.profile10
-rw-r--r--etc/profile-a-l/ferdi.profile18
-rw-r--r--etc/profile-a-l/fetchmail.profile4
-rw-r--r--etc/profile-a-l/ffmpeg.profile10
-rw-r--r--etc/profile-a-l/file-roller.profile6
-rw-r--r--etc/profile-a-l/file.profile2
-rw-r--r--etc/profile-a-l/filezilla.profile4
-rw-r--r--etc/profile-a-l/firedragon.profile8
-rw-r--r--etc/profile-a-l/firefox-common-addons.profile130
-rw-r--r--etc/profile-a-l/firefox-common.profile10
-rw-r--r--etc/profile-a-l/firefox-esr.profile2
-rw-r--r--etc/profile-a-l/firefox.profile22
-rw-r--r--etc/profile-a-l/five-or-more.profile6
-rw-r--r--etc/profile-a-l/flameshot.profile8
-rw-r--r--etc/profile-a-l/flashpeak-slimjet.profile8
-rw-r--r--etc/profile-a-l/flowblade.profile4
-rw-r--r--etc/profile-a-l/fluxbox.profile2
-rw-r--r--etc/profile-a-l/font-manager.profile10
-rw-r--r--etc/profile-a-l/fontforge.profile4
-rw-r--r--etc/profile-a-l/fossamail.profile12
-rw-r--r--etc/profile-a-l/four-in-a-row.profile2
-rw-r--r--etc/profile-a-l/fractal.profile6
-rw-r--r--etc/profile-a-l/franz.profile18
-rw-r--r--etc/profile-a-l/freecad.profile4
-rw-r--r--etc/profile-a-l/freeciv.profile4
-rw-r--r--etc/profile-a-l/freecol.profile18
-rw-r--r--etc/profile-a-l/freemind.profile4
-rw-r--r--etc/profile-a-l/freetube.profile4
-rw-r--r--etc/profile-a-l/frogatto.profile8
-rw-r--r--etc/profile-a-l/frozen-bubble.profile4
-rw-r--r--etc/profile-a-l/funnyboat.profile8
-rw-r--r--etc/profile-a-l/gajim.profile24
-rw-r--r--etc/profile-a-l/galculator.profile4
-rw-r--r--etc/profile-a-l/gapplication.profile4
-rw-r--r--etc/profile-a-l/gcloud.profile6
-rw-r--r--etc/profile-a-l/gconf-editor.profile4
-rw-r--r--etc/profile-a-l/gconf.profile10
-rw-r--r--etc/profile-a-l/geany.profile2
-rw-r--r--etc/profile-a-l/geary.profile36
-rw-r--r--etc/profile-a-l/gedit.profile4
-rw-r--r--etc/profile-a-l/geeqie.profile6
-rw-r--r--etc/profile-a-l/gfeeds.profile20
-rw-r--r--etc/profile-a-l/gget.profile6
-rw-r--r--etc/profile-a-l/ghostwriter.profile16
-rw-r--r--etc/profile-a-l/gimp.profile22
-rw-r--r--etc/profile-a-l/gist.profile10
-rw-r--r--etc/profile-a-l/git-cola.profile32
-rw-r--r--etc/profile-a-l/git.profile34
-rw-r--r--etc/profile-a-l/gitg.profile10
-rw-r--r--etc/profile-a-l/github-desktop.profile8
-rw-r--r--etc/profile-a-l/gitter.profile10
-rw-r--r--etc/profile-a-l/gjs.profile8
-rw-r--r--etc/profile-a-l/gl-117.profile6
-rw-r--r--etc/profile-a-l/glaxium.profile6
-rw-r--r--etc/profile-a-l/globaltime.profile2
-rw-r--r--etc/profile-a-l/gmpc.profile10
-rw-r--r--etc/profile-a-l/gnome-2048.profile4
-rw-r--r--etc/profile-a-l/gnome-books.profile4
-rw-r--r--etc/profile-a-l/gnome-builder.profile8
-rw-r--r--etc/profile-a-l/gnome-calendar.profile2
-rw-r--r--etc/profile-a-l/gnome-characters.profile2
-rw-r--r--etc/profile-a-l/gnome-chess.profile8
-rw-r--r--etc/profile-a-l/gnome-clocks.profile4
-rw-r--r--etc/profile-a-l/gnome-contacts.profile2
-rw-r--r--etc/profile-a-l/gnome-documents.profile4
-rw-r--r--etc/profile-a-l/gnome-hexgl.profile2
-rw-r--r--etc/profile-a-l/gnome-keyring.profile14
-rw-r--r--etc/profile-a-l/gnome-klotski.profile4
-rw-r--r--etc/profile-a-l/gnome-latex.profile8
-rw-r--r--etc/profile-a-l/gnome-logs.profile2
-rw-r--r--etc/profile-a-l/gnome-mahjongg.profile2
-rw-r--r--etc/profile-a-l/gnome-maps.profile20
-rw-r--r--etc/profile-a-l/gnome-mines.profile6
-rw-r--r--etc/profile-a-l/gnome-mplayer.profile6
-rw-r--r--etc/profile-a-l/gnome-music.profile4
-rw-r--r--etc/profile-a-l/gnome-nettool.profile2
-rw-r--r--etc/profile-a-l/gnome-nibbles.profile6
-rw-r--r--etc/profile-a-l/gnome-passwordsafe.profile12
-rw-r--r--etc/profile-a-l/gnome-photos.profile2
-rw-r--r--etc/profile-a-l/gnome-pie.profile2
-rw-r--r--etc/profile-a-l/gnome-pomodoro.profile6
-rw-r--r--etc/profile-a-l/gnome-recipes.profile10
-rw-r--r--etc/profile-a-l/gnome-ring.profile2
-rw-r--r--etc/profile-a-l/gnome-robots.profile2
-rw-r--r--etc/profile-a-l/gnome-schedule.profile22
-rw-r--r--etc/profile-a-l/gnome-screenshot.profile4
-rw-r--r--etc/profile-a-l/gnome-sound-recorder.profile4
-rw-r--r--etc/profile-a-l/gnome-sudoku.profile4
-rw-r--r--etc/profile-a-l/gnome-system-log.profile2
-rw-r--r--etc/profile-a-l/gnome-taquin.profile2
-rw-r--r--etc/profile-a-l/gnome-todo.profile2
-rw-r--r--etc/profile-a-l/gnome-twitch.profile8
-rw-r--r--etc/profile-a-l/gnome-weather.profile2
-rw-r--r--etc/profile-a-l/gnote.profile10
-rw-r--r--etc/profile-a-l/gnubik.profile2
-rw-r--r--etc/profile-a-l/godot.profile6
-rw-r--r--etc/profile-a-l/goobox.profile2
-rw-r--r--etc/profile-a-l/google-chrome-beta.profile16
-rw-r--r--etc/profile-a-l/google-chrome-unstable.profile16
-rw-r--r--etc/profile-a-l/google-chrome.profile16
-rw-r--r--etc/profile-a-l/google-earth.profile8
-rw-r--r--etc/profile-a-l/google-play-music-desktop-player.profile4
-rw-r--r--etc/profile-a-l/googler-common.profile8
-rw-r--r--etc/profile-a-l/gpa.profile2
-rw-r--r--etc/profile-a-l/gpg-agent.profile16
-rw-r--r--etc/profile-a-l/gpg.profile16
-rw-r--r--etc/profile-a-l/gpicview.profile4
-rw-r--r--etc/profile-a-l/gpredict.profile4
-rw-r--r--etc/profile-a-l/gradio.profile8
-rw-r--r--etc/profile-a-l/gramps.profile4
-rw-r--r--etc/profile-a-l/gravity-beams-and-evaporating-stars.profile2
-rw-r--r--etc/profile-a-l/gthumb.profile6
-rw-r--r--etc/profile-a-l/gtk-update-icon-cache.profile2
-rw-r--r--etc/profile-a-l/gtk2-youtube-viewer.profile4
-rw-r--r--etc/profile-a-l/gtk3-youtube-viewer.profile4
-rw-r--r--etc/profile-a-l/guayadeque.profile4
-rw-r--r--etc/profile-a-l/gummi.profile4
-rw-r--r--etc/profile-a-l/guvcview.profile12
-rw-r--r--etc/profile-a-l/gwenview.profile22
-rw-r--r--etc/profile-a-l/gzip.profile2
-rw-r--r--etc/profile-a-l/handbrake.profile6
-rw-r--r--etc/profile-a-l/hashcat.profile8
-rw-r--r--etc/profile-a-l/hasher-common.profile2
-rw-r--r--etc/profile-a-l/hedgewars.profile4
-rw-r--r--etc/profile-a-l/hexchat.profile4
-rw-r--r--etc/profile-a-l/highlight.profile2
-rw-r--r--etc/profile-a-l/homebank.profile8
-rw-r--r--etc/profile-a-l/host.profile4
-rw-r--r--etc/profile-a-l/hugin.profile6
-rw-r--r--etc/profile-a-l/hyperrogue.profile6
-rw-r--r--etc/profile-a-l/i2prouter.profile20
-rw-r--r--etc/profile-a-l/i3.profile2
-rw-r--r--etc/profile-a-l/icecat.profile8
-rw-r--r--etc/profile-a-l/icedove.profile12
-rw-r--r--etc/profile-a-l/idea.sh.profile12
-rw-r--r--etc/profile-a-l/imagej.profile2
-rw-r--r--etc/profile-a-l/img2txt.profile8
-rw-r--r--etc/profile-a-l/impressive.profile10
-rw-r--r--etc/profile-a-l/inkscape.profile16
-rw-r--r--etc/profile-a-l/inox.profile8
-rw-r--r--etc/profile-a-l/iridium.profile8
-rw-r--r--etc/profile-a-l/itch.profile8
-rw-r--r--etc/profile-a-l/jami-gnome.profile8
-rw-r--r--etc/profile-a-l/jd-gui.profile2
-rw-r--r--etc/profile-a-l/jerry.profile2
-rw-r--r--etc/profile-a-l/jitsi-meet-desktop.profile6
-rw-r--r--etc/profile-a-l/jitsi.profile2
-rw-r--r--etc/profile-a-l/jumpnbump.profile6
-rw-r--r--etc/profile-a-l/k3b.profile10
-rw-r--r--etc/profile-a-l/kaffeine.profile16
-rw-r--r--etc/profile-a-l/kalgebra.profile6
-rw-r--r--etc/profile-a-l/karbon.profile2
-rw-r--r--etc/profile-a-l/kate.profile28
-rw-r--r--etc/profile-a-l/kazam.profile8
-rw-r--r--etc/profile-a-l/kcalc.profile16
-rw-r--r--etc/profile-a-l/kdenlive.profile8
-rw-r--r--etc/profile-a-l/kdiff3.profile8
-rw-r--r--etc/profile-a-l/keepass.profile16
-rw-r--r--etc/profile-a-l/keepassx.profile10
-rw-r--r--etc/profile-a-l/keepassxc.profile30
-rw-r--r--etc/profile-a-l/kget.profile14
-rw-r--r--etc/profile-a-l/kid3-qt.profile2
-rw-r--r--etc/profile-a-l/kid3.profile6
-rw-r--r--etc/profile-a-l/kino.profile4
-rw-r--r--etc/profile-a-l/kiwix-desktop.profile8
-rw-r--r--etc/profile-a-l/klatexformula.profile4
-rw-r--r--etc/profile-a-l/klavaro.profile8
-rw-r--r--etc/profile-a-l/kmail.profile42
-rw-r--r--etc/profile-a-l/kmplayer.profile10
-rw-r--r--etc/profile-a-l/knotes.profile6
-rw-r--r--etc/profile-a-l/kodi.profile8
-rw-r--r--etc/profile-a-l/konversation.profile10
-rw-r--r--etc/profile-a-l/kopete.profile12
-rw-r--r--etc/profile-a-l/krita.profile8
-rw-r--r--etc/profile-a-l/krunner.profile6
-rw-r--r--etc/profile-a-l/ktorrent.profile30
-rw-r--r--etc/profile-a-l/ktouch.profile8
-rw-r--r--etc/profile-a-l/kube.profile36
-rw-r--r--etc/profile-a-l/kwin_x11.profile8
-rw-r--r--etc/profile-a-l/kwrite.profile18
-rw-r--r--etc/profile-a-l/latex-common.profile2
-rw-r--r--etc/profile-a-l/leafpad.profile2
-rw-r--r--etc/profile-a-l/less.profile4
-rw-r--r--etc/profile-a-l/librecad.profile6
-rw-r--r--etc/profile-a-l/libreoffice.profile6
-rw-r--r--etc/profile-a-l/librewolf.profile16
-rw-r--r--etc/profile-a-l/liferea.profile14
-rw-r--r--etc/profile-a-l/lightsoff.profile2
-rw-r--r--etc/profile-a-l/lincity-ng.profile4
-rw-r--r--etc/profile-a-l/links-common.profile6
-rw-r--r--etc/profile-a-l/links.profile4
-rw-r--r--etc/profile-a-l/links2.profile4
-rw-r--r--etc/profile-a-l/linphone.profile18
-rw-r--r--etc/profile-a-l/lmms.profile6
-rw-r--r--etc/profile-a-l/lollypop.profile4
-rw-r--r--etc/profile-a-l/lugaru.profile8
-rw-r--r--etc/profile-a-l/luminance-hdr.profile4
-rw-r--r--etc/profile-a-l/lutris.profile34
-rw-r--r--etc/profile-a-l/lximage-qt.profile2
-rw-r--r--etc/profile-a-l/lxmusic.profile6
-rw-r--r--etc/profile-a-l/lynx.profile4
-rw-r--r--etc/profile-a-l/lyx.profile14
-rw-r--r--etc/profile-a-l/sway.profile4
-rw-r--r--etc/profile-m-z/Maelstrom.profile4
-rw-r--r--etc/profile-m-z/Mathematica.profile10
-rw-r--r--etc/profile-m-z/PCSX2.profile4
-rw-r--r--etc/profile-m-z/QMediathekView.profile26
-rw-r--r--etc/profile-m-z/QOwnNotes.profile16
-rw-r--r--etc/profile-m-z/Viber.profile8
-rw-r--r--etc/profile-m-z/XMind.profile6
-rw-r--r--etc/profile-m-z/Xephyr.profile2
-rw-r--r--etc/profile-m-z/Xvfb.profile2
-rw-r--r--etc/profile-m-z/ZeGrapher.profile4
-rw-r--r--etc/profile-m-z/macrofusion.profile4
-rw-r--r--etc/profile-m-z/magicor.profile6
-rw-r--r--etc/profile-m-z/makepkg.profile18
-rw-r--r--etc/profile-m-z/man.profile18
-rw-r--r--etc/profile-m-z/manaplus.profile8
-rw-r--r--etc/profile-m-z/marker.profile8
-rw-r--r--etc/profile-m-z/masterpdfeditor.profile4
-rw-r--r--etc/profile-m-z/mate-calc.profile8
-rw-r--r--etc/profile-m-z/mate-dictionary.profile4
-rw-r--r--etc/profile-m-z/matrix-mirage.profile12
-rw-r--r--etc/profile-m-z/mattermost-desktop.profile4
-rw-r--r--etc/profile-m-z/mcabber.profile4
-rw-r--r--etc/profile-m-z/mcomix.profile8
-rw-r--r--etc/profile-m-z/mdr.profile4
-rw-r--r--etc/profile-m-z/mediainfo.profile2
-rw-r--r--etc/profile-m-z/mediathekview.profile20
-rw-r--r--etc/profile-m-z/megaglest.profile8
-rw-r--r--etc/profile-m-z/meld.profile14
-rw-r--r--etc/profile-m-z/mendeleydesktop.profile14
-rw-r--r--etc/profile-m-z/menulibre.profile14
-rw-r--r--etc/profile-m-z/meteo-qt.profile8
-rw-r--r--etc/profile-m-z/microsoft-edge-beta.profile8
-rw-r--r--etc/profile-m-z/microsoft-edge-dev.profile8
-rw-r--r--etc/profile-m-z/midori.profile38
-rw-r--r--etc/profile-m-z/min.profile4
-rw-r--r--etc/profile-m-z/mindless.profile2
-rw-r--r--etc/profile-m-z/minecraft-launcher.profile4
-rw-r--r--etc/profile-m-z/minetest.profile12
-rw-r--r--etc/profile-m-z/minitube.profile18
-rw-r--r--etc/profile-m-z/mirage.profile16
-rw-r--r--etc/profile-m-z/mirrormagic.profile6
-rw-r--r--etc/profile-m-z/mocp.profile4
-rw-r--r--etc/profile-m-z/mousepad.profile2
-rw-r--r--etc/profile-m-z/mp3splt-gtk.profile2
-rw-r--r--etc/profile-m-z/mp3splt.profile4
-rw-r--r--etc/profile-m-z/mpDris2.profile8
-rw-r--r--etc/profile-m-z/mpd.profile8
-rw-r--r--etc/profile-m-z/mpg123.profile2
-rw-r--r--etc/profile-m-z/mplayer.profile4
-rw-r--r--etc/profile-m-z/mpsyt.profile28
-rw-r--r--etc/profile-m-z/mpv.profile20
-rw-r--r--etc/profile-m-z/mrrescue.profile8
-rw-r--r--etc/profile-m-z/ms-excel.profile2
-rw-r--r--etc/profile-m-z/ms-office.profile4
-rw-r--r--etc/profile-m-z/ms-onenote.profile2
-rw-r--r--etc/profile-m-z/ms-outlook.profile2
-rw-r--r--etc/profile-m-z/ms-powerpoint.profile2
-rw-r--r--etc/profile-m-z/ms-skype.profile2
-rw-r--r--etc/profile-m-z/ms-word.profile2
-rw-r--r--etc/profile-m-z/mtpaint.profile2
-rw-r--r--etc/profile-m-z/multimc5.profile12
-rw-r--r--etc/profile-m-z/mumble.profile12
-rw-r--r--etc/profile-m-z/mupdf-gl.profile2
-rw-r--r--etc/profile-m-z/mupdf.profile2
-rw-r--r--etc/profile-m-z/mupen64plus.profile8
-rw-r--r--etc/profile-m-z/musescore.profile12
-rw-r--r--etc/profile-m-z/musictube.profile14
-rw-r--r--etc/profile-m-z/musixmatch.profile2
-rw-r--r--etc/profile-m-z/mutt.profile120
-rw-r--r--etc/profile-m-z/mypaint.profile8
-rw-r--r--etc/profile-m-z/nano.profile8
-rw-r--r--etc/profile-m-z/natron.profile6
-rw-r--r--etc/profile-m-z/ncdu.profile2
-rw-r--r--etc/profile-m-z/neochat.profile18
-rw-r--r--etc/profile-m-z/neomutt.profile128
-rw-r--r--etc/profile-m-z/netactview.profile6
-rw-r--r--etc/profile-m-z/nethack-vultures.profile6
-rw-r--r--etc/profile-m-z/nethack.profile4
-rw-r--r--etc/profile-m-z/netsurf.profile10
-rw-r--r--etc/profile-m-z/neverball.profile6
-rw-r--r--etc/profile-m-z/newsbeuter.profile14
-rw-r--r--etc/profile-m-z/newsboat.profile24
-rw-r--r--etc/profile-m-z/newsflash.profile12
-rw-r--r--etc/profile-m-z/nextcloud.profile12
-rw-r--r--etc/profile-m-z/nheko.profile14
-rw-r--r--etc/profile-m-z/nicotine.profile8
-rw-r--r--etc/profile-m-z/nitroshare.profile4
-rw-r--r--etc/profile-m-z/nodejs-common.profile26
-rw-r--r--etc/profile-m-z/nomacs.profile8
-rw-r--r--etc/profile-m-z/notify-send.profile2
-rw-r--r--etc/profile-m-z/nslookup.profile8
-rw-r--r--etc/profile-m-z/nuclear.profile4
-rw-r--r--etc/profile-m-z/nylas.profile10
-rw-r--r--etc/profile-m-z/nyx.profile4
-rw-r--r--etc/profile-m-z/obs.profile8
-rw-r--r--etc/profile-m-z/ocenaudio.profile6
-rw-r--r--etc/profile-m-z/odt2txt.profile4
-rw-r--r--etc/profile-m-z/okular.profile42
-rw-r--r--etc/profile-m-z/onboard.profile6
-rw-r--r--etc/profile-m-z/onionshare-gui.profile2
-rw-r--r--etc/profile-m-z/open-invaders.profile4
-rw-r--r--etc/profile-m-z/openarena.profile6
-rw-r--r--etc/profile-m-z/openbox.profile2
-rw-r--r--etc/profile-m-z/opencity.profile4
-rw-r--r--etc/profile-m-z/openclonk.profile4
-rw-r--r--etc/profile-m-z/openmw.profile10
-rw-r--r--etc/profile-m-z/openshot.profile8
-rw-r--r--etc/profile-m-z/openttd.profile4
-rw-r--r--etc/profile-m-z/opera-beta.profile8
-rw-r--r--etc/profile-m-z/opera.profile12
-rw-r--r--etc/profile-m-z/orage.profile4
-rw-r--r--etc/profile-m-z/ostrichriders.profile6
-rw-r--r--etc/profile-m-z/otter-browser.profile20
-rw-r--r--etc/profile-m-z/palemoon.profile8
-rw-r--r--etc/profile-m-z/pandoc.profile4
-rw-r--r--etc/profile-m-z/parole.profile4
-rw-r--r--etc/profile-m-z/patch.profile4
-rw-r--r--etc/profile-m-z/pavucontrol-qt.profile4
-rw-r--r--etc/profile-m-z/pavucontrol.profile6
-rw-r--r--etc/profile-m-z/pcsxr.profile4
-rw-r--r--etc/profile-m-z/pdfchain.profile2
-rw-r--r--etc/profile-m-z/pdfmod.profile6
-rw-r--r--etc/profile-m-z/pdfsam.profile2
-rw-r--r--etc/profile-m-z/pdftotext.profile10
-rw-r--r--etc/profile-m-z/peek.profile6
-rw-r--r--etc/profile-m-z/penguin-command.profile4
-rw-r--r--etc/profile-m-z/photoflare.profile2
-rw-r--r--etc/profile-m-z/picard.profile6
-rw-r--r--etc/profile-m-z/pidgin.profile8
-rw-r--r--etc/profile-m-z/pinball.profile8
-rw-r--r--etc/profile-m-z/ping.profile4
-rw-r--r--etc/profile-m-z/pingus.profile8
-rw-r--r--etc/profile-m-z/pinta.profile6
-rw-r--r--etc/profile-m-z/pioneer.profile4
-rw-r--r--etc/profile-m-z/pipe-viewer.profile8
-rw-r--r--etc/profile-m-z/pitivi.profile2
-rw-r--r--etc/profile-m-z/pix.profile8
-rw-r--r--etc/profile-m-z/pkglog.profile6
-rw-r--r--etc/profile-m-z/playonlinux.profile4
-rw-r--r--etc/profile-m-z/pluma.profile4
-rw-r--r--etc/profile-m-z/plv.profile6
-rw-r--r--etc/profile-m-z/pngquant.profile4
-rw-r--r--etc/profile-m-z/polari.profile12
-rw-r--r--etc/profile-m-z/ppsspp.profile6
-rw-r--r--etc/profile-m-z/pragha.profile4
-rw-r--r--etc/profile-m-z/profanity.profile4
-rw-r--r--etc/profile-m-z/psi-plus.profile12
-rw-r--r--etc/profile-m-z/psi.profile24
-rw-r--r--etc/profile-m-z/pybitmessage.profile6
-rw-r--r--etc/profile-m-z/pycharm-community.profile2
-rw-r--r--etc/profile-m-z/pycharm-professional.profile2
-rw-r--r--etc/profile-m-z/qbittorrent.profile18
-rw-r--r--etc/profile-m-z/qcomicbook.profile10
-rw-r--r--etc/profile-m-z/qemu-launcher.profile2
-rw-r--r--etc/profile-m-z/qgis.profile16
-rw-r--r--etc/profile-m-z/qlipper.profile2
-rw-r--r--etc/profile-m-z/qmmp.profile4
-rw-r--r--etc/profile-m-z/qnapi.profile6
-rw-r--r--etc/profile-m-z/qpdfview.profile6
-rw-r--r--etc/profile-m-z/qrencode.profile2
-rw-r--r--etc/profile-m-z/qtox.profile8
-rw-r--r--etc/profile-m-z/quadrapassel.profile6
-rw-r--r--etc/profile-m-z/quaternion.profile12
-rw-r--r--etc/profile-m-z/quiterss.profile20
-rw-r--r--etc/profile-m-z/quodlibet.profile18
-rw-r--r--etc/profile-m-z/qupzilla.profile8
-rw-r--r--etc/profile-m-z/qutebrowser.profile14
-rw-r--r--etc/profile-m-z/rambox.profile14
-rw-r--r--etc/profile-m-z/redeclipse.profile6
-rw-r--r--etc/profile-m-z/redshift.profile8
-rw-r--r--etc/profile-m-z/regextester.profile2
-rw-r--r--etc/profile-m-z/remmina.profile6
-rw-r--r--etc/profile-m-z/rhythmbox.profile14
-rw-r--r--etc/profile-m-z/ricochet.profile6
-rw-r--r--etc/profile-m-z/riot-web.profile6
-rw-r--r--etc/profile-m-z/ripperx.profile4
-rw-r--r--etc/profile-m-z/ristretto.profile6
-rw-r--r--etc/profile-m-z/rocketchat.profile4
-rw-r--r--etc/profile-m-z/rsync-download_only.profile4
-rw-r--r--etc/profile-m-z/rtv-addons.profile18
-rw-r--r--etc/profile-m-z/rtv.profile12
-rw-r--r--etc/profile-m-z/sayonara.profile4
-rw-r--r--etc/profile-m-z/scallion.profile8
-rw-r--r--etc/profile-m-z/scorched3d.profile8
-rw-r--r--etc/profile-m-z/scorchwentbonkers.profile6
-rw-r--r--etc/profile-m-z/scribus.profile36
-rw-r--r--etc/profile-m-z/seahorse-adventures.profile4
-rw-r--r--etc/profile-m-z/seahorse.profile18
-rw-r--r--etc/profile-m-z/seamonkey.profile46
-rw-r--r--etc/profile-m-z/server.profile8
-rw-r--r--etc/profile-m-z/shellcheck.profile6
-rw-r--r--etc/profile-m-z/shortwave.profile10
-rw-r--r--etc/profile-m-z/shotcut.profile2
-rw-r--r--etc/profile-m-z/shotwell.profile12
-rw-r--r--etc/profile-m-z/signal-cli.profile8
-rw-r--r--etc/profile-m-z/signal-desktop.profile8
-rw-r--r--etc/profile-m-z/simple-scan.profile8
-rw-r--r--etc/profile-m-z/simplescreenrecorder.profile6
-rw-r--r--etc/profile-m-z/simutrans.profile4
-rw-r--r--etc/profile-m-z/skanlite.profile2
-rw-r--r--etc/profile-m-z/skypeforlinux.profile2
-rw-r--r--etc/profile-m-z/slack.profile4
-rw-r--r--etc/profile-m-z/slashem.profile4
-rw-r--r--etc/profile-m-z/smplayer.profile16
-rw-r--r--etc/profile-m-z/smtube.profile20
-rw-r--r--etc/profile-m-z/smuxi-frontend-gnome.profile14
-rw-r--r--etc/profile-m-z/snox.profile8
-rw-r--r--etc/profile-m-z/softmaker-common.profile6
-rw-r--r--etc/profile-m-z/sound-juicer.profile4
-rw-r--r--etc/profile-m-z/soundconverter.profile8
-rw-r--r--etc/profile-m-z/spectacle.profile12
-rw-r--r--etc/profile-m-z/spectral.profile10
-rw-r--r--etc/profile-m-z/spectre-meltdown-checker.profile6
-rw-r--r--etc/profile-m-z/spotify.profile14
-rw-r--r--etc/profile-m-z/sqlitebrowser.profile4
-rw-r--r--etc/profile-m-z/ssh-agent.profile4
-rw-r--r--etc/profile-m-z/ssh.profile8
-rw-r--r--etc/profile-m-z/standardnotes-desktop.profile8
-rw-r--r--etc/profile-m-z/start-tor-browser.desktop.profile126
-rw-r--r--etc/profile-m-z/steam.profile130
-rw-r--r--etc/profile-m-z/stellarium.profile8
-rw-r--r--etc/profile-m-z/straw-viewer.profile8
-rw-r--r--etc/profile-m-z/strawberry.profile8
-rw-r--r--etc/profile-m-z/strings.profile2
-rw-r--r--etc/profile-m-z/subdownloader.profile4
-rw-r--r--etc/profile-m-z/supertux2.profile8
-rw-r--r--etc/profile-m-z/supertuxkart.profile18
-rw-r--r--etc/profile-m-z/surf.profile6
-rw-r--r--etc/profile-m-z/swell-foop.profile6
-rw-r--r--etc/profile-m-z/sylpheed.profile6
-rw-r--r--etc/profile-m-z/synfigstudio.profile4
-rw-r--r--etc/profile-m-z/sysprof.profile16
-rw-r--r--etc/profile-m-z/tar.profile2
-rw-r--r--etc/profile-m-z/tb-starter-wrapper.profile4
-rw-r--r--etc/profile-m-z/tcpdump.profile6
-rw-r--r--etc/profile-m-z/teams-for-linux.profile4
-rw-r--r--etc/profile-m-z/teams.profile8
-rw-r--r--etc/profile-m-z/teamspeak3.profile8
-rw-r--r--etc/profile-m-z/teeworlds.profile4
-rw-r--r--etc/profile-m-z/telegram.profile10
-rw-r--r--etc/profile-m-z/terasology.profile6
-rw-r--r--etc/profile-m-z/thunderbird.profile24
-rw-r--r--etc/profile-m-z/tilp.profile2
-rw-r--r--etc/profile-m-z/tin.profile10
-rw-r--r--etc/profile-m-z/tmux.profile6
-rw-r--r--etc/profile-m-z/tor-browser-ar.profile4
-rw-r--r--etc/profile-m-z/tor-browser-ca.profile4
-rw-r--r--etc/profile-m-z/tor-browser-cs.profile4
-rw-r--r--etc/profile-m-z/tor-browser-da.profile4
-rw-r--r--etc/profile-m-z/tor-browser-de.profile4
-rw-r--r--etc/profile-m-z/tor-browser-el.profile4
-rw-r--r--etc/profile-m-z/tor-browser-en-us.profile4
-rw-r--r--etc/profile-m-z/tor-browser-en.profile4
-rw-r--r--etc/profile-m-z/tor-browser-es-es.profile4
-rw-r--r--etc/profile-m-z/tor-browser-es.profile4
-rw-r--r--etc/profile-m-z/tor-browser-fa.profile4
-rw-r--r--etc/profile-m-z/tor-browser-fr.profile4
-rw-r--r--etc/profile-m-z/tor-browser-ga-ie.profile4
-rw-r--r--etc/profile-m-z/tor-browser-he.profile4
-rw-r--r--etc/profile-m-z/tor-browser-hu.profile4
-rw-r--r--etc/profile-m-z/tor-browser-id.profile4
-rw-r--r--etc/profile-m-z/tor-browser-is.profile4
-rw-r--r--etc/profile-m-z/tor-browser-it.profile4
-rw-r--r--etc/profile-m-z/tor-browser-ja.profile4
-rw-r--r--etc/profile-m-z/tor-browser-ka.profile4
-rw-r--r--etc/profile-m-z/tor-browser-ko.profile4
-rw-r--r--etc/profile-m-z/tor-browser-nb.profile4
-rw-r--r--etc/profile-m-z/tor-browser-nl.profile4
-rw-r--r--etc/profile-m-z/tor-browser-pl.profile4
-rw-r--r--etc/profile-m-z/tor-browser-pt-br.profile4
-rw-r--r--etc/profile-m-z/tor-browser-ru.profile4
-rw-r--r--etc/profile-m-z/tor-browser-sv-se.profile4
-rw-r--r--etc/profile-m-z/tor-browser-tr.profile4
-rw-r--r--etc/profile-m-z/tor-browser-vi.profile4
-rw-r--r--etc/profile-m-z/tor-browser-zh-cn.profile4
-rw-r--r--etc/profile-m-z/tor-browser-zh-tw.profile4
-rw-r--r--etc/profile-m-z/tor-browser.profile4
-rw-r--r--etc/profile-m-z/tor-browser_ar.profile4
-rw-r--r--etc/profile-m-z/tor-browser_ca.profile4
-rw-r--r--etc/profile-m-z/tor-browser_cs.profile4
-rw-r--r--etc/profile-m-z/tor-browser_da.profile4
-rw-r--r--etc/profile-m-z/tor-browser_de.profile4
-rw-r--r--etc/profile-m-z/tor-browser_el.profile4
-rw-r--r--etc/profile-m-z/tor-browser_en-US.profile4
-rw-r--r--etc/profile-m-z/tor-browser_en.profile4
-rw-r--r--etc/profile-m-z/tor-browser_es-ES.profile4
-rw-r--r--etc/profile-m-z/tor-browser_es.profile4
-rw-r--r--etc/profile-m-z/tor-browser_fa.profile4
-rw-r--r--etc/profile-m-z/tor-browser_fr.profile4
-rw-r--r--etc/profile-m-z/tor-browser_ga-IE.profile4
-rw-r--r--etc/profile-m-z/tor-browser_he.profile4
-rw-r--r--etc/profile-m-z/tor-browser_hu.profile4
-rw-r--r--etc/profile-m-z/tor-browser_id.profile4
-rw-r--r--etc/profile-m-z/tor-browser_is.profile4
-rw-r--r--etc/profile-m-z/tor-browser_it.profile4
-rw-r--r--etc/profile-m-z/tor-browser_ja.profile4
-rw-r--r--etc/profile-m-z/tor-browser_ka.profile4
-rw-r--r--etc/profile-m-z/tor-browser_ko.profile4
-rw-r--r--etc/profile-m-z/tor-browser_nb.profile4
-rw-r--r--etc/profile-m-z/tor-browser_nl.profile4
-rw-r--r--etc/profile-m-z/tor-browser_pl.profile4
-rw-r--r--etc/profile-m-z/tor-browser_pt-BR.profile4
-rw-r--r--etc/profile-m-z/tor-browser_ru.profile4
-rw-r--r--etc/profile-m-z/tor-browser_sv-SE.profile4
-rw-r--r--etc/profile-m-z/tor-browser_tr.profile4
-rw-r--r--etc/profile-m-z/tor-browser_vi.profile4
-rw-r--r--etc/profile-m-z/tor-browser_zh-CN.profile4
-rw-r--r--etc/profile-m-z/tor-browser_zh-TW.profile4
-rw-r--r--etc/profile-m-z/torbrowser-launcher.profile16
-rw-r--r--etc/profile-m-z/torcs.profile8
-rw-r--r--etc/profile-m-z/totem.profile10
-rw-r--r--etc/profile-m-z/tracker.profile4
-rw-r--r--etc/profile-m-z/transgui.profile6
-rw-r--r--etc/profile-m-z/transmission-common.profile10
-rw-r--r--etc/profile-m-z/transmission-daemon.profile4
-rw-r--r--etc/profile-m-z/transmission-remote-gtk.profile4
-rw-r--r--etc/profile-m-z/tremulous.profile6
-rw-r--r--etc/profile-m-z/trojita.profile16
-rw-r--r--etc/profile-m-z/truecraft.profile8
-rw-r--r--etc/profile-m-z/ts3client_runscript.sh.profile8
-rw-r--r--etc/profile-m-z/tutanota-desktop.profile12
-rw-r--r--etc/profile-m-z/tuxguitar.profile6
-rw-r--r--etc/profile-m-z/tvbrowser.profile10
-rw-r--r--etc/profile-m-z/twitch.profile4
-rw-r--r--etc/profile-m-z/uefitool.profile2
-rw-r--r--etc/profile-m-z/uget-gtk.profile6
-rw-r--r--etc/profile-m-z/unbound.profile12
-rw-r--r--etc/profile-m-z/unf.profile4
-rw-r--r--etc/profile-m-z/unknown-horizons.profile6
-rw-r--r--etc/profile-m-z/unzip.profile2
-rw-r--r--etc/profile-m-z/utox.profile8
-rw-r--r--etc/profile-m-z/uudeview.profile2
-rw-r--r--etc/profile-m-z/uzbl-browser.profile16
-rw-r--r--etc/profile-m-z/viewnior.profile8
-rw-r--r--etc/profile-m-z/viking.profile6
-rw-r--r--etc/profile-m-z/vim.profile6
-rw-r--r--etc/profile-m-z/virtualbox.profile18
-rw-r--r--etc/profile-m-z/vivaldi.profile24
-rw-r--r--etc/profile-m-z/vlc.profile16
-rw-r--r--etc/profile-m-z/vmware-view.profile8
-rw-r--r--etc/profile-m-z/vmware.profile8
-rw-r--r--etc/profile-m-z/vscodium.profile2
-rw-r--r--etc/profile-m-z/vulturesclaw.profile4
-rw-r--r--etc/profile-m-z/vultureseye.profile4
-rw-r--r--etc/profile-m-z/vym.profile2
-rw-r--r--etc/profile-m-z/w3m.profile12
-rw-r--r--etc/profile-m-z/warmux.profile14
-rw-r--r--etc/profile-m-z/warsow.profile10
-rw-r--r--etc/profile-m-z/warzone2100.profile8
-rw-r--r--etc/profile-m-z/waterfox.profile8
-rw-r--r--etc/profile-m-z/webstorm.profile14
-rw-r--r--etc/profile-m-z/webui-aria2.profile2
-rw-r--r--etc/profile-m-z/weechat.profile4
-rw-r--r--etc/profile-m-z/wesnoth.profile12
-rw-r--r--etc/profile-m-z/wget.profile10
-rw-r--r--etc/profile-m-z/whalebird.profile4
-rw-r--r--etc/profile-m-z/whois.profile4
-rw-r--r--etc/profile-m-z/widelands.profile4
-rw-r--r--etc/profile-m-z/wine.profile14
-rw-r--r--etc/profile-m-z/wire-desktop.profile4
-rw-r--r--etc/profile-m-z/wireshark.profile8
-rw-r--r--etc/profile-m-z/wordwarvi.profile6
-rw-r--r--etc/profile-m-z/wps.profile6
-rw-r--r--etc/profile-m-z/x2goclient.profile4
-rw-r--r--etc/profile-m-z/xbill.profile4
-rw-r--r--etc/profile-m-z/xchat.profile2
-rw-r--r--etc/profile-m-z/xed.profile8
-rw-r--r--etc/profile-m-z/xfburn.profile2
-rw-r--r--etc/profile-m-z/xfce4-dict.profile2
-rw-r--r--etc/profile-m-z/xfce4-mixer.profile10
-rw-r--r--etc/profile-m-z/xfce4-notes.profile6
-rw-r--r--etc/profile-m-z/xfce4-screenshooter.profile4
-rw-r--r--etc/profile-m-z/xiphos.profile10
-rw-r--r--etc/profile-m-z/xlinks.profile2
-rw-r--r--etc/profile-m-z/xlinks22
-rw-r--r--etc/profile-m-z/xmms.profile4
-rw-r--r--etc/profile-m-z/xmr-stak.profile2
-rw-r--r--etc/profile-m-z/xonotic.profile6
-rw-r--r--etc/profile-m-z/xournal.profile6
-rw-r--r--etc/profile-m-z/xournalpp.profile8
-rw-r--r--etc/profile-m-z/xpdf.profile4
-rw-r--r--etc/profile-m-z/xplayer.profile8
-rw-r--r--etc/profile-m-z/xpra.profile2
-rw-r--r--etc/profile-m-z/xreader.profile6
-rw-r--r--etc/profile-m-z/xviewer.profile8
-rw-r--r--etc/profile-m-z/yandex-browser.profile16
-rw-r--r--etc/profile-m-z/yelp.profile20
-rw-r--r--etc/profile-m-z/youtube-dl-gui.profile6
-rw-r--r--etc/profile-m-z/youtube-dl.profile14
-rw-r--r--etc/profile-m-z/youtube-viewer.profile8
-rw-r--r--etc/profile-m-z/youtube-viewers-common.profile6
-rw-r--r--etc/profile-m-z/youtube.profile4
-rw-r--r--etc/profile-m-z/youtubemusic-nativefier.profile4
-rw-r--r--etc/profile-m-z/ytmdesktop.profile4
-rw-r--r--etc/profile-m-z/zaproxy.profile6
-rw-r--r--etc/profile-m-z/zart.profile4
-rw-r--r--etc/profile-m-z/zathura.profile10
-rw-r--r--etc/profile-m-z/zcat.profile2
-rw-r--r--etc/profile-m-z/zeal.profile12
-rw-r--r--etc/profile-m-z/zgrep.profile2
-rw-r--r--etc/profile-m-z/zoom.profile12
-rw-r--r--etc/profile-m-z/zulip.profile6
798 files changed, 5084 insertions, 5084 deletions
diff --git a/etc/inc/allow-bin-sh.inc b/etc/inc/allow-bin-sh.inc
index 59cd40878..d6c295414 100644
--- a/etc/inc/allow-bin-sh.inc
+++ b/etc/inc/allow-bin-sh.inc
@@ -2,6 +2,6 @@
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include allow-bin-sh.local 3include allow-bin-sh.local
4 4
5nodeny ${PATH}/bash 5noblacklist ${PATH}/bash
6nodeny ${PATH}/dash 6noblacklist ${PATH}/dash
7nodeny ${PATH}/sh 7noblacklist ${PATH}/sh
diff --git a/etc/inc/allow-common-devel.inc b/etc/inc/allow-common-devel.inc
index 71b1483cd..011bbe226 100644
--- a/etc/inc/allow-common-devel.inc
+++ b/etc/inc/allow-common-devel.inc
@@ -3,29 +3,29 @@
3include allow-common-devel.local 3include allow-common-devel.local
4 4
5# Git 5# Git
6nodeny ${HOME}/.config/git 6noblacklist ${HOME}/.config/git
7nodeny ${HOME}/.gitconfig 7noblacklist ${HOME}/.gitconfig
8nodeny ${HOME}/.git-credentials 8noblacklist ${HOME}/.git-credentials
9 9
10# Java 10# Java
11nodeny ${HOME}/.gradle 11noblacklist ${HOME}/.gradle
12nodeny ${HOME}/.java 12noblacklist ${HOME}/.java
13 13
14# Node.js 14# Node.js
15nodeny ${HOME}/.node-gyp 15noblacklist ${HOME}/.node-gyp
16nodeny ${HOME}/.npm 16noblacklist ${HOME}/.npm
17nodeny ${HOME}/.npmrc 17noblacklist ${HOME}/.npmrc
18nodeny ${HOME}/.nvm 18noblacklist ${HOME}/.nvm
19nodeny ${HOME}/.yarn 19noblacklist ${HOME}/.yarn
20nodeny ${HOME}/.yarn-config 20noblacklist ${HOME}/.yarn-config
21nodeny ${HOME}/.yarncache 21noblacklist ${HOME}/.yarncache
22nodeny ${HOME}/.yarnrc 22noblacklist ${HOME}/.yarnrc
23 23
24# Python 24# Python
25nodeny ${HOME}/.pylint.d 25noblacklist ${HOME}/.pylint.d
26nodeny ${HOME}/.python-history 26noblacklist ${HOME}/.python-history
27nodeny ${HOME}/.python_history 27noblacklist ${HOME}/.python_history
28nodeny ${HOME}/.pythonhist 28noblacklist ${HOME}/.pythonhist
29 29
30# Rust 30# Rust
31nodeny ${HOME}/.cargo/* 31noblacklist ${HOME}/.cargo/*
diff --git a/etc/inc/allow-gjs.inc b/etc/inc/allow-gjs.inc
index 2e2490079..c1366e093 100644
--- a/etc/inc/allow-gjs.inc
+++ b/etc/inc/allow-gjs.inc
@@ -2,11 +2,11 @@
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include allow-gjs.local 3include allow-gjs.local
4 4
5nodeny ${PATH}/gjs 5noblacklist ${PATH}/gjs
6nodeny ${PATH}/gjs-console 6noblacklist ${PATH}/gjs-console
7nodeny /usr/lib/gjs 7noblacklist /usr/lib/gjs
8nodeny /usr/lib/libgjs* 8noblacklist /usr/lib/libgjs*
9nodeny /usr/lib/libmozjs-* 9noblacklist /usr/lib/libmozjs-*
10nodeny /usr/lib64/gjs 10noblacklist /usr/lib64/gjs
11nodeny /usr/lib64/libgjs* 11noblacklist /usr/lib64/libgjs*
12nodeny /usr/lib64/libmozjs-* 12noblacklist /usr/lib64/libmozjs-*
diff --git a/etc/inc/allow-java.inc b/etc/inc/allow-java.inc
index af44f3664..24d18fb77 100644
--- a/etc/inc/allow-java.inc
+++ b/etc/inc/allow-java.inc
@@ -2,8 +2,8 @@
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include allow-java.local 3include allow-java.local
4 4
5nodeny ${HOME}/.java 5noblacklist ${HOME}/.java
6nodeny ${PATH}/java 6noblacklist ${PATH}/java
7nodeny /etc/java 7noblacklist /etc/java
8nodeny /usr/lib/java 8noblacklist /usr/lib/java
9nodeny /usr/share/java 9noblacklist /usr/share/java
diff --git a/etc/inc/allow-lua.inc b/etc/inc/allow-lua.inc
index 3d0a1997b..9c47e7a3b 100644
--- a/etc/inc/allow-lua.inc
+++ b/etc/inc/allow-lua.inc
@@ -2,11 +2,11 @@
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include allow-lua.local 3include allow-lua.local
4 4
5nodeny ${PATH}/lua* 5noblacklist ${PATH}/lua*
6nodeny /usr/include 6noblacklist /usr/include
7nodeny /usr/lib/liblua* 7noblacklist /usr/lib/liblua*
8nodeny /usr/lib/lua 8noblacklist /usr/lib/lua
9nodeny /usr/lib64/liblua* 9noblacklist /usr/lib64/liblua*
10nodeny /usr/lib64/lua 10noblacklist /usr/lib64/lua
11nodeny /usr/share/lua 11noblacklist /usr/share/lua
12nodeny /usr/share/lua* 12noblacklist /usr/share/lua*
diff --git a/etc/inc/allow-nodejs.inc b/etc/inc/allow-nodejs.inc
index e915b3866..351c94ab8 100644
--- a/etc/inc/allow-nodejs.inc
+++ b/etc/inc/allow-nodejs.inc
@@ -2,8 +2,8 @@
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include allow-nodejs.local 3include allow-nodejs.local
4 4
5nodeny ${PATH}/node 5noblacklist ${PATH}/node
6nodeny /usr/include/node 6noblacklist /usr/include/node
7 7
8# Allow python for node-gyp (blacklisted by disable-interpreters.inc) 8# Allow python for node-gyp (blacklisted by disable-interpreters.inc)
9include allow-python2.inc 9include allow-python2.inc
diff --git a/etc/inc/allow-opengl-game.inc b/etc/inc/allow-opengl-game.inc
index 00e35e983..5d2d6c5c1 100644
--- a/etc/inc/allow-opengl-game.inc
+++ b/etc/inc/allow-opengl-game.inc
@@ -2,6 +2,6 @@
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include allow-opengl-game.local 3include allow-opengl-game.local
4 4
5nodeny ${PATH}/bash 5noblacklist ${PATH}/bash
6allow /usr/share/opengl-games-utils/opengl-game-functions.sh 6whitelist /usr/share/opengl-games-utils/opengl-game-functions.sh
7private-bin basename,bash,cut,glxinfo,grep,head,sed,zenity 7private-bin basename,bash,cut,glxinfo,grep,head,sed,zenity
diff --git a/etc/inc/allow-perl.inc b/etc/inc/allow-perl.inc
index 134d27239..5a1952c94 100644
--- a/etc/inc/allow-perl.inc
+++ b/etc/inc/allow-perl.inc
@@ -2,11 +2,11 @@
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include allow-perl.local 3include allow-perl.local
4 4
5nodeny ${PATH}/core_perl 5noblacklist ${PATH}/core_perl
6nodeny ${PATH}/cpan* 6noblacklist ${PATH}/cpan*
7nodeny ${PATH}/perl 7noblacklist ${PATH}/perl
8nodeny ${PATH}/site_perl 8noblacklist ${PATH}/site_perl
9nodeny ${PATH}/vendor_perl 9noblacklist ${PATH}/vendor_perl
10nodeny /usr/lib/perl* 10noblacklist /usr/lib/perl*
11nodeny /usr/lib64/perl* 11noblacklist /usr/lib64/perl*
12nodeny /usr/share/perl* 12noblacklist /usr/share/perl*
diff --git a/etc/inc/allow-php.inc b/etc/inc/allow-php.inc
index 520c2019e..a0950dc26 100644
--- a/etc/inc/allow-php.inc
+++ b/etc/inc/allow-php.inc
@@ -2,6 +2,6 @@
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include allow-php.local 3include allow-php.local
4 4
5nodeny ${PATH}/php* 5noblacklist ${PATH}/php*
6nodeny /usr/lib/php* 6noblacklist /usr/lib/php*
7nodeny /usr/share/php* 7noblacklist /usr/share/php*
diff --git a/etc/inc/allow-python2.inc b/etc/inc/allow-python2.inc
index f1830043a..b0525e2e1 100644
--- a/etc/inc/allow-python2.inc
+++ b/etc/inc/allow-python2.inc
@@ -2,8 +2,8 @@
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include allow-python2.local 3include allow-python2.local
4 4
5nodeny ${PATH}/python2* 5noblacklist ${PATH}/python2*
6nodeny /usr/include/python2* 6noblacklist /usr/include/python2*
7nodeny /usr/lib/python2* 7noblacklist /usr/lib/python2*
8nodeny /usr/local/lib/python2* 8noblacklist /usr/local/lib/python2*
9nodeny /usr/share/python2* 9noblacklist /usr/share/python2*
diff --git a/etc/inc/allow-python3.inc b/etc/inc/allow-python3.inc
index e4b6ed1a9..d968886b0 100644
--- a/etc/inc/allow-python3.inc
+++ b/etc/inc/allow-python3.inc
@@ -2,9 +2,9 @@
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include allow-python3.local 3include allow-python3.local
4 4
5nodeny ${PATH}/python3* 5noblacklist ${PATH}/python3*
6nodeny /usr/include/python3* 6noblacklist /usr/include/python3*
7nodeny /usr/lib/python3* 7noblacklist /usr/lib/python3*
8nodeny /usr/lib64/python3* 8noblacklist /usr/lib64/python3*
9nodeny /usr/local/lib/python3* 9noblacklist /usr/local/lib/python3*
10nodeny /usr/share/python3* 10noblacklist /usr/share/python3*
diff --git a/etc/inc/allow-ruby.inc b/etc/inc/allow-ruby.inc
index d949bbc84..a8c701219 100644
--- a/etc/inc/allow-ruby.inc
+++ b/etc/inc/allow-ruby.inc
@@ -2,5 +2,5 @@
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include allow-ruby.local 3include allow-ruby.local
4 4
5nodeny ${PATH}/ruby 5noblacklist ${PATH}/ruby
6nodeny /usr/lib/ruby 6noblacklist /usr/lib/ruby
diff --git a/etc/inc/allow-ssh.inc b/etc/inc/allow-ssh.inc
index 44957bf32..67c78a483 100644
--- a/etc/inc/allow-ssh.inc
+++ b/etc/inc/allow-ssh.inc
@@ -2,7 +2,7 @@
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include allow-ssh.local 3include allow-ssh.local
4 4
5nodeny ${HOME}/.ssh 5noblacklist ${HOME}/.ssh
6nodeny /etc/ssh 6noblacklist /etc/ssh
7nodeny /etc/ssh/ssh_config 7noblacklist /etc/ssh/ssh_config
8nodeny /tmp/ssh-* 8noblacklist /tmp/ssh-*
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index 1283a3a3d..6df0c4990 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -5,63 +5,63 @@ include disable-common.local
5# The following block breaks trash functionality in file managers 5# The following block breaks trash functionality in file managers
6#read-only ${HOME}/.local 6#read-only ${HOME}/.local
7#read-write ${HOME}/.local/share 7#read-write ${HOME}/.local/share
8deny ${HOME}/.local/share/Trash 8blacklist ${HOME}/.local/share/Trash
9 9
10# History files in $HOME and clipboard managers 10# History files in $HOME and clipboard managers
11deny-nolog ${HOME}/.*_history 11blacklist-nolog ${HOME}/.*_history
12deny-nolog ${HOME}/.adobe 12blacklist-nolog ${HOME}/.adobe
13deny-nolog ${HOME}/.cache/greenclip* 13blacklist-nolog ${HOME}/.cache/greenclip*
14deny-nolog ${HOME}/.histfile 14blacklist-nolog ${HOME}/.histfile
15deny-nolog ${HOME}/.history 15blacklist-nolog ${HOME}/.history
16deny-nolog ${HOME}/.kde/share/apps/klipper 16blacklist-nolog ${HOME}/.kde/share/apps/klipper
17deny-nolog ${HOME}/.kde4/share/apps/klipper 17blacklist-nolog ${HOME}/.kde4/share/apps/klipper
18deny-nolog ${HOME}/.local/share/fish/fish_history 18blacklist-nolog ${HOME}/.local/share/fish/fish_history
19deny-nolog ${HOME}/.local/share/klipper 19blacklist-nolog ${HOME}/.local/share/klipper
20deny-nolog ${HOME}/.macromedia 20blacklist-nolog ${HOME}/.macromedia
21deny-nolog ${HOME}/.mupdf.history 21blacklist-nolog ${HOME}/.mupdf.history
22deny-nolog ${HOME}/.python-history 22blacklist-nolog ${HOME}/.python-history
23deny-nolog ${HOME}/.python_history 23blacklist-nolog ${HOME}/.python_history
24deny-nolog ${HOME}/.pythonhist 24blacklist-nolog ${HOME}/.pythonhist
25deny-nolog ${HOME}/.lesshst 25blacklist-nolog ${HOME}/.lesshst
26deny-nolog ${HOME}/.viminfo 26blacklist-nolog ${HOME}/.viminfo
27deny-nolog /tmp/clipmenu* 27blacklist-nolog /tmp/clipmenu*
28 28
29# X11 session autostart 29# X11 session autostart
30# blacklist ${HOME}/.xpra - this will kill --x11=xpra cmdline option for all programs 30# blacklist ${HOME}/.xpra - this will kill --x11=xpra cmdline option for all programs
31deny ${HOME}/.Xsession 31blacklist ${HOME}/.Xsession
32deny ${HOME}/.blackbox 32blacklist ${HOME}/.blackbox
33deny ${HOME}/.config/autostart 33blacklist ${HOME}/.config/autostart
34deny ${HOME}/.config/autostart-scripts 34blacklist ${HOME}/.config/autostart-scripts
35deny ${HOME}/.config/awesome 35blacklist ${HOME}/.config/awesome
36deny ${HOME}/.config/i3 36blacklist ${HOME}/.config/i3
37deny ${HOME}/.config/sway 37blacklist ${HOME}/.config/sway
38deny ${HOME}/.config/lxsession/LXDE/autostart 38blacklist ${HOME}/.config/lxsession/LXDE/autostart
39deny ${HOME}/.config/openbox 39blacklist ${HOME}/.config/openbox
40deny ${HOME}/.config/plasma-workspace 40blacklist ${HOME}/.config/plasma-workspace
41deny ${HOME}/.config/startupconfig 41blacklist ${HOME}/.config/startupconfig
42deny ${HOME}/.config/startupconfigkeys 42blacklist ${HOME}/.config/startupconfigkeys
43deny ${HOME}/.fluxbox 43blacklist ${HOME}/.fluxbox
44deny ${HOME}/.gnomerc 44blacklist ${HOME}/.gnomerc
45deny ${HOME}/.kde/Autostart 45blacklist ${HOME}/.kde/Autostart
46deny ${HOME}/.kde/env 46blacklist ${HOME}/.kde/env
47deny ${HOME}/.kde/share/autostart 47blacklist ${HOME}/.kde/share/autostart
48deny ${HOME}/.kde/share/config/startupconfig 48blacklist ${HOME}/.kde/share/config/startupconfig
49deny ${HOME}/.kde/share/config/startupconfigkeys 49blacklist ${HOME}/.kde/share/config/startupconfigkeys
50deny ${HOME}/.kde/shutdown 50blacklist ${HOME}/.kde/shutdown
51deny ${HOME}/.kde4/env 51blacklist ${HOME}/.kde4/env
52deny ${HOME}/.kde4/Autostart 52blacklist ${HOME}/.kde4/Autostart
53deny ${HOME}/.kde4/share/autostart 53blacklist ${HOME}/.kde4/share/autostart
54deny ${HOME}/.kde4/shutdown 54blacklist ${HOME}/.kde4/shutdown
55deny ${HOME}/.kde4/share/config/startupconfig 55blacklist ${HOME}/.kde4/share/config/startupconfig
56deny ${HOME}/.kde4/share/config/startupconfigkeys 56blacklist ${HOME}/.kde4/share/config/startupconfigkeys
57deny ${HOME}/.local/share/autostart 57blacklist ${HOME}/.local/share/autostart
58deny ${HOME}/.xinitrc 58blacklist ${HOME}/.xinitrc
59deny ${HOME}/.xprofile 59blacklist ${HOME}/.xprofile
60deny ${HOME}/.xserverrc 60blacklist ${HOME}/.xserverrc
61deny ${HOME}/.xsession 61blacklist ${HOME}/.xsession
62deny ${HOME}/.xsessionrc 62blacklist ${HOME}/.xsessionrc
63deny /etc/X11/Xsession.d 63blacklist /etc/X11/Xsession.d
64deny /etc/xdg/autostart 64blacklist /etc/xdg/autostart
65read-only ${HOME}/.Xauthority 65read-only ${HOME}/.Xauthority
66 66
67# Session manager 67# Session manager
@@ -70,46 +70,46 @@ read-only ${HOME}/.Xauthority
70#?HAS_X11: blacklist /tmp/.ICE-unix 70#?HAS_X11: blacklist /tmp/.ICE-unix
71 71
72# KDE config 72# KDE config
73deny ${HOME}/.cache/konsole 73blacklist ${HOME}/.cache/konsole
74deny ${HOME}/.config/khotkeysrc 74blacklist ${HOME}/.config/khotkeysrc
75deny ${HOME}/.config/krunnerrc 75blacklist ${HOME}/.config/krunnerrc
76deny ${HOME}/.config/kscreenlockerrc 76blacklist ${HOME}/.config/kscreenlockerrc
77deny ${HOME}/.config/ksslcertificatemanager 77blacklist ${HOME}/.config/ksslcertificatemanager
78deny ${HOME}/.config/kwalletrc 78blacklist ${HOME}/.config/kwalletrc
79deny ${HOME}/.config/kwinrc 79blacklist ${HOME}/.config/kwinrc
80deny ${HOME}/.config/kwinrulesrc 80blacklist ${HOME}/.config/kwinrulesrc
81deny ${HOME}/.config/plasma-locale-settings.sh 81blacklist ${HOME}/.config/plasma-locale-settings.sh
82deny ${HOME}/.config/plasma-org.kde.plasma.desktop-appletsrc 82blacklist ${HOME}/.config/plasma-org.kde.plasma.desktop-appletsrc
83deny ${HOME}/.config/plasmashellrc 83blacklist ${HOME}/.config/plasmashellrc
84deny ${HOME}/.config/plasmavaultrc 84blacklist ${HOME}/.config/plasmavaultrc
85deny ${HOME}/.kde/share/apps/kwin 85blacklist ${HOME}/.kde/share/apps/kwin
86deny ${HOME}/.kde/share/apps/plasma 86blacklist ${HOME}/.kde/share/apps/plasma
87deny ${HOME}/.kde/share/apps/solid 87blacklist ${HOME}/.kde/share/apps/solid
88deny ${HOME}/.kde/share/config/khotkeysrc 88blacklist ${HOME}/.kde/share/config/khotkeysrc
89deny ${HOME}/.kde/share/config/krunnerrc 89blacklist ${HOME}/.kde/share/config/krunnerrc
90deny ${HOME}/.kde/share/config/kscreensaverrc 90blacklist ${HOME}/.kde/share/config/kscreensaverrc
91deny ${HOME}/.kde/share/config/ksslcertificatemanager 91blacklist ${HOME}/.kde/share/config/ksslcertificatemanager
92deny ${HOME}/.kde/share/config/kwalletrc 92blacklist ${HOME}/.kde/share/config/kwalletrc
93deny ${HOME}/.kde/share/config/kwinrc 93blacklist ${HOME}/.kde/share/config/kwinrc
94deny ${HOME}/.kde/share/config/kwinrulesrc 94blacklist ${HOME}/.kde/share/config/kwinrulesrc
95deny ${HOME}/.kde/share/config/plasma-desktop-appletsrc 95blacklist ${HOME}/.kde/share/config/plasma-desktop-appletsrc
96deny ${HOME}/.kde4/share/apps/kwin 96blacklist ${HOME}/.kde4/share/apps/kwin
97deny ${HOME}/.kde4/share/apps/plasma 97blacklist ${HOME}/.kde4/share/apps/plasma
98deny ${HOME}/.kde4/share/apps/solid 98blacklist ${HOME}/.kde4/share/apps/solid
99deny ${HOME}/.kde4/share/config/khotkeysrc 99blacklist ${HOME}/.kde4/share/config/khotkeysrc
100deny ${HOME}/.kde4/share/config/krunnerrc 100blacklist ${HOME}/.kde4/share/config/krunnerrc
101deny ${HOME}/.kde4/share/config/kscreensaverrc 101blacklist ${HOME}/.kde4/share/config/kscreensaverrc
102deny ${HOME}/.kde4/share/config/ksslcertificatemanager 102blacklist ${HOME}/.kde4/share/config/ksslcertificatemanager
103deny ${HOME}/.kde4/share/config/kwalletrc 103blacklist ${HOME}/.kde4/share/config/kwalletrc
104deny ${HOME}/.kde4/share/config/kwinrc 104blacklist ${HOME}/.kde4/share/config/kwinrc
105deny ${HOME}/.kde4/share/config/kwinrulesrc 105blacklist ${HOME}/.kde4/share/config/kwinrulesrc
106deny ${HOME}/.kde4/share/config/plasma-desktop-appletsrc 106blacklist ${HOME}/.kde4/share/config/plasma-desktop-appletsrc
107deny ${HOME}/.local/share/kglobalaccel 107blacklist ${HOME}/.local/share/kglobalaccel
108deny ${HOME}/.local/share/kwin 108blacklist ${HOME}/.local/share/kwin
109deny ${HOME}/.local/share/plasma 109blacklist ${HOME}/.local/share/plasma
110deny ${HOME}/.local/share/plasmashell 110blacklist ${HOME}/.local/share/plasmashell
111deny ${HOME}/.local/share/solid 111blacklist ${HOME}/.local/share/solid
112deny /tmp/konsole-*.history 112blacklist /tmp/konsole-*.history
113read-only ${HOME}/.cache/ksycoca5_* 113read-only ${HOME}/.cache/ksycoca5_*
114read-only ${HOME}/.config/*notifyrc 114read-only ${HOME}/.config/*notifyrc
115read-only ${HOME}/.config/kdeglobals 115read-only ${HOME}/.config/kdeglobals
@@ -138,139 +138,139 @@ read-only ${HOME}/.local/share/kservices5
138read-only ${HOME}/.local/share/kssl 138read-only ${HOME}/.local/share/kssl
139 139
140# KDE sockets 140# KDE sockets
141deny ${RUNUSER}/*.slave-socket 141blacklist ${RUNUSER}/*.slave-socket
142deny ${RUNUSER}/kdeinit5__* 142blacklist ${RUNUSER}/kdeinit5__*
143deny ${RUNUSER}/kdesud_* 143blacklist ${RUNUSER}/kdesud_*
144# see #3358 144# see #3358
145#?HAS_NODBUS: blacklist ${RUNUSER}/ksocket-* 145#?HAS_NODBUS: blacklist ${RUNUSER}/ksocket-*
146#?HAS_NODBUS: blacklist /tmp/ksocket-* 146#?HAS_NODBUS: blacklist /tmp/ksocket-*
147 147
148# gnome 148# gnome
149# contains extensions, last used times of applications, and notifications 149# contains extensions, last used times of applications, and notifications
150deny ${HOME}/.local/share/gnome-shell 150blacklist ${HOME}/.local/share/gnome-shell
151# contains recently used files and serials of static/removable storage 151# contains recently used files and serials of static/removable storage
152deny ${HOME}/.local/share/gvfs-metadata 152blacklist ${HOME}/.local/share/gvfs-metadata
153# no direct modification of dconf database 153# no direct modification of dconf database
154read-only ${HOME}/.config/dconf 154read-only ${HOME}/.config/dconf
155deny ${RUNUSER}/gnome-session-leader-fifo 155blacklist ${RUNUSER}/gnome-session-leader-fifo
156deny ${RUNUSER}/gnome-shell 156blacklist ${RUNUSER}/gnome-shell
157deny ${RUNUSER}/gsconnect 157blacklist ${RUNUSER}/gsconnect
158 158
159# systemd 159# systemd
160deny ${HOME}/.config/systemd 160blacklist ${HOME}/.config/systemd
161deny ${HOME}/.local/share/systemd 161blacklist ${HOME}/.local/share/systemd
162deny /var/lib/systemd 162blacklist /var/lib/systemd
163deny ${PATH}/systemd-run 163blacklist ${PATH}/systemd-run
164deny ${RUNUSER}/systemd 164blacklist ${RUNUSER}/systemd
165deny ${PATH}/systemctl 165blacklist ${PATH}/systemctl
166deny /etc/systemd/system 166blacklist /etc/systemd/system
167deny /etc/systemd/network 167blacklist /etc/systemd/network
168# creates problems on Arch where /etc/resolv.conf is a symlink to /var/run/systemd/resolve/resolv.conf 168# creates problems on Arch where /etc/resolv.conf is a symlink to /var/run/systemd/resolve/resolv.conf
169#blacklist /var/run/systemd 169#blacklist /var/run/systemd
170 170
171# openrc 171# openrc
172deny /etc/runlevels/ 172blacklist /etc/runlevels/
173deny /etc/init.d/ 173blacklist /etc/init.d/
174deny /etc/rc.conf 174blacklist /etc/rc.conf
175 175
176# VirtualBox 176# VirtualBox
177deny ${HOME}/.VirtualBox 177blacklist ${HOME}/.VirtualBox
178deny ${HOME}/.config/VirtualBox 178blacklist ${HOME}/.config/VirtualBox
179deny ${HOME}/VirtualBox VMs 179blacklist ${HOME}/VirtualBox VMs
180 180
181# GNOME Boxes 181# GNOME Boxes
182deny ${HOME}/.config/gnome-boxes 182blacklist ${HOME}/.config/gnome-boxes
183deny ${HOME}/.local/share/gnome-boxes 183blacklist ${HOME}/.local/share/gnome-boxes
184 184
185# libvirt 185# libvirt
186deny ${HOME}/.cache/libvirt 186blacklist ${HOME}/.cache/libvirt
187deny ${HOME}/.config/libvirt 187blacklist ${HOME}/.config/libvirt
188deny ${RUNUSER}/libvirt 188blacklist ${RUNUSER}/libvirt
189deny /var/cache/libvirt 189blacklist /var/cache/libvirt
190deny /var/lib/libvirt 190blacklist /var/lib/libvirt
191deny /var/log/libvirt 191blacklist /var/log/libvirt
192 192
193# OCI-Containers / Podman 193# OCI-Containers / Podman
194deny ${RUNUSER}/containers 194blacklist ${RUNUSER}/containers
195deny ${RUNUSER}/crun 195blacklist ${RUNUSER}/crun
196deny ${RUNUSER}/libpod 196blacklist ${RUNUSER}/libpod
197deny ${RUNUSER}/runc 197blacklist ${RUNUSER}/runc
198deny ${RUNUSER}/toolbox 198blacklist ${RUNUSER}/toolbox
199 199
200# VeraCrypt 200# VeraCrypt
201deny ${HOME}/.VeraCrypt 201blacklist ${HOME}/.VeraCrypt
202deny ${PATH}/veracrypt 202blacklist ${PATH}/veracrypt
203deny ${PATH}/veracrypt-uninstall.sh 203blacklist ${PATH}/veracrypt-uninstall.sh
204deny /usr/share/applications/veracrypt.* 204blacklist /usr/share/applications/veracrypt.*
205deny /usr/share/pixmaps/veracrypt.* 205blacklist /usr/share/pixmaps/veracrypt.*
206deny /usr/share/veracrypt 206blacklist /usr/share/veracrypt
207 207
208# TrueCrypt 208# TrueCrypt
209deny ${HOME}/.TrueCrypt 209blacklist ${HOME}/.TrueCrypt
210deny ${PATH}/truecrypt 210blacklist ${PATH}/truecrypt
211deny ${PATH}/truecrypt-uninstall.sh 211blacklist ${PATH}/truecrypt-uninstall.sh
212deny /usr/share/applications/truecrypt.* 212blacklist /usr/share/applications/truecrypt.*
213deny /usr/share/pixmaps/truecrypt.* 213blacklist /usr/share/pixmaps/truecrypt.*
214deny /usr/share/truecrypt 214blacklist /usr/share/truecrypt
215 215
216# zuluCrypt 216# zuluCrypt
217deny ${HOME}/.zuluCrypt 217blacklist ${HOME}/.zuluCrypt
218deny ${HOME}/.zuluCrypt-socket 218blacklist ${HOME}/.zuluCrypt-socket
219deny ${PATH}/zuluCrypt-cli 219blacklist ${PATH}/zuluCrypt-cli
220deny ${PATH}/zuluMount-cli 220blacklist ${PATH}/zuluMount-cli
221 221
222# var 222# var
223deny /var/cache/apt 223blacklist /var/cache/apt
224deny /var/cache/pacman 224blacklist /var/cache/pacman
225deny /var/lib/apt 225blacklist /var/lib/apt
226deny /var/lib/clamav 226blacklist /var/lib/clamav
227deny /var/lib/dkms 227blacklist /var/lib/dkms
228deny /var/lib/mysql/mysql.sock 228blacklist /var/lib/mysql/mysql.sock
229deny /var/lib/mysqld/mysql.sock 229blacklist /var/lib/mysqld/mysql.sock
230deny /var/lib/pacman 230blacklist /var/lib/pacman
231deny /var/lib/upower 231blacklist /var/lib/upower
232# blacklist /var/log - a virtual /var/log directory (mostly empty) is build up by default for 232# blacklist /var/log - a virtual /var/log directory (mostly empty) is build up by default for
233# every sandbox, unless --writable-var-log switch is activated 233# every sandbox, unless --writable-var-log switch is activated
234deny /var/mail 234blacklist /var/mail
235deny /var/opt 235blacklist /var/opt
236deny /var/run/acpid.socket 236blacklist /var/run/acpid.socket
237deny /var/run/docker.sock 237blacklist /var/run/docker.sock
238deny /var/run/minissdpd.sock 238blacklist /var/run/minissdpd.sock
239deny /var/run/mysql/mysqld.sock 239blacklist /var/run/mysql/mysqld.sock
240deny /var/run/mysqld/mysqld.sock 240blacklist /var/run/mysqld/mysqld.sock
241deny /var/run/rpcbind.sock 241blacklist /var/run/rpcbind.sock
242deny /var/run/screens 242blacklist /var/run/screens
243deny /var/spool/anacron 243blacklist /var/spool/anacron
244deny /var/spool/cron 244blacklist /var/spool/cron
245deny /var/spool/mail 245blacklist /var/spool/mail
246 246
247# etc 247# etc
248deny /etc/anacrontab 248blacklist /etc/anacrontab
249deny /etc/cron* 249blacklist /etc/cron*
250deny /etc/profile.d 250blacklist /etc/profile.d
251deny /etc/rc.local 251blacklist /etc/rc.local
252# rc1.d, rc2.d, ... 252# rc1.d, rc2.d, ...
253deny /etc/rc?.d 253blacklist /etc/rc?.d
254deny /etc/kernel* 254blacklist /etc/kernel*
255deny /etc/grub* 255blacklist /etc/grub*
256deny /etc/dkms 256blacklist /etc/dkms
257deny /etc/apparmor* 257blacklist /etc/apparmor*
258deny /etc/selinux 258blacklist /etc/selinux
259deny /etc/modules* 259blacklist /etc/modules*
260deny /etc/logrotate* 260blacklist /etc/logrotate*
261deny /etc/adduser.conf 261blacklist /etc/adduser.conf
262 262
263# hide config for various intrusion detection systems 263# hide config for various intrusion detection systems
264deny /etc/rkhunter.conf 264blacklist /etc/rkhunter.conf
265deny /var/lib/rkhunter 265blacklist /var/lib/rkhunter
266deny /etc/chkrootkit.conf 266blacklist /etc/chkrootkit.conf
267deny /etc/lynis 267blacklist /etc/lynis
268deny /etc/aide 268blacklist /etc/aide
269deny /etc/logcheck 269blacklist /etc/logcheck
270deny /etc/tripwire 270blacklist /etc/tripwire
271deny /etc/snort 271blacklist /etc/snort
272deny /etc/fail2ban.conf 272blacklist /etc/fail2ban.conf
273deny /etc/suricata 273blacklist /etc/suricata
274 274
275# Startup files 275# Startup files
276read-only ${HOME}/.antigen 276read-only ${HOME}/.antigen
@@ -307,13 +307,13 @@ read-only ${HOME}/.zshrc
307read-only ${HOME}/.zshrc.local 307read-only ${HOME}/.zshrc.local
308 308
309# Remote access 309# Remote access
310deny ${HOME}/.rhosts 310blacklist ${HOME}/.rhosts
311deny ${HOME}/.shosts 311blacklist ${HOME}/.shosts
312deny ${HOME}/.ssh/authorized_keys 312blacklist ${HOME}/.ssh/authorized_keys
313deny ${HOME}/.ssh/authorized_keys2 313blacklist ${HOME}/.ssh/authorized_keys2
314deny ${HOME}/.ssh/environment 314blacklist ${HOME}/.ssh/environment
315deny ${HOME}/.ssh/rc 315blacklist ${HOME}/.ssh/rc
316deny /etc/hosts.equiv 316blacklist /etc/hosts.equiv
317read-only ${HOME}/.ssh/config 317read-only ${HOME}/.ssh/config
318read-only ${HOME}/.ssh/config.d 318read-only ${HOME}/.ssh/config.d
319 319
@@ -374,200 +374,200 @@ read-only ${HOME}/.local/share/mime
374read-only ${HOME}/.local/share/thumbnailers 374read-only ${HOME}/.local/share/thumbnailers
375 375
376# prevent access to ssh-agent 376# prevent access to ssh-agent
377deny /tmp/ssh-* 377blacklist /tmp/ssh-*
378 378
379# top secret 379# top secret
380deny ${HOME}/*.kdb 380blacklist ${HOME}/*.kdb
381deny ${HOME}/*.kdbx 381blacklist ${HOME}/*.kdbx
382deny ${HOME}/*.key 382blacklist ${HOME}/*.key
383deny ${HOME}/.Private 383blacklist ${HOME}/.Private
384deny ${HOME}/.caff 384blacklist ${HOME}/.caff
385deny ${HOME}/.cargo/credentials 385blacklist ${HOME}/.cargo/credentials
386deny ${HOME}/.cargo/credentials.toml 386blacklist ${HOME}/.cargo/credentials.toml
387deny ${HOME}/.cert 387blacklist ${HOME}/.cert
388deny ${HOME}/.config/keybase 388blacklist ${HOME}/.config/keybase
389deny ${HOME}/.davfs2/secrets 389blacklist ${HOME}/.davfs2/secrets
390deny ${HOME}/.ecryptfs 390blacklist ${HOME}/.ecryptfs
391deny ${HOME}/.fetchmailrc 391blacklist ${HOME}/.fetchmailrc
392deny ${HOME}/.fscrypt 392blacklist ${HOME}/.fscrypt
393deny ${HOME}/.git-credential-cache 393blacklist ${HOME}/.git-credential-cache
394deny ${HOME}/.git-credentials 394blacklist ${HOME}/.git-credentials
395deny ${HOME}/.gnome2/keyrings 395blacklist ${HOME}/.gnome2/keyrings
396deny ${HOME}/.gnupg 396blacklist ${HOME}/.gnupg
397deny ${HOME}/.config/hub 397blacklist ${HOME}/.config/hub
398deny ${HOME}/.kde/share/apps/kwallet 398blacklist ${HOME}/.kde/share/apps/kwallet
399deny ${HOME}/.kde4/share/apps/kwallet 399blacklist ${HOME}/.kde4/share/apps/kwallet
400deny ${HOME}/.local/share/keyrings 400blacklist ${HOME}/.local/share/keyrings
401deny ${HOME}/.local/share/kwalletd 401blacklist ${HOME}/.local/share/kwalletd
402deny ${HOME}/.local/share/plasma-vault 402blacklist ${HOME}/.local/share/plasma-vault
403deny ${HOME}/.msmtprc 403blacklist ${HOME}/.msmtprc
404deny ${HOME}/.mutt 404blacklist ${HOME}/.mutt
405deny ${HOME}/.muttrc 405blacklist ${HOME}/.muttrc
406deny ${HOME}/.netrc 406blacklist ${HOME}/.netrc
407deny ${HOME}/.nyx 407blacklist ${HOME}/.nyx
408deny ${HOME}/.pki 408blacklist ${HOME}/.pki
409deny ${HOME}/.local/share/pki 409blacklist ${HOME}/.local/share/pki
410deny ${HOME}/.smbcredentials 410blacklist ${HOME}/.smbcredentials
411deny ${HOME}/.ssh 411blacklist ${HOME}/.ssh
412deny ${HOME}/.vaults 412blacklist ${HOME}/.vaults
413deny /.fscrypt 413blacklist /.fscrypt
414deny /etc/davfs2/secrets 414blacklist /etc/davfs2/secrets
415deny /etc/group+ 415blacklist /etc/group+
416deny /etc/group- 416blacklist /etc/group-
417deny /etc/gshadow 417blacklist /etc/gshadow
418deny /etc/gshadow+ 418blacklist /etc/gshadow+
419deny /etc/gshadow- 419blacklist /etc/gshadow-
420deny /etc/passwd+ 420blacklist /etc/passwd+
421deny /etc/passwd- 421blacklist /etc/passwd-
422deny /etc/shadow 422blacklist /etc/shadow
423deny /etc/shadow+ 423blacklist /etc/shadow+
424deny /etc/shadow- 424blacklist /etc/shadow-
425deny /etc/ssh 425blacklist /etc/ssh
426deny /etc/ssh/* 426blacklist /etc/ssh/*
427deny /home/.ecryptfs 427blacklist /home/.ecryptfs
428deny /home/.fscrypt 428blacklist /home/.fscrypt
429deny /var/backup 429blacklist /var/backup
430 430
431# cloud provider configuration 431# cloud provider configuration
432deny ${HOME}/.aws 432blacklist ${HOME}/.aws
433deny ${HOME}/.boto 433blacklist ${HOME}/.boto
434deny ${HOME}/.config/gcloud 434blacklist ${HOME}/.config/gcloud
435deny ${HOME}/.kube 435blacklist ${HOME}/.kube
436deny ${HOME}/.passwd-s3fs 436blacklist ${HOME}/.passwd-s3fs
437deny ${HOME}/.s3cmd 437blacklist ${HOME}/.s3cmd
438deny /etc/boto.cfg 438blacklist /etc/boto.cfg
439 439
440# system directories 440# system directories
441deny /sbin 441blacklist /sbin
442deny /usr/local/sbin 442blacklist /usr/local/sbin
443deny /usr/sbin 443blacklist /usr/sbin
444 444
445# system management 445# system management
446deny ${PATH}/at 446blacklist ${PATH}/at
447deny ${PATH}/busybox 447blacklist ${PATH}/busybox
448deny ${PATH}/chage 448blacklist ${PATH}/chage
449deny ${PATH}/chfn 449blacklist ${PATH}/chfn
450deny ${PATH}/chsh 450blacklist ${PATH}/chsh
451deny ${PATH}/crontab 451blacklist ${PATH}/crontab
452deny ${PATH}/evtest 452blacklist ${PATH}/evtest
453deny ${PATH}/expiry 453blacklist ${PATH}/expiry
454deny ${PATH}/fusermount 454blacklist ${PATH}/fusermount
455deny ${PATH}/gksu 455blacklist ${PATH}/gksu
456deny ${PATH}/gksudo 456blacklist ${PATH}/gksudo
457deny ${PATH}/gpasswd 457blacklist ${PATH}/gpasswd
458deny ${PATH}/kdesudo 458blacklist ${PATH}/kdesudo
459deny ${PATH}/ksu 459blacklist ${PATH}/ksu
460deny ${PATH}/mount 460blacklist ${PATH}/mount
461deny ${PATH}/mount.ecryptfs_private 461blacklist ${PATH}/mount.ecryptfs_private
462deny ${PATH}/nc 462blacklist ${PATH}/nc
463deny ${PATH}/ncat 463blacklist ${PATH}/ncat
464deny ${PATH}/nmap 464blacklist ${PATH}/nmap
465deny ${PATH}/newgidmap 465blacklist ${PATH}/newgidmap
466deny ${PATH}/newgrp 466blacklist ${PATH}/newgrp
467deny ${PATH}/newuidmap 467blacklist ${PATH}/newuidmap
468deny ${PATH}/ntfs-3g 468blacklist ${PATH}/ntfs-3g
469deny ${PATH}/pkexec 469blacklist ${PATH}/pkexec
470deny ${PATH}/procmail 470blacklist ${PATH}/procmail
471deny ${PATH}/sg 471blacklist ${PATH}/sg
472deny ${PATH}/strace 472blacklist ${PATH}/strace
473deny ${PATH}/su 473blacklist ${PATH}/su
474deny ${PATH}/sudo 474blacklist ${PATH}/sudo
475deny ${PATH}/tcpdump 475blacklist ${PATH}/tcpdump
476deny ${PATH}/umount 476blacklist ${PATH}/umount
477deny ${PATH}/unix_chkpwd 477blacklist ${PATH}/unix_chkpwd
478deny ${PATH}/xev 478blacklist ${PATH}/xev
479deny ${PATH}/xinput 479blacklist ${PATH}/xinput
480 480
481# other SUID binaries 481# other SUID binaries
482deny /usr/lib/virtualbox 482blacklist /usr/lib/virtualbox
483deny /usr/lib64/virtualbox 483blacklist /usr/lib64/virtualbox
484 484
485# prevent lxterminal connecting to an existing lxterminal session 485# prevent lxterminal connecting to an existing lxterminal session
486deny /tmp/.lxterminal-socket* 486blacklist /tmp/.lxterminal-socket*
487# prevent tmux connecting to an existing session 487# prevent tmux connecting to an existing session
488deny /tmp/tmux-* 488blacklist /tmp/tmux-*
489 489
490# disable terminals running as server resulting in sandbox escape 490# disable terminals running as server resulting in sandbox escape
491deny ${PATH}/lxterminal 491blacklist ${PATH}/lxterminal
492deny ${PATH}/gnome-terminal 492blacklist ${PATH}/gnome-terminal
493deny ${PATH}/gnome-terminal.wrapper 493blacklist ${PATH}/gnome-terminal.wrapper
494deny ${PATH}/lilyterm 494blacklist ${PATH}/lilyterm
495deny ${PATH}/mate-terminal 495blacklist ${PATH}/mate-terminal
496deny ${PATH}/mate-terminal.wrapper 496blacklist ${PATH}/mate-terminal.wrapper
497deny ${PATH}/pantheon-terminal 497blacklist ${PATH}/pantheon-terminal
498deny ${PATH}/roxterm 498blacklist ${PATH}/roxterm
499deny ${PATH}/roxterm-config 499blacklist ${PATH}/roxterm-config
500deny ${PATH}/terminix 500blacklist ${PATH}/terminix
501deny ${PATH}/tilix 501blacklist ${PATH}/tilix
502deny ${PATH}/urxvtc 502blacklist ${PATH}/urxvtc
503deny ${PATH}/urxvtcd 503blacklist ${PATH}/urxvtcd
504deny ${PATH}/xfce4-terminal 504blacklist ${PATH}/xfce4-terminal
505deny ${PATH}/xfce4-terminal.wrapper 505blacklist ${PATH}/xfce4-terminal.wrapper
506# blacklist ${PATH}/konsole 506# blacklist ${PATH}/konsole
507# konsole doesn't seem to have this problem - last tested on Ubuntu 16.04 507# konsole doesn't seem to have this problem - last tested on Ubuntu 16.04
508 508
509# kernel files 509# kernel files
510deny /initrd* 510blacklist /initrd*
511deny /vmlinuz* 511blacklist /vmlinuz*
512 512
513# snapshot files 513# snapshot files
514deny /.snapshots 514blacklist /.snapshots
515 515
516# flatpak 516# flatpak
517deny ${HOME}/.cache/flatpak 517blacklist ${HOME}/.cache/flatpak
518deny ${HOME}/.config/flatpak 518blacklist ${HOME}/.config/flatpak
519nodeny ${HOME}/.local/share/flatpak/exports 519noblacklist ${HOME}/.local/share/flatpak/exports
520read-only ${HOME}/.local/share/flatpak/exports 520read-only ${HOME}/.local/share/flatpak/exports
521deny ${HOME}/.local/share/flatpak/* 521blacklist ${HOME}/.local/share/flatpak/*
522deny ${HOME}/.var 522blacklist ${HOME}/.var
523deny ${RUNUSER}/app 523blacklist ${RUNUSER}/app
524deny ${RUNUSER}/doc 524blacklist ${RUNUSER}/doc
525deny ${RUNUSER}/.dbus-proxy 525blacklist ${RUNUSER}/.dbus-proxy
526deny ${RUNUSER}/.flatpak 526blacklist ${RUNUSER}/.flatpak
527deny ${RUNUSER}/.flatpak-cache 527blacklist ${RUNUSER}/.flatpak-cache
528deny ${RUNUSER}/.flatpak-helper 528blacklist ${RUNUSER}/.flatpak-helper
529deny /usr/share/flatpak 529blacklist /usr/share/flatpak
530nodeny /var/lib/flatpak/exports 530noblacklist /var/lib/flatpak/exports
531deny /var/lib/flatpak/* 531blacklist /var/lib/flatpak/*
532# most of the time bwrap is SUID binary 532# most of the time bwrap is SUID binary
533deny ${PATH}/bwrap 533blacklist ${PATH}/bwrap
534 534
535# snap 535# snap
536deny ${RUNUSER}/snapd-session-agent.socket 536blacklist ${RUNUSER}/snapd-session-agent.socket
537 537
538# mail directories used by mutt 538# mail directories used by mutt
539deny ${HOME}/.Mail 539blacklist ${HOME}/.Mail
540deny ${HOME}/.mail 540blacklist ${HOME}/.mail
541deny ${HOME}/.signature 541blacklist ${HOME}/.signature
542deny ${HOME}/Mail 542blacklist ${HOME}/Mail
543deny ${HOME}/mail 543blacklist ${HOME}/mail
544deny ${HOME}/postponed 544blacklist ${HOME}/postponed
545deny ${HOME}/sent 545blacklist ${HOME}/sent
546 546
547# kernel configuration 547# kernel configuration
548deny /proc/config.gz 548blacklist /proc/config.gz
549 549
550# prevent DNS malware attempting to communicate with the server 550# prevent DNS malware attempting to communicate with the server
551# using regular DNS tools 551# using regular DNS tools
552deny ${PATH}/dig 552blacklist ${PATH}/dig
553deny ${PATH}/dlint 553blacklist ${PATH}/dlint
554deny ${PATH}/dns2tcp 554blacklist ${PATH}/dns2tcp
555deny ${PATH}/dnssec-* 555blacklist ${PATH}/dnssec-*
556deny ${PATH}/dnswalk 556blacklist ${PATH}/dnswalk
557deny ${PATH}/drill 557blacklist ${PATH}/drill
558deny ${PATH}/host 558blacklist ${PATH}/host
559deny ${PATH}/iodine 559blacklist ${PATH}/iodine
560deny ${PATH}/kdig 560blacklist ${PATH}/kdig
561deny ${PATH}/khost 561blacklist ${PATH}/khost
562deny ${PATH}/knsupdate 562blacklist ${PATH}/knsupdate
563deny ${PATH}/ldns-* 563blacklist ${PATH}/ldns-*
564deny ${PATH}/ldnsd 564blacklist ${PATH}/ldnsd
565deny ${PATH}/nslookup 565blacklist ${PATH}/nslookup
566deny ${PATH}/resolvectl 566blacklist ${PATH}/resolvectl
567deny ${PATH}/unbound-host 567blacklist ${PATH}/unbound-host
568 568
569# rest of ${RUNUSER} 569# rest of ${RUNUSER}
570deny ${RUNUSER}/*.lock 570blacklist ${RUNUSER}/*.lock
571deny ${RUNUSER}/inaccessible 571blacklist ${RUNUSER}/inaccessible
572deny ${RUNUSER}/pk-debconf-socket 572blacklist ${RUNUSER}/pk-debconf-socket
573deny ${RUNUSER}/update-notifier.pid 573blacklist ${RUNUSER}/update-notifier.pid
diff --git a/etc/inc/disable-devel.inc b/etc/inc/disable-devel.inc
index a893eb3f3..e74b1b40b 100644
--- a/etc/inc/disable-devel.inc
+++ b/etc/inc/disable-devel.inc
@@ -5,65 +5,65 @@ include disable-devel.local
5# development tools 5# development tools
6 6
7# clang/llvm 7# clang/llvm
8deny ${PATH}/clang* 8blacklist ${PATH}/clang*
9deny ${PATH}/lldb* 9blacklist ${PATH}/lldb*
10deny ${PATH}/llvm* 10blacklist ${PATH}/llvm*
11# see issue #2106 - it disables hardware acceleration in Firefox on Radeon GPU 11# see issue #2106 - it disables hardware acceleration in Firefox on Radeon GPU
12# blacklist /usr/lib/llvm* 12# blacklist /usr/lib/llvm*
13 13
14# GCC 14# GCC
15deny ${PATH}/as 15blacklist ${PATH}/as
16deny ${PATH}/cc 16blacklist ${PATH}/cc
17deny ${PATH}/c++* 17blacklist ${PATH}/c++*
18deny ${PATH}/c8* 18blacklist ${PATH}/c8*
19deny ${PATH}/c9* 19blacklist ${PATH}/c9*
20deny ${PATH}/cpp* 20blacklist ${PATH}/cpp*
21deny ${PATH}/g++* 21blacklist ${PATH}/g++*
22deny ${PATH}/gcc* 22blacklist ${PATH}/gcc*
23deny ${PATH}/gdb 23blacklist ${PATH}/gdb
24deny ${PATH}/ld 24blacklist ${PATH}/ld
25deny ${PATH}/*-gcc* 25blacklist ${PATH}/*-gcc*
26deny ${PATH}/*-g++* 26blacklist ${PATH}/*-g++*
27deny ${PATH}/*-gcc* 27blacklist ${PATH}/*-gcc*
28deny ${PATH}/*-g++* 28blacklist ${PATH}/*-g++*
29# seems to create problems on Gentoo 29# seems to create problems on Gentoo
30#blacklist /usr/lib/gcc 30#blacklist /usr/lib/gcc
31 31
32#Go 32#Go
33deny ${PATH}/gccgo 33blacklist ${PATH}/gccgo
34deny ${PATH}/go 34blacklist ${PATH}/go
35deny ${PATH}/gofmt 35blacklist ${PATH}/gofmt
36 36
37# Java 37# Java
38deny ${PATH}/java 38blacklist ${PATH}/java
39deny ${PATH}/javac 39blacklist ${PATH}/javac
40deny /etc/java 40blacklist /etc/java
41deny /usr/lib/java 41blacklist /usr/lib/java
42deny /usr/share/java 42blacklist /usr/share/java
43 43
44#OpenSSL 44#OpenSSL
45deny ${PATH}/openssl 45blacklist ${PATH}/openssl
46deny ${PATH}/openssl-1.0 46blacklist ${PATH}/openssl-1.0
47 47
48#Rust 48#Rust
49deny ${PATH}/rust-gdb 49blacklist ${PATH}/rust-gdb
50deny ${PATH}/rust-lldb 50blacklist ${PATH}/rust-lldb
51deny ${PATH}/rustc 51blacklist ${PATH}/rustc
52deny ${HOME}/.rustup 52blacklist ${HOME}/.rustup
53 53
54# tcc - Tiny C Compiler 54# tcc - Tiny C Compiler
55deny ${PATH}/tcc 55blacklist ${PATH}/tcc
56deny ${PATH}/x86_64-tcc 56blacklist ${PATH}/x86_64-tcc
57deny /usr/lib/tcc 57blacklist /usr/lib/tcc
58 58
59# Valgrind 59# Valgrind
60deny ${PATH}/valgrind* 60blacklist ${PATH}/valgrind*
61deny /usr/lib/valgrind 61blacklist /usr/lib/valgrind
62 62
63 63
64# Source-Code 64# Source-Code
65 65
66deny /usr/src 66blacklist /usr/src
67deny /usr/local/src 67blacklist /usr/local/src
68deny /usr/include 68blacklist /usr/include
69deny /usr/local/include 69blacklist /usr/local/include
diff --git a/etc/inc/disable-interpreters.inc b/etc/inc/disable-interpreters.inc
index c77d9a490..5d8a236fb 100644
--- a/etc/inc/disable-interpreters.inc
+++ b/etc/inc/disable-interpreters.inc
@@ -3,66 +3,66 @@
3include disable-interpreters.local 3include disable-interpreters.local
4 4
5# gjs 5# gjs
6deny ${PATH}/gjs 6blacklist ${PATH}/gjs
7deny ${PATH}/gjs-console 7blacklist ${PATH}/gjs-console
8deny /usr/lib/gjs 8blacklist /usr/lib/gjs
9deny /usr/lib/libgjs* 9blacklist /usr/lib/libgjs*
10deny /usr/lib64/gjs 10blacklist /usr/lib64/gjs
11deny /usr/lib64/libgjs* 11blacklist /usr/lib64/libgjs*
12 12
13# Lua 13# Lua
14deny ${PATH}/lua* 14blacklist ${PATH}/lua*
15deny /usr/include/lua* 15blacklist /usr/include/lua*
16deny /usr/lib/liblua* 16blacklist /usr/lib/liblua*
17deny /usr/lib/lua 17blacklist /usr/lib/lua
18deny /usr/lib64/liblua* 18blacklist /usr/lib64/liblua*
19deny /usr/lib64/lua 19blacklist /usr/lib64/lua
20deny /usr/share/lua* 20blacklist /usr/share/lua*
21 21
22# mozjs 22# mozjs
23deny /usr/lib/libmozjs-* 23blacklist /usr/lib/libmozjs-*
24deny /usr/lib64/libmozjs-* 24blacklist /usr/lib64/libmozjs-*
25 25
26# Node.js 26# Node.js
27deny ${PATH}/node 27blacklist ${PATH}/node
28deny /usr/include/node 28blacklist /usr/include/node
29 29
30# nvm 30# nvm
31deny ${HOME}/.nvm 31blacklist ${HOME}/.nvm
32 32
33# Perl 33# Perl
34deny ${PATH}/core_perl 34blacklist ${PATH}/core_perl
35deny ${PATH}/cpan* 35blacklist ${PATH}/cpan*
36deny ${PATH}/perl 36blacklist ${PATH}/perl
37deny ${PATH}/site_perl 37blacklist ${PATH}/site_perl
38deny ${PATH}/vendor_perl 38blacklist ${PATH}/vendor_perl
39deny /usr/lib/perl* 39blacklist /usr/lib/perl*
40deny /usr/lib64/perl* 40blacklist /usr/lib64/perl*
41deny /usr/share/perl* 41blacklist /usr/share/perl*
42 42
43# PHP 43# PHP
44deny ${PATH}/php* 44blacklist ${PATH}/php*
45deny /usr/lib/php* 45blacklist /usr/lib/php*
46deny /usr/share/php* 46blacklist /usr/share/php*
47 47
48# Ruby 48# Ruby
49deny ${PATH}/ruby 49blacklist ${PATH}/ruby
50deny /usr/lib/ruby 50blacklist /usr/lib/ruby
51 51
52# Programs using python: deluge, firefox addons, filezilla, cherrytree, xchat, hexchat, libreoffice, scribus 52# Programs using python: deluge, firefox addons, filezilla, cherrytree, xchat, hexchat, libreoffice, scribus
53# Python 2 53# Python 2
54deny ${PATH}/python2* 54blacklist ${PATH}/python2*
55deny /usr/include/python2* 55blacklist /usr/include/python2*
56deny /usr/lib/python2* 56blacklist /usr/lib/python2*
57deny /usr/local/lib/python2* 57blacklist /usr/local/lib/python2*
58deny /usr/share/python2* 58blacklist /usr/share/python2*
59 59
60# You will want to add noblacklist for python3 stuff in the firefox and/or chromium profiles if you use the Gnome connector (see Issue #2026) 60# You will want to add noblacklist for python3 stuff in the firefox and/or chromium profiles if you use the Gnome connector (see Issue #2026)
61 61
62# Python 3 62# Python 3
63deny ${PATH}/python3* 63blacklist ${PATH}/python3*
64deny /usr/include/python3* 64blacklist /usr/include/python3*
65deny /usr/lib/python3* 65blacklist /usr/lib/python3*
66deny /usr/lib64/python3* 66blacklist /usr/lib64/python3*
67deny /usr/local/lib/python3* 67blacklist /usr/local/lib/python3*
68deny /usr/share/python3* 68blacklist /usr/share/python3*
diff --git a/etc/inc/disable-passwdmgr.inc b/etc/inc/disable-passwdmgr.inc
index 0a61bc46f..3ed9a1b14 100644
--- a/etc/inc/disable-passwdmgr.inc
+++ b/etc/inc/disable-passwdmgr.inc
@@ -2,18 +2,18 @@
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include disable-passwdmgr.local 3include disable-passwdmgr.local
4 4
5deny ${HOME}/.config/Bitwarden 5blacklist ${HOME}/.config/Bitwarden
6deny ${HOME}/.config/KeePass 6blacklist ${HOME}/.config/KeePass
7deny ${HOME}/.config/keepass 7blacklist ${HOME}/.config/keepass
8deny ${HOME}/.config/keepassx 8blacklist ${HOME}/.config/keepassx
9deny ${HOME}/.config/keepassxc 9blacklist ${HOME}/.config/keepassxc
10deny ${HOME}/.config/KeePassXCrc 10blacklist ${HOME}/.config/KeePassXCrc
11deny ${HOME}/.config/Sinew Software Systems 11blacklist ${HOME}/.config/Sinew Software Systems
12deny ${HOME}/.fpm 12blacklist ${HOME}/.fpm
13deny ${HOME}/.keepass 13blacklist ${HOME}/.keepass
14deny ${HOME}/.keepassx 14blacklist ${HOME}/.keepassx
15deny ${HOME}/.keepassxc 15blacklist ${HOME}/.keepassxc
16deny ${HOME}/.lastpass 16blacklist ${HOME}/.lastpass
17deny ${HOME}/.local/share/KeePass 17blacklist ${HOME}/.local/share/KeePass
18deny ${HOME}/.local/share/keepass 18blacklist ${HOME}/.local/share/keepass
19deny ${HOME}/.password-store 19blacklist ${HOME}/.password-store
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 5fe2f8c28..fd907034f 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -2,1097 +2,1097 @@
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include disable-programs.local 3include disable-programs.local
4 4
5deny ${HOME}/.*coin 5blacklist ${HOME}/.*coin
6deny ${HOME}/.8pecxstudios 6blacklist ${HOME}/.8pecxstudios
7deny ${HOME}/.AndroidStudio* 7blacklist ${HOME}/.AndroidStudio*
8deny ${HOME}/.Atom 8blacklist ${HOME}/.Atom
9deny ${HOME}/.CLion* 9blacklist ${HOME}/.CLion*
10deny ${HOME}/.FBReader 10blacklist ${HOME}/.FBReader
11deny ${HOME}/.FontForge 11blacklist ${HOME}/.FontForge
12deny ${HOME}/.IdeaIC* 12blacklist ${HOME}/.IdeaIC*
13deny ${HOME}/.LuminanceHDR 13blacklist ${HOME}/.LuminanceHDR
14deny ${HOME}/.Mathematica 14blacklist ${HOME}/.Mathematica
15deny ${HOME}/.Natron 15blacklist ${HOME}/.Natron
16deny ${HOME}/.PlayOnLinux 16blacklist ${HOME}/.PlayOnLinux
17deny ${HOME}/.PyCharm* 17blacklist ${HOME}/.PyCharm*
18deny ${HOME}/.Sayonara 18blacklist ${HOME}/.Sayonara
19deny ${HOME}/.Steam 19blacklist ${HOME}/.Steam
20deny ${HOME}/.Steampath 20blacklist ${HOME}/.Steampath
21deny ${HOME}/.Steampid 21blacklist ${HOME}/.Steampid
22deny ${HOME}/.TelegramDesktop 22blacklist ${HOME}/.TelegramDesktop
23deny ${HOME}/.VSCodium 23blacklist ${HOME}/.VSCodium
24deny ${HOME}/.ViberPC 24blacklist ${HOME}/.ViberPC
25deny ${HOME}/.VirtualBox 25blacklist ${HOME}/.VirtualBox
26deny ${HOME}/.WebStorm* 26blacklist ${HOME}/.WebStorm*
27deny ${HOME}/.Wolfram Research 27blacklist ${HOME}/.Wolfram Research
28deny ${HOME}/.ZAP 28blacklist ${HOME}/.ZAP
29deny ${HOME}/.aMule 29blacklist ${HOME}/.aMule
30deny ${HOME}/.abook 30blacklist ${HOME}/.abook
31deny ${HOME}/.addressbook 31blacklist ${HOME}/.addressbook
32deny ${HOME}/.alpine-smime 32blacklist ${HOME}/.alpine-smime
33deny ${HOME}/.android 33blacklist ${HOME}/.android
34deny ${HOME}/.anydesk 34blacklist ${HOME}/.anydesk
35deny ${HOME}/.arduino15 35blacklist ${HOME}/.arduino15
36deny ${HOME}/.aria2 36blacklist ${HOME}/.aria2
37deny ${HOME}/.arm 37blacklist ${HOME}/.arm
38deny ${HOME}/.asunder_album_artist 38blacklist ${HOME}/.asunder_album_artist
39deny ${HOME}/.asunder_album_genre 39blacklist ${HOME}/.asunder_album_genre
40deny ${HOME}/.asunder_album_title 40blacklist ${HOME}/.asunder_album_title
41deny ${HOME}/.atom 41blacklist ${HOME}/.atom
42deny ${HOME}/.attic 42blacklist ${HOME}/.attic
43deny ${HOME}/.audacity-data 43blacklist ${HOME}/.audacity-data
44deny ${HOME}/.avidemux6 44blacklist ${HOME}/.avidemux6
45deny ${HOME}/.ballbuster.hs 45blacklist ${HOME}/.ballbuster.hs
46deny ${HOME}/.balsa 46blacklist ${HOME}/.balsa
47deny ${HOME}/.bcast5 47blacklist ${HOME}/.bcast5
48deny ${HOME}/.bibletime 48blacklist ${HOME}/.bibletime
49deny ${HOME}/.bitcoin 49blacklist ${HOME}/.bitcoin
50deny ${HOME}/.blobby 50blacklist ${HOME}/.blobby
51deny ${HOME}/.bogofilter 51blacklist ${HOME}/.bogofilter
52deny ${HOME}/.bzf 52blacklist ${HOME}/.bzf
53deny ${HOME}/.cargo/* 53blacklist ${HOME}/.cargo/*
54deny ${HOME}/.claws-mail 54blacklist ${HOME}/.claws-mail
55deny ${HOME}/.cliqz 55blacklist ${HOME}/.cliqz
56deny ${HOME}/.clion* 56blacklist ${HOME}/.clion*
57deny ${HOME}/.clonk 57blacklist ${HOME}/.clonk
58deny ${HOME}/.config/0ad 58blacklist ${HOME}/.config/0ad
59deny ${HOME}/.config/2048-qt 59blacklist ${HOME}/.config/2048-qt
60deny ${HOME}/.config/Atom 60blacklist ${HOME}/.config/Atom
61deny ${HOME}/.config/Audaciousrc 61blacklist ${HOME}/.config/Audaciousrc
62deny ${HOME}/.config/Authenticator 62blacklist ${HOME}/.config/Authenticator
63deny ${HOME}/.config/Beaker Browser 63blacklist ${HOME}/.config/Beaker Browser
64deny ${HOME}/.config/Bitcoin 64blacklist ${HOME}/.config/Bitcoin
65deny ${HOME}/.config/Bitwarden 65blacklist ${HOME}/.config/Bitwarden
66deny ${HOME}/.config/Brackets 66blacklist ${HOME}/.config/Brackets
67deny ${HOME}/.config/BraveSoftware 67blacklist ${HOME}/.config/BraveSoftware
68deny ${HOME}/.config/Clementine 68blacklist ${HOME}/.config/Clementine
69deny ${HOME}/.config/Code 69blacklist ${HOME}/.config/Code
70deny ${HOME}/.config/Code - OSS 70blacklist ${HOME}/.config/Code - OSS
71deny ${HOME}/.config/Code Industry 71blacklist ${HOME}/.config/Code Industry
72deny ${HOME}/.config/Cryptocat 72blacklist ${HOME}/.config/Cryptocat
73deny ${HOME}/.config/Debauchee/Barrier.conf 73blacklist ${HOME}/.config/Debauchee/Barrier.conf
74deny ${HOME}/.config/Dharkael 74blacklist ${HOME}/.config/Dharkael
75deny ${HOME}/.config/ENCOM 75blacklist ${HOME}/.config/ENCOM
76deny ${HOME}/.config/Element 76blacklist ${HOME}/.config/Element
77deny ${HOME}/.config/Element (Riot) 77blacklist ${HOME}/.config/Element (Riot)
78deny ${HOME}/.config/Enox 78blacklist ${HOME}/.config/Enox
79deny ${HOME}/.config/Epic 79blacklist ${HOME}/.config/Epic
80deny ${HOME}/.config/Ferdi 80blacklist ${HOME}/.config/Ferdi
81deny ${HOME}/.config/Flavio Tordini 81blacklist ${HOME}/.config/Flavio Tordini
82deny ${HOME}/.config/Franz 82blacklist ${HOME}/.config/Franz
83deny ${HOME}/.config/FreeCAD 83blacklist ${HOME}/.config/FreeCAD
84deny ${HOME}/.config/FreeTube 84blacklist ${HOME}/.config/FreeTube
85deny ${HOME}/.config/Fritzing 85blacklist ${HOME}/.config/Fritzing
86deny ${HOME}/.config/GIMP 86blacklist ${HOME}/.config/GIMP
87deny ${HOME}/.config/GitHub Desktop 87blacklist ${HOME}/.config/GitHub Desktop
88deny ${HOME}/.config/Gitter 88blacklist ${HOME}/.config/Gitter
89deny ${HOME}/.config/Google 89blacklist ${HOME}/.config/Google
90deny ${HOME}/.config/Google Play Music Desktop Player 90blacklist ${HOME}/.config/Google Play Music Desktop Player
91deny ${HOME}/.config/Gpredict 91blacklist ${HOME}/.config/Gpredict
92deny ${HOME}/.config/INRIA 92blacklist ${HOME}/.config/INRIA
93deny ${HOME}/.config/InSilmaril 93blacklist ${HOME}/.config/InSilmaril
94deny ${HOME}/.config/Jitsi Meet 94blacklist ${HOME}/.config/Jitsi Meet
95deny ${HOME}/.config/JetBrains/CLion* 95blacklist ${HOME}/.config/JetBrains/CLion*
96deny ${HOME}/.config/KDE/neochat 96blacklist ${HOME}/.config/KDE/neochat
97deny ${HOME}/.config/Kid3 97blacklist ${HOME}/.config/Kid3
98deny ${HOME}/.config/Kingsoft 98blacklist ${HOME}/.config/Kingsoft
99deny ${HOME}/.config/LibreCAD 99blacklist ${HOME}/.config/LibreCAD
100deny ${HOME}/.config/Loop_Hero 100blacklist ${HOME}/.config/Loop_Hero
101deny ${HOME}/.config/Luminance 101blacklist ${HOME}/.config/Luminance
102deny ${HOME}/.config/LyX 102blacklist ${HOME}/.config/LyX
103deny ${HOME}/.config/Mattermost 103blacklist ${HOME}/.config/Mattermost
104deny ${HOME}/.config/Meltytech 104blacklist ${HOME}/.config/Meltytech
105deny ${HOME}/.config/Mendeley Ltd. 105blacklist ${HOME}/.config/Mendeley Ltd.
106deny ${HOME}/.config/Microsoft 106blacklist ${HOME}/.config/Microsoft
107deny ${HOME}/.config/Min 107blacklist ${HOME}/.config/Min
108deny ${HOME}/.config/ModTheSpire 108blacklist ${HOME}/.config/ModTheSpire
109deny ${HOME}/.config/Mousepad 109blacklist ${HOME}/.config/Mousepad
110deny ${HOME}/.config/Mumble 110blacklist ${HOME}/.config/Mumble
111deny ${HOME}/.config/MusE 111blacklist ${HOME}/.config/MusE
112deny ${HOME}/.config/MuseScore 112blacklist ${HOME}/.config/MuseScore
113deny ${HOME}/.config/MusicBrainz 113blacklist ${HOME}/.config/MusicBrainz
114deny ${HOME}/.config/Nathan Osman 114blacklist ${HOME}/.config/Nathan Osman
115deny ${HOME}/.config/Nextcloud 115blacklist ${HOME}/.config/Nextcloud
116deny ${HOME}/.config/NitroShare 116blacklist ${HOME}/.config/NitroShare
117deny ${HOME}/.config/Nylas Mail 117blacklist ${HOME}/.config/Nylas Mail
118deny ${HOME}/.config/PBE 118blacklist ${HOME}/.config/PBE
119deny ${HOME}/.config/PacmanLogViewer 119blacklist ${HOME}/.config/PacmanLogViewer
120deny ${HOME}/.config/PawelStolowski 120blacklist ${HOME}/.config/PawelStolowski
121deny ${HOME}/.config/Philipp Schmieder 121blacklist ${HOME}/.config/Philipp Schmieder
122deny ${HOME}/.config/Pinta 122blacklist ${HOME}/.config/Pinta
123deny ${HOME}/.config/QGIS 123blacklist ${HOME}/.config/QGIS
124deny ${HOME}/.config/QMediathekView 124blacklist ${HOME}/.config/QMediathekView
125deny ${HOME}/.config/Qlipper 125blacklist ${HOME}/.config/Qlipper
126deny ${HOME}/.config/QuiteRss 126blacklist ${HOME}/.config/QuiteRss
127deny ${HOME}/.config/QuiteRssrc 127blacklist ${HOME}/.config/QuiteRssrc
128deny ${HOME}/.config/Quotient 128blacklist ${HOME}/.config/Quotient
129deny ${HOME}/.config/Rambox 129blacklist ${HOME}/.config/Rambox
130deny ${HOME}/.config/Riot 130blacklist ${HOME}/.config/Riot
131deny ${HOME}/.config/Rocket.Chat 131blacklist ${HOME}/.config/Rocket.Chat
132deny ${HOME}/.config/RogueLegacy 132blacklist ${HOME}/.config/RogueLegacy
133deny ${HOME}/.config/RogueLegacyStorageContainer 133blacklist ${HOME}/.config/RogueLegacyStorageContainer
134deny ${HOME}/.config/Signal 134blacklist ${HOME}/.config/Signal
135deny ${HOME}/.config/Sinew Software Systems 135blacklist ${HOME}/.config/Sinew Software Systems
136deny ${HOME}/.config/Slack 136blacklist ${HOME}/.config/Slack
137deny ${HOME}/.config/Standard Notes 137blacklist ${HOME}/.config/Standard Notes
138deny ${HOME}/.config/SubDownloader 138blacklist ${HOME}/.config/SubDownloader
139deny ${HOME}/.config/Thunar 139blacklist ${HOME}/.config/Thunar
140deny ${HOME}/.config/Twitch 140blacklist ${HOME}/.config/Twitch
141deny ${HOME}/.config/Unknown Organization 141blacklist ${HOME}/.config/Unknown Organization
142deny ${HOME}/.config/VirtualBox 142blacklist ${HOME}/.config/VirtualBox
143deny ${HOME}/.config/Whalebird 143blacklist ${HOME}/.config/Whalebird
144deny ${HOME}/.config/Wire 144blacklist ${HOME}/.config/Wire
145deny ${HOME}/.config/Youtube 145blacklist ${HOME}/.config/Youtube
146deny ${HOME}/.config/ZeGrapher Project 146blacklist ${HOME}/.config/ZeGrapher Project
147deny ${HOME}/.config/Zeal 147blacklist ${HOME}/.config/Zeal
148deny ${HOME}/.config/Zulip 148blacklist ${HOME}/.config/Zulip
149deny ${HOME}/.config/aacs 149blacklist ${HOME}/.config/aacs
150deny ${HOME}/.config/abiword 150blacklist ${HOME}/.config/abiword
151deny ${HOME}/.config/agenda 151blacklist ${HOME}/.config/agenda
152deny ${HOME}/.config/akonadi* 152blacklist ${HOME}/.config/akonadi*
153deny ${HOME}/.config/akregatorrc 153blacklist ${HOME}/.config/akregatorrc
154deny ${HOME}/.config/alacritty 154blacklist ${HOME}/.config/alacritty
155deny ${HOME}/.config/ardour4 155blacklist ${HOME}/.config/ardour4
156deny ${HOME}/.config/ardour5 156blacklist ${HOME}/.config/ardour5
157deny ${HOME}/.config/aria2 157blacklist ${HOME}/.config/aria2
158deny ${HOME}/.config/arkrc 158blacklist ${HOME}/.config/arkrc
159deny ${HOME}/.config/artha.conf 159blacklist ${HOME}/.config/artha.conf
160deny ${HOME}/.config/artha.log 160blacklist ${HOME}/.config/artha.log
161deny ${HOME}/.config/asunder 161blacklist ${HOME}/.config/asunder
162deny ${HOME}/.config/atril 162blacklist ${HOME}/.config/atril
163deny ${HOME}/.config/audacious 163blacklist ${HOME}/.config/audacious
164deny ${HOME}/.config/autokey 164blacklist ${HOME}/.config/autokey
165deny ${HOME}/.config/avidemux3_qt5rc 165blacklist ${HOME}/.config/avidemux3_qt5rc
166deny ${HOME}/.config/aweather 166blacklist ${HOME}/.config/aweather
167deny ${HOME}/.config/backintime 167blacklist ${HOME}/.config/backintime
168deny ${HOME}/.config/baloofilerc 168blacklist ${HOME}/.config/baloofilerc
169deny ${HOME}/.config/baloorc 169blacklist ${HOME}/.config/baloorc
170deny ${HOME}/.config/bcompare 170blacklist ${HOME}/.config/bcompare
171deny ${HOME}/.config/blender 171blacklist ${HOME}/.config/blender
172deny ${HOME}/.config/bless 172blacklist ${HOME}/.config/bless
173deny ${HOME}/.config/bnox 173blacklist ${HOME}/.config/bnox
174deny ${HOME}/.config/borg 174blacklist ${HOME}/.config/borg
175deny ${HOME}/.config/brasero 175blacklist ${HOME}/.config/brasero
176deny ${HOME}/.config/brave 176blacklist ${HOME}/.config/brave
177deny ${HOME}/.config/brave-flags.conf 177blacklist ${HOME}/.config/brave-flags.conf
178deny ${HOME}/.config/caja 178blacklist ${HOME}/.config/caja
179deny ${HOME}/.config/calibre 179blacklist ${HOME}/.config/calibre
180deny ${HOME}/.config/cantata 180blacklist ${HOME}/.config/cantata
181deny ${HOME}/.config/catfish 181blacklist ${HOME}/.config/catfish
182deny ${HOME}/.config/cawbird 182blacklist ${HOME}/.config/cawbird
183deny ${HOME}/.config/celluloid 183blacklist ${HOME}/.config/celluloid
184deny ${HOME}/.config/cherrytree 184blacklist ${HOME}/.config/cherrytree
185deny ${HOME}/.config/chrome-beta-flags.conf 185blacklist ${HOME}/.config/chrome-beta-flags.conf
186deny ${HOME}/.config/chrome-beta-flags.config 186blacklist ${HOME}/.config/chrome-beta-flags.config
187deny ${HOME}/.config/chrome-flags.conf 187blacklist ${HOME}/.config/chrome-flags.conf
188deny ${HOME}/.config/chrome-flags.config 188blacklist ${HOME}/.config/chrome-flags.config
189deny ${HOME}/.config/chrome-unstable-flags.conf 189blacklist ${HOME}/.config/chrome-unstable-flags.conf
190deny ${HOME}/.config/chrome-unstable-flags.config 190blacklist ${HOME}/.config/chrome-unstable-flags.config
191deny ${HOME}/.config/chromium 191blacklist ${HOME}/.config/chromium
192deny ${HOME}/.config/chromium-dev 192blacklist ${HOME}/.config/chromium-dev
193deny ${HOME}/.config/chromium-flags.conf 193blacklist ${HOME}/.config/chromium-flags.conf
194deny ${HOME}/.config/clipit 194blacklist ${HOME}/.config/clipit
195deny ${HOME}/.config/cliqz 195blacklist ${HOME}/.config/cliqz
196deny ${HOME}/.config/cmus 196blacklist ${HOME}/.config/cmus
197deny ${HOME}/.config/com.github.bleakgrey.tootle 197blacklist ${HOME}/.config/com.github.bleakgrey.tootle
198deny ${HOME}/.config/corebird 198blacklist ${HOME}/.config/corebird
199deny ${HOME}/.config/cower 199blacklist ${HOME}/.config/cower
200deny ${HOME}/.config/coyim 200blacklist ${HOME}/.config/coyim
201deny ${HOME}/.config/d-feet 201blacklist ${HOME}/.config/d-feet
202deny ${HOME}/.config/darktable 202blacklist ${HOME}/.config/darktable
203deny ${HOME}/.config/deadbeef 203blacklist ${HOME}/.config/deadbeef
204deny ${HOME}/.config/deluge 204blacklist ${HOME}/.config/deluge
205deny ${HOME}/.config/devilspie2 205blacklist ${HOME}/.config/devilspie2
206deny ${HOME}/.config/digikam 206blacklist ${HOME}/.config/digikam
207deny ${HOME}/.config/digikamrc 207blacklist ${HOME}/.config/digikamrc
208deny ${HOME}/.config/discord 208blacklist ${HOME}/.config/discord
209deny ${HOME}/.config/discordcanary 209blacklist ${HOME}/.config/discordcanary
210deny ${HOME}/.config/dkl 210blacklist ${HOME}/.config/dkl
211deny ${HOME}/.config/dnox 211blacklist ${HOME}/.config/dnox
212deny ${HOME}/.config/dolphin-emu 212blacklist ${HOME}/.config/dolphin-emu
213deny ${HOME}/.config/dolphinrc 213blacklist ${HOME}/.config/dolphinrc
214deny ${HOME}/.config/dragonplayerrc 214blacklist ${HOME}/.config/dragonplayerrc
215deny ${HOME}/.config/draw.io 215blacklist ${HOME}/.config/draw.io
216deny ${HOME}/.config/electron-mail 216blacklist ${HOME}/.config/electron-mail
217deny ${HOME}/.config/emaildefaults 217blacklist ${HOME}/.config/emaildefaults
218deny ${HOME}/.config/emailidentities 218blacklist ${HOME}/.config/emailidentities
219deny ${HOME}/.config/emilia 219blacklist ${HOME}/.config/emilia
220deny ${HOME}/.config/enchant 220blacklist ${HOME}/.config/enchant
221deny ${HOME}/.config/eog 221blacklist ${HOME}/.config/eog
222deny ${HOME}/.config/epiphany 222blacklist ${HOME}/.config/epiphany
223deny ${HOME}/.config/equalx 223blacklist ${HOME}/.config/equalx
224deny ${HOME}/.config/evince 224blacklist ${HOME}/.config/evince
225deny ${HOME}/.config/evolution 225blacklist ${HOME}/.config/evolution
226deny ${HOME}/.config/falkon 226blacklist ${HOME}/.config/falkon
227deny ${HOME}/.config/filezilla 227blacklist ${HOME}/.config/filezilla
228deny ${HOME}/.config/flameshot 228blacklist ${HOME}/.config/flameshot
229deny ${HOME}/.config/flaska.net 229blacklist ${HOME}/.config/flaska.net
230deny ${HOME}/.config/flowblade 230blacklist ${HOME}/.config/flowblade
231deny ${HOME}/.config/font-manager 231blacklist ${HOME}/.config/font-manager
232deny ${HOME}/.config/freecol 232blacklist ${HOME}/.config/freecol
233deny ${HOME}/.config/gajim 233blacklist ${HOME}/.config/gajim
234deny ${HOME}/.config/galculator 234blacklist ${HOME}/.config/galculator
235deny ${HOME}/.config/gconf 235blacklist ${HOME}/.config/gconf
236deny ${HOME}/.config/geany 236blacklist ${HOME}/.config/geany
237deny ${HOME}/.config/geary 237blacklist ${HOME}/.config/geary
238deny ${HOME}/.config/gedit 238blacklist ${HOME}/.config/gedit
239deny ${HOME}/.config/geeqie 239blacklist ${HOME}/.config/geeqie
240deny ${HOME}/.config/ghb 240blacklist ${HOME}/.config/ghb
241deny ${HOME}/.config/ghostwriter 241blacklist ${HOME}/.config/ghostwriter
242deny ${HOME}/.config/git 242blacklist ${HOME}/.config/git
243deny ${HOME}/.config/git-cola 243blacklist ${HOME}/.config/git-cola
244deny ${HOME}/.config/glade.conf 244blacklist ${HOME}/.config/glade.conf
245deny ${HOME}/.config/globaltime 245blacklist ${HOME}/.config/globaltime
246deny ${HOME}/.config/gmpc 246blacklist ${HOME}/.config/gmpc
247deny ${HOME}/.config/gnome-builder 247blacklist ${HOME}/.config/gnome-builder
248deny ${HOME}/.config/gnome-chess 248blacklist ${HOME}/.config/gnome-chess
249deny ${HOME}/.config/gnome-control-center 249blacklist ${HOME}/.config/gnome-control-center
250deny ${HOME}/.config/gnome-initial-setup-done 250blacklist ${HOME}/.config/gnome-initial-setup-done
251deny ${HOME}/.config/gnome-latex 251blacklist ${HOME}/.config/gnome-latex
252deny ${HOME}/.config/gnome-mplayer 252blacklist ${HOME}/.config/gnome-mplayer
253deny ${HOME}/.config/gnome-mpv 253blacklist ${HOME}/.config/gnome-mpv
254deny ${HOME}/.config/gnome-pie 254blacklist ${HOME}/.config/gnome-pie
255deny ${HOME}/.config/gnome-session 255blacklist ${HOME}/.config/gnome-session
256deny ${HOME}/.config/gnote 256blacklist ${HOME}/.config/gnote
257deny ${HOME}/.config/godot 257blacklist ${HOME}/.config/godot
258deny ${HOME}/.config/google-chrome 258blacklist ${HOME}/.config/google-chrome
259deny ${HOME}/.config/google-chrome-beta 259blacklist ${HOME}/.config/google-chrome-beta
260deny ${HOME}/.config/google-chrome-unstable 260blacklist ${HOME}/.config/google-chrome-unstable
261deny ${HOME}/.config/gpicview 261blacklist ${HOME}/.config/gpicview
262deny ${HOME}/.config/gthumb 262blacklist ${HOME}/.config/gthumb
263deny ${HOME}/.config/gummi 263blacklist ${HOME}/.config/gummi
264deny ${HOME}/.config/guvcview2 264blacklist ${HOME}/.config/guvcview2
265deny ${HOME}/.config/gwenviewrc 265blacklist ${HOME}/.config/gwenviewrc
266deny ${HOME}/.config/hexchat 266blacklist ${HOME}/.config/hexchat
267deny ${HOME}/.config/homebank 267blacklist ${HOME}/.config/homebank
268deny ${HOME}/.config/i2p 268blacklist ${HOME}/.config/i2p
269deny ${HOME}/.config/inkscape 269blacklist ${HOME}/.config/inkscape
270deny ${HOME}/.config/inox 270blacklist ${HOME}/.config/inox
271deny ${HOME}/.config/iridium 271blacklist ${HOME}/.config/iridium
272deny ${HOME}/.config/itch 272blacklist ${HOME}/.config/itch
273deny ${HOME}/.config/jami 273blacklist ${HOME}/.config/jami
274deny ${HOME}/.config/jd-gui.cfg 274blacklist ${HOME}/.config/jd-gui.cfg
275deny ${HOME}/.config/k3brc 275blacklist ${HOME}/.config/k3brc
276deny ${HOME}/.config/kaffeinerc 276blacklist ${HOME}/.config/kaffeinerc
277deny ${HOME}/.config/kalgebrarc 277blacklist ${HOME}/.config/kalgebrarc
278deny ${HOME}/.config/katemetainfos 278blacklist ${HOME}/.config/katemetainfos
279deny ${HOME}/.config/katepartrc 279blacklist ${HOME}/.config/katepartrc
280deny ${HOME}/.config/katerc 280blacklist ${HOME}/.config/katerc
281deny ${HOME}/.config/kateschemarc 281blacklist ${HOME}/.config/kateschemarc
282deny ${HOME}/.config/katesyntaxhighlightingrc 282blacklist ${HOME}/.config/katesyntaxhighlightingrc
283deny ${HOME}/.config/katevirc 283blacklist ${HOME}/.config/katevirc
284deny ${HOME}/.config/kazam 284blacklist ${HOME}/.config/kazam
285deny ${HOME}/.config/kdeconnect 285blacklist ${HOME}/.config/kdeconnect
286deny ${HOME}/.config/kdenliverc 286blacklist ${HOME}/.config/kdenliverc
287deny ${HOME}/.config/kdiff3fileitemactionrc 287blacklist ${HOME}/.config/kdiff3fileitemactionrc
288deny ${HOME}/.config/kdiff3rc 288blacklist ${HOME}/.config/kdiff3rc
289deny ${HOME}/.config/kfindrc 289blacklist ${HOME}/.config/kfindrc
290deny ${HOME}/.config/kgetrc 290blacklist ${HOME}/.config/kgetrc
291deny ${HOME}/.config/kid3rc 291blacklist ${HOME}/.config/kid3rc
292deny ${HOME}/.config/klavaro 292blacklist ${HOME}/.config/klavaro
293deny ${HOME}/.config/klipperrc 293blacklist ${HOME}/.config/klipperrc
294deny ${HOME}/.config/kmail2rc 294blacklist ${HOME}/.config/kmail2rc
295deny ${HOME}/.config/kmailsearchindexingrc 295blacklist ${HOME}/.config/kmailsearchindexingrc
296deny ${HOME}/.config/kmplayerrc 296blacklist ${HOME}/.config/kmplayerrc
297deny ${HOME}/.config/knotesrc 297blacklist ${HOME}/.config/knotesrc
298deny ${HOME}/.config/konversation.notifyrc 298blacklist ${HOME}/.config/konversation.notifyrc
299deny ${HOME}/.config/konversationrc 299blacklist ${HOME}/.config/konversationrc
300deny ${HOME}/.config/kritarc 300blacklist ${HOME}/.config/kritarc
301deny ${HOME}/.config/ktorrentrc 301blacklist ${HOME}/.config/ktorrentrc
302deny ${HOME}/.config/ktouch2rc 302blacklist ${HOME}/.config/ktouch2rc
303deny ${HOME}/.config/kube 303blacklist ${HOME}/.config/kube
304deny ${HOME}/.config/kwriterc 304blacklist ${HOME}/.config/kwriterc
305deny ${HOME}/.config/leafpad 305blacklist ${HOME}/.config/leafpad
306deny ${HOME}/.config/libreoffice 306blacklist ${HOME}/.config/libreoffice
307deny ${HOME}/.config/liferea 307blacklist ${HOME}/.config/liferea
308deny ${HOME}/.config/linphone 308blacklist ${HOME}/.config/linphone
309deny ${HOME}/.config/lugaru 309blacklist ${HOME}/.config/lugaru
310deny ${HOME}/.config/lutris 310blacklist ${HOME}/.config/lutris
311deny ${HOME}/.config/lximage-qt 311blacklist ${HOME}/.config/lximage-qt
312deny ${HOME}/.config/mailtransports 312blacklist ${HOME}/.config/mailtransports
313deny ${HOME}/.config/mana 313blacklist ${HOME}/.config/mana
314deny ${HOME}/.config/mate-calc 314blacklist ${HOME}/.config/mate-calc
315deny ${HOME}/.config/mate/eom 315blacklist ${HOME}/.config/mate/eom
316deny ${HOME}/.config/mate/mate-dictionary 316blacklist ${HOME}/.config/mate/mate-dictionary
317deny ${HOME}/.config/matrix-mirage 317blacklist ${HOME}/.config/matrix-mirage
318deny ${HOME}/.config/mcomix 318blacklist ${HOME}/.config/mcomix
319deny ${HOME}/.config/meld 319blacklist ${HOME}/.config/meld
320deny ${HOME}/.config/menulibre.cfg 320blacklist ${HOME}/.config/menulibre.cfg
321deny ${HOME}/.config/meteo-qt 321blacklist ${HOME}/.config/meteo-qt
322deny ${HOME}/.config/mfusion 322blacklist ${HOME}/.config/mfusion
323deny ${HOME}/.config/microsoft-edge-dev 323blacklist ${HOME}/.config/microsoft-edge-dev
324deny ${HOME}/.config/midori 324blacklist ${HOME}/.config/midori
325deny ${HOME}/.config/mirage 325blacklist ${HOME}/.config/mirage
326deny ${HOME}/.config/mono 326blacklist ${HOME}/.config/mono
327deny ${HOME}/.config/mpDris2 327blacklist ${HOME}/.config/mpDris2
328deny ${HOME}/.config/mpd 328blacklist ${HOME}/.config/mpd
329deny ${HOME}/.config/mps-youtube 329blacklist ${HOME}/.config/mps-youtube
330deny ${HOME}/.config/mpv 330blacklist ${HOME}/.config/mpv
331deny ${HOME}/.config/mupen64plus 331blacklist ${HOME}/.config/mupen64plus
332deny ${HOME}/.config/mutt 332blacklist ${HOME}/.config/mutt
333deny ${HOME}/.config/mutter 333blacklist ${HOME}/.config/mutter
334deny ${HOME}/.config/mypaint 334blacklist ${HOME}/.config/mypaint
335deny ${HOME}/.config/nano 335blacklist ${HOME}/.config/nano
336deny ${HOME}/.config/nautilus 336blacklist ${HOME}/.config/nautilus
337deny ${HOME}/.config/nemo 337blacklist ${HOME}/.config/nemo
338deny ${HOME}/.config/neochat.notifyrc 338blacklist ${HOME}/.config/neochat.notifyrc
339deny ${HOME}/.config/neochatrc 339blacklist ${HOME}/.config/neochatrc
340deny ${HOME}/.config/neomutt 340blacklist ${HOME}/.config/neomutt
341deny ${HOME}/.config/netsurf 341blacklist ${HOME}/.config/netsurf
342deny ${HOME}/.config/newsbeuter 342blacklist ${HOME}/.config/newsbeuter
343deny ${HOME}/.config/newsboat 343blacklist ${HOME}/.config/newsboat
344deny ${HOME}/.config/newsflash 344blacklist ${HOME}/.config/newsflash
345deny ${HOME}/.config/nheko 345blacklist ${HOME}/.config/nheko
346deny ${HOME}/.config/nomacs 346blacklist ${HOME}/.config/nomacs
347deny ${HOME}/.config/nuclear 347blacklist ${HOME}/.config/nuclear
348deny ${HOME}/.config/obs-studio 348blacklist ${HOME}/.config/obs-studio
349deny ${HOME}/.config/okularpartrc 349blacklist ${HOME}/.config/okularpartrc
350deny ${HOME}/.config/okularrc 350blacklist ${HOME}/.config/okularrc
351deny ${HOME}/.config/onboard 351blacklist ${HOME}/.config/onboard
352deny ${HOME}/.config/onionshare 352blacklist ${HOME}/.config/onionshare
353deny ${HOME}/.config/onlyoffice 353blacklist ${HOME}/.config/onlyoffice
354deny ${HOME}/.config/openmw 354blacklist ${HOME}/.config/openmw
355deny ${HOME}/.config/opera 355blacklist ${HOME}/.config/opera
356deny ${HOME}/.config/opera-beta 356blacklist ${HOME}/.config/opera-beta
357deny ${HOME}/.config/orage 357blacklist ${HOME}/.config/orage
358deny ${HOME}/.config/org.gabmus.gfeeds.json 358blacklist ${HOME}/.config/org.gabmus.gfeeds.json
359deny ${HOME}/.config/org.gabmus.gfeeds.saved_articles 359blacklist ${HOME}/.config/org.gabmus.gfeeds.saved_articles
360deny ${HOME}/.config/org.kde.gwenviewrc 360blacklist ${HOME}/.config/org.kde.gwenviewrc
361deny ${HOME}/.config/otter 361blacklist ${HOME}/.config/otter
362deny ${HOME}/.config/pavucontrol-qt 362blacklist ${HOME}/.config/pavucontrol-qt
363deny ${HOME}/.config/pavucontrol.ini 363blacklist ${HOME}/.config/pavucontrol.ini
364deny ${HOME}/.config/pcmanfm 364blacklist ${HOME}/.config/pcmanfm
365deny ${HOME}/.config/pdfmod 365blacklist ${HOME}/.config/pdfmod
366deny ${HOME}/.config/pipe-viewer 366blacklist ${HOME}/.config/pipe-viewer
367deny ${HOME}/.config/pitivi 367blacklist ${HOME}/.config/pitivi
368deny ${HOME}/.config/pix 368blacklist ${HOME}/.config/pix
369deny ${HOME}/.config/pluma 369blacklist ${HOME}/.config/pluma
370deny ${HOME}/.config/ppsspp 370blacklist ${HOME}/.config/ppsspp
371deny ${HOME}/.config/pragha 371blacklist ${HOME}/.config/pragha
372deny ${HOME}/.config/profanity 372blacklist ${HOME}/.config/profanity
373deny ${HOME}/.config/psi 373blacklist ${HOME}/.config/psi
374deny ${HOME}/.config/psi+ 374blacklist ${HOME}/.config/psi+
375deny ${HOME}/.config/qBittorrent 375blacklist ${HOME}/.config/qBittorrent
376deny ${HOME}/.config/qBittorrentrc 376blacklist ${HOME}/.config/qBittorrentrc
377deny ${HOME}/.config/qnapi.ini 377blacklist ${HOME}/.config/qnapi.ini
378deny ${HOME}/.config/qpdfview 378blacklist ${HOME}/.config/qpdfview
379deny ${HOME}/.config/quodlibet 379blacklist ${HOME}/.config/quodlibet
380deny ${HOME}/.config/qupzilla 380blacklist ${HOME}/.config/qupzilla
381deny ${HOME}/.config/qutebrowser 381blacklist ${HOME}/.config/qutebrowser
382deny ${HOME}/.config/ranger 382blacklist ${HOME}/.config/ranger
383deny ${HOME}/.config/redshift 383blacklist ${HOME}/.config/redshift
384deny ${HOME}/.config/redshift.conf 384blacklist ${HOME}/.config/redshift.conf
385deny ${HOME}/.config/remmina 385blacklist ${HOME}/.config/remmina
386deny ${HOME}/.config/ristretto 386blacklist ${HOME}/.config/ristretto
387deny ${HOME}/.config/rtv 387blacklist ${HOME}/.config/rtv
388deny ${HOME}/.config/scribus 388blacklist ${HOME}/.config/scribus
389deny ${HOME}/.config/scribusrc 389blacklist ${HOME}/.config/scribusrc
390deny ${HOME}/.config/sinew.in 390blacklist ${HOME}/.config/sinew.in
391deny ${HOME}/.config/sink 391blacklist ${HOME}/.config/sink
392deny ${HOME}/.config/skypeforlinux 392blacklist ${HOME}/.config/skypeforlinux
393deny ${HOME}/.config/slimjet 393blacklist ${HOME}/.config/slimjet
394deny ${HOME}/.config/smplayer 394blacklist ${HOME}/.config/smplayer
395deny ${HOME}/.config/smtube 395blacklist ${HOME}/.config/smtube
396deny ${HOME}/.config/smuxi 396blacklist ${HOME}/.config/smuxi
397deny ${HOME}/.config/snox 397blacklist ${HOME}/.config/snox
398deny ${HOME}/.config/sound-juicer 398blacklist ${HOME}/.config/sound-juicer
399deny ${HOME}/.config/specialmailcollectionsrc 399blacklist ${HOME}/.config/specialmailcollectionsrc
400deny ${HOME}/.config/spectaclerc 400blacklist ${HOME}/.config/spectaclerc
401deny ${HOME}/.config/spotify 401blacklist ${HOME}/.config/spotify
402deny ${HOME}/.config/sqlitebrowser 402blacklist ${HOME}/.config/sqlitebrowser
403deny ${HOME}/.config/stellarium 403blacklist ${HOME}/.config/stellarium
404deny ${HOME}/.config/straw-viewer 404blacklist ${HOME}/.config/straw-viewer
405deny ${HOME}/.config/strawberry 405blacklist ${HOME}/.config/strawberry
406deny ${HOME}/.config/supertuxkart 406blacklist ${HOME}/.config/supertuxkart
407deny ${HOME}/.config/synfig 407blacklist ${HOME}/.config/synfig
408deny ${HOME}/.config/teams 408blacklist ${HOME}/.config/teams
409deny ${HOME}/.config/teams-for-linux 409blacklist ${HOME}/.config/teams-for-linux
410deny ${HOME}/.config/telepathy-account-widgets 410blacklist ${HOME}/.config/telepathy-account-widgets
411deny ${HOME}/.config/torbrowser 411blacklist ${HOME}/.config/torbrowser
412deny ${HOME}/.config/totem 412blacklist ${HOME}/.config/totem
413deny ${HOME}/.config/tox 413blacklist ${HOME}/.config/tox
414deny ${HOME}/.config/transgui 414blacklist ${HOME}/.config/transgui
415deny ${HOME}/.config/transmission 415blacklist ${HOME}/.config/transmission
416deny ${HOME}/.config/truecraft 416blacklist ${HOME}/.config/truecraft
417deny ${HOME}/.config/tuta_integration 417blacklist ${HOME}/.config/tuta_integration
418deny ${HOME}/.config/tutanota-desktop 418blacklist ${HOME}/.config/tutanota-desktop
419deny ${HOME}/.config/tvbrowser 419blacklist ${HOME}/.config/tvbrowser
420deny ${HOME}/.config/uGet 420blacklist ${HOME}/.config/uGet
421deny ${HOME}/.config/ungoogled-chromium 421blacklist ${HOME}/.config/ungoogled-chromium
422deny ${HOME}/.config/uzbl 422blacklist ${HOME}/.config/uzbl
423deny ${HOME}/.config/viewnior 423blacklist ${HOME}/.config/viewnior
424deny ${HOME}/.config/vivaldi 424blacklist ${HOME}/.config/vivaldi
425deny ${HOME}/.config/vivaldi-snapshot 425blacklist ${HOME}/.config/vivaldi-snapshot
426deny ${HOME}/.config/vlc 426blacklist ${HOME}/.config/vlc
427deny ${HOME}/.config/wesnoth 427blacklist ${HOME}/.config/wesnoth
428deny ${HOME}/.config/wireshark 428blacklist ${HOME}/.config/wireshark
429deny ${HOME}/.config/wormux 429blacklist ${HOME}/.config/wormux
430deny ${HOME}/.config/xchat 430blacklist ${HOME}/.config/xchat
431deny ${HOME}/.config/xed 431blacklist ${HOME}/.config/xed
432deny ${HOME}/.config/xfburn 432blacklist ${HOME}/.config/xfburn
433deny ${HOME}/.config/xfce4-dict 433blacklist ${HOME}/.config/xfce4-dict
434deny ${HOME}/.config/xfce4/xfce4-notes.gtkrc 434blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc
435deny ${HOME}/.config/xfce4/xfce4-notes.rc 435blacklist ${HOME}/.config/xfce4/xfce4-notes.rc
436deny ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml 436blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
437deny ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml 437blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
438deny ${HOME}/.config/xiaoyong 438blacklist ${HOME}/.config/xiaoyong
439deny ${HOME}/.config/xmms2 439blacklist ${HOME}/.config/xmms2
440deny ${HOME}/.config/xplayer 440blacklist ${HOME}/.config/xplayer
441deny ${HOME}/.config/xreader 441blacklist ${HOME}/.config/xreader
442deny ${HOME}/.config/xviewer 442blacklist ${HOME}/.config/xviewer
443deny ${HOME}/.config/yandex-browser 443blacklist ${HOME}/.config/yandex-browser
444deny ${HOME}/.config/yandex-browser-beta 444blacklist ${HOME}/.config/yandex-browser-beta
445deny ${HOME}/.config/yelp 445blacklist ${HOME}/.config/yelp
446deny ${HOME}/.config/youtube-dl 446blacklist ${HOME}/.config/youtube-dl
447deny ${HOME}/.config/youtube-dlg 447blacklist ${HOME}/.config/youtube-dlg
448deny ${HOME}/.config/youtube-music-desktop-app 448blacklist ${HOME}/.config/youtube-music-desktop-app
449deny ${HOME}/.config/youtube-viewer 449blacklist ${HOME}/.config/youtube-viewer
450deny ${HOME}/.config/youtubemusic-nativefier-040164 450blacklist ${HOME}/.config/youtubemusic-nativefier-040164
451deny ${HOME}/.config/zathura 451blacklist ${HOME}/.config/zathura
452deny ${HOME}/.config/zoomus.conf 452blacklist ${HOME}/.config/zoomus.conf
453deny ${HOME}/.conkeror.mozdev.org 453blacklist ${HOME}/.conkeror.mozdev.org
454deny ${HOME}/.crawl 454blacklist ${HOME}/.crawl
455deny ${HOME}/.cups 455blacklist ${HOME}/.cups
456deny ${HOME}/.curl-hsts 456blacklist ${HOME}/.curl-hsts
457deny ${HOME}/.curlrc 457blacklist ${HOME}/.curlrc
458deny ${HOME}/.dashcore 458blacklist ${HOME}/.dashcore
459deny ${HOME}/.devilspie 459blacklist ${HOME}/.devilspie
460deny ${HOME}/.dia 460blacklist ${HOME}/.dia
461deny ${HOME}/.digrc 461blacklist ${HOME}/.digrc
462deny ${HOME}/.dillo 462blacklist ${HOME}/.dillo
463deny ${HOME}/.dooble 463blacklist ${HOME}/.dooble
464deny ${HOME}/.dosbox 464blacklist ${HOME}/.dosbox
465deny ${HOME}/.dropbox* 465blacklist ${HOME}/.dropbox*
466deny ${HOME}/.easystroke 466blacklist ${HOME}/.easystroke
467deny ${HOME}/.electron-cache 467blacklist ${HOME}/.electron-cache
468deny ${HOME}/.electrum* 468blacklist ${HOME}/.electrum*
469deny ${HOME}/.elinks 469blacklist ${HOME}/.elinks
470deny ${HOME}/.emacs 470blacklist ${HOME}/.emacs
471deny ${HOME}/.emacs.d 471blacklist ${HOME}/.emacs.d
472deny ${HOME}/.equalx 472blacklist ${HOME}/.equalx
473deny ${HOME}/.ethereum 473blacklist ${HOME}/.ethereum
474deny ${HOME}/.etr 474blacklist ${HOME}/.etr
475deny ${HOME}/.filezilla 475blacklist ${HOME}/.filezilla
476deny ${HOME}/.firedragon 476blacklist ${HOME}/.firedragon
477deny ${HOME}/.flowblade 477blacklist ${HOME}/.flowblade
478deny ${HOME}/.fltk 478blacklist ${HOME}/.fltk
479deny ${HOME}/.fossamail 479blacklist ${HOME}/.fossamail
480deny ${HOME}/.freeciv 480blacklist ${HOME}/.freeciv
481deny ${HOME}/.freecol 481blacklist ${HOME}/.freecol
482deny ${HOME}/.freemind 482blacklist ${HOME}/.freemind
483deny ${HOME}/.frogatto 483blacklist ${HOME}/.frogatto
484deny ${HOME}/.frozen-bubble 484blacklist ${HOME}/.frozen-bubble
485deny ${HOME}/.funnyboat 485blacklist ${HOME}/.funnyboat
486deny ${HOME}/.gimp* 486blacklist ${HOME}/.gimp*
487deny ${HOME}/.gist 487blacklist ${HOME}/.gist
488deny ${HOME}/.gitconfig 488blacklist ${HOME}/.gitconfig
489deny ${HOME}/.gl-117 489blacklist ${HOME}/.gl-117
490deny ${HOME}/.glaxiumrc 490blacklist ${HOME}/.glaxiumrc
491deny ${HOME}/.gnome/gnome-schedule 491blacklist ${HOME}/.gnome/gnome-schedule
492deny ${HOME}/.googleearth 492blacklist ${HOME}/.googleearth
493deny ${HOME}/.gradle 493blacklist ${HOME}/.gradle
494deny ${HOME}/.gramps 494blacklist ${HOME}/.gramps
495deny ${HOME}/.guayadeque 495blacklist ${HOME}/.guayadeque
496deny ${HOME}/.hashcat 496blacklist ${HOME}/.hashcat
497deny ${HOME}/.hedgewars 497blacklist ${HOME}/.hedgewars
498deny ${HOME}/.hex-a-hop 498blacklist ${HOME}/.hex-a-hop
499deny ${HOME}/.hugin 499blacklist ${HOME}/.hugin
500deny ${HOME}/.i2p 500blacklist ${HOME}/.i2p
501deny ${HOME}/.icedove 501blacklist ${HOME}/.icedove
502deny ${HOME}/.imagej 502blacklist ${HOME}/.imagej
503deny ${HOME}/.inkscape 503blacklist ${HOME}/.inkscape
504deny ${HOME}/.itch 504blacklist ${HOME}/.itch
505deny ${HOME}/.jack-server 505blacklist ${HOME}/.jack-server
506deny ${HOME}/.jack-settings 506blacklist ${HOME}/.jack-settings
507deny ${HOME}/.jak 507blacklist ${HOME}/.jak
508deny ${HOME}/.java 508blacklist ${HOME}/.java
509deny ${HOME}/.jd 509blacklist ${HOME}/.jd
510deny ${HOME}/.jitsi 510blacklist ${HOME}/.jitsi
511deny ${HOME}/.jumpnbump 511blacklist ${HOME}/.jumpnbump
512deny ${HOME}/.kde/share/apps/digikam 512blacklist ${HOME}/.kde/share/apps/digikam
513deny ${HOME}/.kde/share/apps/gwenview 513blacklist ${HOME}/.kde/share/apps/gwenview
514deny ${HOME}/.kde/share/apps/kaffeine 514blacklist ${HOME}/.kde/share/apps/kaffeine
515deny ${HOME}/.kde/share/apps/kcookiejar 515blacklist ${HOME}/.kde/share/apps/kcookiejar
516deny ${HOME}/.kde/share/apps/kget 516blacklist ${HOME}/.kde/share/apps/kget
517deny ${HOME}/.kde/share/apps/khtml 517blacklist ${HOME}/.kde/share/apps/khtml
518deny ${HOME}/.kde/share/apps/klatexformula 518blacklist ${HOME}/.kde/share/apps/klatexformula
519deny ${HOME}/.kde/share/apps/konqsidebartng 519blacklist ${HOME}/.kde/share/apps/konqsidebartng
520deny ${HOME}/.kde/share/apps/konqueror 520blacklist ${HOME}/.kde/share/apps/konqueror
521deny ${HOME}/.kde/share/apps/kopete 521blacklist ${HOME}/.kde/share/apps/kopete
522deny ${HOME}/.kde/share/apps/ktorrent 522blacklist ${HOME}/.kde/share/apps/ktorrent
523deny ${HOME}/.kde/share/apps/okular 523blacklist ${HOME}/.kde/share/apps/okular
524deny ${HOME}/.kde/share/config/baloofilerc 524blacklist ${HOME}/.kde/share/config/baloofilerc
525deny ${HOME}/.kde/share/config/baloorc 525blacklist ${HOME}/.kde/share/config/baloorc
526deny ${HOME}/.kde/share/config/digikam 526blacklist ${HOME}/.kde/share/config/digikam
527deny ${HOME}/.kde/share/config/gwenviewrc 527blacklist ${HOME}/.kde/share/config/gwenviewrc
528deny ${HOME}/.kde/share/config/k3brc 528blacklist ${HOME}/.kde/share/config/k3brc
529deny ${HOME}/.kde/share/config/kaffeinerc 529blacklist ${HOME}/.kde/share/config/kaffeinerc
530deny ${HOME}/.kde/share/config/kcookiejarrc 530blacklist ${HOME}/.kde/share/config/kcookiejarrc
531deny ${HOME}/.kde/share/config/kfindrc 531blacklist ${HOME}/.kde/share/config/kfindrc
532deny ${HOME}/.kde/share/config/kgetrc 532blacklist ${HOME}/.kde/share/config/kgetrc
533deny ${HOME}/.kde/share/config/khtmlrc 533blacklist ${HOME}/.kde/share/config/khtmlrc
534deny ${HOME}/.kde/share/config/klipperrc 534blacklist ${HOME}/.kde/share/config/klipperrc
535deny ${HOME}/.kde/share/config/kmplayerrc 535blacklist ${HOME}/.kde/share/config/kmplayerrc
536deny ${HOME}/.kde/share/config/konq_history 536blacklist ${HOME}/.kde/share/config/konq_history
537deny ${HOME}/.kde/share/config/konqsidebartngrc 537blacklist ${HOME}/.kde/share/config/konqsidebartngrc
538deny ${HOME}/.kde/share/config/konquerorrc 538blacklist ${HOME}/.kde/share/config/konquerorrc
539deny ${HOME}/.kde/share/config/konversationrc 539blacklist ${HOME}/.kde/share/config/konversationrc
540deny ${HOME}/.kde/share/config/kopeterc 540blacklist ${HOME}/.kde/share/config/kopeterc
541deny ${HOME}/.kde/share/config/ktorrentrc 541blacklist ${HOME}/.kde/share/config/ktorrentrc
542deny ${HOME}/.kde/share/config/okularpartrc 542blacklist ${HOME}/.kde/share/config/okularpartrc
543deny ${HOME}/.kde/share/config/okularrc 543blacklist ${HOME}/.kde/share/config/okularrc
544deny ${HOME}/.kde4/share/apps/digikam 544blacklist ${HOME}/.kde4/share/apps/digikam
545deny ${HOME}/.kde4/share/apps/gwenview 545blacklist ${HOME}/.kde4/share/apps/gwenview
546deny ${HOME}/.kde4/share/apps/kaffeine 546blacklist ${HOME}/.kde4/share/apps/kaffeine
547deny ${HOME}/.kde4/share/apps/kcookiejar 547blacklist ${HOME}/.kde4/share/apps/kcookiejar
548deny ${HOME}/.kde4/share/apps/kget 548blacklist ${HOME}/.kde4/share/apps/kget
549deny ${HOME}/.kde4/share/apps/khtml 549blacklist ${HOME}/.kde4/share/apps/khtml
550deny ${HOME}/.kde4/share/apps/konqsidebartng 550blacklist ${HOME}/.kde4/share/apps/konqsidebartng
551deny ${HOME}/.kde4/share/apps/konqueror 551blacklist ${HOME}/.kde4/share/apps/konqueror
552deny ${HOME}/.kde4/share/apps/kopete 552blacklist ${HOME}/.kde4/share/apps/kopete
553deny ${HOME}/.kde4/share/apps/ktorrent 553blacklist ${HOME}/.kde4/share/apps/ktorrent
554deny ${HOME}/.kde4/share/apps/okular 554blacklist ${HOME}/.kde4/share/apps/okular
555deny ${HOME}/.kde4/share/config/baloofilerc 555blacklist ${HOME}/.kde4/share/config/baloofilerc
556deny ${HOME}/.kde4/share/config/baloorc 556blacklist ${HOME}/.kde4/share/config/baloorc
557deny ${HOME}/.kde4/share/config/digikam 557blacklist ${HOME}/.kde4/share/config/digikam
558deny ${HOME}/.kde4/share/config/gwenviewrc 558blacklist ${HOME}/.kde4/share/config/gwenviewrc
559deny ${HOME}/.kde4/share/config/k3brc 559blacklist ${HOME}/.kde4/share/config/k3brc
560deny ${HOME}/.kde4/share/config/kaffeinerc 560blacklist ${HOME}/.kde4/share/config/kaffeinerc
561deny ${HOME}/.kde4/share/config/kcookiejarrc 561blacklist ${HOME}/.kde4/share/config/kcookiejarrc
562deny ${HOME}/.kde4/share/config/kfindrc 562blacklist ${HOME}/.kde4/share/config/kfindrc
563deny ${HOME}/.kde4/share/config/kgetrc 563blacklist ${HOME}/.kde4/share/config/kgetrc
564deny ${HOME}/.kde4/share/config/khtmlrc 564blacklist ${HOME}/.kde4/share/config/khtmlrc
565deny ${HOME}/.kde4/share/config/klipperrc 565blacklist ${HOME}/.kde4/share/config/klipperrc
566deny ${HOME}/.kde4/share/config/konq_history 566blacklist ${HOME}/.kde4/share/config/konq_history
567deny ${HOME}/.kde4/share/config/konqsidebartngrc 567blacklist ${HOME}/.kde4/share/config/konqsidebartngrc
568deny ${HOME}/.kde4/share/config/konquerorrc 568blacklist ${HOME}/.kde4/share/config/konquerorrc
569deny ${HOME}/.kde4/share/config/konversationrc 569blacklist ${HOME}/.kde4/share/config/konversationrc
570deny ${HOME}/.kde4/share/config/kopeterc 570blacklist ${HOME}/.kde4/share/config/kopeterc
571deny ${HOME}/.kde4/share/config/ktorrentrc 571blacklist ${HOME}/.kde4/share/config/ktorrentrc
572deny ${HOME}/.kde4/share/config/okularpartrc 572blacklist ${HOME}/.kde4/share/config/okularpartrc
573deny ${HOME}/.kde4/share/config/okularrc 573blacklist ${HOME}/.kde4/share/config/okularrc
574deny ${HOME}/.killingfloor 574blacklist ${HOME}/.killingfloor
575deny ${HOME}/.kingsoft 575blacklist ${HOME}/.kingsoft
576deny ${HOME}/.kino-history 576blacklist ${HOME}/.kino-history
577deny ${HOME}/.kinorc 577blacklist ${HOME}/.kinorc
578deny ${HOME}/.klatexformula 578blacklist ${HOME}/.klatexformula
579deny ${HOME}/.klei 579blacklist ${HOME}/.klei
580deny ${HOME}/.kodi 580blacklist ${HOME}/.kodi
581deny ${HOME}/.librewolf 581blacklist ${HOME}/.librewolf
582deny ${HOME}/.lincity-ng 582blacklist ${HOME}/.lincity-ng
583deny ${HOME}/.links 583blacklist ${HOME}/.links
584deny ${HOME}/.links2 584blacklist ${HOME}/.links2
585deny ${HOME}/.linphone-history.db 585blacklist ${HOME}/.linphone-history.db
586deny ${HOME}/.linphonerc 586blacklist ${HOME}/.linphonerc
587deny ${HOME}/.lmmsrc.xml 587blacklist ${HOME}/.lmmsrc.xml
588deny ${HOME}/.local/lib/vivaldi 588blacklist ${HOME}/.local/lib/vivaldi
589deny ${HOME}/.local/share/0ad 589blacklist ${HOME}/.local/share/0ad
590deny ${HOME}/.local/share/3909/PapersPlease 590blacklist ${HOME}/.local/share/3909/PapersPlease
591deny ${HOME}/.local/share/Anki2 591blacklist ${HOME}/.local/share/Anki2
592deny ${HOME}/.local/share/Dredmor 592blacklist ${HOME}/.local/share/Dredmor
593deny ${HOME}/.local/share/Empathy 593blacklist ${HOME}/.local/share/Empathy
594deny ${HOME}/.local/share/Enpass 594blacklist ${HOME}/.local/share/Enpass
595deny ${HOME}/.local/share/FasterThanLight 595blacklist ${HOME}/.local/share/FasterThanLight
596deny ${HOME}/.local/share/Flavio Tordini 596blacklist ${HOME}/.local/share/Flavio Tordini
597deny ${HOME}/.local/share/IntoTheBreach 597blacklist ${HOME}/.local/share/IntoTheBreach
598deny ${HOME}/.local/share/JetBrains 598blacklist ${HOME}/.local/share/JetBrains
599deny ${HOME}/.local/share/KDE/neochat 599blacklist ${HOME}/.local/share/KDE/neochat
600deny ${HOME}/.local/share/Kingsoft 600blacklist ${HOME}/.local/share/Kingsoft
601deny ${HOME}/.local/share/LibreCAD 601blacklist ${HOME}/.local/share/LibreCAD
602deny ${HOME}/.local/share/Mendeley Ltd. 602blacklist ${HOME}/.local/share/Mendeley Ltd.
603deny ${HOME}/.local/share/Mumble 603blacklist ${HOME}/.local/share/Mumble
604deny ${HOME}/.local/share/Nextcloud 604blacklist ${HOME}/.local/share/Nextcloud
605deny ${HOME}/.local/share/PBE 605blacklist ${HOME}/.local/share/PBE
606deny ${HOME}/.local/share/Paradox Interactive 606blacklist ${HOME}/.local/share/Paradox Interactive
607deny ${HOME}/.local/share/PawelStolowski 607blacklist ${HOME}/.local/share/PawelStolowski
608deny ${HOME}/.local/share/PillarsOfEternity 608blacklist ${HOME}/.local/share/PillarsOfEternity
609deny ${HOME}/.local/share/Psi 609blacklist ${HOME}/.local/share/Psi
610deny ${HOME}/.local/share/QGIS 610blacklist ${HOME}/.local/share/QGIS
611deny ${HOME}/.local/share/QMediathekView 611blacklist ${HOME}/.local/share/QMediathekView
612deny ${HOME}/.local/share/QuiteRss 612blacklist ${HOME}/.local/share/QuiteRss
613deny ${HOME}/.local/share/Ricochet 613blacklist ${HOME}/.local/share/Ricochet
614deny ${HOME}/.local/share/RogueLegacy 614blacklist ${HOME}/.local/share/RogueLegacy
615deny ${HOME}/.local/share/RogueLegacyStorageContainer 615blacklist ${HOME}/.local/share/RogueLegacyStorageContainer
616deny ${HOME}/.local/share/Shortwave 616blacklist ${HOME}/.local/share/Shortwave
617deny ${HOME}/.local/share/Steam 617blacklist ${HOME}/.local/share/Steam
618deny ${HOME}/.local/share/SteamWorld Dig 2 618blacklist ${HOME}/.local/share/SteamWorld Dig 2
619deny ${HOME}/.local/share/SteamWorldDig 619blacklist ${HOME}/.local/share/SteamWorldDig
620deny ${HOME}/.local/share/SuperHexagon 620blacklist ${HOME}/.local/share/SuperHexagon
621deny ${HOME}/.local/share/TelegramDesktop 621blacklist ${HOME}/.local/share/TelegramDesktop
622deny ${HOME}/.local/share/Terraria 622blacklist ${HOME}/.local/share/Terraria
623deny ${HOME}/.local/share/TpLogger 623blacklist ${HOME}/.local/share/TpLogger
624deny ${HOME}/.local/share/Zeal 624blacklist ${HOME}/.local/share/Zeal
625deny ${HOME}/.local/share/agenda 625blacklist ${HOME}/.local/share/agenda
626deny ${HOME}/.local/share/akonadi* 626blacklist ${HOME}/.local/share/akonadi*
627deny ${HOME}/.local/share/akregator 627blacklist ${HOME}/.local/share/akregator
628deny ${HOME}/.local/share/apps/korganizer 628blacklist ${HOME}/.local/share/apps/korganizer
629deny ${HOME}/.local/share/aspyr-media 629blacklist ${HOME}/.local/share/aspyr-media
630deny ${HOME}/.local/share/authenticator-rs 630blacklist ${HOME}/.local/share/authenticator-rs
631deny ${HOME}/.local/share/autokey 631blacklist ${HOME}/.local/share/autokey
632deny ${HOME}/.local/share/backintime 632blacklist ${HOME}/.local/share/backintime
633deny ${HOME}/.local/share/baloo 633blacklist ${HOME}/.local/share/baloo
634deny ${HOME}/.local/share/barrier 634blacklist ${HOME}/.local/share/barrier
635deny ${HOME}/.local/share/bibletime 635blacklist ${HOME}/.local/share/bibletime
636deny ${HOME}/.local/share/bijiben 636blacklist ${HOME}/.local/share/bijiben
637deny ${HOME}/.local/share/bohemiainteractive 637blacklist ${HOME}/.local/share/bohemiainteractive
638deny ${HOME}/.local/share/caja-python 638blacklist ${HOME}/.local/share/caja-python
639deny ${HOME}/.local/share/calligragemini 639blacklist ${HOME}/.local/share/calligragemini
640deny ${HOME}/.local/share/cantata 640blacklist ${HOME}/.local/share/cantata
641deny ${HOME}/.local/share/cdprojektred 641blacklist ${HOME}/.local/share/cdprojektred
642deny ${HOME}/.local/share/clipit 642blacklist ${HOME}/.local/share/clipit
643deny ${HOME}/.local/share/com.github.johnfactotum.Foliate 643blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate
644deny ${HOME}/.local/share/contacts 644blacklist ${HOME}/.local/share/contacts
645deny ${HOME}/.local/share/cor-games 645blacklist ${HOME}/.local/share/cor-games
646deny ${HOME}/.local/share/data/Mendeley Ltd. 646blacklist ${HOME}/.local/share/data/Mendeley Ltd.
647deny ${HOME}/.local/share/data/Mumble 647blacklist ${HOME}/.local/share/data/Mumble
648deny ${HOME}/.local/share/data/MusE 648blacklist ${HOME}/.local/share/data/MusE
649deny ${HOME}/.local/share/data/MuseScore 649blacklist ${HOME}/.local/share/data/MuseScore
650deny ${HOME}/.local/share/data/nomacs 650blacklist ${HOME}/.local/share/data/nomacs
651deny ${HOME}/.local/share/data/qBittorrent 651blacklist ${HOME}/.local/share/data/qBittorrent
652deny ${HOME}/.local/share/dino 652blacklist ${HOME}/.local/share/dino
653deny ${HOME}/.local/share/dolphin 653blacklist ${HOME}/.local/share/dolphin
654deny ${HOME}/.local/share/dolphin-emu 654blacklist ${HOME}/.local/share/dolphin-emu
655deny ${HOME}/.local/share/emailidentities 655blacklist ${HOME}/.local/share/emailidentities
656deny ${HOME}/.local/share/epiphany 656blacklist ${HOME}/.local/share/epiphany
657deny ${HOME}/.local/share/evolution 657blacklist ${HOME}/.local/share/evolution
658deny ${HOME}/.local/share/feedreader 658blacklist ${HOME}/.local/share/feedreader
659deny ${HOME}/.local/share/feral-interactive 659blacklist ${HOME}/.local/share/feral-interactive
660deny ${HOME}/.local/share/five-or-more 660blacklist ${HOME}/.local/share/five-or-more
661deny ${HOME}/.local/share/freecol 661blacklist ${HOME}/.local/share/freecol
662deny ${HOME}/.local/share/gajim 662blacklist ${HOME}/.local/share/gajim
663deny ${HOME}/.local/share/geary 663blacklist ${HOME}/.local/share/geary
664deny ${HOME}/.local/share/geeqie 664blacklist ${HOME}/.local/share/geeqie
665deny ${HOME}/.local/share/ghostwriter 665blacklist ${HOME}/.local/share/ghostwriter
666deny ${HOME}/.local/share/gitg 666blacklist ${HOME}/.local/share/gitg
667deny ${HOME}/.local/share/gnome-2048 667blacklist ${HOME}/.local/share/gnome-2048
668deny ${HOME}/.local/share/gnome-boxes 668blacklist ${HOME}/.local/share/gnome-boxes
669deny ${HOME}/.local/share/gnome-builder 669blacklist ${HOME}/.local/share/gnome-builder
670deny ${HOME}/.local/share/gnome-chess 670blacklist ${HOME}/.local/share/gnome-chess
671deny ${HOME}/.local/share/gnome-klotski 671blacklist ${HOME}/.local/share/gnome-klotski
672deny ${HOME}/.local/share/gnome-latex 672blacklist ${HOME}/.local/share/gnome-latex
673deny ${HOME}/.local/share/gnome-mines 673blacklist ${HOME}/.local/share/gnome-mines
674deny ${HOME}/.local/share/gnome-music 674blacklist ${HOME}/.local/share/gnome-music
675deny ${HOME}/.local/share/gnome-nibbles 675blacklist ${HOME}/.local/share/gnome-nibbles
676deny ${HOME}/.local/share/gnome-photos 676blacklist ${HOME}/.local/share/gnome-photos
677deny ${HOME}/.local/share/gnome-pomodoro 677blacklist ${HOME}/.local/share/gnome-pomodoro
678deny ${HOME}/.local/share/gnome-recipes 678blacklist ${HOME}/.local/share/gnome-recipes
679deny ${HOME}/.local/share/gnome-ring 679blacklist ${HOME}/.local/share/gnome-ring
680deny ${HOME}/.local/share/gnome-sudoku 680blacklist ${HOME}/.local/share/gnome-sudoku
681deny ${HOME}/.local/share/gnome-twitch 681blacklist ${HOME}/.local/share/gnome-twitch
682deny ${HOME}/.local/share/gnote 682blacklist ${HOME}/.local/share/gnote
683deny ${HOME}/.local/share/godot 683blacklist ${HOME}/.local/share/godot
684deny ${HOME}/.local/share/gradio 684blacklist ${HOME}/.local/share/gradio
685deny ${HOME}/.local/share/gwenview 685blacklist ${HOME}/.local/share/gwenview
686deny ${HOME}/.local/share/i2p 686blacklist ${HOME}/.local/share/i2p
687deny ${HOME}/.local/share/jami 687blacklist ${HOME}/.local/share/jami
688deny ${HOME}/.local/share/kaffeine 688blacklist ${HOME}/.local/share/kaffeine
689deny ${HOME}/.local/share/kalgebra 689blacklist ${HOME}/.local/share/kalgebra
690deny ${HOME}/.local/share/kate 690blacklist ${HOME}/.local/share/kate
691deny ${HOME}/.local/share/kdenlive 691blacklist ${HOME}/.local/share/kdenlive
692deny ${HOME}/.local/share/kget 692blacklist ${HOME}/.local/share/kget
693deny ${HOME}/.local/share/kiwix 693blacklist ${HOME}/.local/share/kiwix
694deny ${HOME}/.local/share/kiwix-desktop 694blacklist ${HOME}/.local/share/kiwix-desktop
695deny ${HOME}/.local/share/klavaro 695blacklist ${HOME}/.local/share/klavaro
696deny ${HOME}/.local/share/kmail2 696blacklist ${HOME}/.local/share/kmail2
697deny ${HOME}/.local/share/kmplayer 697blacklist ${HOME}/.local/share/kmplayer
698deny ${HOME}/.local/share/knotes 698blacklist ${HOME}/.local/share/knotes
699deny ${HOME}/.local/share/krita 699blacklist ${HOME}/.local/share/krita
700deny ${HOME}/.local/share/ktorrent 700blacklist ${HOME}/.local/share/ktorrent
701deny ${HOME}/.local/share/ktorrentrc 701blacklist ${HOME}/.local/share/ktorrentrc
702deny ${HOME}/.local/share/ktouch 702blacklist ${HOME}/.local/share/ktouch
703deny ${HOME}/.local/share/kube 703blacklist ${HOME}/.local/share/kube
704deny ${HOME}/.local/share/kwrite 704blacklist ${HOME}/.local/share/kwrite
705deny ${HOME}/.local/share/kxmlgui5/* 705blacklist ${HOME}/.local/share/kxmlgui5/*
706deny ${HOME}/.local/share/liferea 706blacklist ${HOME}/.local/share/liferea
707deny ${HOME}/.local/share/linphone 707blacklist ${HOME}/.local/share/linphone
708deny ${HOME}/.local/share/local-mail 708blacklist ${HOME}/.local/share/local-mail
709deny ${HOME}/.local/share/lollypop 709blacklist ${HOME}/.local/share/lollypop
710deny ${HOME}/.local/share/love 710blacklist ${HOME}/.local/share/love
711deny ${HOME}/.local/share/lugaru 711blacklist ${HOME}/.local/share/lugaru
712deny ${HOME}/.local/share/lutris 712blacklist ${HOME}/.local/share/lutris
713deny ${HOME}/.local/share/man 713blacklist ${HOME}/.local/share/man
714deny ${HOME}/.local/share/mana 714blacklist ${HOME}/.local/share/mana
715deny ${HOME}/.local/share/maps-places.json 715blacklist ${HOME}/.local/share/maps-places.json
716deny ${HOME}/.local/share/matrix-mirage 716blacklist ${HOME}/.local/share/matrix-mirage
717deny ${HOME}/.local/share/mcomix 717blacklist ${HOME}/.local/share/mcomix
718deny ${HOME}/.local/share/meld 718blacklist ${HOME}/.local/share/meld
719deny ${HOME}/.local/share/midori 719blacklist ${HOME}/.local/share/midori
720deny ${HOME}/.local/share/minder 720blacklist ${HOME}/.local/share/minder
721deny ${HOME}/.local/share/mirage 721blacklist ${HOME}/.local/share/mirage
722deny ${HOME}/.local/share/multimc 722blacklist ${HOME}/.local/share/multimc
723deny ${HOME}/.local/share/multimc5 723blacklist ${HOME}/.local/share/multimc5
724deny ${HOME}/.local/share/mupen64plus 724blacklist ${HOME}/.local/share/mupen64plus
725deny ${HOME}/.local/share/mypaint 725blacklist ${HOME}/.local/share/mypaint
726deny ${HOME}/.local/share/nautilus 726blacklist ${HOME}/.local/share/nautilus
727deny ${HOME}/.local/share/nautilus-python 727blacklist ${HOME}/.local/share/nautilus-python
728deny ${HOME}/.local/share/nemo 728blacklist ${HOME}/.local/share/nemo
729deny ${HOME}/.local/share/nemo-python 729blacklist ${HOME}/.local/share/nemo-python
730deny ${HOME}/.local/share/news-flash 730blacklist ${HOME}/.local/share/news-flash
731deny ${HOME}/.local/share/newsbeuter 731blacklist ${HOME}/.local/share/newsbeuter
732deny ${HOME}/.local/share/newsboat 732blacklist ${HOME}/.local/share/newsboat
733deny ${HOME}/.local/share/nheko 733blacklist ${HOME}/.local/share/nheko
734deny ${HOME}/.local/share/nomacs 734blacklist ${HOME}/.local/share/nomacs
735deny ${HOME}/.local/share/notes 735blacklist ${HOME}/.local/share/notes
736deny ${HOME}/.local/share/ocenaudio 736blacklist ${HOME}/.local/share/ocenaudio
737deny ${HOME}/.local/share/okular 737blacklist ${HOME}/.local/share/okular
738deny ${HOME}/.local/share/onlyoffice 738blacklist ${HOME}/.local/share/onlyoffice
739deny ${HOME}/.local/share/openmw 739blacklist ${HOME}/.local/share/openmw
740deny ${HOME}/.local/share/orage 740blacklist ${HOME}/.local/share/orage
741deny ${HOME}/.local/share/org.kde.gwenview 741blacklist ${HOME}/.local/share/org.kde.gwenview
742deny ${HOME}/.local/share/pix 742blacklist ${HOME}/.local/share/pix
743deny ${HOME}/.local/share/plasma_notes 743blacklist ${HOME}/.local/share/plasma_notes
744deny ${HOME}/.local/share/profanity 744blacklist ${HOME}/.local/share/profanity
745deny ${HOME}/.local/share/psi 745blacklist ${HOME}/.local/share/psi
746deny ${HOME}/.local/share/psi+ 746blacklist ${HOME}/.local/share/psi+
747deny ${HOME}/.local/share/qpdfview 747blacklist ${HOME}/.local/share/qpdfview
748deny ${HOME}/.local/share/quadrapassel 748blacklist ${HOME}/.local/share/quadrapassel
749deny ${HOME}/.local/share/qutebrowser 749blacklist ${HOME}/.local/share/qutebrowser
750deny ${HOME}/.local/share/remmina 750blacklist ${HOME}/.local/share/remmina
751deny ${HOME}/.local/share/rhythmbox 751blacklist ${HOME}/.local/share/rhythmbox
752deny ${HOME}/.local/share/rtv 752blacklist ${HOME}/.local/share/rtv
753deny ${HOME}/.local/share/scribus 753blacklist ${HOME}/.local/share/scribus
754deny ${HOME}/.local/share/shotwell 754blacklist ${HOME}/.local/share/shotwell
755deny ${HOME}/.local/share/signal-cli 755blacklist ${HOME}/.local/share/signal-cli
756deny ${HOME}/.local/share/sink 756blacklist ${HOME}/.local/share/sink
757deny ${HOME}/.local/share/smuxi 757blacklist ${HOME}/.local/share/smuxi
758deny ${HOME}/.local/share/spotify 758blacklist ${HOME}/.local/share/spotify
759deny ${HOME}/.local/share/steam 759blacklist ${HOME}/.local/share/steam
760deny ${HOME}/.local/share/strawberry 760blacklist ${HOME}/.local/share/strawberry
761deny ${HOME}/.local/share/supertux2 761blacklist ${HOME}/.local/share/supertux2
762deny ${HOME}/.local/share/supertuxkart 762blacklist ${HOME}/.local/share/supertuxkart
763deny ${HOME}/.local/share/swell-foop 763blacklist ${HOME}/.local/share/swell-foop
764deny ${HOME}/.local/share/telepathy 764blacklist ${HOME}/.local/share/telepathy
765deny ${HOME}/.local/share/terasology 765blacklist ${HOME}/.local/share/terasology
766deny ${HOME}/.local/share/torbrowser 766blacklist ${HOME}/.local/share/torbrowser
767deny ${HOME}/.local/share/totem 767blacklist ${HOME}/.local/share/totem
768deny ${HOME}/.local/share/uzbl 768blacklist ${HOME}/.local/share/uzbl
769deny ${HOME}/.local/share/vlc 769blacklist ${HOME}/.local/share/vlc
770deny ${HOME}/.local/share/vpltd 770blacklist ${HOME}/.local/share/vpltd
771deny ${HOME}/.local/share/vulkan 771blacklist ${HOME}/.local/share/vulkan
772deny ${HOME}/.local/share/warsow-2.1 772blacklist ${HOME}/.local/share/warsow-2.1
773deny ${HOME}/.local/share/wesnoth 773blacklist ${HOME}/.local/share/wesnoth
774deny ${HOME}/.local/share/wormux 774blacklist ${HOME}/.local/share/wormux
775deny ${HOME}/.local/share/xplayer 775blacklist ${HOME}/.local/share/xplayer
776deny ${HOME}/.local/share/xreader 776blacklist ${HOME}/.local/share/xreader
777deny ${HOME}/.local/share/zathura 777blacklist ${HOME}/.local/share/zathura
778deny ${HOME}/.lv2 778blacklist ${HOME}/.lv2
779deny ${HOME}/.lyx 779blacklist ${HOME}/.lyx
780deny ${HOME}/.magicor 780blacklist ${HOME}/.magicor
781deny ${HOME}/.masterpdfeditor 781blacklist ${HOME}/.masterpdfeditor
782deny ${HOME}/.mbwarband 782blacklist ${HOME}/.mbwarband
783deny ${HOME}/.mcabber 783blacklist ${HOME}/.mcabber
784deny ${HOME}/.mcabberrc 784blacklist ${HOME}/.mcabberrc
785deny ${HOME}/.mediathek3 785blacklist ${HOME}/.mediathek3
786deny ${HOME}/.megaglest 786blacklist ${HOME}/.megaglest
787deny ${HOME}/.minecraft 787blacklist ${HOME}/.minecraft
788deny ${HOME}/.minetest 788blacklist ${HOME}/.minetest
789deny ${HOME}/.mirrormagic 789blacklist ${HOME}/.mirrormagic
790deny ${HOME}/.moc 790blacklist ${HOME}/.moc
791deny ${HOME}/.moonchild productions/basilisk 791blacklist ${HOME}/.moonchild productions/basilisk
792deny ${HOME}/.moonchild productions/pale moon 792blacklist ${HOME}/.moonchild productions/pale moon
793deny ${HOME}/.mozilla 793blacklist ${HOME}/.mozilla
794deny ${HOME}/.mp3splt-gtk 794blacklist ${HOME}/.mp3splt-gtk
795deny ${HOME}/.mpd 795blacklist ${HOME}/.mpd
796deny ${HOME}/.mpdconf 796blacklist ${HOME}/.mpdconf
797deny ${HOME}/.mplayer 797blacklist ${HOME}/.mplayer
798deny ${HOME}/.msmtprc 798blacklist ${HOME}/.msmtprc
799deny ${HOME}/.multimc5 799blacklist ${HOME}/.multimc5
800deny ${HOME}/.nanorc 800blacklist ${HOME}/.nanorc
801deny ${HOME}/.netactview 801blacklist ${HOME}/.netactview
802deny ${HOME}/.neverball 802blacklist ${HOME}/.neverball
803deny ${HOME}/.newsbeuter 803blacklist ${HOME}/.newsbeuter
804deny ${HOME}/.newsboat 804blacklist ${HOME}/.newsboat
805deny ${HOME}/.newsrc 805blacklist ${HOME}/.newsrc
806deny ${HOME}/.nicotine 806blacklist ${HOME}/.nicotine
807deny ${HOME}/.node-gyp 807blacklist ${HOME}/.node-gyp
808deny ${HOME}/.npm 808blacklist ${HOME}/.npm
809deny ${HOME}/.npmrc 809blacklist ${HOME}/.npmrc
810deny ${HOME}/.nv 810blacklist ${HOME}/.nv
811deny ${HOME}/.nvm 811blacklist ${HOME}/.nvm
812deny ${HOME}/.nylas-mail 812blacklist ${HOME}/.nylas-mail
813deny ${HOME}/.openarena 813blacklist ${HOME}/.openarena
814deny ${HOME}/.opencity 814blacklist ${HOME}/.opencity
815deny ${HOME}/.openinvaders 815blacklist ${HOME}/.openinvaders
816deny ${HOME}/.openshot 816blacklist ${HOME}/.openshot
817deny ${HOME}/.openshot_qt 817blacklist ${HOME}/.openshot_qt
818deny ${HOME}/.openttd 818blacklist ${HOME}/.openttd
819deny ${HOME}/.opera 819blacklist ${HOME}/.opera
820deny ${HOME}/.opera-beta 820blacklist ${HOME}/.opera-beta
821deny ${HOME}/.ostrichriders 821blacklist ${HOME}/.ostrichriders
822deny ${HOME}/.paradoxinteractive 822blacklist ${HOME}/.paradoxinteractive
823deny ${HOME}/.parallelrealities/blobwars 823blacklist ${HOME}/.parallelrealities/blobwars
824deny ${HOME}/.pcsxr 824blacklist ${HOME}/.pcsxr
825deny ${HOME}/.penguin-command 825blacklist ${HOME}/.penguin-command
826deny ${HOME}/.pine-crash 826blacklist ${HOME}/.pine-crash
827deny ${HOME}/.pine-debug1 827blacklist ${HOME}/.pine-debug1
828deny ${HOME}/.pine-debug2 828blacklist ${HOME}/.pine-debug2
829deny ${HOME}/.pine-debug3 829blacklist ${HOME}/.pine-debug3
830deny ${HOME}/.pine-debug4 830blacklist ${HOME}/.pine-debug4
831deny ${HOME}/.pine-interrupted-mail 831blacklist ${HOME}/.pine-interrupted-mail
832deny ${HOME}/.pinerc 832blacklist ${HOME}/.pinerc
833deny ${HOME}/.pinercex 833blacklist ${HOME}/.pinercex
834deny ${HOME}/.pingus 834blacklist ${HOME}/.pingus
835deny ${HOME}/.pioneer 835blacklist ${HOME}/.pioneer
836deny ${HOME}/.purple 836blacklist ${HOME}/.purple
837deny ${HOME}/.pylint.d 837blacklist ${HOME}/.pylint.d
838deny ${HOME}/.qemu-launcher 838blacklist ${HOME}/.qemu-launcher
839deny ${HOME}/.qgis2 839blacklist ${HOME}/.qgis2
840deny ${HOME}/.qmmp 840blacklist ${HOME}/.qmmp
841deny ${HOME}/.quodlibet 841blacklist ${HOME}/.quodlibet
842deny ${HOME}/.redeclipse 842blacklist ${HOME}/.redeclipse
843deny ${HOME}/.remmina 843blacklist ${HOME}/.remmina
844deny ${HOME}/.repo_.gitconfig.json 844blacklist ${HOME}/.repo_.gitconfig.json
845deny ${HOME}/.repoconfig 845blacklist ${HOME}/.repoconfig
846deny ${HOME}/.retroshare 846blacklist ${HOME}/.retroshare
847deny ${HOME}/.ripperXrc 847blacklist ${HOME}/.ripperXrc
848deny ${HOME}/.scorched3d 848blacklist ${HOME}/.scorched3d
849deny ${HOME}/.scribus 849blacklist ${HOME}/.scribus
850deny ${HOME}/.scribusrc 850blacklist ${HOME}/.scribusrc
851deny ${HOME}/.simutrans 851blacklist ${HOME}/.simutrans
852deny ${HOME}/.smartgit/*/passwords 852blacklist ${HOME}/.smartgit/*/passwords
853deny ${HOME}/.ssr 853blacklist ${HOME}/.ssr
854deny ${HOME}/.steam 854blacklist ${HOME}/.steam
855deny ${HOME}/.steampath 855blacklist ${HOME}/.steampath
856deny ${HOME}/.steampid 856blacklist ${HOME}/.steampid
857deny ${HOME}/.stellarium 857blacklist ${HOME}/.stellarium
858deny ${HOME}/.subversion 858blacklist ${HOME}/.subversion
859deny ${HOME}/.surf 859blacklist ${HOME}/.surf
860deny ${HOME}/.suve/colorful 860blacklist ${HOME}/.suve/colorful
861deny ${HOME}/.swb.ini 861blacklist ${HOME}/.swb.ini
862deny ${HOME}/.sword 862blacklist ${HOME}/.sword
863deny ${HOME}/.sylpheed-2.0 863blacklist ${HOME}/.sylpheed-2.0
864deny ${HOME}/.synfig 864blacklist ${HOME}/.synfig
865deny ${HOME}/.tb 865blacklist ${HOME}/.tb
866deny ${HOME}/.tconn 866blacklist ${HOME}/.tconn
867deny ${HOME}/.teeworlds 867blacklist ${HOME}/.teeworlds
868deny ${HOME}/.texlive20* 868blacklist ${HOME}/.texlive20*
869deny ${HOME}/.thunderbird 869blacklist ${HOME}/.thunderbird
870deny ${HOME}/.tilp 870blacklist ${HOME}/.tilp
871deny ${HOME}/.tin 871blacklist ${HOME}/.tin
872deny ${HOME}/.tooling 872blacklist ${HOME}/.tooling
873deny ${HOME}/.tor-browser* 873blacklist ${HOME}/.tor-browser*
874deny ${HOME}/.torcs 874blacklist ${HOME}/.torcs
875deny ${HOME}/.tremulous 875blacklist ${HOME}/.tremulous
876deny ${HOME}/.ts3client 876blacklist ${HOME}/.ts3client
877deny ${HOME}/.tuxguitar* 877blacklist ${HOME}/.tuxguitar*
878deny ${HOME}/.tvbrowser 878blacklist ${HOME}/.tvbrowser
879deny ${HOME}/.unknown-horizons 879blacklist ${HOME}/.unknown-horizons
880deny ${HOME}/.viking 880blacklist ${HOME}/.viking
881deny ${HOME}/.viking-maps 881blacklist ${HOME}/.viking-maps
882deny ${HOME}/.vim 882blacklist ${HOME}/.vim
883deny ${HOME}/.vimrc 883blacklist ${HOME}/.vimrc
884deny ${HOME}/.vmware 884blacklist ${HOME}/.vmware
885deny ${HOME}/.vscode 885blacklist ${HOME}/.vscode
886deny ${HOME}/.vscode-oss 886blacklist ${HOME}/.vscode-oss
887deny ${HOME}/.vst 887blacklist ${HOME}/.vst
888deny ${HOME}/.vultures 888blacklist ${HOME}/.vultures
889deny ${HOME}/.w3m 889blacklist ${HOME}/.w3m
890deny ${HOME}/.warzone2100-3.* 890blacklist ${HOME}/.warzone2100-3.*
891deny ${HOME}/.waterfox 891blacklist ${HOME}/.waterfox
892deny ${HOME}/.weechat 892blacklist ${HOME}/.weechat
893deny ${HOME}/.wget-hsts 893blacklist ${HOME}/.wget-hsts
894deny ${HOME}/.wgetrc 894blacklist ${HOME}/.wgetrc
895deny ${HOME}/.widelands 895blacklist ${HOME}/.widelands
896deny ${HOME}/.wine 896blacklist ${HOME}/.wine
897deny ${HOME}/.wine64 897blacklist ${HOME}/.wine64
898deny ${HOME}/.wireshark 898blacklist ${HOME}/.wireshark
899deny ${HOME}/.wordwarvi 899blacklist ${HOME}/.wordwarvi
900deny ${HOME}/.wormux 900blacklist ${HOME}/.wormux
901deny ${HOME}/.xiphos 901blacklist ${HOME}/.xiphos
902deny ${HOME}/.xmind 902blacklist ${HOME}/.xmind
903deny ${HOME}/.xmms 903blacklist ${HOME}/.xmms
904deny ${HOME}/.xmr-stak 904blacklist ${HOME}/.xmr-stak
905deny ${HOME}/.xonotic 905blacklist ${HOME}/.xonotic
906deny ${HOME}/.xournalpp 906blacklist ${HOME}/.xournalpp
907deny ${HOME}/.xpdfrc 907blacklist ${HOME}/.xpdfrc
908deny ${HOME}/.yarn 908blacklist ${HOME}/.yarn
909deny ${HOME}/.yarn-config 909blacklist ${HOME}/.yarn-config
910deny ${HOME}/.yarncache 910blacklist ${HOME}/.yarncache
911deny ${HOME}/.yarnrc 911blacklist ${HOME}/.yarnrc
912deny ${HOME}/.zoom 912blacklist ${HOME}/.zoom
913deny ${HOME}/Arduino 913blacklist ${HOME}/Arduino
914deny ${HOME}/Monero/wallets 914blacklist ${HOME}/Monero/wallets
915deny ${HOME}/Nextcloud 915blacklist ${HOME}/Nextcloud
916deny ${HOME}/Nextcloud/Notes 916blacklist ${HOME}/Nextcloud/Notes
917deny ${HOME}/SoftMaker 917blacklist ${HOME}/SoftMaker
918deny ${HOME}/Standard Notes Backups 918blacklist ${HOME}/Standard Notes Backups
919deny ${HOME}/TeamSpeak3-Client-linux_amd64 919blacklist ${HOME}/TeamSpeak3-Client-linux_amd64
920deny ${HOME}/TeamSpeak3-Client-linux_x86 920blacklist ${HOME}/TeamSpeak3-Client-linux_x86
921deny ${HOME}/hyperrogue.ini 921blacklist ${HOME}/hyperrogue.ini
922deny ${HOME}/i2p 922blacklist ${HOME}/i2p
923deny ${HOME}/mps 923blacklist ${HOME}/mps
924deny ${HOME}/wallet.dat 924blacklist ${HOME}/wallet.dat
925deny /tmp/.wine-* 925blacklist /tmp/.wine-*
926deny /tmp/akonadi-* 926blacklist /tmp/akonadi-*
927deny /var/games/nethack 927blacklist /var/games/nethack
928deny /var/games/slashem 928blacklist /var/games/slashem
929deny /var/games/vulturesclaw 929blacklist /var/games/vulturesclaw
930deny /var/games/vultureseye 930blacklist /var/games/vultureseye
931deny /var/lib/games/Maelstrom-Scores 931blacklist /var/lib/games/Maelstrom-Scores
932 932
933# ${HOME}/.cache directory 933# ${HOME}/.cache directory
934deny ${HOME}/.cache/0ad 934blacklist ${HOME}/.cache/0ad
935deny ${HOME}/.cache/8pecxstudios 935blacklist ${HOME}/.cache/8pecxstudios
936deny ${HOME}/.cache/Authenticator 936blacklist ${HOME}/.cache/Authenticator
937deny ${HOME}/.cache/BraveSoftware 937blacklist ${HOME}/.cache/BraveSoftware
938deny ${HOME}/.cache/Clementine 938blacklist ${HOME}/.cache/Clementine
939deny ${HOME}/.cache/ENCOM/Spectral 939blacklist ${HOME}/.cache/ENCOM/Spectral
940deny ${HOME}/.cache/Enox 940blacklist ${HOME}/.cache/Enox
941deny ${HOME}/.cache/Enpass 941blacklist ${HOME}/.cache/Enpass
942deny ${HOME}/.cache/Ferdi 942blacklist ${HOME}/.cache/Ferdi
943deny ${HOME}/.cache/Flavio Tordini 943blacklist ${HOME}/.cache/Flavio Tordini
944deny ${HOME}/.cache/Franz 944blacklist ${HOME}/.cache/Franz
945deny ${HOME}/.cache/INRIA 945blacklist ${HOME}/.cache/INRIA
946deny ${HOME}/.cache/INRIA/Natron 946blacklist ${HOME}/.cache/INRIA/Natron
947deny ${HOME}/.cache/KDE/neochat 947blacklist ${HOME}/.cache/KDE/neochat
948deny ${HOME}/.cache/Mendeley Ltd. 948blacklist ${HOME}/.cache/Mendeley Ltd.
949deny ${HOME}/.cache/MusicBrainz 949blacklist ${HOME}/.cache/MusicBrainz
950deny ${HOME}/.cache/NewsFlashGTK 950blacklist ${HOME}/.cache/NewsFlashGTK
951deny ${HOME}/.cache/Otter 951blacklist ${HOME}/.cache/Otter
952deny ${HOME}/.cache/PawelStolowski 952blacklist ${HOME}/.cache/PawelStolowski
953deny ${HOME}/.cache/Psi 953blacklist ${HOME}/.cache/Psi
954deny ${HOME}/.cache/QuiteRss 954blacklist ${HOME}/.cache/QuiteRss
955deny ${HOME}/.cache/Quotient/quaternion 955blacklist ${HOME}/.cache/Quotient/quaternion
956deny ${HOME}/.cache/Shortwave 956blacklist ${HOME}/.cache/Shortwave
957deny ${HOME}/.cache/Tox 957blacklist ${HOME}/.cache/Tox
958deny ${HOME}/.cache/Zeal 958blacklist ${HOME}/.cache/Zeal
959deny ${HOME}/.cache/agenda 959blacklist ${HOME}/.cache/agenda
960deny ${HOME}/.cache/akonadi* 960blacklist ${HOME}/.cache/akonadi*
961deny ${HOME}/.cache/atril 961blacklist ${HOME}/.cache/atril
962deny ${HOME}/.cache/attic 962blacklist ${HOME}/.cache/attic
963deny ${HOME}/.cache/babl 963blacklist ${HOME}/.cache/babl
964deny ${HOME}/.cache/bnox 964blacklist ${HOME}/.cache/bnox
965deny ${HOME}/.cache/borg 965blacklist ${HOME}/.cache/borg
966deny ${HOME}/.cache/calibre 966blacklist ${HOME}/.cache/calibre
967deny ${HOME}/.cache/cantata 967blacklist ${HOME}/.cache/cantata
968deny ${HOME}/.cache/champlain 968blacklist ${HOME}/.cache/champlain
969deny ${HOME}/.cache/chromium 969blacklist ${HOME}/.cache/chromium
970deny ${HOME}/.cache/chromium-dev 970blacklist ${HOME}/.cache/chromium-dev
971deny ${HOME}/.cache/cliqz 971blacklist ${HOME}/.cache/cliqz
972deny ${HOME}/.cache/com.github.johnfactotum.Foliate 972blacklist ${HOME}/.cache/com.github.johnfactotum.Foliate
973deny ${HOME}/.cache/darktable 973blacklist ${HOME}/.cache/darktable
974deny ${HOME}/.cache/deja-dup 974blacklist ${HOME}/.cache/deja-dup
975deny ${HOME}/.cache/discover 975blacklist ${HOME}/.cache/discover
976deny ${HOME}/.cache/dnox 976blacklist ${HOME}/.cache/dnox
977deny ${HOME}/.cache/dolphin 977blacklist ${HOME}/.cache/dolphin
978deny ${HOME}/.cache/dolphin-emu 978blacklist ${HOME}/.cache/dolphin-emu
979deny ${HOME}/.cache/ephemeral 979blacklist ${HOME}/.cache/ephemeral
980deny ${HOME}/.cache/epiphany 980blacklist ${HOME}/.cache/epiphany
981deny ${HOME}/.cache/evolution 981blacklist ${HOME}/.cache/evolution
982deny ${HOME}/.cache/falkon 982blacklist ${HOME}/.cache/falkon
983deny ${HOME}/.cache/feedreader 983blacklist ${HOME}/.cache/feedreader
984deny ${HOME}/.cache/firedragon 984blacklist ${HOME}/.cache/firedragon
985deny ${HOME}/.cache/flaska.net/trojita 985blacklist ${HOME}/.cache/flaska.net/trojita
986deny ${HOME}/.cache/folks 986blacklist ${HOME}/.cache/folks
987deny ${HOME}/.cache/font-manager 987blacklist ${HOME}/.cache/font-manager
988deny ${HOME}/.cache/fossamail 988blacklist ${HOME}/.cache/fossamail
989deny ${HOME}/.cache/fractal 989blacklist ${HOME}/.cache/fractal
990deny ${HOME}/.cache/freecol 990blacklist ${HOME}/.cache/freecol
991deny ${HOME}/.cache/gajim 991blacklist ${HOME}/.cache/gajim
992deny ${HOME}/.cache/geary 992blacklist ${HOME}/.cache/geary
993deny ${HOME}/.cache/geeqie 993blacklist ${HOME}/.cache/geeqie
994deny ${HOME}/.cache/gegl-0.4 994blacklist ${HOME}/.cache/gegl-0.4
995deny ${HOME}/.cache/gfeeds 995blacklist ${HOME}/.cache/gfeeds
996deny ${HOME}/.cache/gimp 996blacklist ${HOME}/.cache/gimp
997deny ${HOME}/.cache/gnome-boxes 997blacklist ${HOME}/.cache/gnome-boxes
998deny ${HOME}/.cache/gnome-builder 998blacklist ${HOME}/.cache/gnome-builder
999deny ${HOME}/.cache/gnome-control-center 999blacklist ${HOME}/.cache/gnome-control-center
1000deny ${HOME}/.cache/gnome-recipes 1000blacklist ${HOME}/.cache/gnome-recipes
1001deny ${HOME}/.cache/gnome-screenshot 1001blacklist ${HOME}/.cache/gnome-screenshot
1002deny ${HOME}/.cache/gnome-software 1002blacklist ${HOME}/.cache/gnome-software
1003deny ${HOME}/.cache/gnome-twitch 1003blacklist ${HOME}/.cache/gnome-twitch
1004deny ${HOME}/.cache/godot 1004blacklist ${HOME}/.cache/godot
1005deny ${HOME}/.cache/google-chrome 1005blacklist ${HOME}/.cache/google-chrome
1006deny ${HOME}/.cache/google-chrome-beta 1006blacklist ${HOME}/.cache/google-chrome-beta
1007deny ${HOME}/.cache/google-chrome-unstable 1007blacklist ${HOME}/.cache/google-chrome-unstable
1008deny ${HOME}/.cache/gradio 1008blacklist ${HOME}/.cache/gradio
1009deny ${HOME}/.cache/gummi 1009blacklist ${HOME}/.cache/gummi
1010deny ${HOME}/.cache/icedove 1010blacklist ${HOME}/.cache/icedove
1011deny ${HOME}/.cache/inkscape 1011blacklist ${HOME}/.cache/inkscape
1012deny ${HOME}/.cache/inox 1012blacklist ${HOME}/.cache/inox
1013deny ${HOME}/.cache/iridium 1013blacklist ${HOME}/.cache/iridium
1014deny ${HOME}/.cache/JetBrains/CLion* 1014blacklist ${HOME}/.cache/JetBrains/CLion*
1015deny ${HOME}/.cache/kcmshell5 1015blacklist ${HOME}/.cache/kcmshell5
1016deny ${HOME}/.cache/kdenlive 1016blacklist ${HOME}/.cache/kdenlive
1017deny ${HOME}/.cache/keepassxc 1017blacklist ${HOME}/.cache/keepassxc
1018deny ${HOME}/.cache/kfind 1018blacklist ${HOME}/.cache/kfind
1019deny ${HOME}/.cache/kinfocenter 1019blacklist ${HOME}/.cache/kinfocenter
1020deny ${HOME}/.cache/kmail2 1020blacklist ${HOME}/.cache/kmail2
1021deny ${HOME}/.cache/krunner 1021blacklist ${HOME}/.cache/krunner
1022deny ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* 1022blacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite*
1023deny ${HOME}/.cache/kscreenlocker_greet 1023blacklist ${HOME}/.cache/kscreenlocker_greet
1024deny ${HOME}/.cache/ksmserver-logout-greeter 1024blacklist ${HOME}/.cache/ksmserver-logout-greeter
1025deny ${HOME}/.cache/ksplashqml 1025blacklist ${HOME}/.cache/ksplashqml
1026deny ${HOME}/.cache/kube 1026blacklist ${HOME}/.cache/kube
1027deny ${HOME}/.cache/kwin 1027blacklist ${HOME}/.cache/kwin
1028deny ${HOME}/.cache/libgweather 1028blacklist ${HOME}/.cache/libgweather
1029deny ${HOME}/.cache/librewolf 1029blacklist ${HOME}/.cache/librewolf
1030deny ${HOME}/.cache/liferea 1030blacklist ${HOME}/.cache/liferea
1031deny ${HOME}/.cache/lutris 1031blacklist ${HOME}/.cache/lutris
1032deny ${HOME}/.cache/marker 1032blacklist ${HOME}/.cache/marker
1033deny ${HOME}/.cache/matrix-mirage 1033blacklist ${HOME}/.cache/matrix-mirage
1034deny ${HOME}/.cache/microsoft-edge-dev 1034blacklist ${HOME}/.cache/microsoft-edge-dev
1035deny ${HOME}/.cache/midori 1035blacklist ${HOME}/.cache/midori
1036deny ${HOME}/.cache/minetest 1036blacklist ${HOME}/.cache/minetest
1037deny ${HOME}/.cache/mirage 1037blacklist ${HOME}/.cache/mirage
1038deny ${HOME}/.cache/moonchild productions/basilisk 1038blacklist ${HOME}/.cache/moonchild productions/basilisk
1039deny ${HOME}/.cache/moonchild productions/pale moon 1039blacklist ${HOME}/.cache/moonchild productions/pale moon
1040deny ${HOME}/.cache/mozilla 1040blacklist ${HOME}/.cache/mozilla
1041deny ${HOME}/.cache/ms-excel-online 1041blacklist ${HOME}/.cache/ms-excel-online
1042deny ${HOME}/.cache/ms-office-online 1042blacklist ${HOME}/.cache/ms-office-online
1043deny ${HOME}/.cache/ms-onenote-online 1043blacklist ${HOME}/.cache/ms-onenote-online
1044deny ${HOME}/.cache/ms-outlook-online 1044blacklist ${HOME}/.cache/ms-outlook-online
1045deny ${HOME}/.cache/ms-powerpoint-online 1045blacklist ${HOME}/.cache/ms-powerpoint-online
1046deny ${HOME}/.cache/ms-skype-online 1046blacklist ${HOME}/.cache/ms-skype-online
1047deny ${HOME}/.cache/ms-word-online 1047blacklist ${HOME}/.cache/ms-word-online
1048deny ${HOME}/.cache/mutt 1048blacklist ${HOME}/.cache/mutt
1049deny ${HOME}/.cache/mypaint 1049blacklist ${HOME}/.cache/mypaint
1050deny ${HOME}/.cache/netsurf 1050blacklist ${HOME}/.cache/netsurf
1051deny ${HOME}/.cache/nheko 1051blacklist ${HOME}/.cache/nheko
1052deny ${HOME}/.cache/okular 1052blacklist ${HOME}/.cache/okular
1053deny ${HOME}/.cache/opera 1053blacklist ${HOME}/.cache/opera
1054deny ${HOME}/.cache/opera-beta 1054blacklist ${HOME}/.cache/opera-beta
1055deny ${HOME}/.cache/org.gabmus.gfeeds 1055blacklist ${HOME}/.cache/org.gabmus.gfeeds
1056deny ${HOME}/.cache/org.gnome.Books 1056blacklist ${HOME}/.cache/org.gnome.Books
1057deny ${HOME}/.cache/org.gnome.Maps 1057blacklist ${HOME}/.cache/org.gnome.Maps
1058deny ${HOME}/.cache/pdfmod 1058blacklist ${HOME}/.cache/pdfmod
1059deny ${HOME}/.cache/peek 1059blacklist ${HOME}/.cache/peek
1060deny ${HOME}/.cache/pip 1060blacklist ${HOME}/.cache/pip
1061deny ${HOME}/.cache/pipe-viewer 1061blacklist ${HOME}/.cache/pipe-viewer
1062deny ${HOME}/.cache/plasmashell 1062blacklist ${HOME}/.cache/plasmashell
1063deny ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite* 1063blacklist ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite*
1064deny ${HOME}/.cache/psi 1064blacklist ${HOME}/.cache/psi
1065deny ${HOME}/.cache/qBittorrent 1065blacklist ${HOME}/.cache/qBittorrent
1066deny ${HOME}/.cache/quodlibet 1066blacklist ${HOME}/.cache/quodlibet
1067deny ${HOME}/.cache/qupzilla 1067blacklist ${HOME}/.cache/qupzilla
1068deny ${HOME}/.cache/qutebrowser 1068blacklist ${HOME}/.cache/qutebrowser
1069deny ${HOME}/.cache/rhythmbox 1069blacklist ${HOME}/.cache/rhythmbox
1070deny ${HOME}/.cache/shotwell 1070blacklist ${HOME}/.cache/shotwell
1071deny ${HOME}/.cache/simple-scan 1071blacklist ${HOME}/.cache/simple-scan
1072deny ${HOME}/.cache/slimjet 1072blacklist ${HOME}/.cache/slimjet
1073deny ${HOME}/.cache/smuxi 1073blacklist ${HOME}/.cache/smuxi
1074deny ${HOME}/.cache/snox 1074blacklist ${HOME}/.cache/snox
1075deny ${HOME}/.cache/spotify 1075blacklist ${HOME}/.cache/spotify
1076deny ${HOME}/.cache/straw-viewer 1076blacklist ${HOME}/.cache/straw-viewer
1077deny ${HOME}/.cache/strawberry 1077blacklist ${HOME}/.cache/strawberry
1078deny ${HOME}/.cache/supertuxkart 1078blacklist ${HOME}/.cache/supertuxkart
1079deny ${HOME}/.cache/systemsettings 1079blacklist ${HOME}/.cache/systemsettings
1080deny ${HOME}/.cache/telepathy 1080blacklist ${HOME}/.cache/telepathy
1081deny ${HOME}/.cache/thunderbird 1081blacklist ${HOME}/.cache/thunderbird
1082deny ${HOME}/.cache/torbrowser 1082blacklist ${HOME}/.cache/torbrowser
1083deny ${HOME}/.cache/transmission 1083blacklist ${HOME}/.cache/transmission
1084deny ${HOME}/.cache/ungoogled-chromium 1084blacklist ${HOME}/.cache/ungoogled-chromium
1085deny ${HOME}/.cache/vivaldi 1085blacklist ${HOME}/.cache/vivaldi
1086deny ${HOME}/.cache/vivaldi-snapshot 1086blacklist ${HOME}/.cache/vivaldi-snapshot
1087deny ${HOME}/.cache/vlc 1087blacklist ${HOME}/.cache/vlc
1088deny ${HOME}/.cache/vmware 1088blacklist ${HOME}/.cache/vmware
1089deny ${HOME}/.cache/warsow-2.1 1089blacklist ${HOME}/.cache/warsow-2.1
1090deny ${HOME}/.cache/waterfox 1090blacklist ${HOME}/.cache/waterfox
1091deny ${HOME}/.cache/wesnoth 1091blacklist ${HOME}/.cache/wesnoth
1092deny ${HOME}/.cache/winetricks 1092blacklist ${HOME}/.cache/winetricks
1093deny ${HOME}/.cache/xmms2 1093blacklist ${HOME}/.cache/xmms2
1094deny ${HOME}/.cache/xreader 1094blacklist ${HOME}/.cache/xreader
1095deny ${HOME}/.cache/yandex-browser 1095blacklist ${HOME}/.cache/yandex-browser
1096deny ${HOME}/.cache/yandex-browser-beta 1096blacklist ${HOME}/.cache/yandex-browser-beta
1097deny ${HOME}/.cache/youtube-dl 1097blacklist ${HOME}/.cache/youtube-dl
1098deny ${HOME}/.cache/youtube-viewer 1098blacklist ${HOME}/.cache/youtube-viewer
diff --git a/etc/inc/disable-shell.inc b/etc/inc/disable-shell.inc
index da6fb31a3..8274b0215 100644
--- a/etc/inc/disable-shell.inc
+++ b/etc/inc/disable-shell.inc
@@ -2,14 +2,14 @@
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include disable-shell.local 3include disable-shell.local
4 4
5deny ${PATH}/bash 5blacklist ${PATH}/bash
6deny ${PATH}/csh 6blacklist ${PATH}/csh
7deny ${PATH}/dash 7blacklist ${PATH}/dash
8deny ${PATH}/fish 8blacklist ${PATH}/fish
9deny ${PATH}/ksh 9blacklist ${PATH}/ksh
10deny ${PATH}/mksh 10blacklist ${PATH}/mksh
11deny ${PATH}/oksh 11blacklist ${PATH}/oksh
12deny ${PATH}/sh 12blacklist ${PATH}/sh
13deny ${PATH}/tclsh 13blacklist ${PATH}/tclsh
14deny ${PATH}/tcsh 14blacklist ${PATH}/tcsh
15deny ${PATH}/zsh 15blacklist ${PATH}/zsh
diff --git a/etc/inc/disable-xdg.inc b/etc/inc/disable-xdg.inc
index 32aa8c7f6..22acf272d 100644
--- a/etc/inc/disable-xdg.inc
+++ b/etc/inc/disable-xdg.inc
@@ -2,10 +2,10 @@
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include disable-xdg.local 3include disable-xdg.local
4 4
5deny ${DOCUMENTS} 5blacklist ${DOCUMENTS}
6deny ${MUSIC} 6blacklist ${MUSIC}
7deny ${PICTURES} 7blacklist ${PICTURES}
8deny ${VIDEOS} 8blacklist ${VIDEOS}
9 9
10# The following should be considered catch-all directories 10# The following should be considered catch-all directories
11#blacklist ${DESKTOP} 11#blacklist ${DESKTOP}
diff --git a/etc/inc/whitelist-1793-workaround.inc b/etc/inc/whitelist-1793-workaround.inc
index 06a424440..862837f12 100644
--- a/etc/inc/whitelist-1793-workaround.inc
+++ b/etc/inc/whitelist-1793-workaround.inc
@@ -3,27 +3,27 @@
3include whitelist-1793-workaround.local 3include whitelist-1793-workaround.local
4# This works around bug 1793, and allows whitelisting to be used for some KDE applications. 4# This works around bug 1793, and allows whitelisting to be used for some KDE applications.
5 5
6nodeny ${HOME}/.config/ibus 6noblacklist ${HOME}/.config/ibus
7nodeny ${HOME}/.config/mimeapps.list 7noblacklist ${HOME}/.config/mimeapps.list
8nodeny ${HOME}/.config/pkcs11 8noblacklist ${HOME}/.config/pkcs11
9nodeny ${HOME}/.config/user-dirs.dirs 9noblacklist ${HOME}/.config/user-dirs.dirs
10nodeny ${HOME}/.config/user-dirs.locale 10noblacklist ${HOME}/.config/user-dirs.locale
11nodeny ${HOME}/.config/dconf 11noblacklist ${HOME}/.config/dconf
12nodeny ${HOME}/.config/fontconfig 12noblacklist ${HOME}/.config/fontconfig
13nodeny ${HOME}/.config/gtk-2.0 13noblacklist ${HOME}/.config/gtk-2.0
14nodeny ${HOME}/.config/gtk-3.0 14noblacklist ${HOME}/.config/gtk-3.0
15nodeny ${HOME}/.config/gtk-4.0 15noblacklist ${HOME}/.config/gtk-4.0
16nodeny ${HOME}/.config/gtkrc 16noblacklist ${HOME}/.config/gtkrc
17nodeny ${HOME}/.config/gtkrc-2.0 17noblacklist ${HOME}/.config/gtkrc-2.0
18nodeny ${HOME}/.config/Kvantum 18noblacklist ${HOME}/.config/Kvantum
19nodeny ${HOME}/.config/Trolltech.conf 19noblacklist ${HOME}/.config/Trolltech.conf
20nodeny ${HOME}/.config/QtProject.conf 20noblacklist ${HOME}/.config/QtProject.conf
21nodeny ${HOME}/.config/kdeglobals 21noblacklist ${HOME}/.config/kdeglobals
22nodeny ${HOME}/.config/kio_httprc 22noblacklist ${HOME}/.config/kio_httprc
23nodeny ${HOME}/.config/kioslaverc 23noblacklist ${HOME}/.config/kioslaverc
24nodeny ${HOME}/.config/ksslcablacklist 24noblacklist ${HOME}/.config/ksslcablacklist
25nodeny ${HOME}/.config/qt5ct 25noblacklist ${HOME}/.config/qt5ct
26nodeny ${HOME}/.config/qtcurve 26noblacklist ${HOME}/.config/qtcurve
27 27
28deny ${HOME}/.config/* 28blacklist ${HOME}/.config/*
29allow ${HOME}/.config 29whitelist ${HOME}/.config
diff --git a/etc/inc/whitelist-common.inc b/etc/inc/whitelist-common.inc
index 11070e372..fedfb2bc2 100644
--- a/etc/inc/whitelist-common.inc
+++ b/etc/inc/whitelist-common.inc
@@ -4,82 +4,82 @@ include whitelist-common.local
4 4
5# common whitelist for all profiles 5# common whitelist for all profiles
6 6
7allow ${HOME}/.XCompose 7whitelist ${HOME}/.XCompose
8allow ${HOME}/.alsaequal.bin 8whitelist ${HOME}/.alsaequal.bin
9allow ${HOME}/.asoundrc 9whitelist ${HOME}/.asoundrc
10allow ${HOME}/.config/ibus 10whitelist ${HOME}/.config/ibus
11allow ${HOME}/.config/mimeapps.list 11whitelist ${HOME}/.config/mimeapps.list
12allow ${HOME}/.config/pkcs11 12whitelist ${HOME}/.config/pkcs11
13read-only ${HOME}/.config/pkcs11 13read-only ${HOME}/.config/pkcs11
14allow ${HOME}/.config/user-dirs.dirs 14whitelist ${HOME}/.config/user-dirs.dirs
15read-only ${HOME}/.config/user-dirs.dirs 15read-only ${HOME}/.config/user-dirs.dirs
16allow ${HOME}/.config/user-dirs.locale 16whitelist ${HOME}/.config/user-dirs.locale
17read-only ${HOME}/.config/user-dirs.locale 17read-only ${HOME}/.config/user-dirs.locale
18allow ${HOME}/.drirc 18whitelist ${HOME}/.drirc
19allow ${HOME}/.icons 19whitelist ${HOME}/.icons
20?HAS_APPIMAGE: whitelist ${HOME}/.local/share/appimagekit 20?HAS_APPIMAGE: whitelist ${HOME}/.local/share/appimagekit
21allow ${HOME}/.local/share/applications 21whitelist ${HOME}/.local/share/applications
22read-only ${HOME}/.local/share/applications 22read-only ${HOME}/.local/share/applications
23allow ${HOME}/.local/share/icons 23whitelist ${HOME}/.local/share/icons
24allow ${HOME}/.local/share/mime 24whitelist ${HOME}/.local/share/mime
25allow ${HOME}/.mime.types 25whitelist ${HOME}/.mime.types
26allow ${HOME}/.sndio/cookie 26whitelist ${HOME}/.sndio/cookie
27allow ${HOME}/.uim.d 27whitelist ${HOME}/.uim.d
28 28
29# dconf 29# dconf
30mkdir ${HOME}/.config/dconf 30mkdir ${HOME}/.config/dconf
31allow ${HOME}/.config/dconf 31whitelist ${HOME}/.config/dconf
32 32
33# fonts 33# fonts
34allow ${HOME}/.cache/fontconfig 34whitelist ${HOME}/.cache/fontconfig
35allow ${HOME}/.config/fontconfig 35whitelist ${HOME}/.config/fontconfig
36allow ${HOME}/.fontconfig 36whitelist ${HOME}/.fontconfig
37allow ${HOME}/.fonts 37whitelist ${HOME}/.fonts
38allow ${HOME}/.fonts.conf 38whitelist ${HOME}/.fonts.conf
39allow ${HOME}/.fonts.conf.d 39whitelist ${HOME}/.fonts.conf.d
40allow ${HOME}/.fonts.d 40whitelist ${HOME}/.fonts.d
41allow ${HOME}/.local/share/fonts 41whitelist ${HOME}/.local/share/fonts
42allow ${HOME}/.pangorc 42whitelist ${HOME}/.pangorc
43 43
44# gtk 44# gtk
45allow ${HOME}/.config/gtk-2.0 45whitelist ${HOME}/.config/gtk-2.0
46allow ${HOME}/.config/gtk-3.0 46whitelist ${HOME}/.config/gtk-3.0
47allow ${HOME}/.config/gtk-4.0 47whitelist ${HOME}/.config/gtk-4.0
48allow ${HOME}/.config/gtkrc 48whitelist ${HOME}/.config/gtkrc
49allow ${HOME}/.config/gtkrc-2.0 49whitelist ${HOME}/.config/gtkrc-2.0
50allow ${HOME}/.gnome2 50whitelist ${HOME}/.gnome2
51allow ${HOME}/.gnome2-private 51whitelist ${HOME}/.gnome2-private
52allow ${HOME}/.gtk-2.0 52whitelist ${HOME}/.gtk-2.0
53allow ${HOME}/.gtkrc 53whitelist ${HOME}/.gtkrc
54allow ${HOME}/.gtkrc-2.0 54whitelist ${HOME}/.gtkrc-2.0
55allow ${HOME}/.kde/share/config/gtkrc 55whitelist ${HOME}/.kde/share/config/gtkrc
56allow ${HOME}/.kde/share/config/gtkrc-2.0 56whitelist ${HOME}/.kde/share/config/gtkrc-2.0
57allow ${HOME}/.kde4/share/config/gtkrc 57whitelist ${HOME}/.kde4/share/config/gtkrc
58allow ${HOME}/.kde4/share/config/gtkrc-2.0 58whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
59allow ${HOME}/.local/share/themes 59whitelist ${HOME}/.local/share/themes
60allow ${HOME}/.themes 60whitelist ${HOME}/.themes
61 61
62# qt/kde 62# qt/kde
63allow ${HOME}/.cache/kioexec/krun 63whitelist ${HOME}/.cache/kioexec/krun
64allow ${HOME}/.config/Kvantum 64whitelist ${HOME}/.config/Kvantum
65allow ${HOME}/.config/Trolltech.conf 65whitelist ${HOME}/.config/Trolltech.conf
66allow ${HOME}/.config/QtProject.conf 66whitelist ${HOME}/.config/QtProject.conf
67allow ${HOME}/.config/kdeglobals 67whitelist ${HOME}/.config/kdeglobals
68allow ${HOME}/.config/kio_httprc 68whitelist ${HOME}/.config/kio_httprc
69allow ${HOME}/.config/kioslaverc 69whitelist ${HOME}/.config/kioslaverc
70allow ${HOME}/.config/ksslcablacklist 70whitelist ${HOME}/.config/ksslcablacklist
71allow ${HOME}/.config/qt5ct 71whitelist ${HOME}/.config/qt5ct
72allow ${HOME}/.config/qtcurve 72whitelist ${HOME}/.config/qtcurve
73allow ${HOME}/.kde/share/config/kdeglobals 73whitelist ${HOME}/.kde/share/config/kdeglobals
74allow ${HOME}/.kde/share/config/kio_httprc 74whitelist ${HOME}/.kde/share/config/kio_httprc
75allow ${HOME}/.kde/share/config/kioslaverc 75whitelist ${HOME}/.kde/share/config/kioslaverc
76allow ${HOME}/.kde/share/config/ksslcablacklist 76whitelist ${HOME}/.kde/share/config/ksslcablacklist
77allow ${HOME}/.kde/share/config/oxygenrc 77whitelist ${HOME}/.kde/share/config/oxygenrc
78allow ${HOME}/.kde/share/icons 78whitelist ${HOME}/.kde/share/icons
79allow ${HOME}/.kde4/share/config/kdeglobals 79whitelist ${HOME}/.kde4/share/config/kdeglobals
80allow ${HOME}/.kde4/share/config/kio_httprc 80whitelist ${HOME}/.kde4/share/config/kio_httprc
81allow ${HOME}/.kde4/share/config/kioslaverc 81whitelist ${HOME}/.kde4/share/config/kioslaverc
82allow ${HOME}/.kde4/share/config/ksslcablacklist 82whitelist ${HOME}/.kde4/share/config/ksslcablacklist
83allow ${HOME}/.kde4/share/config/oxygenrc 83whitelist ${HOME}/.kde4/share/config/oxygenrc
84allow ${HOME}/.kde4/share/icons 84whitelist ${HOME}/.kde4/share/icons
85allow ${HOME}/.local/share/qt5ct 85whitelist ${HOME}/.local/share/qt5ct
diff --git a/etc/inc/whitelist-player-common.inc b/etc/inc/whitelist-player-common.inc
index d6ae8eab6..e5bf36804 100644
--- a/etc/inc/whitelist-player-common.inc
+++ b/etc/inc/whitelist-player-common.inc
@@ -4,8 +4,8 @@ include whitelist-player-common.local
4 4
5# common whitelist for all media players 5# common whitelist for all media players
6 6
7allow ${DESKTOP} 7whitelist ${DESKTOP}
8allow ${DOWNLOADS} 8whitelist ${DOWNLOADS}
9allow ${MUSIC} 9whitelist ${MUSIC}
10allow ${PICTURES} 10whitelist ${PICTURES}
11allow ${VIDEOS} 11whitelist ${VIDEOS}
diff --git a/etc/inc/whitelist-runuser-common.inc b/etc/inc/whitelist-runuser-common.inc
index 86e5264b9..48309ffe3 100644
--- a/etc/inc/whitelist-runuser-common.inc
+++ b/etc/inc/whitelist-runuser-common.inc
@@ -4,13 +4,13 @@ include whitelist-runuser-common.local
4 4
5# common ${RUNUSER} (=/run/user/$UID) whitelist for all profiles 5# common ${RUNUSER} (=/run/user/$UID) whitelist for all profiles
6 6
7allow ${RUNUSER}/bus 7whitelist ${RUNUSER}/bus
8allow ${RUNUSER}/dconf 8whitelist ${RUNUSER}/dconf
9allow ${RUNUSER}/gdm/Xauthority 9whitelist ${RUNUSER}/gdm/Xauthority
10allow ${RUNUSER}/ICEauthority 10whitelist ${RUNUSER}/ICEauthority
11allow ${RUNUSER}/.mutter-Xwaylandauth.* 11whitelist ${RUNUSER}/.mutter-Xwaylandauth.*
12allow ${RUNUSER}/pulse/native 12whitelist ${RUNUSER}/pulse/native
13allow ${RUNUSER}/wayland-0 13whitelist ${RUNUSER}/wayland-0
14allow ${RUNUSER}/wayland-1 14whitelist ${RUNUSER}/wayland-1
15allow ${RUNUSER}/xauth_* 15whitelist ${RUNUSER}/xauth_*
16allow ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]] 16whitelist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
diff --git a/etc/inc/whitelist-usr-share-common.inc b/etc/inc/whitelist-usr-share-common.inc
index 64296da15..fe0097934 100644
--- a/etc/inc/whitelist-usr-share-common.inc
+++ b/etc/inc/whitelist-usr-share-common.inc
@@ -4,66 +4,66 @@ include whitelist-usr-share-common.local
4 4
5# common /usr/share whitelist for all profiles 5# common /usr/share whitelist for all profiles
6 6
7allow /usr/share/alsa 7whitelist /usr/share/alsa
8allow /usr/share/applications 8whitelist /usr/share/applications
9allow /usr/share/ca-certificates 9whitelist /usr/share/ca-certificates
10allow /usr/share/crypto-policies 10whitelist /usr/share/crypto-policies
11allow /usr/share/cursors 11whitelist /usr/share/cursors
12allow /usr/share/dconf 12whitelist /usr/share/dconf
13allow /usr/share/distro-info 13whitelist /usr/share/distro-info
14allow /usr/share/drirc.d 14whitelist /usr/share/drirc.d
15allow /usr/share/enchant 15whitelist /usr/share/enchant
16allow /usr/share/enchant-2 16whitelist /usr/share/enchant-2
17allow /usr/share/file 17whitelist /usr/share/file
18allow /usr/share/fontconfig 18whitelist /usr/share/fontconfig
19allow /usr/share/fonts 19whitelist /usr/share/fonts
20allow /usr/share/fonts-config 20whitelist /usr/share/fonts-config
21allow /usr/share/gir-1.0 21whitelist /usr/share/gir-1.0
22allow /usr/share/gjs-1.0 22whitelist /usr/share/gjs-1.0
23allow /usr/share/glib-2.0 23whitelist /usr/share/glib-2.0
24allow /usr/share/glvnd 24whitelist /usr/share/glvnd
25allow /usr/share/gtk-2.0 25whitelist /usr/share/gtk-2.0
26allow /usr/share/gtk-3.0 26whitelist /usr/share/gtk-3.0
27allow /usr/share/gtk-engines 27whitelist /usr/share/gtk-engines
28allow /usr/share/gtksourceview-3.0 28whitelist /usr/share/gtksourceview-3.0
29allow /usr/share/gtksourceview-4 29whitelist /usr/share/gtksourceview-4
30allow /usr/share/hunspell 30whitelist /usr/share/hunspell
31allow /usr/share/hwdata 31whitelist /usr/share/hwdata
32allow /usr/share/icons 32whitelist /usr/share/icons
33allow /usr/share/icu 33whitelist /usr/share/icu
34allow /usr/share/knotifications5 34whitelist /usr/share/knotifications5
35allow /usr/share/kservices5 35whitelist /usr/share/kservices5
36allow /usr/share/Kvantum 36whitelist /usr/share/Kvantum
37allow /usr/share/kxmlgui5 37whitelist /usr/share/kxmlgui5
38allow /usr/share/libdrm 38whitelist /usr/share/libdrm
39allow /usr/share/libthai 39whitelist /usr/share/libthai
40allow /usr/share/locale 40whitelist /usr/share/locale
41allow /usr/share/mime 41whitelist /usr/share/mime
42allow /usr/share/misc 42whitelist /usr/share/misc
43allow /usr/share/Modules 43whitelist /usr/share/Modules
44allow /usr/share/myspell 44whitelist /usr/share/myspell
45allow /usr/share/p11-kit 45whitelist /usr/share/p11-kit
46allow /usr/share/perl 46whitelist /usr/share/perl
47allow /usr/share/perl5 47whitelist /usr/share/perl5
48allow /usr/share/pixmaps 48whitelist /usr/share/pixmaps
49allow /usr/share/pki 49whitelist /usr/share/pki
50allow /usr/share/plasma 50whitelist /usr/share/plasma
51allow /usr/share/publicsuffix 51whitelist /usr/share/publicsuffix
52allow /usr/share/qt 52whitelist /usr/share/qt
53allow /usr/share/qt4 53whitelist /usr/share/qt4
54allow /usr/share/qt5 54whitelist /usr/share/qt5
55allow /usr/share/qt5ct 55whitelist /usr/share/qt5ct
56allow /usr/share/sounds 56whitelist /usr/share/sounds
57allow /usr/share/tcl8.6 57whitelist /usr/share/tcl8.6
58allow /usr/share/tcltk 58whitelist /usr/share/tcltk
59allow /usr/share/terminfo 59whitelist /usr/share/terminfo
60allow /usr/share/texlive 60whitelist /usr/share/texlive
61allow /usr/share/texmf 61whitelist /usr/share/texmf
62allow /usr/share/themes 62whitelist /usr/share/themes
63allow /usr/share/thumbnail.so 63whitelist /usr/share/thumbnail.so
64allow /usr/share/uim 64whitelist /usr/share/uim
65allow /usr/share/vulkan 65whitelist /usr/share/vulkan
66allow /usr/share/X11 66whitelist /usr/share/X11
67allow /usr/share/xml 67whitelist /usr/share/xml
68allow /usr/share/zenity 68whitelist /usr/share/zenity
69allow /usr/share/zoneinfo 69whitelist /usr/share/zoneinfo
diff --git a/etc/inc/whitelist-var-common.inc b/etc/inc/whitelist-var-common.inc
index c449e8905..d8ba84ad0 100644
--- a/etc/inc/whitelist-var-common.inc
+++ b/etc/inc/whitelist-var-common.inc
@@ -4,12 +4,12 @@ include whitelist-var-common.local
4 4
5# common /var whitelist for all profiles 5# common /var whitelist for all profiles
6 6
7allow /var/lib/aspell 7whitelist /var/lib/aspell
8allow /var/lib/ca-certificates 8whitelist /var/lib/ca-certificates
9allow /var/lib/dbus 9whitelist /var/lib/dbus
10allow /var/lib/menu-xdg 10whitelist /var/lib/menu-xdg
11allow /var/lib/uim 11whitelist /var/lib/uim
12allow /var/cache/fontconfig 12whitelist /var/cache/fontconfig
13allow /var/tmp 13whitelist /var/tmp
14allow /var/run 14whitelist /var/run
15allow /var/lock 15whitelist /var/lock
diff --git a/etc/profile-a-l/0ad.profile b/etc/profile-a-l/0ad.profile
index 6f493fff1..4009853d3 100644
--- a/etc/profile-a-l/0ad.profile
+++ b/etc/profile-a-l/0ad.profile
@@ -6,11 +6,11 @@ include 0ad.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/0ad 9noblacklist ${HOME}/.cache/0ad
10nodeny ${HOME}/.config/0ad 10noblacklist ${HOME}/.config/0ad
11nodeny ${HOME}/.local/share/0ad 11noblacklist ${HOME}/.local/share/0ad
12 12
13deny /usr/libexec 13blacklist /usr/libexec
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
@@ -23,11 +23,11 @@ include disable-xdg.inc
23mkdir ${HOME}/.cache/0ad 23mkdir ${HOME}/.cache/0ad
24mkdir ${HOME}/.config/0ad 24mkdir ${HOME}/.config/0ad
25mkdir ${HOME}/.local/share/0ad 25mkdir ${HOME}/.local/share/0ad
26allow ${HOME}/.cache/0ad 26whitelist ${HOME}/.cache/0ad
27allow ${HOME}/.config/0ad 27whitelist ${HOME}/.config/0ad
28allow ${HOME}/.local/share/0ad 28whitelist ${HOME}/.local/share/0ad
29allow /usr/share/0ad 29whitelist /usr/share/0ad
30allow /usr/share/games 30whitelist /usr/share/games
31include whitelist-common.inc 31include whitelist-common.inc
32include whitelist-usr-share-common.inc 32include whitelist-usr-share-common.inc
33include whitelist-var-common.inc 33include whitelist-var-common.inc
diff --git a/etc/profile-a-l/2048-qt.profile b/etc/profile-a-l/2048-qt.profile
index 3a7b331a7..1d787cba7 100644
--- a/etc/profile-a-l/2048-qt.profile
+++ b/etc/profile-a-l/2048-qt.profile
@@ -6,8 +6,8 @@ include 2048-qt.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/2048-qt 9noblacklist ${HOME}/.config/2048-qt
10nodeny ${HOME}/.config/xiaoyong 10noblacklist ${HOME}/.config/xiaoyong
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
18 18
19mkdir ${HOME}/.config/2048-qt 19mkdir ${HOME}/.config/2048-qt
20mkdir ${HOME}/.config/xiaoyong 20mkdir ${HOME}/.config/xiaoyong
21allow ${HOME}/.config/2048-qt 21whitelist ${HOME}/.config/2048-qt
22allow ${HOME}/.config/xiaoyong 22whitelist ${HOME}/.config/xiaoyong
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
diff --git a/etc/profile-a-l/Cryptocat.profile b/etc/profile-a-l/Cryptocat.profile
index def0ec111..1d86b0fbf 100644
--- a/etc/profile-a-l/Cryptocat.profile
+++ b/etc/profile-a-l/Cryptocat.profile
@@ -5,7 +5,7 @@ include Cryptocat.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/Cryptocat 8noblacklist ${HOME}/.config/Cryptocat
9 9
10include disable-common.inc 10include disable-common.inc
11include disable-devel.inc 11include disable-devel.inc
diff --git a/etc/profile-a-l/Discord.profile b/etc/profile-a-l/Discord.profile
index 1d3ae49ca..3f274b21c 100644
--- a/etc/profile-a-l/Discord.profile
+++ b/etc/profile-a-l/Discord.profile
@@ -5,10 +5,10 @@ include Discord.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/discord 8noblacklist ${HOME}/.config/discord
9 9
10mkdir ${HOME}/.config/discord 10mkdir ${HOME}/.config/discord
11allow ${HOME}/.config/discord 11whitelist ${HOME}/.config/discord
12 12
13private-bin Discord 13private-bin Discord
14private-opt Discord 14private-opt Discord
diff --git a/etc/profile-a-l/DiscordCanary.profile b/etc/profile-a-l/DiscordCanary.profile
index 3c85f187b..d24e73ed8 100644
--- a/etc/profile-a-l/DiscordCanary.profile
+++ b/etc/profile-a-l/DiscordCanary.profile
@@ -5,10 +5,10 @@ include DiscordCanary.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/discordcanary 8noblacklist ${HOME}/.config/discordcanary
9 9
10mkdir ${HOME}/.config/discordcanary 10mkdir ${HOME}/.config/discordcanary
11allow ${HOME}/.config/discordcanary 11whitelist ${HOME}/.config/discordcanary
12 12
13private-bin DiscordCanary 13private-bin DiscordCanary
14private-opt DiscordCanary 14private-opt DiscordCanary
diff --git a/etc/profile-a-l/Fritzing.profile b/etc/profile-a-l/Fritzing.profile
index 8f746581f..7dc6b5ff0 100644
--- a/etc/profile-a-l/Fritzing.profile
+++ b/etc/profile-a-l/Fritzing.profile
@@ -6,8 +6,8 @@ include Fritzing.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/Fritzing 9noblacklist ${HOME}/.config/Fritzing
10nodeny ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-a-l/JDownloader.profile b/etc/profile-a-l/JDownloader.profile
index 9a00c3230..d10b70796 100644
--- a/etc/profile-a-l/JDownloader.profile
+++ b/etc/profile-a-l/JDownloader.profile
@@ -5,7 +5,7 @@ include JDownloader.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.jd 8noblacklist ${HOME}/.jd
9 9
10# Allow java (blacklisted by disable-devel.inc) 10# Allow java (blacklisted by disable-devel.inc)
11include allow-java.inc 11include allow-java.inc
@@ -19,8 +19,8 @@ include disable-programs.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21mkdir ${HOME}/.jd 21mkdir ${HOME}/.jd
22allow ${HOME}/.jd 22whitelist ${HOME}/.jd
23allow ${DOWNLOADS} 23whitelist ${DOWNLOADS}
24include whitelist-common.inc 24include whitelist-common.inc
25include whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
diff --git a/etc/profile-a-l/abiword.profile b/etc/profile-a-l/abiword.profile
index 2a92c7db4..75da9a956 100644
--- a/etc/profile-a-l/abiword.profile
+++ b/etc/profile-a-l/abiword.profile
@@ -6,7 +6,7 @@ include abiword.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/abiword 9noblacklist ${HOME}/.config/abiword
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
16include disable-programs.inc 16include disable-programs.inc
17include disable-shell.inc 17include disable-shell.inc
18 18
19allow /usr/share/abiword-3.0 19whitelist /usr/share/abiword-3.0
20include whitelist-usr-share-common.inc 20include whitelist-usr-share-common.inc
21include whitelist-runuser-common.inc 21include whitelist-runuser-common.inc
22include whitelist-var-common.inc 22include whitelist-var-common.inc
diff --git a/etc/profile-a-l/abrowser.profile b/etc/profile-a-l/abrowser.profile
index 70ddcec20..2e6e8f1af 100644
--- a/etc/profile-a-l/abrowser.profile
+++ b/etc/profile-a-l/abrowser.profile
@@ -5,13 +5,13 @@ include abrowser.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.cache/mozilla 8noblacklist ${HOME}/.cache/mozilla
9nodeny ${HOME}/.mozilla 9noblacklist ${HOME}/.mozilla
10 10
11mkdir ${HOME}/.cache/mozilla/abrowser 11mkdir ${HOME}/.cache/mozilla/abrowser
12mkdir ${HOME}/.mozilla 12mkdir ${HOME}/.mozilla
13allow ${HOME}/.cache/mozilla/abrowser 13whitelist ${HOME}/.cache/mozilla/abrowser
14allow ${HOME}/.mozilla 14whitelist ${HOME}/.mozilla
15 15
16# private-etc must first be enabled in firefox-common.profile 16# private-etc must first be enabled in firefox-common.profile
17#private-etc abrowser 17#private-etc abrowser
diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile
index d32586c5b..34f59769e 100644
--- a/etc/profile-a-l/agetpkg.profile
+++ b/etc/profile-a-l/agetpkg.profile
@@ -7,8 +7,8 @@ include agetpkg.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11deny ${RUNUSER}/wayland-* 11blacklist ${RUNUSER}/wayland-*
12 12
13# Allow python (blacklisted by disable-interpreters.inc) 13# Allow python (blacklisted by disable-interpreters.inc)
14#include allow-python2.inc 14#include allow-python2.inc
@@ -23,7 +23,7 @@ include disable-programs.inc
23include disable-shell.inc 23include disable-shell.inc
24include disable-xdg.inc 24include disable-xdg.inc
25 25
26allow ${DOWNLOADS} 26whitelist ${DOWNLOADS}
27include whitelist-common.inc 27include whitelist-common.inc
28include whitelist-usr-share-common.inc 28include whitelist-usr-share-common.inc
29include whitelist-var-common.inc 29include whitelist-var-common.inc
diff --git a/etc/profile-a-l/akonadi_control.profile b/etc/profile-a-l/akonadi_control.profile
index 7b1d1445f..37fdb38b5 100644
--- a/etc/profile-a-l/akonadi_control.profile
+++ b/etc/profile-a-l/akonadi_control.profile
@@ -4,22 +4,22 @@ include akonadi_control.local
4# Persistent global definitions 4# Persistent global definitions
5include globals.local 5include globals.local
6 6
7nodeny ${HOME}/.cache/akonadi* 7noblacklist ${HOME}/.cache/akonadi*
8nodeny ${HOME}/.config/akonadi* 8noblacklist ${HOME}/.config/akonadi*
9nodeny ${HOME}/.config/baloorc 9noblacklist ${HOME}/.config/baloorc
10nodeny ${HOME}/.config/emaildefaults 10noblacklist ${HOME}/.config/emaildefaults
11nodeny ${HOME}/.config/emailidentities 11noblacklist ${HOME}/.config/emailidentities
12nodeny ${HOME}/.config/kmail2rc 12noblacklist ${HOME}/.config/kmail2rc
13nodeny ${HOME}/.config/mailtransports 13noblacklist ${HOME}/.config/mailtransports
14nodeny ${HOME}/.config/specialmailcollectionsrc 14noblacklist ${HOME}/.config/specialmailcollectionsrc
15nodeny ${HOME}/.local/share/akonadi* 15noblacklist ${HOME}/.local/share/akonadi*
16nodeny ${HOME}/.local/share/apps/korganizer 16noblacklist ${HOME}/.local/share/apps/korganizer
17nodeny ${HOME}/.local/share/contacts 17noblacklist ${HOME}/.local/share/contacts
18nodeny ${HOME}/.local/share/local-mail 18noblacklist ${HOME}/.local/share/local-mail
19nodeny ${HOME}/.local/share/notes 19noblacklist ${HOME}/.local/share/notes
20nodeny /sbin 20noblacklist /sbin
21nodeny /tmp/akonadi-* 21noblacklist /tmp/akonadi-*
22nodeny /usr/sbin 22noblacklist /usr/sbin
23 23
24include disable-common.inc 24include disable-common.inc
25include disable-devel.inc 25include disable-devel.inc
diff --git a/etc/profile-a-l/akregator.profile b/etc/profile-a-l/akregator.profile
index b2323547c..38fcd2dc1 100644
--- a/etc/profile-a-l/akregator.profile
+++ b/etc/profile-a-l/akregator.profile
@@ -6,9 +6,9 @@ include akregator.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/akregatorrc 9noblacklist ${HOME}/.config/akregatorrc
10nodeny ${HOME}/.local/share/akregator 10noblacklist ${HOME}/.local/share/akregator
11nodeny ${HOME}/.local/share/kxmlgui5/akregator 11noblacklist ${HOME}/.local/share/kxmlgui5/akregator
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -21,10 +21,10 @@ include disable-shell.inc
21mkfile ${HOME}/.config/akregatorrc 21mkfile ${HOME}/.config/akregatorrc
22mkdir ${HOME}/.local/share/akregator 22mkdir ${HOME}/.local/share/akregator
23mkdir ${HOME}/.local/share/kxmlgui5/akregator 23mkdir ${HOME}/.local/share/kxmlgui5/akregator
24allow ${HOME}/.config/akregatorrc 24whitelist ${HOME}/.config/akregatorrc
25allow ${HOME}/.local/share/akregator 25whitelist ${HOME}/.local/share/akregator
26allow ${HOME}/.local/share/kssl 26whitelist ${HOME}/.local/share/kssl
27allow ${HOME}/.local/share/kxmlgui5/akregator 27whitelist ${HOME}/.local/share/kxmlgui5/akregator
28include whitelist-common.inc 28include whitelist-common.inc
29include whitelist-var-common.inc 29include whitelist-var-common.inc
30 30
diff --git a/etc/profile-a-l/alacarte.profile b/etc/profile-a-l/alacarte.profile
index ca6c8d887..4c6d68020 100644
--- a/etc/profile-a-l/alacarte.profile
+++ b/etc/profile-a-l/alacarte.profile
@@ -19,13 +19,13 @@ include disable-passwdmgr.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21# Whitelist your system icon directory,varies by distro 21# Whitelist your system icon directory,varies by distro
22allow /usr/share/alacarte 22whitelist /usr/share/alacarte
23allow /usr/share/app-info 23whitelist /usr/share/app-info
24allow /usr/share/desktop-directories 24whitelist /usr/share/desktop-directories
25allow /usr/share/icons 25whitelist /usr/share/icons
26allow /var/lib/app-info/icons 26whitelist /var/lib/app-info/icons
27allow /var/lib/flatpak/exports/share/applications 27whitelist /var/lib/flatpak/exports/share/applications
28allow /var/lib/flatpak/exports/share/icons 28whitelist /var/lib/flatpak/exports/share/icons
29include whitelist-runuser-common.inc 29include whitelist-runuser-common.inc
30include whitelist-usr-share-common.inc 30include whitelist-usr-share-common.inc
31include whitelist-var-common.inc 31include whitelist-var-common.inc
diff --git a/etc/profile-a-l/alienarena.profile b/etc/profile-a-l/alienarena.profile
index 220c3345d..81ee6bd46 100644
--- a/etc/profile-a-l/alienarena.profile
+++ b/etc/profile-a-l/alienarena.profile
@@ -6,7 +6,7 @@ include alienarena.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.local/share/cor-games 9noblacklist ${HOME}/.local/share/cor-games
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.local/share/cor-games 20mkdir ${HOME}/.local/share/cor-games
21allow ${HOME}/.local/share/cor-games 21whitelist ${HOME}/.local/share/cor-games
22allow /usr/share/alienarena 22whitelist /usr/share/alienarena
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-runuser-common.inc 24include whitelist-runuser-common.inc
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile
index 6fa3edfa1..0b5cf0df0 100644
--- a/etc/profile-a-l/alpine.profile
+++ b/etc/profile-a-l/alpine.profile
@@ -10,28 +10,28 @@ include globals.local
10# Workaround for bug https://github.com/netblue30/firejail/issues/2747 10# Workaround for bug https://github.com/netblue30/firejail/issues/2747
11# firejail --private-bin=sh --include='${CFG}/allow-bin-sh.inc' --profile=alpine sh -c '(alpine)' 11# firejail --private-bin=sh --include='${CFG}/allow-bin-sh.inc' --profile=alpine sh -c '(alpine)'
12 12
13nodeny /var/mail 13noblacklist /var/mail
14nodeny /var/spool/mail 14noblacklist /var/spool/mail
15nodeny ${DOCUMENTS} 15noblacklist ${DOCUMENTS}
16nodeny ${HOME}/.addressbook 16noblacklist ${HOME}/.addressbook
17nodeny ${HOME}/.alpine-smime 17noblacklist ${HOME}/.alpine-smime
18nodeny ${HOME}/.mailcap 18noblacklist ${HOME}/.mailcap
19nodeny ${HOME}/.mh_profile 19noblacklist ${HOME}/.mh_profile
20nodeny ${HOME}/.mime.types 20noblacklist ${HOME}/.mime.types
21nodeny ${HOME}/.newsrc 21noblacklist ${HOME}/.newsrc
22nodeny ${HOME}/.pine-crash 22noblacklist ${HOME}/.pine-crash
23nodeny ${HOME}/.pine-debug1 23noblacklist ${HOME}/.pine-debug1
24nodeny ${HOME}/.pine-debug2 24noblacklist ${HOME}/.pine-debug2
25nodeny ${HOME}/.pine-debug3 25noblacklist ${HOME}/.pine-debug3
26nodeny ${HOME}/.pine-debug4 26noblacklist ${HOME}/.pine-debug4
27nodeny ${HOME}/.pine-interrupted-mail 27noblacklist ${HOME}/.pine-interrupted-mail
28nodeny ${HOME}/.pinerc 28noblacklist ${HOME}/.pinerc
29nodeny ${HOME}/.pinercex 29noblacklist ${HOME}/.pinercex
30nodeny ${HOME}/.signature 30noblacklist ${HOME}/.signature
31nodeny ${HOME}/mail 31noblacklist ${HOME}/mail
32 32
33deny /tmp/.X11-unix 33blacklist /tmp/.X11-unix
34deny ${RUNUSER}/wayland-* 34blacklist ${RUNUSER}/wayland-*
35 35
36include disable-common.inc 36include disable-common.inc
37include disable-devel.inc 37include disable-devel.inc
@@ -60,8 +60,8 @@ include disable-xdg.inc
60#whitelist ${HOME}/.pine-debug4 60#whitelist ${HOME}/.pine-debug4
61#whitelist ${HOME}/.signature 61#whitelist ${HOME}/.signature
62#whitelist ${HOME}/mail 62#whitelist ${HOME}/mail
63allow /var/mail 63whitelist /var/mail
64allow /var/spool/mail 64whitelist /var/spool/mail
65#include whitelist-common.inc 65#include whitelist-common.inc
66include whitelist-runuser-common.inc 66include whitelist-runuser-common.inc
67include whitelist-usr-share-common.inc 67include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/amarok.profile b/etc/profile-a-l/amarok.profile
index 03aba36e4..a7caddc4c 100644
--- a/etc/profile-a-l/amarok.profile
+++ b/etc/profile-a-l/amarok.profile
@@ -6,7 +6,7 @@ include amarok.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${MUSIC} 9noblacklist ${MUSIC}
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-a-l/amule.profile b/etc/profile-a-l/amule.profile
index 00039a7e9..e3c4164ee 100644
--- a/etc/profile-a-l/amule.profile
+++ b/etc/profile-a-l/amule.profile
@@ -6,7 +6,7 @@ include amule.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.aMule 9noblacklist ${HOME}/.aMule
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc
16include disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.aMule 18mkdir ${HOME}/.aMule
19allow ${DOWNLOADS} 19whitelist ${DOWNLOADS}
20allow ${HOME}/.aMule 20whitelist ${HOME}/.aMule
21include whitelist-common.inc 21include whitelist-common.inc
22 22
23caps.drop all 23caps.drop all
diff --git a/etc/profile-a-l/android-studio.profile b/etc/profile-a-l/android-studio.profile
index 5bf6ed773..5a21744cf 100644
--- a/etc/profile-a-l/android-studio.profile
+++ b/etc/profile-a-l/android-studio.profile
@@ -5,13 +5,13 @@ include android-studio.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/Google 8noblacklist ${HOME}/.config/Google
9nodeny ${HOME}/.AndroidStudio* 9noblacklist ${HOME}/.AndroidStudio*
10nodeny ${HOME}/.android 10noblacklist ${HOME}/.android
11nodeny ${HOME}/.jack-server 11noblacklist ${HOME}/.jack-server
12nodeny ${HOME}/.jack-settings 12noblacklist ${HOME}/.jack-settings
13nodeny ${HOME}/.local/share/JetBrains 13noblacklist ${HOME}/.local/share/JetBrains
14nodeny ${HOME}/.tooling 14noblacklist ${HOME}/.tooling
15 15
16# Allows files commonly used by IDEs 16# Allows files commonly used by IDEs
17include allow-common-devel.inc 17include allow-common-devel.inc
diff --git a/etc/profile-a-l/anki.profile b/etc/profile-a-l/anki.profile
index c1aa18ff3..13bb01ce2 100644
--- a/etc/profile-a-l/anki.profile
+++ b/etc/profile-a-l/anki.profile
@@ -6,8 +6,8 @@ include anki.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10nodeny ${HOME}/.local/share/Anki2 10noblacklist ${HOME}/.local/share/Anki2
11 11
12# Allow python (blacklisted by disable-interpreters.inc) 12# Allow python (blacklisted by disable-interpreters.inc)
13include allow-python2.inc 13include allow-python2.inc
@@ -23,8 +23,8 @@ include disable-shell.inc
23include disable-xdg.inc 23include disable-xdg.inc
24 24
25mkdir ${HOME}/.local/share/Anki2 25mkdir ${HOME}/.local/share/Anki2
26allow ${DOCUMENTS} 26whitelist ${DOCUMENTS}
27allow ${HOME}/.local/share/Anki2 27whitelist ${HOME}/.local/share/Anki2
28include whitelist-common.inc 28include whitelist-common.inc
29include whitelist-var-common.inc 29include whitelist-var-common.inc
30 30
diff --git a/etc/profile-a-l/anydesk.profile b/etc/profile-a-l/anydesk.profile
index cb30ed8da..fdaf10259 100644
--- a/etc/profile-a-l/anydesk.profile
+++ b/etc/profile-a-l/anydesk.profile
@@ -5,7 +5,7 @@ include anydesk.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.anydesk 8noblacklist ${HOME}/.anydesk
9 9
10include disable-common.inc 10include disable-common.inc
11include disable-devel.inc 11include disable-devel.inc
@@ -15,7 +15,7 @@ include disable-programs.inc
15include disable-shell.inc 15include disable-shell.inc
16 16
17mkdir ${HOME}/.anydesk 17mkdir ${HOME}/.anydesk
18allow ${HOME}/.anydesk 18whitelist ${HOME}/.anydesk
19include whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
diff --git a/etc/profile-a-l/aosp.profile b/etc/profile-a-l/aosp.profile
index d647a4657..e7b09283e 100644
--- a/etc/profile-a-l/aosp.profile
+++ b/etc/profile-a-l/aosp.profile
@@ -5,13 +5,13 @@ include aosp.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.android 8noblacklist ${HOME}/.android
9nodeny ${HOME}/.bash_history 9noblacklist ${HOME}/.bash_history
10nodeny ${HOME}/.jack-server 10noblacklist ${HOME}/.jack-server
11nodeny ${HOME}/.jack-settings 11noblacklist ${HOME}/.jack-settings
12nodeny ${HOME}/.repo_.gitconfig.json 12noblacklist ${HOME}/.repo_.gitconfig.json
13nodeny ${HOME}/.repoconfig 13noblacklist ${HOME}/.repoconfig
14nodeny ${HOME}/.tooling 14noblacklist ${HOME}/.tooling
15 15
16# Allows files commonly used by IDEs 16# Allows files commonly used by IDEs
17include allow-common-devel.inc 17include allow-common-devel.inc
diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile
index 020ae2812..01566314f 100644
--- a/etc/profile-a-l/apostrophe.profile
+++ b/etc/profile-a-l/apostrophe.profile
@@ -6,9 +6,9 @@ include apostrophe.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.texlive20* 9noblacklist ${HOME}/.texlive20*
10nodeny ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11nodeny ${PICTURES} 11noblacklist ${PICTURES}
12 12
13# Allow lua (blacklisted by disable-interpreters.inc) 13# Allow lua (blacklisted by disable-interpreters.inc)
14include allow-lua.inc 14include allow-lua.inc
@@ -31,12 +31,12 @@ include disable-programs.inc
31include disable-shell.inc 31include disable-shell.inc
32include disable-xdg.inc 32include disable-xdg.inc
33 33
34allow /usr/libexec/webkit2gtk-4.0 34whitelist /usr/libexec/webkit2gtk-4.0
35allow /usr/share/apostrophe 35whitelist /usr/share/apostrophe
36allow /usr/share/texlive 36whitelist /usr/share/texlive
37allow /usr/share/texmf 37whitelist /usr/share/texmf
38allow /usr/share/pandoc-* 38whitelist /usr/share/pandoc-*
39allow /usr/share/perl5 39whitelist /usr/share/perl5
40include whitelist-runuser-common.inc 40include whitelist-runuser-common.inc
41include whitelist-usr-share-common.inc 41include whitelist-usr-share-common.inc
42include whitelist-var-common.inc 42include whitelist-var-common.inc
diff --git a/etc/profile-a-l/arch-audit.profile b/etc/profile-a-l/arch-audit.profile
index 8c71dd574..accabb6f5 100644
--- a/etc/profile-a-l/arch-audit.profile
+++ b/etc/profile-a-l/arch-audit.profile
@@ -7,7 +7,7 @@ include arch-audit.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny /var/lib/pacman 10noblacklist /var/lib/pacman
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-programs.inc
18include disable-shell.inc 18include disable-shell.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21allow /usr/share/arch-audit 21whitelist /usr/share/arch-audit
22include whitelist-usr-share-common.inc 22include whitelist-usr-share-common.inc
23 23
24apparmor 24apparmor
diff --git a/etc/profile-a-l/archaudit-report.profile b/etc/profile-a-l/archaudit-report.profile
index 0915ede33..19c37f90e 100644
--- a/etc/profile-a-l/archaudit-report.profile
+++ b/etc/profile-a-l/archaudit-report.profile
@@ -6,7 +6,7 @@ include archaudit-report.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny /var/lib/pacman 9noblacklist /var/lib/pacman
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-a-l/archiver-common.profile b/etc/profile-a-l/archiver-common.profile
index 5b859ceb1..1fab4606b 100644
--- a/etc/profile-a-l/archiver-common.profile
+++ b/etc/profile-a-l/archiver-common.profile
@@ -4,7 +4,7 @@ include archiver-common.local
4 4
5# common profile for archiver/compression tools 5# common profile for archiver/compression tools
6 6
7deny ${RUNUSER} 7blacklist ${RUNUSER}
8 8
9# Comment/uncomment the relevant include file(s) in your archiver-common.local 9# Comment/uncomment the relevant include file(s) in your archiver-common.local
10# to (un)restrict file access for **all** archivers. Another option is to do this **per archiver** 10# to (un)restrict file access for **all** archivers. Another option is to do this **per archiver**
diff --git a/etc/profile-a-l/ardour5.profile b/etc/profile-a-l/ardour5.profile
index 960948afc..84b1d6c18 100644
--- a/etc/profile-a-l/ardour5.profile
+++ b/etc/profile-a-l/ardour5.profile
@@ -5,12 +5,12 @@ include ardour5.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/ardour4 8noblacklist ${HOME}/.config/ardour4
9nodeny ${HOME}/.config/ardour5 9noblacklist ${HOME}/.config/ardour5
10nodeny ${HOME}/.lv2 10noblacklist ${HOME}/.lv2
11nodeny ${HOME}/.vst 11noblacklist ${HOME}/.vst
12nodeny ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
13nodeny ${MUSIC} 13noblacklist ${MUSIC}
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
diff --git a/etc/profile-a-l/arduino.profile b/etc/profile-a-l/arduino.profile
index 88f14fbfe..fd1ca9a09 100644
--- a/etc/profile-a-l/arduino.profile
+++ b/etc/profile-a-l/arduino.profile
@@ -6,9 +6,9 @@ include arduino.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.arduino15 9noblacklist ${HOME}/.arduino15
10nodeny ${HOME}/Arduino 10noblacklist ${HOME}/Arduino
11nodeny ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13# Allow java (blacklisted by disable-devel.inc) 13# Allow java (blacklisted by disable-devel.inc)
14include allow-java.inc 14include allow-java.inc
diff --git a/etc/profile-a-l/aria2c.profile b/etc/profile-a-l/aria2c.profile
index be56011f0..22b8ecd65 100644
--- a/etc/profile-a-l/aria2c.profile
+++ b/etc/profile-a-l/aria2c.profile
@@ -6,12 +6,12 @@ include aria2c.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.aria2 9noblacklist ${HOME}/.aria2
10nodeny ${HOME}/.config/aria2 10noblacklist ${HOME}/.config/aria2
11nodeny ${HOME}/.netrc 11noblacklist ${HOME}/.netrc
12 12
13deny /tmp/.X11-unix 13blacklist /tmp/.X11-unix
14deny ${RUNUSER}/wayland-* 14blacklist ${RUNUSER}/wayland-*
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
diff --git a/etc/profile-a-l/ark.profile b/etc/profile-a-l/ark.profile
index 031c57080..a63dd8f5f 100644
--- a/etc/profile-a-l/ark.profile
+++ b/etc/profile-a-l/ark.profile
@@ -6,8 +6,8 @@ include ark.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/arkrc 9noblacklist ${HOME}/.config/arkrc
10nodeny ${HOME}/.local/share/kxmlgui5/ark 10noblacklist ${HOME}/.local/share/kxmlgui5/ark
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-interpreters.inc
16include disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include disable-programs.inc 17include disable-programs.inc
18 18
19allow /usr/share/ark 19whitelist /usr/share/ark
20include whitelist-usr-share-common.inc 20include whitelist-usr-share-common.inc
21include whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
diff --git a/etc/profile-a-l/arm.profile b/etc/profile-a-l/arm.profile
index 9ed8076be..2c8b630ce 100644
--- a/etc/profile-a-l/arm.profile
+++ b/etc/profile-a-l/arm.profile
@@ -6,7 +6,7 @@ include arm.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.arm 9noblacklist ${HOME}/.arm
10 10
11# Allow python (blacklisted by disable-interpreters.inc) 11# Allow python (blacklisted by disable-interpreters.inc)
12include allow-python2.inc 12include allow-python2.inc
@@ -20,7 +20,7 @@ include disable-passwdmgr.inc
20include disable-programs.inc 20include disable-programs.inc
21 21
22mkdir ${HOME}/.arm 22mkdir ${HOME}/.arm
23allow ${HOME}/.arm 23whitelist ${HOME}/.arm
24include whitelist-common.inc 24include whitelist-common.inc
25 25
26caps.drop all 26caps.drop all
diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile
index 7cfac4915..fab72b7d3 100644
--- a/etc/profile-a-l/artha.profile
+++ b/etc/profile-a-l/artha.profile
@@ -6,12 +6,12 @@ include artha.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/artha.conf 9noblacklist ${HOME}/.config/artha.conf
10nodeny ${HOME}/.config/artha.log 10noblacklist ${HOME}/.config/artha.log
11nodeny ${HOME}/.config/enchant 11noblacklist ${HOME}/.config/enchant
12 12
13deny /tmp/.X11-unix 13blacklist /tmp/.X11-unix
14deny ${RUNUSER}/wayland-* 14blacklist ${RUNUSER}/wayland-*
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
@@ -28,8 +28,8 @@ include disable-xdg.inc
28#whitelist ${HOME}/.config/artha.conf 28#whitelist ${HOME}/.config/artha.conf
29#whitelist ${HOME}/.config/artha.log 29#whitelist ${HOME}/.config/artha.log
30#whitelist ${HOME}/.config/enchant 30#whitelist ${HOME}/.config/enchant
31allow /usr/share/artha 31whitelist /usr/share/artha
32allow /usr/share/wordnet 32whitelist /usr/share/wordnet
33#include whitelist-common.inc 33#include whitelist-common.inc
34include whitelist-usr-share-common.inc 34include whitelist-usr-share-common.inc
35include whitelist-var-common.inc 35include whitelist-var-common.inc
diff --git a/etc/profile-a-l/assogiate.profile b/etc/profile-a-l/assogiate.profile
index f2251c210..977fe30a4 100644
--- a/etc/profile-a-l/assogiate.profile
+++ b/etc/profile-a-l/assogiate.profile
@@ -6,7 +6,7 @@ include assogiate.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${PICTURES} 9noblacklist ${PICTURES}
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
17include disable-shell.inc 17include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20allow ${PICTURES} 20whitelist ${PICTURES}
21include whitelist-common.inc 21include whitelist-common.inc
22include whitelist-usr-share-common.inc 22include whitelist-usr-share-common.inc
23include whitelist-var-common.inc 23include whitelist-var-common.inc
diff --git a/etc/profile-a-l/asunder.profile b/etc/profile-a-l/asunder.profile
index e65072266..c97fd691a 100644
--- a/etc/profile-a-l/asunder.profile
+++ b/etc/profile-a-l/asunder.profile
@@ -6,11 +6,11 @@ include asunder.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/asunder 9noblacklist ${HOME}/.config/asunder
10nodeny ${HOME}/.asunder_album_genre 10noblacklist ${HOME}/.asunder_album_genre
11nodeny ${HOME}/.asunder_album_title 11noblacklist ${HOME}/.asunder_album_title
12nodeny ${HOME}/.asunder_album_artist 12noblacklist ${HOME}/.asunder_album_artist
13nodeny ${MUSIC} 13noblacklist ${MUSIC}
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
diff --git a/etc/profile-a-l/atom.profile b/etc/profile-a-l/atom.profile
index ea3038537..5f237ac59 100644
--- a/etc/profile-a-l/atom.profile
+++ b/etc/profile-a-l/atom.profile
@@ -18,8 +18,8 @@ ignore include whitelist-var-common.inc
18ignore apparmor 18ignore apparmor
19ignore disable-mnt 19ignore disable-mnt
20 20
21nodeny ${HOME}/.atom 21noblacklist ${HOME}/.atom
22nodeny ${HOME}/.config/Atom 22noblacklist ${HOME}/.config/Atom
23 23
24# Allows files commonly used by IDEs 24# Allows files commonly used by IDEs
25include allow-common-devel.inc 25include allow-common-devel.inc
diff --git a/etc/profile-a-l/atril.profile b/etc/profile-a-l/atril.profile
index 8ae8617cf..1c3ed66ff 100644
--- a/etc/profile-a-l/atril.profile
+++ b/etc/profile-a-l/atril.profile
@@ -6,9 +6,9 @@ include atril.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/atril 9noblacklist ${HOME}/.cache/atril
10nodeny ${HOME}/.config/atril 10noblacklist ${HOME}/.config/atril
11nodeny ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13#noblacklist ${HOME}/.local/share 13#noblacklist ${HOME}/.local/share
14# it seems to use only ${HOME}/.local/share/webkitgtk 14# it seems to use only ${HOME}/.local/share/webkitgtk
diff --git a/etc/profile-a-l/audacious.profile b/etc/profile-a-l/audacious.profile
index 53baf0a2a..f9f209786 100644
--- a/etc/profile-a-l/audacious.profile
+++ b/etc/profile-a-l/audacious.profile
@@ -6,9 +6,9 @@ include audacious.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/Audaciousrc 9noblacklist ${HOME}/.config/Audaciousrc
10nodeny ${HOME}/.config/audacious 10noblacklist ${HOME}/.config/audacious
11nodeny ${MUSIC} 11noblacklist ${MUSIC}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile
index c244846e1..a2de8436a 100644
--- a/etc/profile-a-l/audacity.profile
+++ b/etc/profile-a-l/audacity.profile
@@ -6,9 +6,9 @@ include audacity.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.audacity-data 9noblacklist ${HOME}/.audacity-data
10nodeny ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11nodeny ${MUSIC} 11noblacklist ${MUSIC}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-a-l/audio-recorder.profile b/etc/profile-a-l/audio-recorder.profile
index 534792cc6..2c7fdc812 100644
--- a/etc/profile-a-l/audio-recorder.profile
+++ b/etc/profile-a-l/audio-recorder.profile
@@ -7,7 +7,7 @@ include audio-recorder.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${MUSIC} 10noblacklist ${MUSIC}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -17,10 +17,10 @@ include disable-passwdmgr.inc
17include disable-programs.inc 17include disable-programs.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20allow ${MUSIC} 20whitelist ${MUSIC}
21allow ${DOWNLOADS} 21whitelist ${DOWNLOADS}
22allow /usr/share/audio-recorder 22whitelist /usr/share/audio-recorder
23allow /usr/share/gstreamer-1.0 23whitelist /usr/share/gstreamer-1.0
24include whitelist-common.inc 24include whitelist-common.inc
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
26include whitelist-var-common.inc 26include whitelist-var-common.inc
diff --git a/etc/profile-a-l/authenticator-rs.profile b/etc/profile-a-l/authenticator-rs.profile
index 0d6eb6a21..2ebe35dd5 100644
--- a/etc/profile-a-l/authenticator-rs.profile
+++ b/etc/profile-a-l/authenticator-rs.profile
@@ -6,7 +6,7 @@ include authenticator-rs.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.local/share/authenticator-rs 9noblacklist ${HOME}/.local/share/authenticator-rs
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.local/share/authenticator-rs 20mkdir ${HOME}/.local/share/authenticator-rs
21allow ${HOME}/.local/share/authenticator-rs 21whitelist ${HOME}/.local/share/authenticator-rs
22allow ${DOWNLOADS} 22whitelist ${DOWNLOADS}
23allow /usr/share/uk.co.grumlimited.authenticator-rs 23whitelist /usr/share/uk.co.grumlimited.authenticator-rs
24include whitelist-common.inc 24include whitelist-common.inc
25include whitelist-runuser-common.inc 25include whitelist-runuser-common.inc
26include whitelist-usr-share-common.inc 26include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/authenticator.profile b/etc/profile-a-l/authenticator.profile
index 55d967e3e..42d9cd56a 100644
--- a/etc/profile-a-l/authenticator.profile
+++ b/etc/profile-a-l/authenticator.profile
@@ -6,8 +6,8 @@ include authenticator.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/Authenticator 9noblacklist ${HOME}/.cache/Authenticator
10nodeny ${HOME}/.config/Authenticator 10noblacklist ${HOME}/.config/Authenticator
11 11
12# Allow python (blacklisted by disable-interpreters.inc) 12# Allow python (blacklisted by disable-interpreters.inc)
13#include allow-python2.inc 13#include allow-python2.inc
diff --git a/etc/profile-a-l/autokey-common.profile b/etc/profile-a-l/autokey-common.profile
index a5b3b22f6..891928e5a 100644
--- a/etc/profile-a-l/autokey-common.profile
+++ b/etc/profile-a-l/autokey-common.profile
@@ -7,8 +7,8 @@ include autokey-common.local
7# added by caller profile 7# added by caller profile
8#include globals.local 8#include globals.local
9 9
10nodeny ${HOME}/.config/autokey 10noblacklist ${HOME}/.config/autokey
11nodeny ${HOME}/.local/share/autokey 11noblacklist ${HOME}/.local/share/autokey
12 12
13# Allow python (blacklisted by disable-interpreters.inc) 13# Allow python (blacklisted by disable-interpreters.inc)
14include allow-python2.inc 14include allow-python2.inc
diff --git a/etc/profile-a-l/avidemux.profile b/etc/profile-a-l/avidemux.profile
index 0feb05d75..1ecc03da1 100644
--- a/etc/profile-a-l/avidemux.profile
+++ b/etc/profile-a-l/avidemux.profile
@@ -5,9 +5,9 @@ include avidemux.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.avidemux6 8noblacklist ${HOME}/.avidemux6
9nodeny ${HOME}/.config/avidemux3_qt5rc 9noblacklist ${HOME}/.config/avidemux3_qt5rc
10nodeny ${VIDEOS} 10noblacklist ${VIDEOS}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
20 20
21mkdir ${HOME}/.avidemux6 21mkdir ${HOME}/.avidemux6
22mkdir ${HOME}/.config/avidemux3_qt5rc 22mkdir ${HOME}/.config/avidemux3_qt5rc
23allow ${HOME}/.avidemux6 23whitelist ${HOME}/.avidemux6
24allow ${HOME}/.config/avidemux3_qt5rc 24whitelist ${HOME}/.config/avidemux3_qt5rc
25allow ${VIDEOS} 25whitelist ${VIDEOS}
26include whitelist-common.inc 26include whitelist-common.inc
27include whitelist-runuser-common.inc 27include whitelist-runuser-common.inc
28include whitelist-usr-share-common.inc 28include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/aweather.profile b/etc/profile-a-l/aweather.profile
index abe9fdb24..a57ad4014 100644
--- a/etc/profile-a-l/aweather.profile
+++ b/etc/profile-a-l/aweather.profile
@@ -6,7 +6,7 @@ include aweather.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/aweather 9noblacklist ${HOME}/.config/aweather
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-programs.inc
16include disable-shell.inc 16include disable-shell.inc
17 17
18mkdir ${HOME}/.config/aweather 18mkdir ${HOME}/.config/aweather
19allow ${HOME}/.config/aweather 19whitelist ${HOME}/.config/aweather
20include whitelist-common.inc 20include whitelist-common.inc
21include whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
diff --git a/etc/profile-a-l/awesome.profile b/etc/profile-a-l/awesome.profile
index 58f4f5e96..5d1bf5071 100644
--- a/etc/profile-a-l/awesome.profile
+++ b/etc/profile-a-l/awesome.profile
@@ -7,7 +7,7 @@ include awesome.local
7include globals.local 7include globals.local
8 8
9# all applications started in awesome will run in this profile 9# all applications started in awesome will run in this profile
10nodeny ${HOME}/.config/awesome 10noblacklist ${HOME}/.config/awesome
11include disable-common.inc 11include disable-common.inc
12 12
13caps.drop all 13caps.drop all
diff --git a/etc/profile-a-l/ballbuster.profile b/etc/profile-a-l/ballbuster.profile
index 46bb0b44e..3952921a3 100644
--- a/etc/profile-a-l/ballbuster.profile
+++ b/etc/profile-a-l/ballbuster.profile
@@ -6,7 +6,7 @@ include ballbuster.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.ballbuster.hs 9noblacklist ${HOME}/.ballbuster.hs
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkfile ${HOME}/.ballbuster.hs 20mkfile ${HOME}/.ballbuster.hs
21allow ${HOME}/.ballbuster.hs 21whitelist ${HOME}/.ballbuster.hs
22allow /usr/share/ballbuster 22whitelist /usr/share/ballbuster
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-runuser-common.inc 24include whitelist-runuser-common.inc
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/baloo_file.profile b/etc/profile-a-l/baloo_file.profile
index 2b10883f7..fe86d9b80 100644
--- a/etc/profile-a-l/baloo_file.profile
+++ b/etc/profile-a-l/baloo_file.profile
@@ -12,12 +12,12 @@ include globals.local
12# read-write ${HOME}/.local/share/baloo 12# read-write ${HOME}/.local/share/baloo
13# ignore read-write 13# ignore read-write
14 14
15nodeny ${HOME}/.config/baloofilerc 15noblacklist ${HOME}/.config/baloofilerc
16nodeny ${HOME}/.kde/share/config/baloofilerc 16noblacklist ${HOME}/.kde/share/config/baloofilerc
17nodeny ${HOME}/.kde/share/config/baloorc 17noblacklist ${HOME}/.kde/share/config/baloorc
18nodeny ${HOME}/.kde4/share/config/baloofilerc 18noblacklist ${HOME}/.kde4/share/config/baloofilerc
19nodeny ${HOME}/.kde4/share/config/baloorc 19noblacklist ${HOME}/.kde4/share/config/baloorc
20nodeny ${HOME}/.local/share/baloo 20noblacklist ${HOME}/.local/share/baloo
21 21
22include disable-common.inc 22include disable-common.inc
23include disable-devel.inc 23include disable-devel.inc
diff --git a/etc/profile-a-l/balsa.profile b/etc/profile-a-l/balsa.profile
index 1e74443aa..8c69652c5 100644
--- a/etc/profile-a-l/balsa.profile
+++ b/etc/profile-a-l/balsa.profile
@@ -6,13 +6,13 @@ include balsa.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.balsa 9noblacklist ${HOME}/.balsa
10nodeny ${HOME}/.gnupg 10noblacklist ${HOME}/.gnupg
11nodeny ${HOME}/.mozilla 11noblacklist ${HOME}/.mozilla
12nodeny ${HOME}/.signature 12noblacklist ${HOME}/.signature
13nodeny ${HOME}/mail 13noblacklist ${HOME}/mail
14nodeny /var/mail 14noblacklist /var/mail
15nodeny /var/spool/mail 15noblacklist /var/spool/mail
16 16
17include disable-common.inc 17include disable-common.inc
18include disable-devel.inc 18include disable-devel.inc
@@ -27,17 +27,17 @@ mkdir ${HOME}/.balsa
27mkdir ${HOME}/.gnupg 27mkdir ${HOME}/.gnupg
28mkfile ${HOME}/.signature 28mkfile ${HOME}/.signature
29mkdir ${HOME}/mail 29mkdir ${HOME}/mail
30allow ${HOME}/.balsa 30whitelist ${HOME}/.balsa
31allow ${HOME}/.gnupg 31whitelist ${HOME}/.gnupg
32allow ${HOME}/.mozilla/firefox/profiles.ini 32whitelist ${HOME}/.mozilla/firefox/profiles.ini
33allow ${HOME}/.signature 33whitelist ${HOME}/.signature
34allow ${HOME}/mail 34whitelist ${HOME}/mail
35allow ${RUNUSER}/gnupg 35whitelist ${RUNUSER}/gnupg
36allow /usr/share/balsa 36whitelist /usr/share/balsa
37allow /usr/share/gnupg 37whitelist /usr/share/gnupg
38allow /usr/share/gnupg2 38whitelist /usr/share/gnupg2
39allow /var/mail 39whitelist /var/mail
40allow /var/spool/mail 40whitelist /var/spool/mail
41include whitelist-common.inc 41include whitelist-common.inc
42include whitelist-runuser-common.inc 42include whitelist-runuser-common.inc
43include whitelist-usr-share-common.inc 43include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/barrier.profile b/etc/profile-a-l/barrier.profile
index fcea9b3ba..7b50e9199 100644
--- a/etc/profile-a-l/barrier.profile
+++ b/etc/profile-a-l/barrier.profile
@@ -6,9 +6,9 @@ include barrier.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/Debauchee/Barrier.conf 9noblacklist ${HOME}/.config/Debauchee/Barrier.conf
10nodeny ${HOME}/.local/share/barrier 10noblacklist ${HOME}/.local/share/barrier
11nodeny ${PATH}/openssl 11noblacklist ${PATH}/openssl
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-a-l/basilisk.profile b/etc/profile-a-l/basilisk.profile
index 547c67fc8..8dc3847a0 100644
--- a/etc/profile-a-l/basilisk.profile
+++ b/etc/profile-a-l/basilisk.profile
@@ -5,13 +5,13 @@ include basilisk.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.cache/moonchild productions/basilisk 8noblacklist ${HOME}/.cache/moonchild productions/basilisk
9nodeny ${HOME}/.moonchild productions/basilisk 9noblacklist ${HOME}/.moonchild productions/basilisk
10 10
11mkdir ${HOME}/.cache/moonchild productions/basilisk 11mkdir ${HOME}/.cache/moonchild productions/basilisk
12mkdir ${HOME}/.moonchild productions 12mkdir ${HOME}/.moonchild productions
13allow ${HOME}/.cache/moonchild productions/basilisk 13whitelist ${HOME}/.cache/moonchild productions/basilisk
14allow ${HOME}/.moonchild productions 14whitelist ${HOME}/.moonchild productions
15 15
16# Basilisk can use the full firejail seccomp filter (unlike firefox >= 60) 16# Basilisk can use the full firejail seccomp filter (unlike firefox >= 60)
17seccomp 17seccomp
diff --git a/etc/profile-a-l/bcompare.profile b/etc/profile-a-l/bcompare.profile
index a1d2b1e73..3ecaea7fe 100644
--- a/etc/profile-a-l/bcompare.profile
+++ b/etc/profile-a-l/bcompare.profile
@@ -7,10 +7,10 @@ include bcompare.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${HOME}/.config/bcompare 10noblacklist ${HOME}/.config/bcompare
11# In case the user decides to include disable-programs.inc, still allow 11# In case the user decides to include disable-programs.inc, still allow
12# KDE's Gwenview to view images via right click -> Open With -> Associated Application 12# KDE's Gwenview to view images via right click -> Open With -> Associated Application
13nodeny ${HOME}/.config/gwenviewrc 13noblacklist ${HOME}/.config/gwenviewrc
14 14
15# Add the next line to your bcompare.local if you don't need to compare files in disable-common.inc. 15# Add the next line to your bcompare.local if you don't need to compare files in disable-common.inc.
16#include disable-common.inc 16#include disable-common.inc
diff --git a/etc/profile-a-l/beaker.profile b/etc/profile-a-l/beaker.profile
index 588f460a8..f3a9568bd 100644
--- a/etc/profile-a-l/beaker.profile
+++ b/etc/profile-a-l/beaker.profile
@@ -19,10 +19,10 @@ ignore private-cache
19ignore private-dev 19ignore private-dev
20ignore private-tmp 20ignore private-tmp
21 21
22nodeny ${HOME}/.config/Beaker Browser 22noblacklist ${HOME}/.config/Beaker Browser
23 23
24mkdir ${HOME}/.config/Beaker Browser 24mkdir ${HOME}/.config/Beaker Browser
25allow ${HOME}/.config/Beaker Browser 25whitelist ${HOME}/.config/Beaker Browser
26 26
27# Redirect 27# Redirect
28include electron.profile 28include electron.profile
diff --git a/etc/profile-a-l/bibletime.profile b/etc/profile-a-l/bibletime.profile
index 717d7258d..c7a82afbd 100644
--- a/etc/profile-a-l/bibletime.profile
+++ b/etc/profile-a-l/bibletime.profile
@@ -6,11 +6,11 @@ include bibletime.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.bibletime 9noblacklist ${HOME}/.bibletime
10nodeny ${HOME}/.sword 10noblacklist ${HOME}/.sword
11nodeny ${HOME}/.local/share/bibletime 11noblacklist ${HOME}/.local/share/bibletime
12 12
13deny ${HOME}/.bashrc 13blacklist ${HOME}/.bashrc
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
@@ -22,12 +22,12 @@ include disable-programs.inc
22mkdir ${HOME}/.bibletime 22mkdir ${HOME}/.bibletime
23mkdir ${HOME}/.sword 23mkdir ${HOME}/.sword
24mkdir ${HOME}/.local/share/bibletime 24mkdir ${HOME}/.local/share/bibletime
25allow ${HOME}/.bibletime 25whitelist ${HOME}/.bibletime
26allow ${HOME}/.sword 26whitelist ${HOME}/.sword
27allow ${HOME}/.local/share/bibletime 27whitelist ${HOME}/.local/share/bibletime
28allow /usr/share/bibletime 28whitelist /usr/share/bibletime
29allow /usr/share/doc/bibletime 29whitelist /usr/share/doc/bibletime
30allow /usr/share/sword 30whitelist /usr/share/sword
31include whitelist-common.inc 31include whitelist-common.inc
32include whitelist-usr-share-common.inc 32include whitelist-usr-share-common.inc
33include whitelist-var-common.inc 33include whitelist-var-common.inc
diff --git a/etc/profile-a-l/bijiben.profile b/etc/profile-a-l/bijiben.profile
index b02fcc3e0..854fe5cb9 100644
--- a/etc/profile-a-l/bijiben.profile
+++ b/etc/profile-a-l/bijiben.profile
@@ -6,7 +6,7 @@ include bijiben.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.local/share/bijiben 9noblacklist ${HOME}/.local/share/bijiben
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,12 +18,12 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.local/share/bijiben 20mkdir ${HOME}/.local/share/bijiben
21allow ${HOME}/.local/share/bijiben 21whitelist ${HOME}/.local/share/bijiben
22allow ${HOME}/.cache/tracker 22whitelist ${HOME}/.cache/tracker
23allow /usr/libexec/webkit2gtk-4.0 23whitelist /usr/libexec/webkit2gtk-4.0
24allow /usr/share/bijiben 24whitelist /usr/share/bijiben
25allow /usr/share/tracker 25whitelist /usr/share/tracker
26allow /usr/share/tracker3 26whitelist /usr/share/tracker3
27include whitelist-common.inc 27include whitelist-common.inc
28include whitelist-runuser-common.inc 28include whitelist-runuser-common.inc
29include whitelist-usr-share-common.inc 29include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/bitcoin-qt.profile b/etc/profile-a-l/bitcoin-qt.profile
index c4ec0f820..932db9b73 100644
--- a/etc/profile-a-l/bitcoin-qt.profile
+++ b/etc/profile-a-l/bitcoin-qt.profile
@@ -6,8 +6,8 @@ include bitcoin-qt.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.bitcoin 9noblacklist ${HOME}/.bitcoin
10nodeny ${HOME}/.config/Bitcoin 10noblacklist ${HOME}/.config/Bitcoin
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-shell.inc
19 19
20mkdir ${HOME}/.bitcoin 20mkdir ${HOME}/.bitcoin
21mkdir ${HOME}/.config/Bitcoin 21mkdir ${HOME}/.config/Bitcoin
22allow ${HOME}/.bitcoin 22whitelist ${HOME}/.bitcoin
23allow ${HOME}/.config/Bitcoin 23whitelist ${HOME}/.config/Bitcoin
24include whitelist-common.inc 24include whitelist-common.inc
25include whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
diff --git a/etc/profile-a-l/bitlbee.profile b/etc/profile-a-l/bitlbee.profile
index 0f000b26b..dd7651979 100644
--- a/etc/profile-a-l/bitlbee.profile
+++ b/etc/profile-a-l/bitlbee.profile
@@ -8,8 +8,8 @@ include globals.local
8 8
9ignore noexec ${HOME} 9ignore noexec ${HOME}
10 10
11nodeny /sbin 11noblacklist /sbin
12nodeny /usr/sbin 12noblacklist /usr/sbin
13# noblacklist /var/log 13# noblacklist /var/log
14 14
15include disable-common.inc 15include disable-common.inc
diff --git a/etc/profile-a-l/bitwarden.profile b/etc/profile-a-l/bitwarden.profile
index 4b292d72a..ba2eb2ea7 100644
--- a/etc/profile-a-l/bitwarden.profile
+++ b/etc/profile-a-l/bitwarden.profile
@@ -11,12 +11,12 @@ ignore include whitelist-usr-share-common.inc
11 11
12ignore noexec /tmp 12ignore noexec /tmp
13 13
14nodeny ${HOME}/.config/Bitwarden 14noblacklist ${HOME}/.config/Bitwarden
15 15
16include disable-shell.inc 16include disable-shell.inc
17 17
18mkdir ${HOME}/.config/Bitwarden 18mkdir ${HOME}/.config/Bitwarden
19allow ${HOME}/.config/Bitwarden 19whitelist ${HOME}/.config/Bitwarden
20 20
21machine-id 21machine-id
22no3d 22no3d
diff --git a/etc/profile-a-l/blackbox.profile b/etc/profile-a-l/blackbox.profile
index 616ad6801..233f9a96f 100644
--- a/etc/profile-a-l/blackbox.profile
+++ b/etc/profile-a-l/blackbox.profile
@@ -7,7 +7,7 @@ include blackbox.local
7include globals.local 7include globals.local
8 8
9# all applications started in blackbox will run in this profile 9# all applications started in blackbox will run in this profile
10nodeny ${HOME}/.blackbox 10noblacklist ${HOME}/.blackbox
11include disable-common.inc 11include disable-common.inc
12 12
13caps.drop all 13caps.drop all
diff --git a/etc/profile-a-l/blender.profile b/etc/profile-a-l/blender.profile
index 8d0b5616f..701ae431e 100644
--- a/etc/profile-a-l/blender.profile
+++ b/etc/profile-a-l/blender.profile
@@ -6,7 +6,7 @@ include blender.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/blender 9noblacklist ${HOME}/.config/blender
10 10
11# Allow python (blacklisted by disable-interpreters.inc) 11# Allow python (blacklisted by disable-interpreters.inc)
12include allow-python2.inc 12include allow-python2.inc
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc
20include disable-programs.inc 20include disable-programs.inc
21 21
22# Allow usage of AMD GPU by OpenCL 22# Allow usage of AMD GPU by OpenCL
23nodeny /sys/module 23noblacklist /sys/module
24allow /sys/module/amdgpu 24whitelist /sys/module/amdgpu
25read-only /sys/module/amdgpu 25read-only /sys/module/amdgpu
26 26
27caps.drop all 27caps.drop all
diff --git a/etc/profile-a-l/bless.profile b/etc/profile-a-l/bless.profile
index ca5f96eee..80dc750f7 100644
--- a/etc/profile-a-l/bless.profile
+++ b/etc/profile-a-l/bless.profile
@@ -6,7 +6,7 @@ include bless.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/bless 9noblacklist ${HOME}/.config/bless
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile
index ee2a73b54..229c20293 100644
--- a/etc/profile-a-l/blobby.profile
+++ b/etc/profile-a-l/blobby.profile
@@ -4,7 +4,7 @@ include blobby.local
4# Persistent global definitions 4# Persistent global definitions
5include globals.local 5include globals.local
6 6
7nodeny ${HOME}/.blobby 7noblacklist ${HOME}/.blobby
8 8
9include disable-common.inc 9include disable-common.inc
10include disable-devel.inc 10include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-shell.inc
16include disable-xdg.inc 16include disable-xdg.inc
17 17
18mkdir ${HOME}/.blobby 18mkdir ${HOME}/.blobby
19allow ${HOME}/.blobby 19whitelist ${HOME}/.blobby
20include whitelist-common.inc 20include whitelist-common.inc
21allow /usr/share/blobby 21whitelist /usr/share/blobby
22include whitelist-usr-share-common.inc 22include whitelist-usr-share-common.inc
23include whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
diff --git a/etc/profile-a-l/blobwars.profile b/etc/profile-a-l/blobwars.profile
index e0be5261e..904710cb5 100644
--- a/etc/profile-a-l/blobwars.profile
+++ b/etc/profile-a-l/blobwars.profile
@@ -6,7 +6,7 @@ include blobwars.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.parallelrealities/blobwars 9noblacklist ${HOME}/.parallelrealities/blobwars
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.parallelrealities/blobwars 20mkdir ${HOME}/.parallelrealities/blobwars
21allow ${HOME}/.parallelrealities/blobwars 21whitelist ${HOME}/.parallelrealities/blobwars
22allow /usr/share/blobwars 22whitelist /usr/share/blobwars
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-usr-share-common.inc 24include whitelist-usr-share-common.inc
25include whitelist-var-common.inc 25include whitelist-var-common.inc
diff --git a/etc/profile-a-l/bnox.profile b/etc/profile-a-l/bnox.profile
index dcfd5d8d2..6e8f0d7d1 100644
--- a/etc/profile-a-l/bnox.profile
+++ b/etc/profile-a-l/bnox.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
10ignore include whitelist-runuser-common.inc 10ignore include whitelist-runuser-common.inc
11ignore include whitelist-usr-share-common.inc 11ignore include whitelist-usr-share-common.inc
12 12
13nodeny ${HOME}/.cache/bnox 13noblacklist ${HOME}/.cache/bnox
14nodeny ${HOME}/.config/bnox 14noblacklist ${HOME}/.config/bnox
15 15
16mkdir ${HOME}/.cache/bnox 16mkdir ${HOME}/.cache/bnox
17mkdir ${HOME}/.config/bnox 17mkdir ${HOME}/.config/bnox
18allow ${HOME}/.cache/bnox 18whitelist ${HOME}/.cache/bnox
19allow ${HOME}/.config/bnox 19whitelist ${HOME}/.config/bnox
20 20
21# Redirect 21# Redirect
22include chromium-common.profile 22include chromium-common.profile
diff --git a/etc/profile-a-l/brackets.profile b/etc/profile-a-l/brackets.profile
index a14bb8fef..0cbac049a 100644
--- a/etc/profile-a-l/brackets.profile
+++ b/etc/profile-a-l/brackets.profile
@@ -5,7 +5,7 @@ include brackets.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/Brackets 8noblacklist ${HOME}/.config/Brackets
9#noblacklist /opt/brackets 9#noblacklist /opt/brackets
10#noblacklist /opt/google 10#noblacklist /opt/google
11 11
diff --git a/etc/profile-a-l/brasero.profile b/etc/profile-a-l/brasero.profile
index a78882409..417a6b3e0 100644
--- a/etc/profile-a-l/brasero.profile
+++ b/etc/profile-a-l/brasero.profile
@@ -6,7 +6,7 @@ include brasero.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/brasero 9noblacklist ${HOME}/.config/brasero
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-a-l/brave.profile b/etc/profile-a-l/brave.profile
index bc2d7a6a1..09548c761 100644
--- a/etc/profile-a-l/brave.profile
+++ b/etc/profile-a-l/brave.profile
@@ -14,24 +14,24 @@ ignore noexec /tmp
14# Alternatively you can add 'ignore apparmor' to your brave.local. 14# Alternatively you can add 'ignore apparmor' to your brave.local.
15ignore noexec ${HOME} 15ignore noexec ${HOME}
16 16
17nodeny ${HOME}/.cache/BraveSoftware 17noblacklist ${HOME}/.cache/BraveSoftware
18nodeny ${HOME}/.config/BraveSoftware 18noblacklist ${HOME}/.config/BraveSoftware
19nodeny ${HOME}/.config/brave 19noblacklist ${HOME}/.config/brave
20nodeny ${HOME}/.config/brave-flags.conf 20noblacklist ${HOME}/.config/brave-flags.conf
21# brave uses gpg for built-in password manager 21# brave uses gpg for built-in password manager
22nodeny ${HOME}/.gnupg 22noblacklist ${HOME}/.gnupg
23 23
24mkdir ${HOME}/.cache/BraveSoftware 24mkdir ${HOME}/.cache/BraveSoftware
25mkdir ${HOME}/.config/BraveSoftware 25mkdir ${HOME}/.config/BraveSoftware
26mkdir ${HOME}/.config/brave 26mkdir ${HOME}/.config/brave
27allow ${HOME}/.cache/BraveSoftware 27whitelist ${HOME}/.cache/BraveSoftware
28allow ${HOME}/.config/BraveSoftware 28whitelist ${HOME}/.config/BraveSoftware
29allow ${HOME}/.config/brave 29whitelist ${HOME}/.config/brave
30allow ${HOME}/.config/brave-flags.conf 30whitelist ${HOME}/.config/brave-flags.conf
31allow ${HOME}/.gnupg 31whitelist ${HOME}/.gnupg
32 32
33# Brave sandbox needs read access to /proc/config.gz 33# Brave sandbox needs read access to /proc/config.gz
34nodeny /proc/config.gz 34noblacklist /proc/config.gz
35 35
36# Redirect 36# Redirect
37include chromium-common.profile 37include chromium-common.profile
diff --git a/etc/profile-a-l/bzflag.profile b/etc/profile-a-l/bzflag.profile
index 62ca041c2..bda96bbb3 100644
--- a/etc/profile-a-l/bzflag.profile
+++ b/etc/profile-a-l/bzflag.profile
@@ -6,7 +6,7 @@ include bzflag.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.bzf 9noblacklist ${HOME}/.bzf
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.bzf 20mkdir ${HOME}/.bzf
21allow ${HOME}/.bzf 21whitelist ${HOME}/.bzf
22include whitelist-common.inc 22include whitelist-common.inc
23include whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
diff --git a/etc/profile-a-l/calibre.profile b/etc/profile-a-l/calibre.profile
index 99706620c..83571397b 100644
--- a/etc/profile-a-l/calibre.profile
+++ b/etc/profile-a-l/calibre.profile
@@ -6,9 +6,9 @@ include calibre.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/calibre 9noblacklist ${HOME}/.cache/calibre
10nodeny ${HOME}/.config/calibre 10noblacklist ${HOME}/.config/calibre
11nodeny ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-a-l/calligra.profile b/etc/profile-a-l/calligra.profile
index 36ecc06a0..fcff47662 100644
--- a/etc/profile-a-l/calligra.profile
+++ b/etc/profile-a-l/calligra.profile
@@ -6,7 +6,7 @@ include calligra.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.local/share/kxmlgui5/calligra 9noblacklist ${HOME}/.local/share/kxmlgui5/calligra
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-a-l/calligragemini.profile b/etc/profile-a-l/calligragemini.profile
index 76123c96a..006c307ab 100644
--- a/etc/profile-a-l/calligragemini.profile
+++ b/etc/profile-a-l/calligragemini.profile
@@ -6,7 +6,7 @@ include calligragemini.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.local/share/calligragemini 9noblacklist ${HOME}/.local/share/calligragemini
10 10
11# Redirect 11# Redirect
12include calligra.profile 12include calligra.profile
diff --git a/etc/profile-a-l/calligraplan.profile b/etc/profile-a-l/calligraplan.profile
index 5fb1e16da..81dbd4dcd 100644
--- a/etc/profile-a-l/calligraplan.profile
+++ b/etc/profile-a-l/calligraplan.profile
@@ -6,7 +6,7 @@ include calligraplan.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.local/share/kxmlgui5/calligraplan 9noblacklist ${HOME}/.local/share/kxmlgui5/calligraplan
10 10
11# Redirect 11# Redirect
12include calligra.profile 12include calligra.profile
diff --git a/etc/profile-a-l/calligraplanwork.profile b/etc/profile-a-l/calligraplanwork.profile
index c176bfea1..bba91b66b 100644
--- a/etc/profile-a-l/calligraplanwork.profile
+++ b/etc/profile-a-l/calligraplanwork.profile
@@ -6,7 +6,7 @@ include calligraplanwork.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.local/share/kxmlgui5/calligraplanwork 9noblacklist ${HOME}/.local/share/kxmlgui5/calligraplanwork
10 10
11# Redirect 11# Redirect
12include calligra.profile 12include calligra.profile
diff --git a/etc/profile-a-l/calligrasheets.profile b/etc/profile-a-l/calligrasheets.profile
index b7ac68945..7bc296047 100644
--- a/etc/profile-a-l/calligrasheets.profile
+++ b/etc/profile-a-l/calligrasheets.profile
@@ -6,7 +6,7 @@ include calligrasheets.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.local/share/kxmlgui5/calligrasheets 9noblacklist ${HOME}/.local/share/kxmlgui5/calligrasheets
10 10
11# Redirect 11# Redirect
12include calligra.profile 12include calligra.profile
diff --git a/etc/profile-a-l/calligrastage.profile b/etc/profile-a-l/calligrastage.profile
index 1258fec56..7694abbe4 100644
--- a/etc/profile-a-l/calligrastage.profile
+++ b/etc/profile-a-l/calligrastage.profile
@@ -6,7 +6,7 @@ include calligrastage.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.local/share/kxmlgui5/calligrastage 9noblacklist ${HOME}/.local/share/kxmlgui5/calligrastage
10 10
11# Redirect 11# Redirect
12include calligra.profile 12include calligra.profile
diff --git a/etc/profile-a-l/calligrawords.profile b/etc/profile-a-l/calligrawords.profile
index c2b6c8041..d69d56a95 100644
--- a/etc/profile-a-l/calligrawords.profile
+++ b/etc/profile-a-l/calligrawords.profile
@@ -6,7 +6,7 @@ include calligrawords.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.local/share/kxmlgui5/calligrawords 9noblacklist ${HOME}/.local/share/kxmlgui5/calligrawords
10 10
11# Redirect 11# Redirect
12include calligra.profile 12include calligra.profile
diff --git a/etc/profile-a-l/cameramonitor.profile b/etc/profile-a-l/cameramonitor.profile
index 390ae383c..74c7cc34b 100644
--- a/etc/profile-a-l/cameramonitor.profile
+++ b/etc/profile-a-l/cameramonitor.profile
@@ -20,7 +20,7 @@ include disable-programs.inc
20include disable-shell.inc 20include disable-shell.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23allow /usr/share/cameramonitor 23whitelist /usr/share/cameramonitor
24include whitelist-common.inc 24include whitelist-common.inc
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
26include whitelist-var-common.inc 26include whitelist-var-common.inc
diff --git a/etc/profile-a-l/cantata.profile b/etc/profile-a-l/cantata.profile
index 77bdc09e0..96f88a7c4 100644
--- a/etc/profile-a-l/cantata.profile
+++ b/etc/profile-a-l/cantata.profile
@@ -6,10 +6,10 @@ include cantata.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/cantata 9noblacklist ${HOME}/.cache/cantata
10nodeny ${HOME}/.config/cantata 10noblacklist ${HOME}/.config/cantata
11nodeny ${HOME}/.local/share/cantata 11noblacklist ${HOME}/.local/share/cantata
12nodeny ${MUSIC} 12noblacklist ${MUSIC}
13 13
14# Allow perl (blacklisted by disable-interpreters.inc) 14# Allow perl (blacklisted by disable-interpreters.inc)
15include allow-perl.inc 15include allow-perl.inc
diff --git a/etc/profile-a-l/cargo.profile b/etc/profile-a-l/cargo.profile
index 9c53af84f..7cf04c550 100644
--- a/etc/profile-a-l/cargo.profile
+++ b/etc/profile-a-l/cargo.profile
@@ -10,11 +10,11 @@ include globals.local
10ignore noexec ${HOME} 10ignore noexec ${HOME}
11ignore noexec /tmp 11ignore noexec /tmp
12 12
13deny /tmp/.X11-unix 13blacklist /tmp/.X11-unix
14deny ${RUNUSER} 14blacklist ${RUNUSER}
15 15
16nodeny ${HOME}/.cargo/credentials 16noblacklist ${HOME}/.cargo/credentials
17nodeny ${HOME}/.cargo/credentials.toml 17noblacklist ${HOME}/.cargo/credentials.toml
18 18
19# Allows files commonly used by IDEs 19# Allows files commonly used by IDEs
20include allow-common-devel.inc 20include allow-common-devel.inc
@@ -34,7 +34,7 @@ include disable-xdg.inc
34#whitelist ${HOME}/.cargo 34#whitelist ${HOME}/.cargo
35#whitelist ${HOME}/.rustup 35#whitelist ${HOME}/.rustup
36#include whitelist-common.inc 36#include whitelist-common.inc
37allow /usr/share/pkgconfig 37whitelist /usr/share/pkgconfig
38include whitelist-runuser-common.inc 38include whitelist-runuser-common.inc
39include whitelist-usr-share-common.inc 39include whitelist-usr-share-common.inc
40include whitelist-var-common.inc 40include whitelist-var-common.inc
diff --git a/etc/profile-a-l/catfish.profile b/etc/profile-a-l/catfish.profile
index 4ea53ea6b..009d3a049 100644
--- a/etc/profile-a-l/catfish.profile
+++ b/etc/profile-a-l/catfish.profile
@@ -9,7 +9,7 @@ include globals.local
9# We can't blacklist much since catfish 9# We can't blacklist much since catfish
10# is for finding files/content 10# is for finding files/content
11 11
12nodeny ${HOME}/.config/catfish 12noblacklist ${HOME}/.config/catfish
13 13
14# Allow python (blacklisted by disable-interpreters.inc) 14# Allow python (blacklisted by disable-interpreters.inc)
15include allow-python2.inc 15include allow-python2.inc
@@ -21,7 +21,7 @@ include disable-interpreters.inc
21include disable-passwdmgr.inc 21include disable-passwdmgr.inc
22# include disable-programs.inc 22# include disable-programs.inc
23 23
24allow /var/lib/mlocate 24whitelist /var/lib/mlocate
25include whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
27apparmor 27apparmor
diff --git a/etc/profile-a-l/cawbird.profile b/etc/profile-a-l/cawbird.profile
index d7aee1902..6e137010c 100644
--- a/etc/profile-a-l/cawbird.profile
+++ b/etc/profile-a-l/cawbird.profile
@@ -6,7 +6,7 @@ include cawbird.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/cawbird 9noblacklist ${HOME}/.config/cawbird
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile
index d6f4306ba..1c539cc93 100644
--- a/etc/profile-a-l/celluloid.profile
+++ b/etc/profile-a-l/celluloid.profile
@@ -6,9 +6,9 @@ include celluloid.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/celluloid 9noblacklist ${HOME}/.config/celluloid
10nodeny ${HOME}/.config/gnome-mpv 10noblacklist ${HOME}/.config/gnome-mpv
11nodeny ${HOME}/.config/youtube-dl 11noblacklist ${HOME}/.config/youtube-dl
12 12
13# Allow lua (blacklisted by disable-interpreters.inc) 13# Allow lua (blacklisted by disable-interpreters.inc)
14include allow-lua.inc 14include allow-lua.inc
@@ -17,7 +17,7 @@ include allow-lua.inc
17include allow-python2.inc 17include allow-python2.inc
18include allow-python3.inc 18include allow-python3.inc
19 19
20deny /usr/libexec 20blacklist /usr/libexec
21 21
22include disable-common.inc 22include disable-common.inc
23include disable-devel.inc 23include disable-devel.inc
@@ -30,9 +30,9 @@ read-only ${DESKTOP}
30mkdir ${HOME}/.config/celluloid 30mkdir ${HOME}/.config/celluloid
31mkdir ${HOME}/.config/gnome-mpv 31mkdir ${HOME}/.config/gnome-mpv
32mkdir ${HOME}/.config/youtube-dl 32mkdir ${HOME}/.config/youtube-dl
33allow ${HOME}/.config/celluloid 33whitelist ${HOME}/.config/celluloid
34allow ${HOME}/.config/gnome-mpv 34whitelist ${HOME}/.config/gnome-mpv
35allow ${HOME}/.config/youtube-dl 35whitelist ${HOME}/.config/youtube-dl
36include whitelist-common.inc 36include whitelist-common.inc
37include whitelist-player-common.inc 37include whitelist-player-common.inc
38include whitelist-runuser-common.inc 38include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/checkbashisms.profile b/etc/profile-a-l/checkbashisms.profile
index 0f61084e0..24939fc70 100644
--- a/etc/profile-a-l/checkbashisms.profile
+++ b/etc/profile-a-l/checkbashisms.profile
@@ -7,9 +7,9 @@ include checkbashisms.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny ${RUNUSER}/wayland-* 10blacklist ${RUNUSER}/wayland-*
11 11
12nodeny ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
13 13
14# Allow perl (blacklisted by disable-interpreters.inc) 14# Allow perl (blacklisted by disable-interpreters.inc)
15include allow-perl.inc 15include allow-perl.inc
diff --git a/etc/profile-a-l/cheese.profile b/etc/profile-a-l/cheese.profile
index bde3e1311..aca1f5876 100644
--- a/etc/profile-a-l/cheese.profile
+++ b/etc/profile-a-l/cheese.profile
@@ -6,8 +6,8 @@ include cheese.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${VIDEOS} 9noblacklist ${VIDEOS}
10nodeny ${PICTURES} 10noblacklist ${PICTURES}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-passwdmgr.inc
17include disable-programs.inc 17include disable-programs.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20allow ${VIDEOS} 20whitelist ${VIDEOS}
21allow ${PICTURES} 21whitelist ${PICTURES}
22allow /usr/share/gnome-video-effects 22whitelist /usr/share/gnome-video-effects
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-runuser-common.inc 24include whitelist-runuser-common.inc
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/cherrytree.profile b/etc/profile-a-l/cherrytree.profile
index d5dedd81d..7621b3c8c 100644
--- a/etc/profile-a-l/cherrytree.profile
+++ b/etc/profile-a-l/cherrytree.profile
@@ -6,8 +6,8 @@ include cherrytree.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/cherrytree 9noblacklist ${HOME}/.config/cherrytree
10nodeny ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12# Allow python (blacklisted by disable-interpreters.inc) 12# Allow python (blacklisted by disable-interpreters.inc)
13include allow-python2.inc 13include allow-python2.inc
diff --git a/etc/profile-a-l/chromium-browser-privacy.profile b/etc/profile-a-l/chromium-browser-privacy.profile
index 64c45772a..8803a4d9d 100644
--- a/etc/profile-a-l/chromium-browser-privacy.profile
+++ b/etc/profile-a-l/chromium-browser-privacy.profile
@@ -3,15 +3,15 @@
3# Persistent local customizations 3# Persistent local customizations
4include chromium-browser-privacy.local 4include chromium-browser-privacy.local
5 5
6nodeny ${HOME}/.cache/ungoogled-chromium 6noblacklist ${HOME}/.cache/ungoogled-chromium
7nodeny ${HOME}/.config/ungoogled-chromium 7noblacklist ${HOME}/.config/ungoogled-chromium
8 8
9deny /usr/libexec 9blacklist /usr/libexec
10 10
11mkdir ${HOME}/.cache/ungoogled-chromium 11mkdir ${HOME}/.cache/ungoogled-chromium
12mkdir ${HOME}/.config/ungoogled-chromium 12mkdir ${HOME}/.config/ungoogled-chromium
13allow ${HOME}/.cache/ungoogled-chromium 13whitelist ${HOME}/.cache/ungoogled-chromium
14allow ${HOME}/.config/ungoogled-chromium 14whitelist ${HOME}/.config/ungoogled-chromium
15 15
16# private-bin basename,bash,cat,chromium-browser-privacy,dirname,mkdir,readlink,sed,touch,which,xdg-settings 16# private-bin basename,bash,cat,chromium-browser-privacy,dirname,mkdir,readlink,sed,touch,which,xdg-settings
17 17
diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile
index dbeb715d4..b0e0254d4 100644
--- a/etc/profile-a-l/chromium-common.profile
+++ b/etc/profile-a-l/chromium-common.profile
@@ -9,8 +9,8 @@ include chromium-common.local
9# noexec ${HOME} breaks DRM binaries. 9# noexec ${HOME} breaks DRM binaries.
10?BROWSER_ALLOW_DRM: ignore noexec ${HOME} 10?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
11 11
12nodeny ${HOME}/.pki 12noblacklist ${HOME}/.pki
13nodeny ${HOME}/.local/share/pki 13noblacklist ${HOME}/.local/share/pki
14 14
15# Add the next line to your chromium-common.local if you want Google Chrome/Chromium browser 15# Add the next line to your chromium-common.local if you want Google Chrome/Chromium browser
16# to have access to Gnome extensions (extensions.gnome.org) via browser connector 16# to have access to Gnome extensions (extensions.gnome.org) via browser connector
@@ -26,9 +26,9 @@ include disable-xdg.inc
26 26
27mkdir ${HOME}/.pki 27mkdir ${HOME}/.pki
28mkdir ${HOME}/.local/share/pki 28mkdir ${HOME}/.local/share/pki
29allow ${DOWNLOADS} 29whitelist ${DOWNLOADS}
30allow ${HOME}/.pki 30whitelist ${HOME}/.pki
31allow ${HOME}/.local/share/pki 31whitelist ${HOME}/.local/share/pki
32include whitelist-common.inc 32include whitelist-common.inc
33include whitelist-runuser-common.inc 33include whitelist-runuser-common.inc
34include whitelist-usr-share-common.inc 34include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/chromium.profile b/etc/profile-a-l/chromium.profile
index ea92e90a8..9ac33aa1c 100644
--- a/etc/profile-a-l/chromium.profile
+++ b/etc/profile-a-l/chromium.profile
@@ -6,17 +6,17 @@ include chromium.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/chromium 9noblacklist ${HOME}/.cache/chromium
10nodeny ${HOME}/.config/chromium 10noblacklist ${HOME}/.config/chromium
11nodeny ${HOME}/.config/chromium-flags.conf 11noblacklist ${HOME}/.config/chromium-flags.conf
12 12
13mkdir ${HOME}/.cache/chromium 13mkdir ${HOME}/.cache/chromium
14mkdir ${HOME}/.config/chromium 14mkdir ${HOME}/.config/chromium
15allow ${HOME}/.cache/chromium 15whitelist ${HOME}/.cache/chromium
16allow ${HOME}/.config/chromium 16whitelist ${HOME}/.config/chromium
17allow ${HOME}/.config/chromium-flags.conf 17whitelist ${HOME}/.config/chromium-flags.conf
18allow /usr/share/chromium 18whitelist /usr/share/chromium
19allow /usr/share/mozilla/extensions 19whitelist /usr/share/mozilla/extensions
20 20
21# private-bin chromium,chromium-browser,chromedriver 21# private-bin chromium,chromium-browser,chromedriver
22 22
diff --git a/etc/profile-a-l/cin.profile b/etc/profile-a-l/cin.profile
index c967e1c96..e1f9523c4 100644
--- a/etc/profile-a-l/cin.profile
+++ b/etc/profile-a-l/cin.profile
@@ -5,7 +5,7 @@ include cin.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.bcast5 8noblacklist ${HOME}/.bcast5
9 9
10include disable-common.inc 10include disable-common.inc
11include disable-devel.inc 11include disable-devel.inc
diff --git a/etc/profile-a-l/clamav.profile b/etc/profile-a-l/clamav.profile
index 0efbcd4f2..e403c2c41 100644
--- a/etc/profile-a-l/clamav.profile
+++ b/etc/profile-a-l/clamav.profile
@@ -7,7 +7,7 @@ include clamav.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny ${RUNUSER}/wayland-* 10blacklist ${RUNUSER}/wayland-*
11 11
12include disable-exec.inc 12include disable-exec.inc
13 13
diff --git a/etc/profile-a-l/claws-mail.profile b/etc/profile-a-l/claws-mail.profile
index 3e4e1f2a1..691657fa0 100644
--- a/etc/profile-a-l/claws-mail.profile
+++ b/etc/profile-a-l/claws-mail.profile
@@ -6,17 +6,17 @@ include claws-mail.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.claws-mail 9noblacklist ${HOME}/.claws-mail
10 10
11mkdir ${HOME}/.claws-mail 11mkdir ${HOME}/.claws-mail
12allow ${HOME}/.claws-mail 12whitelist ${HOME}/.claws-mail
13 13
14# Add the below lines to your claws-mail.local if you use python-based plugins. 14# Add the below lines to your claws-mail.local if you use python-based plugins.
15# Allow python (blacklisted by disable-interpreters.inc) 15# Allow python (blacklisted by disable-interpreters.inc)
16#include allow-python2.inc 16#include allow-python2.inc
17#include allow-python3.inc 17#include allow-python3.inc
18 18
19allow /usr/share/doc/claws-mail 19whitelist /usr/share/doc/claws-mail
20 20
21# private-bin claws-mail,curl,gpg,gpg2,gpg-agent,gpgsm,gpgme-config,pinentry,pinentry-gtk-2 21# private-bin claws-mail,curl,gpg,gpg2,gpg-agent,gpgsm,gpgme-config,pinentry,pinentry-gtk-2
22 22
diff --git a/etc/profile-a-l/clawsker.profile b/etc/profile-a-l/clawsker.profile
index ee64391d9..9b62a1f73 100644
--- a/etc/profile-a-l/clawsker.profile
+++ b/etc/profile-a-l/clawsker.profile
@@ -6,7 +6,7 @@ include clawsker.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.claws-mail 9noblacklist ${HOME}/.claws-mail
10 10
11# Allow perl (blacklisted by disable-interpreters.inc) 11# Allow perl (blacklisted by disable-interpreters.inc)
12include allow-perl.inc 12include allow-perl.inc
@@ -19,7 +19,7 @@ include disable-passwdmgr.inc
19include disable-programs.inc 19include disable-programs.inc
20 20
21mkdir ${HOME}/.claws-mail 21mkdir ${HOME}/.claws-mail
22allow ${HOME}/.claws-mail 22whitelist ${HOME}/.claws-mail
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-usr-share-common.inc 24include whitelist-usr-share-common.inc
25include whitelist-var-common.inc 25include whitelist-var-common.inc
diff --git a/etc/profile-a-l/clementine.profile b/etc/profile-a-l/clementine.profile
index f9c0006f9..fa33795c1 100644
--- a/etc/profile-a-l/clementine.profile
+++ b/etc/profile-a-l/clementine.profile
@@ -6,9 +6,9 @@ include clementine.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/Clementine 9noblacklist ${HOME}/.cache/Clementine
10nodeny ${HOME}/.config/Clementine 10noblacklist ${HOME}/.config/Clementine
11nodeny ${MUSIC} 11noblacklist ${MUSIC}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-a-l/clion.profile b/etc/profile-a-l/clion.profile
index 5c5399069..77952358f 100644
--- a/etc/profile-a-l/clion.profile
+++ b/etc/profile-a-l/clion.profile
@@ -5,16 +5,16 @@ include clion.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/JetBrains/CLion* 8noblacklist ${HOME}/.config/JetBrains/CLion*
9nodeny ${HOME}/.cache/JetBrains/CLion* 9noblacklist ${HOME}/.cache/JetBrains/CLion*
10nodeny ${HOME}/.clion* 10noblacklist ${HOME}/.clion*
11nodeny ${HOME}/.CLion* 11noblacklist ${HOME}/.CLion*
12nodeny ${HOME}/.config/git 12noblacklist ${HOME}/.config/git
13nodeny ${HOME}/.gitconfig 13noblacklist ${HOME}/.gitconfig
14nodeny ${HOME}/.git-credentials 14noblacklist ${HOME}/.git-credentials
15nodeny ${HOME}/.java 15noblacklist ${HOME}/.java
16nodeny ${HOME}/.local/share/JetBrains 16noblacklist ${HOME}/.local/share/JetBrains
17nodeny ${HOME}/.tooling 17noblacklist ${HOME}/.tooling
18 18
19# Allow ssh (blacklisted by disable-common.inc) 19# Allow ssh (blacklisted by disable-common.inc)
20include allow-ssh.inc 20include allow-ssh.inc
diff --git a/etc/profile-a-l/clipgrab.profile b/etc/profile-a-l/clipgrab.profile
index 89f8d96f0..c8258da07 100644
--- a/etc/profile-a-l/clipgrab.profile
+++ b/etc/profile-a-l/clipgrab.profile
@@ -6,9 +6,9 @@ include clipgrab.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/Philipp Schmieder 9noblacklist ${HOME}/.config/Philipp Schmieder
10nodeny ${HOME}/.pki 10noblacklist ${HOME}/.pki
11nodeny ${VIDEOS} 11noblacklist ${VIDEOS}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-a-l/clipit.profile b/etc/profile-a-l/clipit.profile
index 4a2a5171b..d421903a3 100644
--- a/etc/profile-a-l/clipit.profile
+++ b/etc/profile-a-l/clipit.profile
@@ -6,8 +6,8 @@ include clipit.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/clipit 9noblacklist ${HOME}/.config/clipit
10nodeny ${HOME}/.local/share/clipit 10noblacklist ${HOME}/.local/share/clipit
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
19 19
20mkdir ${HOME}/.config/clipit 20mkdir ${HOME}/.config/clipit
21mkdir ${HOME}/.local/share/clipit 21mkdir ${HOME}/.local/share/clipit
22allow ${HOME}/.config/clipit 22whitelist ${HOME}/.config/clipit
23allow ${HOME}/.local/share/clipit 23whitelist ${HOME}/.local/share/clipit
24include whitelist-common.inc 24include whitelist-common.inc
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
26include whitelist-var-common.inc 26include whitelist-var-common.inc
diff --git a/etc/profile-a-l/cliqz.profile b/etc/profile-a-l/cliqz.profile
index 22c6ef882..d0b8cc0ef 100644
--- a/etc/profile-a-l/cliqz.profile
+++ b/etc/profile-a-l/cliqz.profile
@@ -5,16 +5,16 @@ include cliqz.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.cache/cliqz 8noblacklist ${HOME}/.cache/cliqz
9nodeny ${HOME}/.cliqz 9noblacklist ${HOME}/.cliqz
10nodeny ${HOME}/.config/cliqz 10noblacklist ${HOME}/.config/cliqz
11 11
12mkdir ${HOME}/.cache/cliqz 12mkdir ${HOME}/.cache/cliqz
13mkdir ${HOME}/.cliqz 13mkdir ${HOME}/.cliqz
14mkdir ${HOME}/.config/cliqz 14mkdir ${HOME}/.config/cliqz
15allow ${HOME}/.cache/cliqz 15whitelist ${HOME}/.cache/cliqz
16allow ${HOME}/.cliqz 16whitelist ${HOME}/.cliqz
17allow ${HOME}/.config/cliqz 17whitelist ${HOME}/.config/cliqz
18 18
19# private-etc must first be enabled in firefox-common.profile 19# private-etc must first be enabled in firefox-common.profile
20#private-etc cliqz 20#private-etc cliqz
diff --git a/etc/profile-a-l/cmus.profile b/etc/profile-a-l/cmus.profile
index 51e53209f..bcd557787 100644
--- a/etc/profile-a-l/cmus.profile
+++ b/etc/profile-a-l/cmus.profile
@@ -6,8 +6,8 @@ include cmus.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/cmus 9noblacklist ${HOME}/.config/cmus
10nodeny ${MUSIC} 10noblacklist ${MUSIC}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-a-l/code.profile b/etc/profile-a-l/code.profile
index 1933c66fa..e19b78908 100644
--- a/etc/profile-a-l/code.profile
+++ b/etc/profile-a-l/code.profile
@@ -5,10 +5,10 @@ include code.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/Code 8noblacklist ${HOME}/.config/Code
9nodeny ${HOME}/.config/Code - OSS 9noblacklist ${HOME}/.config/Code - OSS
10nodeny ${HOME}/.vscode 10noblacklist ${HOME}/.vscode
11nodeny ${HOME}/.vscode-oss 11noblacklist ${HOME}/.vscode-oss
12 12
13# Allows files commonly used by IDEs 13# Allows files commonly used by IDEs
14include allow-common-devel.inc 14include allow-common-devel.inc
diff --git a/etc/profile-a-l/colorful.profile b/etc/profile-a-l/colorful.profile
index efa7f516c..bd6d8f5b0 100644
--- a/etc/profile-a-l/colorful.profile
+++ b/etc/profile-a-l/colorful.profile
@@ -6,7 +6,7 @@ include colorful.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.suve/colorful 9noblacklist ${HOME}/.suve/colorful
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.suve/colorful 20mkdir ${HOME}/.suve/colorful
21allow ${HOME}/.suve/colorful 21whitelist ${HOME}/.suve/colorful
22allow /usr/share/suve 22whitelist /usr/share/suve
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-runuser-common.inc 24include whitelist-runuser-common.inc
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/com.github.bleakgrey.tootle.profile b/etc/profile-a-l/com.github.bleakgrey.tootle.profile
index 34b662959..c8bdfec23 100644
--- a/etc/profile-a-l/com.github.bleakgrey.tootle.profile
+++ b/etc/profile-a-l/com.github.bleakgrey.tootle.profile
@@ -6,7 +6,7 @@ include com.github.bleakgrey.tootle.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/com.github.bleakgrey.tootle 9noblacklist ${HOME}/.config/com.github.bleakgrey.tootle
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.config/com.github.bleakgrey.tootle 20mkdir ${HOME}/.config/com.github.bleakgrey.tootle
21allow ${DOWNLOADS} 21whitelist ${DOWNLOADS}
22allow ${HOME}/.config/com.github.bleakgrey.tootle 22whitelist ${HOME}/.config/com.github.bleakgrey.tootle
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-runuser-common.inc 24include whitelist-runuser-common.inc
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/com.github.dahenson.agenda.profile b/etc/profile-a-l/com.github.dahenson.agenda.profile
index 4e26e4925..b467a0f7a 100644
--- a/etc/profile-a-l/com.github.dahenson.agenda.profile
+++ b/etc/profile-a-l/com.github.dahenson.agenda.profile
@@ -6,9 +6,9 @@ include com.github.dahenson.agenda.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/agenda 9noblacklist ${HOME}/.cache/agenda
10nodeny ${HOME}/.config/agenda 10noblacklist ${HOME}/.config/agenda
11nodeny ${HOME}/.local/share/agenda 11noblacklist ${HOME}/.local/share/agenda
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -22,9 +22,9 @@ include disable-xdg.inc
22mkdir ${HOME}/.cache/agenda 22mkdir ${HOME}/.cache/agenda
23mkdir ${HOME}/.config/agenda 23mkdir ${HOME}/.config/agenda
24mkdir ${HOME}/.local/share/agenda 24mkdir ${HOME}/.local/share/agenda
25allow ${HOME}/.cache/agenda 25whitelist ${HOME}/.cache/agenda
26allow ${HOME}/.config/agenda 26whitelist ${HOME}/.config/agenda
27allow ${HOME}/.local/share/agenda 27whitelist ${HOME}/.local/share/agenda
28include whitelist-common.inc 28include whitelist-common.inc
29include whitelist-usr-share-common.inc 29include whitelist-usr-share-common.inc
30include whitelist-runuser-common.inc 30include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
index bbfc1fe41..c13f9618b 100644
--- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
+++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
@@ -6,9 +6,9 @@ include foliate.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10nodeny ${HOME}/.cache/com.github.johnfactotum.Foliate 10noblacklist ${HOME}/.cache/com.github.johnfactotum.Foliate
11nodeny ${HOME}/.local/share/com.github.johnfactotum.Foliate 11noblacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate
12 12
13# Allow gjs (blacklisted by disable-interpreters.inc) 13# Allow gjs (blacklisted by disable-interpreters.inc)
14include allow-gjs.inc 14include allow-gjs.inc
@@ -24,12 +24,12 @@ include disable-xdg.inc
24 24
25mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate 25mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate
26mkdir ${HOME}/.local/share/com.github.johnfactotum.Foliate 26mkdir ${HOME}/.local/share/com.github.johnfactotum.Foliate
27allow ${HOME}/.cache/com.github.johnfactotum.Foliate 27whitelist ${HOME}/.cache/com.github.johnfactotum.Foliate
28allow ${HOME}/.local/share/com.github.johnfactotum.Foliate 28whitelist ${HOME}/.local/share/com.github.johnfactotum.Foliate
29allow ${DOCUMENTS} 29whitelist ${DOCUMENTS}
30allow ${DOWNLOADS} 30whitelist ${DOWNLOADS}
31allow /usr/share/com.github.johnfactotum.Foliate 31whitelist /usr/share/com.github.johnfactotum.Foliate
32allow /usr/share/hyphen 32whitelist /usr/share/hyphen
33include whitelist-common.inc 33include whitelist-common.inc
34include whitelist-usr-share-common.inc 34include whitelist-usr-share-common.inc
35include whitelist-var-common.inc 35include whitelist-var-common.inc
diff --git a/etc/profile-a-l/com.github.phase1geo.minder.profile b/etc/profile-a-l/com.github.phase1geo.minder.profile
index 3e9acc6c8..d0402d188 100644
--- a/etc/profile-a-l/com.github.phase1geo.minder.profile
+++ b/etc/profile-a-l/com.github.phase1geo.minder.profile
@@ -6,9 +6,9 @@ include com.github.phase1geo.minder.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.local/share/minder 9noblacklist ${HOME}/.local/share/minder
10nodeny ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11nodeny ${PICTURES} 11noblacklist ${PICTURES}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -20,10 +20,10 @@ include disable-shell.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22mkdir ${HOME}/.local/share/minder 22mkdir ${HOME}/.local/share/minder
23allow ${HOME}/.local/share/minder 23whitelist ${HOME}/.local/share/minder
24allow ${DOCUMENTS} 24whitelist ${DOCUMENTS}
25allow ${DOWNLOADS} 25whitelist ${DOWNLOADS}
26allow ${PICTURES} 26whitelist ${PICTURES}
27include whitelist-common.inc 27include whitelist-common.inc
28include whitelist-runuser-common.inc 28include whitelist-runuser-common.inc
29include whitelist-usr-share-common.inc 29include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/conkeror.profile b/etc/profile-a-l/conkeror.profile
index 6cc9ec551..38edf0d21 100644
--- a/etc/profile-a-l/conkeror.profile
+++ b/etc/profile-a-l/conkeror.profile
@@ -5,23 +5,23 @@ include conkeror.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.conkeror.mozdev.org 8noblacklist ${HOME}/.conkeror.mozdev.org
9 9
10include disable-common.inc 10include disable-common.inc
11include disable-programs.inc 11include disable-programs.inc
12 12
13mkdir ${HOME}/.conkeror.mozdev.org 13mkdir ${HOME}/.conkeror.mozdev.org
14mkfile ${HOME}/.conkerorrc 14mkfile ${HOME}/.conkerorrc
15allow ${HOME}/.conkeror.mozdev.org 15whitelist ${HOME}/.conkeror.mozdev.org
16allow ${HOME}/.conkerorrc 16whitelist ${HOME}/.conkerorrc
17allow ${HOME}/.lastpass 17whitelist ${HOME}/.lastpass
18allow ${HOME}/.pentadactyl 18whitelist ${HOME}/.pentadactyl
19allow ${HOME}/.pentadactylrc 19whitelist ${HOME}/.pentadactylrc
20allow ${HOME}/.vimperator 20whitelist ${HOME}/.vimperator
21allow ${HOME}/.vimperatorrc 21whitelist ${HOME}/.vimperatorrc
22allow ${HOME}/.zotero 22whitelist ${HOME}/.zotero
23allow ${HOME}/dwhelper 23whitelist ${HOME}/dwhelper
24allow ${DOWNLOADS} 24whitelist ${DOWNLOADS}
25include whitelist-common.inc 25include whitelist-common.inc
26 26
27caps.drop all 27caps.drop all
diff --git a/etc/profile-a-l/conky.profile b/etc/profile-a-l/conky.profile
index 1b3fe6651..eaa18739d 100644
--- a/etc/profile-a-l/conky.profile
+++ b/etc/profile-a-l/conky.profile
@@ -6,7 +6,7 @@ include conky.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${PICTURES} 9noblacklist ${PICTURES}
10 10
11# Allow lua (blacklisted by disable-interpreters.inc) 11# Allow lua (blacklisted by disable-interpreters.inc)
12include allow-lua.inc 12include allow-lua.inc
diff --git a/etc/profile-a-l/corebird.profile b/etc/profile-a-l/corebird.profile
index 266c404ee..2fb446e2a 100644
--- a/etc/profile-a-l/corebird.profile
+++ b/etc/profile-a-l/corebird.profile
@@ -6,7 +6,7 @@ include corebird.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/corebird 9noblacklist ${HOME}/.config/corebird
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-a-l/cower.profile b/etc/profile-a-l/cower.profile
index 0a1353e40..1635995dc 100644
--- a/etc/profile-a-l/cower.profile
+++ b/etc/profile-a-l/cower.profile
@@ -7,8 +7,8 @@ include cower.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${HOME}/.config/cower 10noblacklist ${HOME}/.config/cower
11nodeny /var/lib/pacman 11noblacklist /var/lib/pacman
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-a-l/coyim.profile b/etc/profile-a-l/coyim.profile
index 5e48c8022..7ece35c2b 100644
--- a/etc/profile-a-l/coyim.profile
+++ b/etc/profile-a-l/coyim.profile
@@ -6,7 +6,7 @@ include coyim.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/coyim 9noblacklist ${HOME}/.config/coyim
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.config/coyim 20mkdir ${HOME}/.config/coyim
21allow ${HOME}/.config/coyim 21whitelist ${HOME}/.config/coyim
22include whitelist-common.inc 22include whitelist-common.inc
23include whitelist-usr-share-common.inc 23include whitelist-usr-share-common.inc
24include whitelist-runuser-common.inc 24include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/cpio.profile b/etc/profile-a-l/cpio.profile
index dec8c086b..bdc4f21a6 100644
--- a/etc/profile-a-l/cpio.profile
+++ b/etc/profile-a-l/cpio.profile
@@ -7,8 +7,8 @@ include cpio.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny /sbin 10noblacklist /sbin
11nodeny /usr/sbin 11noblacklist /usr/sbin
12 12
13# Redirect 13# Redirect
14include archiver-common.profile 14include archiver-common.profile
diff --git a/etc/profile-a-l/crawl.profile b/etc/profile-a-l/crawl.profile
index 81292c01c..b10216895 100644
--- a/etc/profile-a-l/crawl.profile
+++ b/etc/profile-a-l/crawl.profile
@@ -6,7 +6,7 @@ include crawl-tiles.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.crawl 9noblacklist ${HOME}/.crawl
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19mkdir ${HOME}/.crawl 19mkdir ${HOME}/.crawl
20allow ${HOME}/.crawl 20whitelist ${HOME}/.crawl
21include whitelist-common.inc 21include whitelist-common.inc
22include whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
diff --git a/etc/profile-a-l/crow.profile b/etc/profile-a-l/crow.profile
index 36bd93778..02b15ecc2 100644
--- a/etc/profile-a-l/crow.profile
+++ b/etc/profile-a-l/crow.profile
@@ -8,8 +8,8 @@ include globals.local
8 8
9mkdir ${HOME}/.config/crow 9mkdir ${HOME}/.config/crow
10mkdir ${HOME}/.cache/gstreamer-1.0 10mkdir ${HOME}/.cache/gstreamer-1.0
11allow ${HOME}/.config/crow 11whitelist ${HOME}/.config/crow
12allow ${HOME}/.cache/gstreamer-1.0 12whitelist ${HOME}/.cache/gstreamer-1.0
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile
index 4950b7a4c..c9867c5d7 100644
--- a/etc/profile-a-l/curl.profile
+++ b/etc/profile-a-l/curl.profile
@@ -12,11 +12,11 @@ include globals.local
12# Technically this file can be anywhere but let's assume users have it in ${HOME}/.curl-hsts. 12# Technically this file can be anywhere but let's assume users have it in ${HOME}/.curl-hsts.
13# If your setup diverts, add 'blacklist /path/to/curl/hsts/file' to your disable-programs.local 13# If your setup diverts, add 'blacklist /path/to/curl/hsts/file' to your disable-programs.local
14# and 'noblacklist /path/to/curl/hsts/file' to curl.local to keep the sandbox logic intact. 14# and 'noblacklist /path/to/curl/hsts/file' to curl.local to keep the sandbox logic intact.
15nodeny ${HOME}/.curl-hsts 15noblacklist ${HOME}/.curl-hsts
16nodeny ${HOME}/.curlrc 16noblacklist ${HOME}/.curlrc
17 17
18deny /tmp/.X11-unix 18blacklist /tmp/.X11-unix
19deny ${RUNUSER} 19blacklist ${RUNUSER}
20 20
21include disable-common.inc 21include disable-common.inc
22include disable-exec.inc 22include disable-exec.inc
diff --git a/etc/profile-a-l/cyberfox.profile b/etc/profile-a-l/cyberfox.profile
index 49f972e4a..d1fff0004 100644
--- a/etc/profile-a-l/cyberfox.profile
+++ b/etc/profile-a-l/cyberfox.profile
@@ -5,13 +5,13 @@ include cyberfox.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.8pecxstudios 8noblacklist ${HOME}/.8pecxstudios
9nodeny ${HOME}/.cache/8pecxstudios 9noblacklist ${HOME}/.cache/8pecxstudios
10 10
11mkdir ${HOME}/.8pecxstudios 11mkdir ${HOME}/.8pecxstudios
12mkdir ${HOME}/.cache/8pecxstudios 12mkdir ${HOME}/.cache/8pecxstudios
13allow ${HOME}/.8pecxstudios 13whitelist ${HOME}/.8pecxstudios
14allow ${HOME}/.cache/8pecxstudios 14whitelist ${HOME}/.cache/8pecxstudios
15 15
16# private-bin cyberfox,dbus-launch,dbus-send,env,sh,which 16# private-bin cyberfox,dbus-launch,dbus-send,env,sh,which
17# private-etc must first be enabled in firefox-common.profile 17# private-etc must first be enabled in firefox-common.profile
diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile
index c7ce1730a..ba1e7adad 100644
--- a/etc/profile-a-l/d-feet.profile
+++ b/etc/profile-a-l/d-feet.profile
@@ -6,7 +6,7 @@ include d-feet.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/d-feet 9noblacklist ${HOME}/.config/d-feet
10 10
11# Allow python (disabled by disable-interpreters.inc) 11# Allow python (disabled by disable-interpreters.inc)
12include allow-python2.inc 12include allow-python2.inc
@@ -22,8 +22,8 @@ include disable-shell.inc
22include disable-xdg.inc 22include disable-xdg.inc
23 23
24mkdir ${HOME}/.config/d-feet 24mkdir ${HOME}/.config/d-feet
25allow ${HOME}/.config/d-feet 25whitelist ${HOME}/.config/d-feet
26allow /usr/share/d-feet 26whitelist /usr/share/d-feet
27include whitelist-common.inc 27include whitelist-common.inc
28include whitelist-runuser-common.inc 28include whitelist-runuser-common.inc
29include whitelist-usr-share-common.inc 29include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/darktable.profile b/etc/profile-a-l/darktable.profile
index 4d51c255e..61fa52928 100644
--- a/etc/profile-a-l/darktable.profile
+++ b/etc/profile-a-l/darktable.profile
@@ -6,9 +6,9 @@ include darktable.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/darktable 9noblacklist ${HOME}/.cache/darktable
10nodeny ${HOME}/.config/darktable 10noblacklist ${HOME}/.config/darktable
11nodeny ${PICTURES} 11noblacklist ${PICTURES}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile
index 745042d6f..67a61bb60 100644
--- a/etc/profile-a-l/dbus-send.profile
+++ b/etc/profile-a-l/dbus-send.profile
@@ -7,8 +7,8 @@ include dbus-send.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11deny ${RUNUSER}/wayland-* 11blacklist ${RUNUSER}/wayland-*
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-a-l/dconf-editor.profile b/etc/profile-a-l/dconf-editor.profile
index c1231c6cf..0c221850a 100644
--- a/etc/profile-a-l/dconf-editor.profile
+++ b/etc/profile-a-l/dconf-editor.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
15include disable-shell.inc 15include disable-shell.inc
16include disable-xdg.inc 16include disable-xdg.inc
17 17
18allow ${HOME}/.local/share/glib-2.0 18whitelist ${HOME}/.local/share/glib-2.0
19include whitelist-common.inc 19include whitelist-common.inc
20include whitelist-runuser-common.inc 20include whitelist-runuser-common.inc
21include whitelist-usr-share-common.inc 21include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/dconf.profile b/etc/profile-a-l/dconf.profile
index b9d385adf..be7514cbf 100644
--- a/etc/profile-a-l/dconf.profile
+++ b/etc/profile-a-l/dconf.profile
@@ -6,7 +6,7 @@ include dconf.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9deny ${RUNUSER}/wayland-* 9blacklist ${RUNUSER}/wayland-*
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
16include disable-programs.inc 16include disable-programs.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19allow ${HOME}/.local/share/glib-2.0 19whitelist ${HOME}/.local/share/glib-2.0
20# dconf paths are whitelisted by the following 20# dconf paths are whitelisted by the following
21include whitelist-common.inc 21include whitelist-common.inc
22include whitelist-usr-share-common.inc 22include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/ddgtk.profile b/etc/profile-a-l/ddgtk.profile
index 09fa7a07a..5b95b74be 100644
--- a/etc/profile-a-l/ddgtk.profile
+++ b/etc/profile-a-l/ddgtk.profile
@@ -18,8 +18,8 @@ include disable-passwdmgr.inc
18include disable-programs.inc 18include disable-programs.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21allow ${DOWNLOADS} 21whitelist ${DOWNLOADS}
22allow /usr/share/ddgtk 22whitelist /usr/share/ddgtk
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-usr-share-common.inc 24include whitelist-usr-share-common.inc
25include whitelist-var-common.inc 25include whitelist-var-common.inc
diff --git a/etc/profile-a-l/deadbeef.profile b/etc/profile-a-l/deadbeef.profile
index 25fa944a1..a221ebbd7 100644
--- a/etc/profile-a-l/deadbeef.profile
+++ b/etc/profile-a-l/deadbeef.profile
@@ -6,8 +6,8 @@ include deadbeef.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/deadbeef 9noblacklist ${HOME}/.config/deadbeef
10nodeny ${MUSIC} 10noblacklist ${MUSIC}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-a-l/deluge.profile b/etc/profile-a-l/deluge.profile
index d41a4a023..ad7aa6ed5 100644
--- a/etc/profile-a-l/deluge.profile
+++ b/etc/profile-a-l/deluge.profile
@@ -6,7 +6,7 @@ include deluge.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/deluge 9noblacklist ${HOME}/.config/deluge
10 10
11# Allow python (blacklisted by disable-interpreters.inc) 11# Allow python (blacklisted by disable-interpreters.inc)
12include allow-python2.inc 12include allow-python2.inc
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc
20include disable-programs.inc 20include disable-programs.inc
21 21
22mkdir ${HOME}/.config/deluge 22mkdir ${HOME}/.config/deluge
23allow ${DOWNLOADS} 23whitelist ${DOWNLOADS}
24allow ${HOME}/.config/deluge 24whitelist ${HOME}/.config/deluge
25include whitelist-common.inc 25include whitelist-common.inc
26include whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
diff --git a/etc/profile-a-l/desktopeditors.profile b/etc/profile-a-l/desktopeditors.profile
index aed4355d5..212cdab60 100644
--- a/etc/profile-a-l/desktopeditors.profile
+++ b/etc/profile-a-l/desktopeditors.profile
@@ -6,9 +6,9 @@ include desktopeditors.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/onlyoffice 9noblacklist ${HOME}/.config/onlyoffice
10nodeny ${HOME}/.local/share/onlyoffice 10noblacklist ${HOME}/.local/share/onlyoffice
11nodeny ${HOME}/.pki 11noblacklist ${HOME}/.pki
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-a-l/devhelp.profile b/etc/profile-a-l/devhelp.profile
index dc0f290fb..5007f8e74 100644
--- a/etc/profile-a-l/devhelp.profile
+++ b/etc/profile-a-l/devhelp.profile
@@ -16,9 +16,9 @@ include disable-programs.inc
16include disable-shell.inc 16include disable-shell.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19allow /usr/share/devhelp 19whitelist /usr/share/devhelp
20allow /usr/share/doc 20whitelist /usr/share/doc
21allow /usr/share/gtk-doc/html 21whitelist /usr/share/gtk-doc/html
22include whitelist-common.inc 22include whitelist-common.inc
23include whitelist-usr-share-common.inc 23include whitelist-usr-share-common.inc
24 24
diff --git a/etc/profile-a-l/devilspie.profile b/etc/profile-a-l/devilspie.profile
index 631f15f93..6267b5709 100644
--- a/etc/profile-a-l/devilspie.profile
+++ b/etc/profile-a-l/devilspie.profile
@@ -6,9 +6,9 @@ include devilspie.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9deny ${RUNUSER}/wayland-* 9blacklist ${RUNUSER}/wayland-*
10 10
11nodeny ${HOME}/.devilspie 11noblacklist ${HOME}/.devilspie
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21mkdir ${HOME}/.devilspie 21mkdir ${HOME}/.devilspie
22allow ${HOME}/.devilspie 22whitelist ${HOME}/.devilspie
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-usr-share-common.inc 24include whitelist-usr-share-common.inc
25include whitelist-var-common.inc 25include whitelist-var-common.inc
diff --git a/etc/profile-a-l/devilspie2.profile b/etc/profile-a-l/devilspie2.profile
index 140c9da0f..9eab3f536 100644
--- a/etc/profile-a-l/devilspie2.profile
+++ b/etc/profile-a-l/devilspie2.profile
@@ -6,17 +6,17 @@ include devilspie2.local
6# Persistent global definitions 6# Persistent global definitions
7#include globals.local 7#include globals.local
8 8
9deny ${HOME}/.devilspie 9blacklist ${HOME}/.devilspie
10 10
11deny ${RUNUSER}/wayland-* 11blacklist ${RUNUSER}/wayland-*
12 12
13nodeny ${HOME}/.config/devilspie2 13noblacklist ${HOME}/.config/devilspie2
14 14
15# Allow lua (blacklisted by disable-interpreters.inc) 15# Allow lua (blacklisted by disable-interpreters.inc)
16include allow-lua.inc 16include allow-lua.inc
17 17
18mkdir ${HOME}/.config/devilspie2 18mkdir ${HOME}/.config/devilspie2
19allow ${HOME}/.config/devilspie2 19whitelist ${HOME}/.config/devilspie2
20 20
21private-bin devilspie2 21private-bin devilspie2
22 22
diff --git a/etc/profile-a-l/dia.profile b/etc/profile-a-l/dia.profile
index 2a808238b..531734b7d 100644
--- a/etc/profile-a-l/dia.profile
+++ b/etc/profile-a-l/dia.profile
@@ -6,8 +6,8 @@ include dia.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.dia 9noblacklist ${HOME}/.dia
10nodeny ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12# Allow python (blacklisted by disable-interpreters.inc) 12# Allow python (blacklisted by disable-interpreters.inc)
13include allow-python2.inc 13include allow-python2.inc
@@ -25,7 +25,7 @@ include disable-xdg.inc
25#whitelist ${HOME}/.dia 25#whitelist ${HOME}/.dia
26#whitelist ${DOCUMENTS} 26#whitelist ${DOCUMENTS}
27#include whitelist-common.inc 27#include whitelist-common.inc
28allow /usr/share/dia 28whitelist /usr/share/dia
29include whitelist-runuser-common.inc 29include whitelist-runuser-common.inc
30include whitelist-usr-share-common.inc 30include whitelist-usr-share-common.inc
31include whitelist-var-common.inc 31include whitelist-var-common.inc
diff --git a/etc/profile-a-l/dig.profile b/etc/profile-a-l/dig.profile
index 2d683b811..247159a8a 100644
--- a/etc/profile-a-l/dig.profile
+++ b/etc/profile-a-l/dig.profile
@@ -7,11 +7,11 @@ include dig.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${HOME}/.digrc 10noblacklist ${HOME}/.digrc
11nodeny ${PATH}/dig 11noblacklist ${PATH}/dig
12 12
13deny /tmp/.X11-unix 13blacklist /tmp/.X11-unix
14deny ${RUNUSER} 14blacklist ${RUNUSER}
15 15
16include disable-common.inc 16include disable-common.inc
17# include disable-devel.inc 17# include disable-devel.inc
@@ -22,7 +22,7 @@ include disable-programs.inc
22include disable-xdg.inc 22include disable-xdg.inc
23 23
24#mkfile ${HOME}/.digrc - see #903 24#mkfile ${HOME}/.digrc - see #903
25allow ${HOME}/.digrc 25whitelist ${HOME}/.digrc
26include whitelist-common.inc 26include whitelist-common.inc
27include whitelist-usr-share-common.inc 27include whitelist-usr-share-common.inc
28include whitelist-var-common.inc 28include whitelist-var-common.inc
diff --git a/etc/profile-a-l/digikam.profile b/etc/profile-a-l/digikam.profile
index 124b50952..2ca7bd400 100644
--- a/etc/profile-a-l/digikam.profile
+++ b/etc/profile-a-l/digikam.profile
@@ -6,12 +6,12 @@ include digikam.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/digikam 9noblacklist ${HOME}/.config/digikam
10nodeny ${HOME}/.config/digikamrc 10noblacklist ${HOME}/.config/digikamrc
11nodeny ${HOME}/.kde/share/apps/digikam 11noblacklist ${HOME}/.kde/share/apps/digikam
12nodeny ${HOME}/.kde4/share/apps/digikam 12noblacklist ${HOME}/.kde4/share/apps/digikam
13nodeny ${HOME}/.local/share/kxmlgui5/digikam 13noblacklist ${HOME}/.local/share/kxmlgui5/digikam
14nodeny ${PICTURES} 14noblacklist ${PICTURES}
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
diff --git a/etc/profile-a-l/dillo.profile b/etc/profile-a-l/dillo.profile
index 883466f4d..9871a6095 100644
--- a/etc/profile-a-l/dillo.profile
+++ b/etc/profile-a-l/dillo.profile
@@ -6,7 +6,7 @@ include dillo.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.dillo 9noblacklist ${HOME}/.dillo
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-programs.inc
16 16
17mkdir ${HOME}/.dillo 17mkdir ${HOME}/.dillo
18mkdir ${HOME}/.fltk 18mkdir ${HOME}/.fltk
19allow ${DOWNLOADS} 19whitelist ${DOWNLOADS}
20allow ${HOME}/.dillo 20whitelist ${HOME}/.dillo
21allow ${HOME}/.fltk 21whitelist ${HOME}/.fltk
22include whitelist-common.inc 22include whitelist-common.inc
23include whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
diff --git a/etc/profile-a-l/dino.profile b/etc/profile-a-l/dino.profile
index 3078bef71..c3174b35f 100644
--- a/etc/profile-a-l/dino.profile
+++ b/etc/profile-a-l/dino.profile
@@ -6,7 +6,7 @@ include dino.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.local/share/dino 9noblacklist ${HOME}/.local/share/dino
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
17include disable-shell.inc 17include disable-shell.inc
18 18
19mkdir ${HOME}/.local/share/dino 19mkdir ${HOME}/.local/share/dino
20allow ${HOME}/.local/share/dino 20whitelist ${HOME}/.local/share/dino
21allow ${DOWNLOADS} 21whitelist ${DOWNLOADS}
22include whitelist-common.inc 22include whitelist-common.inc
23include whitelist-runuser-common.inc 23include whitelist-runuser-common.inc
24include whitelist-usr-share-common.inc 24include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/discord-canary.profile b/etc/profile-a-l/discord-canary.profile
index 1c53cd211..43db95b8a 100644
--- a/etc/profile-a-l/discord-canary.profile
+++ b/etc/profile-a-l/discord-canary.profile
@@ -5,10 +5,10 @@ include discord-canary.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/discordcanary 8noblacklist ${HOME}/.config/discordcanary
9 9
10mkdir ${HOME}/.config/discordcanary 10mkdir ${HOME}/.config/discordcanary
11allow ${HOME}/.config/discordcanary 11whitelist ${HOME}/.config/discordcanary
12 12
13private-bin discord-canary,electron,electron[0-9],electron[0-9][0-9] 13private-bin discord-canary,electron,electron[0-9],electron[0-9][0-9]
14private-opt discord-canary 14private-opt discord-canary
diff --git a/etc/profile-a-l/discord-common.profile b/etc/profile-a-l/discord-common.profile
index 6bee1901c..19e7bd9ab 100644
--- a/etc/profile-a-l/discord-common.profile
+++ b/etc/profile-a-l/discord-common.profile
@@ -20,8 +20,8 @@ ignore dbus-system none
20ignore noexec ${HOME} 20ignore noexec ${HOME}
21ignore novideo 21ignore novideo
22 22
23allow ${HOME}/.config/BetterDiscord 23whitelist ${HOME}/.config/BetterDiscord
24allow ${HOME}/.local/share/betterdiscordctl 24whitelist ${HOME}/.local/share/betterdiscordctl
25 25
26private-bin bash,cut,echo,egrep,fish,grep,head,sed,sh,tclsh,tr,xdg-mime,xdg-open,zsh 26private-bin bash,cut,echo,egrep,fish,grep,head,sed,sh,tclsh,tr,xdg-mime,xdg-open,zsh
27private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl 27private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl
diff --git a/etc/profile-a-l/discord.profile b/etc/profile-a-l/discord.profile
index 658d3fc83..8ef02a30f 100644
--- a/etc/profile-a-l/discord.profile
+++ b/etc/profile-a-l/discord.profile
@@ -5,10 +5,10 @@ include discord.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/discord 8noblacklist ${HOME}/.config/discord
9 9
10mkdir ${HOME}/.config/discord 10mkdir ${HOME}/.config/discord
11allow ${HOME}/.config/discord 11whitelist ${HOME}/.config/discord
12 12
13private-bin discord 13private-bin discord
14private-opt discord 14private-opt discord
diff --git a/etc/profile-a-l/display.profile b/etc/profile-a-l/display.profile
index 4474b97d2..11f3fd36e 100644
--- a/etc/profile-a-l/display.profile
+++ b/etc/profile-a-l/display.profile
@@ -5,7 +5,7 @@ include display.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${PICTURES} 8noblacklist ${PICTURES}
9 9
10# Allow python (blacklisted by disable-interpreters.inc) 10# Allow python (blacklisted by disable-interpreters.inc)
11include allow-python2.inc 11include allow-python2.inc
diff --git a/etc/profile-a-l/dnox.profile b/etc/profile-a-l/dnox.profile
index 8c3d6211b..51ba6f8b7 100644
--- a/etc/profile-a-l/dnox.profile
+++ b/etc/profile-a-l/dnox.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
10ignore include whitelist-runuser-common.inc 10ignore include whitelist-runuser-common.inc
11ignore include whitelist-usr-share-common.inc 11ignore include whitelist-usr-share-common.inc
12 12
13nodeny ${HOME}/.cache/dnox 13noblacklist ${HOME}/.cache/dnox
14nodeny ${HOME}/.config/dnox 14noblacklist ${HOME}/.config/dnox
15 15
16mkdir ${HOME}/.cache/dnox 16mkdir ${HOME}/.cache/dnox
17mkdir ${HOME}/.config/dnox 17mkdir ${HOME}/.config/dnox
18allow ${HOME}/.cache/dnox 18whitelist ${HOME}/.cache/dnox
19allow ${HOME}/.config/dnox 19whitelist ${HOME}/.config/dnox
20 20
21# Redirect 21# Redirect
22include chromium-common.profile 22include chromium-common.profile
diff --git a/etc/profile-a-l/dnscrypt-proxy.profile b/etc/profile-a-l/dnscrypt-proxy.profile
index dbcef36f8..f8fb1a331 100644
--- a/etc/profile-a-l/dnscrypt-proxy.profile
+++ b/etc/profile-a-l/dnscrypt-proxy.profile
@@ -7,11 +7,11 @@ include dnscrypt-proxy.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11deny ${RUNUSER}/wayland-* 11blacklist ${RUNUSER}/wayland-*
12 12
13nodeny /sbin 13noblacklist /sbin
14nodeny /usr/sbin 14noblacklist /usr/sbin
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
@@ -21,7 +21,7 @@ include disable-passwdmgr.inc
21include disable-programs.inc 21include disable-programs.inc
22include disable-xdg.inc 22include disable-xdg.inc
23 23
24allow /usr/share/dnscrypt-proxy 24whitelist /usr/share/dnscrypt-proxy
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
26include whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile
index b1acbf392..01398c2b2 100644
--- a/etc/profile-a-l/dnsmasq.profile
+++ b/etc/profile-a-l/dnsmasq.profile
@@ -7,11 +7,11 @@ include dnsmasq.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny /sbin 10noblacklist /sbin
11nodeny /usr/sbin 11noblacklist /usr/sbin
12 12
13deny /tmp/.X11-unix 13blacklist /tmp/.X11-unix
14deny ${RUNUSER}/wayland-* 14blacklist ${RUNUSER}/wayland-*
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
diff --git a/etc/profile-a-l/dolphin-emu.profile b/etc/profile-a-l/dolphin-emu.profile
index 15b312ecb..49feec32e 100644
--- a/etc/profile-a-l/dolphin-emu.profile
+++ b/etc/profile-a-l/dolphin-emu.profile
@@ -8,9 +8,9 @@ include globals.local
8 8
9# Note: you must whitelist your games folder in your dolphin-emu.local. 9# Note: you must whitelist your games folder in your dolphin-emu.local.
10 10
11nodeny ${HOME}/.cache/dolphin-emu 11noblacklist ${HOME}/.cache/dolphin-emu
12nodeny ${HOME}/.config/dolphin-emu 12noblacklist ${HOME}/.config/dolphin-emu
13nodeny ${HOME}/.local/share/dolphin-emu 13noblacklist ${HOME}/.local/share/dolphin-emu
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
@@ -24,10 +24,10 @@ include disable-xdg.inc
24mkdir ${HOME}/.cache/dolphin-emu 24mkdir ${HOME}/.cache/dolphin-emu
25mkdir ${HOME}/.config/dolphin-emu 25mkdir ${HOME}/.config/dolphin-emu
26mkdir ${HOME}/.local/share/dolphin-emu 26mkdir ${HOME}/.local/share/dolphin-emu
27allow ${HOME}/.cache/dolphin-emu 27whitelist ${HOME}/.cache/dolphin-emu
28allow ${HOME}/.config/dolphin-emu 28whitelist ${HOME}/.config/dolphin-emu
29allow ${HOME}/.local/share/dolphin-emu 29whitelist ${HOME}/.local/share/dolphin-emu
30allow /usr/share/dolphin-emu 30whitelist /usr/share/dolphin-emu
31include whitelist-common.inc 31include whitelist-common.inc
32include whitelist-runuser-common.inc 32include whitelist-runuser-common.inc
33include whitelist-usr-share-common.inc 33include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/dooble.profile b/etc/profile-a-l/dooble.profile
index 3b0adcc36..37a4113cb 100644
--- a/etc/profile-a-l/dooble.profile
+++ b/etc/profile-a-l/dooble.profile
@@ -7,7 +7,7 @@ include dooble-qt4.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${HOME}/.dooble 10noblacklist ${HOME}/.dooble
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-passwdmgr.inc
17include disable-programs.inc 17include disable-programs.inc
18 18
19mkdir ${HOME}/.dooble 19mkdir ${HOME}/.dooble
20allow ${DOWNLOADS} 20whitelist ${DOWNLOADS}
21allow ${HOME}/.dooble 21whitelist ${HOME}/.dooble
22include whitelist-common.inc 22include whitelist-common.inc
23 23
24caps.drop all 24caps.drop all
diff --git a/etc/profile-a-l/dosbox.profile b/etc/profile-a-l/dosbox.profile
index 29e506764..988f66f28 100644
--- a/etc/profile-a-l/dosbox.profile
+++ b/etc/profile-a-l/dosbox.profile
@@ -6,8 +6,8 @@ include dosbox.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.dosbox 9noblacklist ${HOME}/.dosbox
10nodeny ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-a-l/dragon.profile b/etc/profile-a-l/dragon.profile
index 90ca11774..8fa01d504 100644
--- a/etc/profile-a-l/dragon.profile
+++ b/etc/profile-a-l/dragon.profile
@@ -6,9 +6,9 @@ include dragon.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/dragonplayerrc 9noblacklist ${HOME}/.config/dragonplayerrc
10nodeny ${MUSIC} 10noblacklist ${MUSIC}
11nodeny ${VIDEOS} 11noblacklist ${VIDEOS}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
19include disable-shell.inc 19include disable-shell.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22allow /usr/share/dragonplayer 22whitelist /usr/share/dragonplayer
23include whitelist-usr-share-common.inc 23include whitelist-usr-share-common.inc
24include whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
diff --git a/etc/profile-a-l/drawio.profile b/etc/profile-a-l/drawio.profile
index 84a77ce34..82d96e405 100644
--- a/etc/profile-a-l/drawio.profile
+++ b/etc/profile-a-l/drawio.profile
@@ -6,7 +6,7 @@ include drawio.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/draw.io 9noblacklist ${HOME}/.config/draw.io
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.config/draw.io 20mkdir ${HOME}/.config/draw.io
21allow ${HOME}/.config/draw.io 21whitelist ${HOME}/.config/draw.io
22allow ${DOWNLOADS} 22whitelist ${DOWNLOADS}
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-usr-share-common.inc 24include whitelist-usr-share-common.inc
25include whitelist-var-common.inc 25include whitelist-var-common.inc
diff --git a/etc/profile-a-l/drill.profile b/etc/profile-a-l/drill.profile
index e177fd60e..068bd88d8 100644
--- a/etc/profile-a-l/drill.profile
+++ b/etc/profile-a-l/drill.profile
@@ -7,10 +7,10 @@ include drill.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${PATH}/drill 10noblacklist ${PATH}/drill
11 11
12deny /tmp/.X11-unix 12blacklist /tmp/.X11-unix
13deny ${RUNUSER} 13blacklist ${RUNUSER}
14 14
15include disable-common.inc 15include disable-common.inc
16# include disable-devel.inc 16# include disable-devel.inc
diff --git a/etc/profile-a-l/dropbox.profile b/etc/profile-a-l/dropbox.profile
index 274cdd478..b3b2aaf40 100644
--- a/etc/profile-a-l/dropbox.profile
+++ b/etc/profile-a-l/dropbox.profile
@@ -5,9 +5,9 @@ include dropbox.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/autostart 8noblacklist ${HOME}/.config/autostart
9nodeny ${HOME}/.dropbox 9noblacklist ${HOME}/.dropbox
10nodeny ${HOME}/.dropbox-dist 10noblacklist ${HOME}/.dropbox-dist
11 11
12# Allow python3 (blacklisted by disable-interpreters.inc) 12# Allow python3 (blacklisted by disable-interpreters.inc)
13include allow-python3.inc 13include allow-python3.inc
@@ -22,10 +22,10 @@ mkdir ${HOME}/.dropbox
22mkdir ${HOME}/.dropbox-dist 22mkdir ${HOME}/.dropbox-dist
23mkdir ${HOME}/Dropbox 23mkdir ${HOME}/Dropbox
24mkfile ${HOME}/.config/autostart/dropbox.desktop 24mkfile ${HOME}/.config/autostart/dropbox.desktop
25allow ${HOME}/.config/autostart/dropbox.desktop 25whitelist ${HOME}/.config/autostart/dropbox.desktop
26allow ${HOME}/.dropbox 26whitelist ${HOME}/.dropbox
27allow ${HOME}/.dropbox-dist 27whitelist ${HOME}/.dropbox-dist
28allow ${HOME}/Dropbox 28whitelist ${HOME}/Dropbox
29include whitelist-common.inc 29include whitelist-common.inc
30 30
31caps.drop all 31caps.drop all
diff --git a/etc/profile-a-l/easystroke.profile b/etc/profile-a-l/easystroke.profile
index da54fec34..38e4b16f7 100644
--- a/etc/profile-a-l/easystroke.profile
+++ b/etc/profile-a-l/easystroke.profile
@@ -6,7 +6,7 @@ include easystroke.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.easystroke 9noblacklist ${HOME}/.easystroke
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19mkdir ${HOME}/.easystroke 19mkdir ${HOME}/.easystroke
20allow ${HOME}/.easystroke 20whitelist ${HOME}/.easystroke
21include whitelist-common.inc 21include whitelist-common.inc
22include whitelist-usr-share-common.inc 22include whitelist-usr-share-common.inc
23include whitelist-var-common.inc 23include whitelist-var-common.inc
diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile
index 10e57371e..278dd6cbd 100644
--- a/etc/profile-a-l/electron-mail.profile
+++ b/etc/profile-a-l/electron-mail.profile
@@ -6,7 +6,7 @@ include electron-mail.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/electron-mail 9noblacklist ${HOME}/.config/electron-mail
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.config/electron-mail 20mkdir ${HOME}/.config/electron-mail
21allow ${HOME}/.config/electron-mail 21whitelist ${HOME}/.config/electron-mail
22allow ${DOWNLOADS} 22whitelist ${DOWNLOADS}
23 23
24include whitelist-common.inc 24include whitelist-common.inc
25include whitelist-runuser-common.inc 25include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/electron.profile b/etc/profile-a-l/electron.profile
index e8d8d35c4..493af79d4 100644
--- a/etc/profile-a-l/electron.profile
+++ b/etc/profile-a-l/electron.profile
@@ -12,7 +12,7 @@ include disable-passwdmgr.inc
12include disable-programs.inc 12include disable-programs.inc
13include disable-xdg.inc 13include disable-xdg.inc
14 14
15allow ${DOWNLOADS} 15whitelist ${DOWNLOADS}
16include whitelist-common.inc 16include whitelist-common.inc
17include whitelist-runuser-common.inc 17include whitelist-runuser-common.inc
18include whitelist-usr-share-common.inc 18include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/electrum.profile b/etc/profile-a-l/electrum.profile
index f6691017c..ad636d71a 100644
--- a/etc/profile-a-l/electrum.profile
+++ b/etc/profile-a-l/electrum.profile
@@ -6,7 +6,7 @@ include electrum.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.electrum 9noblacklist ${HOME}/.electrum
10 10
11# Allow python (blacklisted by disable-interpreters.inc) 11# Allow python (blacklisted by disable-interpreters.inc)
12include allow-python2.inc 12include allow-python2.inc
@@ -22,7 +22,7 @@ include disable-shell.inc
22include disable-xdg.inc 22include disable-xdg.inc
23 23
24mkdir ${HOME}/.electrum 24mkdir ${HOME}/.electrum
25allow ${HOME}/.electrum 25whitelist ${HOME}/.electrum
26include whitelist-common.inc 26include whitelist-common.inc
27include whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
diff --git a/etc/profile-a-l/element-desktop.profile b/etc/profile-a-l/element-desktop.profile
index ec28866b8..48a826f2e 100644
--- a/etc/profile-a-l/element-desktop.profile
+++ b/etc/profile-a-l/element-desktop.profile
@@ -9,11 +9,11 @@ include element-desktop.local
9 9
10ignore dbus-user none 10ignore dbus-user none
11 11
12nodeny ${HOME}/.config/Element 12noblacklist ${HOME}/.config/Element
13 13
14mkdir ${HOME}/.config/Element 14mkdir ${HOME}/.config/Element
15allow ${HOME}/.config/Element 15whitelist ${HOME}/.config/Element
16allow /opt/Element 16whitelist /opt/Element
17 17
18private-opt Element 18private-opt Element
19 19
diff --git a/etc/profile-a-l/elinks.profile b/etc/profile-a-l/elinks.profile
index 30dca05cb..5a29eb24b 100644
--- a/etc/profile-a-l/elinks.profile
+++ b/etc/profile-a-l/elinks.profile
@@ -7,10 +7,10 @@ include elinks.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${HOME}/.elinks 10noblacklist ${HOME}/.elinks
11 11
12mkdir ${HOME}/.elinks 12mkdir ${HOME}/.elinks
13allow ${HOME}/.elinks 13whitelist ${HOME}/.elinks
14 14
15private-bin elinks 15private-bin elinks
16 16
diff --git a/etc/profile-a-l/emacs.profile b/etc/profile-a-l/emacs.profile
index f0e0e2830..55bf743ef 100644
--- a/etc/profile-a-l/emacs.profile
+++ b/etc/profile-a-l/emacs.profile
@@ -6,8 +6,8 @@ include emacs.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.emacs 9noblacklist ${HOME}/.emacs
10nodeny ${HOME}/.emacs.d 10noblacklist ${HOME}/.emacs.d
11# Add the next line to your emacs.local if you need gpg support. 11# Add the next line to your emacs.local if you need gpg support.
12#noblacklist ${HOME}/.gnupg 12#noblacklist ${HOME}/.gnupg
13 13
diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile
index 5fc72d340..6c9a8a6ea 100644
--- a/etc/profile-a-l/email-common.profile
+++ b/etc/profile-a-l/email-common.profile
@@ -7,14 +7,14 @@ include email-common.local
7# added by caller profile 7# added by caller profile
8#include globals.local 8#include globals.local
9 9
10nodeny ${HOME}/.gnupg 10noblacklist ${HOME}/.gnupg
11nodeny ${HOME}/.mozilla 11noblacklist ${HOME}/.mozilla
12nodeny ${HOME}/.signature 12noblacklist ${HOME}/.signature
13# when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local 13# when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local
14# and 'blacklist' it in your disable-common.local too so it is kept hidden from other applications 14# and 'blacklist' it in your disable-common.local too so it is kept hidden from other applications
15nodeny ${HOME}/Mail 15noblacklist ${HOME}/Mail
16 16
17nodeny ${DOCUMENTS} 17noblacklist ${DOCUMENTS}
18 18
19include disable-common.inc 19include disable-common.inc
20include disable-devel.inc 20include disable-devel.inc
@@ -27,17 +27,17 @@ include disable-xdg.inc
27mkdir ${HOME}/.gnupg 27mkdir ${HOME}/.gnupg
28mkfile ${HOME}/.config/mimeapps.list 28mkfile ${HOME}/.config/mimeapps.list
29mkfile ${HOME}/.signature 29mkfile ${HOME}/.signature
30allow ${HOME}/.config/mimeapps.list 30whitelist ${HOME}/.config/mimeapps.list
31allow ${HOME}/.mozilla/firefox/profiles.ini 31whitelist ${HOME}/.mozilla/firefox/profiles.ini
32allow ${HOME}/.gnupg 32whitelist ${HOME}/.gnupg
33allow ${HOME}/.signature 33whitelist ${HOME}/.signature
34allow ${DOCUMENTS} 34whitelist ${DOCUMENTS}
35allow ${DOWNLOADS} 35whitelist ${DOWNLOADS}
36# when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local 36# when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local
37allow ${HOME}/Mail 37whitelist ${HOME}/Mail
38allow ${RUNUSER}/gnupg 38whitelist ${RUNUSER}/gnupg
39allow /usr/share/gnupg 39whitelist /usr/share/gnupg
40allow /usr/share/gnupg2 40whitelist /usr/share/gnupg2
41include whitelist-common.inc 41include whitelist-common.inc
42include whitelist-runuser-common.inc 42include whitelist-runuser-common.inc
43include whitelist-usr-share-common.inc 43include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/enchant.profile b/etc/profile-a-l/enchant.profile
index 36015b702..ac17b1726 100644
--- a/etc/profile-a-l/enchant.profile
+++ b/etc/profile-a-l/enchant.profile
@@ -6,9 +6,9 @@ include enchant.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9deny ${RUNUSER}/wayland-* 9blacklist ${RUNUSER}/wayland-*
10 10
11nodeny ${HOME}/.config/enchant 11noblacklist ${HOME}/.config/enchant
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21mkdir ${HOME}/.config/enchant 21mkdir ${HOME}/.config/enchant
22allow ${HOME}/.config/enchant 22whitelist ${HOME}/.config/enchant
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-runuser-common.inc 24include whitelist-runuser-common.inc
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/enox.profile b/etc/profile-a-l/enox.profile
index 9a1d89bba..d982433e2 100644
--- a/etc/profile-a-l/enox.profile
+++ b/etc/profile-a-l/enox.profile
@@ -10,15 +10,15 @@ ignore whitelist /usr/share/chromium
10ignore include whitelist-runuser-common.inc 10ignore include whitelist-runuser-common.inc
11ignore include whitelist-usr-share-common.inc 11ignore include whitelist-usr-share-common.inc
12 12
13nodeny ${HOME}/.cache/Enox 13noblacklist ${HOME}/.cache/Enox
14nodeny ${HOME}/.config/Enox 14noblacklist ${HOME}/.config/Enox
15 15
16#mkdir ${HOME}/.cache/dnox 16#mkdir ${HOME}/.cache/dnox
17#mkdir ${HOME}/.config/dnox 17#mkdir ${HOME}/.config/dnox
18mkdir ${HOME}/.cache/Enox 18mkdir ${HOME}/.cache/Enox
19mkdir ${HOME}/.config/Enox 19mkdir ${HOME}/.config/Enox
20allow ${HOME}/.cache/Enox 20whitelist ${HOME}/.cache/Enox
21allow ${HOME}/.config/Enox 21whitelist ${HOME}/.config/Enox
22 22
23# Redirect 23# Redirect
24include chromium-common.profile 24include chromium-common.profile
diff --git a/etc/profile-a-l/enpass.profile b/etc/profile-a-l/enpass.profile
index 5d8f8a0b9..c4123b4c2 100644
--- a/etc/profile-a-l/enpass.profile
+++ b/etc/profile-a-l/enpass.profile
@@ -6,11 +6,11 @@ include enpass.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/Enpass 9noblacklist ${HOME}/.cache/Enpass
10nodeny ${HOME}/.config/sinew.in 10noblacklist ${HOME}/.config/sinew.in
11nodeny ${HOME}/.config/Sinew Software Systems 11noblacklist ${HOME}/.config/Sinew Software Systems
12nodeny ${HOME}/.local/share/Enpass 12noblacklist ${HOME}/.local/share/Enpass
13nodeny ${DOCUMENTS} 13noblacklist ${DOCUMENTS}
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
@@ -24,11 +24,11 @@ mkdir ${HOME}/.cache/Enpass
24mkfile ${HOME}/.config/sinew.in 24mkfile ${HOME}/.config/sinew.in
25mkdir ${HOME}/.config/Sinew Software Systems 25mkdir ${HOME}/.config/Sinew Software Systems
26mkdir ${HOME}/.local/share/Enpass 26mkdir ${HOME}/.local/share/Enpass
27allow ${HOME}/.cache/Enpass 27whitelist ${HOME}/.cache/Enpass
28allow ${HOME}/.config/sinew.in 28whitelist ${HOME}/.config/sinew.in
29allow ${HOME}/.config/Sinew Software Systems 29whitelist ${HOME}/.config/Sinew Software Systems
30allow ${HOME}/.local/share/Enpass 30whitelist ${HOME}/.local/share/Enpass
31allow ${DOCUMENTS} 31whitelist ${DOCUMENTS}
32include whitelist-common.inc 32include whitelist-common.inc
33include whitelist-var-common.inc 33include whitelist-var-common.inc
34 34
diff --git a/etc/profile-a-l/eo-common.profile b/etc/profile-a-l/eo-common.profile
index ff7040e5c..fe7913e77 100644
--- a/etc/profile-a-l/eo-common.profile
+++ b/etc/profile-a-l/eo-common.profile
@@ -7,11 +7,11 @@ include eo-common.local
7# added by caller profile 7# added by caller profile
8#include globals.local 8#include globals.local
9 9
10nodeny ${HOME}/.local/share/Trash 10noblacklist ${HOME}/.local/share/Trash
11nodeny ${HOME}/.Steam 11noblacklist ${HOME}/.Steam
12nodeny ${HOME}/.steam 12noblacklist ${HOME}/.steam
13 13
14deny /usr/libexec 14blacklist /usr/libexec
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
diff --git a/etc/profile-a-l/eog.profile b/etc/profile-a-l/eog.profile
index e8592c7df..5892374bd 100644
--- a/etc/profile-a-l/eog.profile
+++ b/etc/profile-a-l/eog.profile
@@ -6,9 +6,9 @@ include eog.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/eog 9noblacklist ${HOME}/.config/eog
10 10
11allow /usr/share/eog 11whitelist /usr/share/eog
12 12
13# private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. 13# private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'.
14# Add the next lines to your eog.local if you need that functionality. 14# Add the next lines to your eog.local if you need that functionality.
diff --git a/etc/profile-a-l/eom.profile b/etc/profile-a-l/eom.profile
index 323f5ade2..7143a8e03 100644
--- a/etc/profile-a-l/eom.profile
+++ b/etc/profile-a-l/eom.profile
@@ -6,9 +6,9 @@ include eom.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/mate/eom 9noblacklist ${HOME}/.config/mate/eom
10 10
11allow /usr/share/eom 11whitelist /usr/share/eom
12 12
13# private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. 13# private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'.
14# Add the next lines to your eom.local if you need that functionality. 14# Add the next lines to your eom.local if you need that functionality.
diff --git a/etc/profile-a-l/ephemeral.profile b/etc/profile-a-l/ephemeral.profile
index 3657742b9..131d68951 100644
--- a/etc/profile-a-l/ephemeral.profile
+++ b/etc/profile-a-l/ephemeral.profile
@@ -9,8 +9,8 @@ include globals.local
9# enforce private-cache 9# enforce private-cache
10#noblacklist ${HOME}/.cache/ephemeral 10#noblacklist ${HOME}/.cache/ephemeral
11 11
12nodeny ${HOME}/.pki 12noblacklist ${HOME}/.pki
13nodeny ${HOME}/.local/share/pki 13noblacklist ${HOME}/.local/share/pki
14 14
15# noexec ${HOME} breaks DRM binaries. 15# noexec ${HOME} breaks DRM binaries.
16?BROWSER_ALLOW_DRM: ignore noexec ${HOME} 16?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
@@ -27,9 +27,9 @@ mkdir ${HOME}/.pki
27mkdir ${HOME}/.local/share/pki 27mkdir ${HOME}/.local/share/pki
28# enforce private-cache 28# enforce private-cache
29#whitelist ${HOME}/.cache/ephemeral 29#whitelist ${HOME}/.cache/ephemeral
30allow ${HOME}/.pki 30whitelist ${HOME}/.pki
31allow ${HOME}/.local/share/pki 31whitelist ${HOME}/.local/share/pki
32allow ${DOWNLOADS} 32whitelist ${DOWNLOADS}
33include whitelist-common.inc 33include whitelist-common.inc
34include whitelist-usr-share-common.inc 34include whitelist-usr-share-common.inc
35include whitelist-var-common.inc 35include whitelist-var-common.inc
diff --git a/etc/profile-a-l/epiphany.profile b/etc/profile-a-l/epiphany.profile
index daedb2193..225811226 100644
--- a/etc/profile-a-l/epiphany.profile
+++ b/etc/profile-a-l/epiphany.profile
@@ -9,9 +9,9 @@ include globals.local
9# Note: Epiphany use bwrap since 3.34 and can not be firejailed any more. 9# Note: Epiphany use bwrap since 3.34 and can not be firejailed any more.
10# See https://github.com/netblue30/firejail/issues/2995 10# See https://github.com/netblue30/firejail/issues/2995
11 11
12nodeny ${HOME}/.cache/epiphany 12noblacklist ${HOME}/.cache/epiphany
13nodeny ${HOME}/.config/epiphany 13noblacklist ${HOME}/.config/epiphany
14nodeny ${HOME}/.local/share/epiphany 14noblacklist ${HOME}/.local/share/epiphany
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
@@ -21,10 +21,10 @@ include disable-programs.inc
21mkdir ${HOME}/.cache/epiphany 21mkdir ${HOME}/.cache/epiphany
22mkdir ${HOME}/.config/epiphany 22mkdir ${HOME}/.config/epiphany
23mkdir ${HOME}/.local/share/epiphany 23mkdir ${HOME}/.local/share/epiphany
24allow ${DOWNLOADS} 24whitelist ${DOWNLOADS}
25allow ${HOME}/.cache/epiphany 25whitelist ${HOME}/.cache/epiphany
26allow ${HOME}/.config/epiphany 26whitelist ${HOME}/.config/epiphany
27allow ${HOME}/.local/share/epiphany 27whitelist ${HOME}/.local/share/epiphany
28include whitelist-common.inc 28include whitelist-common.inc
29 29
30caps.drop all 30caps.drop all
diff --git a/etc/profile-a-l/equalx.profile b/etc/profile-a-l/equalx.profile
index ac957870c..964d3b7ca 100644
--- a/etc/profile-a-l/equalx.profile
+++ b/etc/profile-a-l/equalx.profile
@@ -6,8 +6,8 @@ include equalx.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/equalx 9noblacklist ${HOME}/.config/equalx
10nodeny ${HOME}/.equalx 10noblacklist ${HOME}/.equalx
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -20,13 +20,13 @@ include disable-xdg.inc
20 20
21mkdir ${HOME}/.config/equalx 21mkdir ${HOME}/.config/equalx
22mkdir ${HOME}/.equalx 22mkdir ${HOME}/.equalx
23allow ${HOME}/.config/equalx 23whitelist ${HOME}/.config/equalx
24allow ${HOME}/.equalx 24whitelist ${HOME}/.equalx
25allow /usr/share/poppler 25whitelist /usr/share/poppler
26allow /usr/share/ghostscript 26whitelist /usr/share/ghostscript
27allow /usr/share/texlive 27whitelist /usr/share/texlive
28allow /usr/share/equalx 28whitelist /usr/share/equalx
29allow /var/lib/texmf 29whitelist /var/lib/texmf
30include whitelist-common.inc 30include whitelist-common.inc
31include whitelist-runuser-common.inc 31include whitelist-runuser-common.inc
32include whitelist-usr-share-common.inc 32include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile
index a2f46b757..fdff1e4b5 100644
--- a/etc/profile-a-l/etr.profile
+++ b/etc/profile-a-l/etr.profile
@@ -6,9 +6,9 @@ include etr.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.etr 9noblacklist ${HOME}/.etr
10 10
11deny /usr/libexec 11blacklist /usr/libexec
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -20,10 +20,10 @@ include disable-shell.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22mkdir ${HOME}/.etr 22mkdir ${HOME}/.etr
23allow ${HOME}/.etr 23whitelist ${HOME}/.etr
24allow /usr/share/etr 24whitelist /usr/share/etr
25# Debian version 25# Debian version
26allow /usr/share/games/etr 26whitelist /usr/share/games/etr
27include whitelist-common.inc 27include whitelist-common.inc
28include whitelist-runuser-common.inc 28include whitelist-runuser-common.inc
29include whitelist-usr-share-common.inc 29include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile
index ce2617ad6..a9e39b15c 100644
--- a/etc/profile-a-l/evince.profile
+++ b/etc/profile-a-l/evince.profile
@@ -10,10 +10,10 @@ include globals.local
10# Add the next line to your evince.local if you need bookmarks support. This also needs additional dbus-user filtering (see below). 10# Add the next line to your evince.local if you need bookmarks support. This also needs additional dbus-user filtering (see below).
11#noblacklist ${HOME}/.local/share/gvfs-metadata 11#noblacklist ${HOME}/.local/share/gvfs-metadata
12 12
13nodeny ${HOME}/.config/evince 13noblacklist ${HOME}/.config/evince
14nodeny ${DOCUMENTS} 14noblacklist ${DOCUMENTS}
15 15
16deny /usr/libexec 16blacklist /usr/libexec
17 17
18include disable-common.inc 18include disable-common.inc
19include disable-devel.inc 19include disable-devel.inc
@@ -24,10 +24,10 @@ include disable-programs.inc
24include disable-shell.inc 24include disable-shell.inc
25include disable-xdg.inc 25include disable-xdg.inc
26 26
27allow /usr/share/doc 27whitelist /usr/share/doc
28allow /usr/share/evince 28whitelist /usr/share/evince
29allow /usr/share/poppler 29whitelist /usr/share/poppler
30allow /usr/share/tracker 30whitelist /usr/share/tracker
31include whitelist-runuser-common.inc 31include whitelist-runuser-common.inc
32include whitelist-usr-share-common.inc 32include whitelist-usr-share-common.inc
33include whitelist-var-common.inc 33include whitelist-var-common.inc
diff --git a/etc/profile-a-l/evolution.profile b/etc/profile-a-l/evolution.profile
index 142498a28..7222493ac 100644
--- a/etc/profile-a-l/evolution.profile
+++ b/etc/profile-a-l/evolution.profile
@@ -6,15 +6,15 @@ include evolution.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny /var/mail 9noblacklist /var/mail
10nodeny /var/spool/mail 10noblacklist /var/spool/mail
11nodeny ${HOME}/.bogofilter 11noblacklist ${HOME}/.bogofilter
12nodeny ${HOME}/.cache/evolution 12noblacklist ${HOME}/.cache/evolution
13nodeny ${HOME}/.config/evolution 13noblacklist ${HOME}/.config/evolution
14nodeny ${HOME}/.gnupg 14noblacklist ${HOME}/.gnupg
15nodeny ${HOME}/.local/share/evolution 15noblacklist ${HOME}/.local/share/evolution
16nodeny ${HOME}/.pki 16noblacklist ${HOME}/.pki
17nodeny ${HOME}/.local/share/pki 17noblacklist ${HOME}/.local/share/pki
18 18
19include disable-common.inc 19include disable-common.inc
20include disable-devel.inc 20include disable-devel.inc
diff --git a/etc/profile-a-l/exiftool.profile b/etc/profile-a-l/exiftool.profile
index 216814989..7b09a2c64 100644
--- a/etc/profile-a-l/exiftool.profile
+++ b/etc/profile-a-l/exiftool.profile
@@ -6,7 +6,7 @@ include exiftool.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9deny ${RUNUSER}/wayland-* 9blacklist ${RUNUSER}/wayland-*
10 10
11# Allow perl (blacklisted by disable-interpreters.inc) 11# Allow perl (blacklisted by disable-interpreters.inc)
12include allow-perl.inc 12include allow-perl.inc
@@ -18,7 +18,7 @@ include disable-interpreters.inc
18include disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include disable-programs.inc 19include disable-programs.inc
20 20
21allow /usr/share/perl-image-exiftool 21whitelist /usr/share/perl-image-exiftool
22include whitelist-usr-share-common.inc 22include whitelist-usr-share-common.inc
23include whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
diff --git a/etc/profile-a-l/falkon.profile b/etc/profile-a-l/falkon.profile
index 9bb42945b..b2061db79 100644
--- a/etc/profile-a-l/falkon.profile
+++ b/etc/profile-a-l/falkon.profile
@@ -6,8 +6,8 @@ include falkon.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/falkon 9noblacklist ${HOME}/.cache/falkon
10nodeny ${HOME}/.config/falkon 10noblacklist ${HOME}/.config/falkon
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -19,10 +19,10 @@ include disable-xdg.inc
19 19
20mkdir ${HOME}/.cache/falkon 20mkdir ${HOME}/.cache/falkon
21mkdir ${HOME}/.config/falkon 21mkdir ${HOME}/.config/falkon
22allow ${DOWNLOADS} 22whitelist ${DOWNLOADS}
23allow ${HOME}/.cache/falkon 23whitelist ${HOME}/.cache/falkon
24allow ${HOME}/.config/falkon 24whitelist ${HOME}/.config/falkon
25allow /usr/share/falkon 25whitelist /usr/share/falkon
26include whitelist-common.inc 26include whitelist-common.inc
27include whitelist-runuser-common.inc 27include whitelist-runuser-common.inc
28include whitelist-usr-share-common.inc 28include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/fbreader.profile b/etc/profile-a-l/fbreader.profile
index d141c6ed5..8e81000fd 100644
--- a/etc/profile-a-l/fbreader.profile
+++ b/etc/profile-a-l/fbreader.profile
@@ -6,8 +6,8 @@ include fbreader.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.FBReader 9noblacklist ${HOME}/.FBReader
10nodeny ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile
index 17a365053..31cb1776c 100644
--- a/etc/profile-a-l/fdns.profile
+++ b/etc/profile-a-l/fdns.profile
@@ -5,11 +5,11 @@ include fdns.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny /sbin 8noblacklist /sbin
9nodeny /usr/sbin 9noblacklist /usr/sbin
10 10
11deny /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12deny ${RUNUSER}/wayland-* 12blacklist ${RUNUSER}/wayland-*
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
diff --git a/etc/profile-a-l/feedreader.profile b/etc/profile-a-l/feedreader.profile
index 359be083e..664ec2da6 100644
--- a/etc/profile-a-l/feedreader.profile
+++ b/etc/profile-a-l/feedreader.profile
@@ -6,8 +6,8 @@ include feedreader.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/feedreader 9noblacklist ${HOME}/.cache/feedreader
10nodeny ${HOME}/.local/share/feedreader 10noblacklist ${HOME}/.local/share/feedreader
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
20 20
21mkdir ${HOME}/.cache/feedreader 21mkdir ${HOME}/.cache/feedreader
22mkdir ${HOME}/.local/share/feedreader 22mkdir ${HOME}/.local/share/feedreader
23allow ${HOME}/.cache/feedreader 23whitelist ${HOME}/.cache/feedreader
24allow ${HOME}/.local/share/feedreader 24whitelist ${HOME}/.local/share/feedreader
25allow /usr/share/feedreader 25whitelist /usr/share/feedreader
26include whitelist-common.inc 26include whitelist-common.inc
27include whitelist-runuser-common.inc 27include whitelist-runuser-common.inc
28include whitelist-usr-share-common.inc 28include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/ferdi.profile b/etc/profile-a-l/ferdi.profile
index f60055f37..a2372ec8a 100644
--- a/etc/profile-a-l/ferdi.profile
+++ b/etc/profile-a-l/ferdi.profile
@@ -7,10 +7,10 @@ include globals.local
7 7
8ignore noexec /tmp 8ignore noexec /tmp
9 9
10nodeny ${HOME}/.cache/Ferdi 10noblacklist ${HOME}/.cache/Ferdi
11nodeny ${HOME}/.config/Ferdi 11noblacklist ${HOME}/.config/Ferdi
12nodeny ${HOME}/.pki 12noblacklist ${HOME}/.pki
13nodeny ${HOME}/.local/share/pki 13noblacklist ${HOME}/.local/share/pki
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Ferdi
22mkdir ${HOME}/.config/Ferdi 22mkdir ${HOME}/.config/Ferdi
23mkdir ${HOME}/.pki 23mkdir ${HOME}/.pki
24mkdir ${HOME}/.local/share/pki 24mkdir ${HOME}/.local/share/pki
25allow ${DOWNLOADS} 25whitelist ${DOWNLOADS}
26allow ${HOME}/.cache/Ferdi 26whitelist ${HOME}/.cache/Ferdi
27allow ${HOME}/.config/Ferdi 27whitelist ${HOME}/.config/Ferdi
28allow ${HOME}/.pki 28whitelist ${HOME}/.pki
29allow ${HOME}/.local/share/pki 29whitelist ${HOME}/.local/share/pki
30include whitelist-common.inc 30include whitelist-common.inc
31 31
32caps.drop all 32caps.drop all
diff --git a/etc/profile-a-l/fetchmail.profile b/etc/profile-a-l/fetchmail.profile
index 1e06ec29a..7358ed5c7 100644
--- a/etc/profile-a-l/fetchmail.profile
+++ b/etc/profile-a-l/fetchmail.profile
@@ -6,8 +6,8 @@ include fetchmail.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.fetchmailrc 9noblacklist ${HOME}/.fetchmailrc
10nodeny ${HOME}/.netrc 10noblacklist ${HOME}/.netrc
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-a-l/ffmpeg.profile b/etc/profile-a-l/ffmpeg.profile
index 1a64183ab..13ef1beb9 100644
--- a/etc/profile-a-l/ffmpeg.profile
+++ b/etc/profile-a-l/ffmpeg.profile
@@ -7,8 +7,8 @@ include ffmpeg.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${MUSIC} 10noblacklist ${MUSIC}
11nodeny ${VIDEOS} 11noblacklist ${VIDEOS}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-programs.inc
19include disable-shell.inc 19include disable-shell.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22allow /usr/share/devedeng 22whitelist /usr/share/devedeng
23allow /usr/share/ffmpeg 23whitelist /usr/share/ffmpeg
24allow /usr/share/qtchooser 24whitelist /usr/share/qtchooser
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
26include whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile
index f7a938f24..4eeceeee8 100644
--- a/etc/profile-a-l/file-roller.profile
+++ b/etc/profile-a-l/file-roller.profile
@@ -13,9 +13,9 @@ include disable-interpreters.inc
13include disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include disable-programs.inc 14include disable-programs.inc
15 15
16allow /usr/libexec/file-roller 16whitelist /usr/libexec/file-roller
17allow /usr/libexec/p7zip 17whitelist /usr/libexec/p7zip
18allow /usr/share/file-roller 18whitelist /usr/share/file-roller
19include whitelist-runuser-common.inc 19include whitelist-runuser-common.inc
20include whitelist-usr-share-common.inc 20include whitelist-usr-share-common.inc
21include whitelist-var-common.inc 21include whitelist-var-common.inc
diff --git a/etc/profile-a-l/file.profile b/etc/profile-a-l/file.profile
index 426d1e72d..5c7583605 100644
--- a/etc/profile-a-l/file.profile
+++ b/etc/profile-a-l/file.profile
@@ -7,7 +7,7 @@ include file.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny ${RUNUSER} 10blacklist ${RUNUSER}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-exec.inc 13include disable-exec.inc
diff --git a/etc/profile-a-l/filezilla.profile b/etc/profile-a-l/filezilla.profile
index d9e0e9da0..dc5def54f 100644
--- a/etc/profile-a-l/filezilla.profile
+++ b/etc/profile-a-l/filezilla.profile
@@ -6,8 +6,8 @@ include filezilla.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/filezilla 9noblacklist ${HOME}/.config/filezilla
10nodeny ${HOME}/.filezilla 10noblacklist ${HOME}/.filezilla
11 11
12# Allow python (blacklisted by disable-interpreters.inc) 12# Allow python (blacklisted by disable-interpreters.inc)
13include allow-python2.inc 13include allow-python2.inc
diff --git a/etc/profile-a-l/firedragon.profile b/etc/profile-a-l/firedragon.profile
index e22424794..77487161e 100644
--- a/etc/profile-a-l/firedragon.profile
+++ b/etc/profile-a-l/firedragon.profile
@@ -6,13 +6,13 @@ include firedragon.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/firedragon 9noblacklist ${HOME}/.cache/firedragon
10nodeny ${HOME}/.firedragon 10noblacklist ${HOME}/.firedragon
11 11
12mkdir ${HOME}/.cache/firedragon 12mkdir ${HOME}/.cache/firedragon
13mkdir ${HOME}/.firedragon 13mkdir ${HOME}/.firedragon
14allow ${HOME}/.cache/firedragon 14whitelist ${HOME}/.cache/firedragon
15allow ${HOME}/.firedragon 15whitelist ${HOME}/.firedragon
16 16
17# Add the next lines to your firedragon.local if you want to use the migration wizard. 17# Add the next lines to your firedragon.local if you want to use the migration wizard.
18#noblacklist ${HOME}/.mozilla 18#noblacklist ${HOME}/.mozilla
diff --git a/etc/profile-a-l/firefox-common-addons.profile b/etc/profile-a-l/firefox-common-addons.profile
index 7e2e8760d..d282f9a60 100644
--- a/etc/profile-a-l/firefox-common-addons.profile
+++ b/etc/profile-a-l/firefox-common-addons.profile
@@ -5,74 +5,74 @@ include firefox-common-addons.local
5ignore include whitelist-runuser-common.inc 5ignore include whitelist-runuser-common.inc
6ignore private-cache 6ignore private-cache
7 7
8nodeny ${HOME}/.cache/youtube-dl 8noblacklist ${HOME}/.cache/youtube-dl
9nodeny ${HOME}/.config/kgetrc 9noblacklist ${HOME}/.config/kgetrc
10nodeny ${HOME}/.config/mpv 10noblacklist ${HOME}/.config/mpv
11nodeny ${HOME}/.config/okularpartrc 11noblacklist ${HOME}/.config/okularpartrc
12nodeny ${HOME}/.config/okularrc 12noblacklist ${HOME}/.config/okularrc
13nodeny ${HOME}/.config/qpdfview 13noblacklist ${HOME}/.config/qpdfview
14nodeny ${HOME}/.config/youtube-dl 14noblacklist ${HOME}/.config/youtube-dl
15nodeny ${HOME}/.kde/share/apps/kget 15noblacklist ${HOME}/.kde/share/apps/kget
16nodeny ${HOME}/.kde/share/apps/okular 16noblacklist ${HOME}/.kde/share/apps/okular
17nodeny ${HOME}/.kde/share/config/kgetrc 17noblacklist ${HOME}/.kde/share/config/kgetrc
18nodeny ${HOME}/.kde/share/config/okularpartrc 18noblacklist ${HOME}/.kde/share/config/okularpartrc
19nodeny ${HOME}/.kde/share/config/okularrc 19noblacklist ${HOME}/.kde/share/config/okularrc
20nodeny ${HOME}/.kde4/share/apps/kget 20noblacklist ${HOME}/.kde4/share/apps/kget
21nodeny ${HOME}/.kde4/share/apps/okular 21noblacklist ${HOME}/.kde4/share/apps/okular
22nodeny ${HOME}/.kde4/share/config/kgetrc 22noblacklist ${HOME}/.kde4/share/config/kgetrc
23nodeny ${HOME}/.kde4/share/config/okularpartrc 23noblacklist ${HOME}/.kde4/share/config/okularpartrc
24nodeny ${HOME}/.kde4/share/config/okularrc 24noblacklist ${HOME}/.kde4/share/config/okularrc
25nodeny ${HOME}/.local/share/kget 25noblacklist ${HOME}/.local/share/kget
26nodeny ${HOME}/.local/share/kxmlgui5/okular 26noblacklist ${HOME}/.local/share/kxmlgui5/okular
27nodeny ${HOME}/.local/share/okular 27noblacklist ${HOME}/.local/share/okular
28nodeny ${HOME}/.local/share/qpdfview 28noblacklist ${HOME}/.local/share/qpdfview
29nodeny ${HOME}/.netrc 29noblacklist ${HOME}/.netrc
30 30
31allow ${HOME}/.cache/gnome-mplayer/plugin 31whitelist ${HOME}/.cache/gnome-mplayer/plugin
32allow ${HOME}/.cache/youtube-dl/youtube-sigfuncs 32whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs
33allow ${HOME}/.config/gnome-mplayer 33whitelist ${HOME}/.config/gnome-mplayer
34allow ${HOME}/.config/kgetrc 34whitelist ${HOME}/.config/kgetrc
35allow ${HOME}/.config/mpv 35whitelist ${HOME}/.config/mpv
36allow ${HOME}/.config/okularpartrc 36whitelist ${HOME}/.config/okularpartrc
37allow ${HOME}/.config/okularrc 37whitelist ${HOME}/.config/okularrc
38allow ${HOME}/.config/pipelight-silverlight5.1 38whitelist ${HOME}/.config/pipelight-silverlight5.1
39allow ${HOME}/.config/pipelight-widevine 39whitelist ${HOME}/.config/pipelight-widevine
40allow ${HOME}/.config/qpdfview 40whitelist ${HOME}/.config/qpdfview
41allow ${HOME}/.config/youtube-dl 41whitelist ${HOME}/.config/youtube-dl
42allow ${HOME}/.kde/share/apps/kget 42whitelist ${HOME}/.kde/share/apps/kget
43allow ${HOME}/.kde/share/apps/okular 43whitelist ${HOME}/.kde/share/apps/okular
44allow ${HOME}/.kde/share/config/kgetrc 44whitelist ${HOME}/.kde/share/config/kgetrc
45allow ${HOME}/.kde/share/config/okularpartrc 45whitelist ${HOME}/.kde/share/config/okularpartrc
46allow ${HOME}/.kde/share/config/okularrc 46whitelist ${HOME}/.kde/share/config/okularrc
47allow ${HOME}/.kde4/share/apps/kget 47whitelist ${HOME}/.kde4/share/apps/kget
48allow ${HOME}/.kde4/share/apps/okular 48whitelist ${HOME}/.kde4/share/apps/okular
49allow ${HOME}/.kde4/share/config/kgetrc 49whitelist ${HOME}/.kde4/share/config/kgetrc
50allow ${HOME}/.kde4/share/config/okularpartrc 50whitelist ${HOME}/.kde4/share/config/okularpartrc
51allow ${HOME}/.kde4/share/config/okularrc 51whitelist ${HOME}/.kde4/share/config/okularrc
52allow ${HOME}/.keysnail.js 52whitelist ${HOME}/.keysnail.js
53allow ${HOME}/.lastpass 53whitelist ${HOME}/.lastpass
54allow ${HOME}/.local/share/kget 54whitelist ${HOME}/.local/share/kget
55allow ${HOME}/.local/share/kxmlgui5/okular 55whitelist ${HOME}/.local/share/kxmlgui5/okular
56allow ${HOME}/.local/share/okular 56whitelist ${HOME}/.local/share/okular
57allow ${HOME}/.local/share/qpdfview 57whitelist ${HOME}/.local/share/qpdfview
58allow ${HOME}/.local/share/tridactyl 58whitelist ${HOME}/.local/share/tridactyl
59allow ${HOME}/.netrc 59whitelist ${HOME}/.netrc
60allow ${HOME}/.pentadactyl 60whitelist ${HOME}/.pentadactyl
61allow ${HOME}/.pentadactylrc 61whitelist ${HOME}/.pentadactylrc
62allow ${HOME}/.tridactylrc 62whitelist ${HOME}/.tridactylrc
63allow ${HOME}/.vimperator 63whitelist ${HOME}/.vimperator
64allow ${HOME}/.vimperatorrc 64whitelist ${HOME}/.vimperatorrc
65allow ${HOME}/.wine-pipelight 65whitelist ${HOME}/.wine-pipelight
66allow ${HOME}/.wine-pipelight64 66whitelist ${HOME}/.wine-pipelight64
67allow ${HOME}/.zotero 67whitelist ${HOME}/.zotero
68allow ${HOME}/dwhelper 68whitelist ${HOME}/dwhelper
69allow /usr/share/lua 69whitelist /usr/share/lua
70allow /usr/share/lua* 70whitelist /usr/share/lua*
71allow /usr/share/vulkan 71whitelist /usr/share/vulkan
72 72
73# GNOME Shell integration (chrome-gnome-shell) needs dbus and python 73# GNOME Shell integration (chrome-gnome-shell) needs dbus and python
74nodeny ${HOME}/.local/share/gnome-shell 74noblacklist ${HOME}/.local/share/gnome-shell
75allow ${HOME}/.local/share/gnome-shell 75whitelist ${HOME}/.local/share/gnome-shell
76dbus-user.talk ca.desrt.dconf 76dbus-user.talk ca.desrt.dconf
77dbus-user.talk org.gnome.ChromeGnomeShell 77dbus-user.talk org.gnome.ChromeGnomeShell
78dbus-user.talk org.gnome.Shell 78dbus-user.talk org.gnome.Shell
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile
index cb0fae5dc..8b74ed979 100644
--- a/etc/profile-a-l/firefox-common.profile
+++ b/etc/profile-a-l/firefox-common.profile
@@ -12,8 +12,8 @@ include firefox-common.local
12# Add the next line to your firefox-common.local to allow access to common programs/addons/plugins. 12# Add the next line to your firefox-common.local to allow access to common programs/addons/plugins.
13#include firefox-common-addons.profile 13#include firefox-common-addons.profile
14 14
15nodeny ${HOME}/.pki 15noblacklist ${HOME}/.pki
16nodeny ${HOME}/.local/share/pki 16noblacklist ${HOME}/.local/share/pki
17 17
18include disable-common.inc 18include disable-common.inc
19include disable-devel.inc 19include disable-devel.inc
@@ -23,9 +23,9 @@ include disable-programs.inc
23 23
24mkdir ${HOME}/.pki 24mkdir ${HOME}/.pki
25mkdir ${HOME}/.local/share/pki 25mkdir ${HOME}/.local/share/pki
26allow ${DOWNLOADS} 26whitelist ${DOWNLOADS}
27allow ${HOME}/.pki 27whitelist ${HOME}/.pki
28allow ${HOME}/.local/share/pki 28whitelist ${HOME}/.local/share/pki
29include whitelist-common.inc 29include whitelist-common.inc
30include whitelist-runuser-common.inc 30include whitelist-runuser-common.inc
31include whitelist-var-common.inc 31include whitelist-var-common.inc
diff --git a/etc/profile-a-l/firefox-esr.profile b/etc/profile-a-l/firefox-esr.profile
index 4fd315fdf..5e69fdb51 100644
--- a/etc/profile-a-l/firefox-esr.profile
+++ b/etc/profile-a-l/firefox-esr.profile
@@ -6,7 +6,7 @@ include firefox-esr.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9allow /usr/share/firefox-esr 9whitelist /usr/share/firefox-esr
10 10
11# Redirect 11# Redirect
12include firefox.profile 12include firefox.profile
diff --git a/etc/profile-a-l/firefox.profile b/etc/profile-a-l/firefox.profile
index 8acfe7c2a..3ad67734d 100644
--- a/etc/profile-a-l/firefox.profile
+++ b/etc/profile-a-l/firefox.profile
@@ -14,27 +14,27 @@ include globals.local
14# https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-run-two-instances-of-firefox 14# https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-run-two-instances-of-firefox
15# https://github.com/netblue30/firejail/issues/4206#issuecomment-824806968 15# https://github.com/netblue30/firejail/issues/4206#issuecomment-824806968
16 16
17nodeny ${HOME}/.cache/mozilla 17noblacklist ${HOME}/.cache/mozilla
18nodeny ${HOME}/.mozilla 18noblacklist ${HOME}/.mozilla
19 19
20deny /usr/libexec 20blacklist /usr/libexec
21 21
22mkdir ${HOME}/.cache/mozilla/firefox 22mkdir ${HOME}/.cache/mozilla/firefox
23mkdir ${HOME}/.mozilla 23mkdir ${HOME}/.mozilla
24allow ${HOME}/.cache/mozilla/firefox 24whitelist ${HOME}/.cache/mozilla/firefox
25allow ${HOME}/.mozilla 25whitelist ${HOME}/.mozilla
26 26
27# Add one of the following whitelist options to your firefox.local to enable KeePassXC Plugin support. 27# Add one of the following whitelist options to your firefox.local to enable KeePassXC Plugin support.
28# NOTE: start KeePassXC before Firefox and keep it open to allow communication between them. 28# NOTE: start KeePassXC before Firefox and keep it open to allow communication between them.
29#whitelist ${RUNUSER}/kpxc_server 29#whitelist ${RUNUSER}/kpxc_server
30#whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer 30#whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
31 31
32allow /usr/share/doc 32whitelist /usr/share/doc
33allow /usr/share/firefox 33whitelist /usr/share/firefox
34allow /usr/share/gnome-shell/search-providers/firefox-search-provider.ini 34whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
35allow /usr/share/gtk-doc/html 35whitelist /usr/share/gtk-doc/html
36allow /usr/share/mozilla 36whitelist /usr/share/mozilla
37allow /usr/share/webext 37whitelist /usr/share/webext
38include whitelist-usr-share-common.inc 38include whitelist-usr-share-common.inc
39 39
40# firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin. 40# firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin.
diff --git a/etc/profile-a-l/five-or-more.profile b/etc/profile-a-l/five-or-more.profile
index bd1becaf0..2c86d3ac7 100644
--- a/etc/profile-a-l/five-or-more.profile
+++ b/etc/profile-a-l/five-or-more.profile
@@ -6,12 +6,12 @@ include five-or-more.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.local/share/five-or-more 9noblacklist ${HOME}/.local/share/five-or-more
10 10
11mkdir ${HOME}/.local/share/five-or-more 11mkdir ${HOME}/.local/share/five-or-more
12allow ${HOME}/.local/share/five-or-more 12whitelist ${HOME}/.local/share/five-or-more
13 13
14allow /usr/share/five-or-more 14whitelist /usr/share/five-or-more
15 15
16private-bin five-or-more 16private-bin five-or-more
17 17
diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile
index f16a65536..55af96c84 100644
--- a/etc/profile-a-l/flameshot.profile
+++ b/etc/profile-a-l/flameshot.profile
@@ -7,9 +7,9 @@ include flameshot.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${PICTURES} 10noblacklist ${PICTURES}
11nodeny ${HOME}/.config/Dharkael 11noblacklist ${HOME}/.config/Dharkael
12nodeny ${HOME}/.config/flameshot 12noblacklist ${HOME}/.config/flameshot
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
@@ -25,7 +25,7 @@ include disable-xdg.inc
25#whitelist ${PICTURES} 25#whitelist ${PICTURES}
26#whitelist ${HOME}/.config/Dharkael 26#whitelist ${HOME}/.config/Dharkael
27#whitelist ${HOME}/.config/flameshot 27#whitelist ${HOME}/.config/flameshot
28allow /usr/share/flameshot 28whitelist /usr/share/flameshot
29#include whitelist-common.inc 29#include whitelist-common.inc
30include whitelist-runuser-common.inc 30include whitelist-runuser-common.inc
31include whitelist-usr-share-common.inc 31include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/flashpeak-slimjet.profile b/etc/profile-a-l/flashpeak-slimjet.profile
index af114e129..310fb378f 100644
--- a/etc/profile-a-l/flashpeak-slimjet.profile
+++ b/etc/profile-a-l/flashpeak-slimjet.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
10ignore include whitelist-runuser-common.inc 10ignore include whitelist-runuser-common.inc
11ignore include whitelist-usr-share-common.inc 11ignore include whitelist-usr-share-common.inc
12 12
13nodeny ${HOME}/.cache/slimjet 13noblacklist ${HOME}/.cache/slimjet
14nodeny ${HOME}/.config/slimjet 14noblacklist ${HOME}/.config/slimjet
15 15
16mkdir ${HOME}/.cache/slimjet 16mkdir ${HOME}/.cache/slimjet
17mkdir ${HOME}/.config/slimjet 17mkdir ${HOME}/.config/slimjet
18allow ${HOME}/.cache/slimjet 18whitelist ${HOME}/.cache/slimjet
19allow ${HOME}/.config/slimjet 19whitelist ${HOME}/.config/slimjet
20 20
21# Redirect 21# Redirect
22include chromium-common.profile 22include chromium-common.profile
diff --git a/etc/profile-a-l/flowblade.profile b/etc/profile-a-l/flowblade.profile
index 505763fb9..a4421e3ce 100644
--- a/etc/profile-a-l/flowblade.profile
+++ b/etc/profile-a-l/flowblade.profile
@@ -6,8 +6,8 @@ include flowblade.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/flowblade 9noblacklist ${HOME}/.config/flowblade
10nodeny ${HOME}/.flowblade 10noblacklist ${HOME}/.flowblade
11 11
12# Allow python (blacklisted by disable-interpreters.inc) 12# Allow python (blacklisted by disable-interpreters.inc)
13include allow-python2.inc 13include allow-python2.inc
diff --git a/etc/profile-a-l/fluxbox.profile b/etc/profile-a-l/fluxbox.profile
index a22c0e103..1210f365c 100644
--- a/etc/profile-a-l/fluxbox.profile
+++ b/etc/profile-a-l/fluxbox.profile
@@ -7,7 +7,7 @@ include fluxbox.local
7include globals.local 7include globals.local
8 8
9# all applications started in fluxbox will run in this profile 9# all applications started in fluxbox will run in this profile
10nodeny ${HOME}/.fluxbox 10noblacklist ${HOME}/.fluxbox
11include disable-common.inc 11include disable-common.inc
12 12
13caps.drop all 13caps.drop all
diff --git a/etc/profile-a-l/font-manager.profile b/etc/profile-a-l/font-manager.profile
index ff9167c1a..cd0129436 100644
--- a/etc/profile-a-l/font-manager.profile
+++ b/etc/profile-a-l/font-manager.profile
@@ -6,8 +6,8 @@ include font-manager.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/font-manager 9noblacklist ${HOME}/.cache/font-manager
10nodeny ${HOME}/.config/font-manager 10noblacklist ${HOME}/.config/font-manager
11 11
12# Allow python (blacklisted by disable-interpreters.inc) 12# Allow python (blacklisted by disable-interpreters.inc)
13include allow-python2.inc 13include allow-python2.inc
@@ -24,9 +24,9 @@ include disable-xdg.inc
24 24
25mkdir ${HOME}/.cache/font-manager 25mkdir ${HOME}/.cache/font-manager
26mkdir ${HOME}/.config/font-manager 26mkdir ${HOME}/.config/font-manager
27allow ${HOME}/.cache/font-manager 27whitelist ${HOME}/.cache/font-manager
28allow ${HOME}/.config/font-manager 28whitelist ${HOME}/.config/font-manager
29allow /usr/share/font-manager 29whitelist /usr/share/font-manager
30include whitelist-common.inc 30include whitelist-common.inc
31include whitelist-usr-share-common.inc 31include whitelist-usr-share-common.inc
32include whitelist-var-common.inc 32include whitelist-var-common.inc
diff --git a/etc/profile-a-l/fontforge.profile b/etc/profile-a-l/fontforge.profile
index 64c7655e2..bd1495877 100644
--- a/etc/profile-a-l/fontforge.profile
+++ b/etc/profile-a-l/fontforge.profile
@@ -6,8 +6,8 @@ include fontforge.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.FontForge 9noblacklist ${HOME}/.FontForge
10nodeny ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12# Allow python (blacklisted by disable-interpreters.inc) 12# Allow python (blacklisted by disable-interpreters.inc)
13include allow-python2.inc 13include allow-python2.inc
diff --git a/etc/profile-a-l/fossamail.profile b/etc/profile-a-l/fossamail.profile
index 5e5a12794..2d700d336 100644
--- a/etc/profile-a-l/fossamail.profile
+++ b/etc/profile-a-l/fossamail.profile
@@ -6,16 +6,16 @@ include fossamail.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.cache/fossamail 9noblacklist ${HOME}/.cache/fossamail
10nodeny ${HOME}/.fossamail 10noblacklist ${HOME}/.fossamail
11nodeny ${HOME}/.gnupg 11noblacklist ${HOME}/.gnupg
12 12
13mkdir ${HOME}/.cache/fossamail 13mkdir ${HOME}/.cache/fossamail
14mkdir ${HOME}/.fossamail 14mkdir ${HOME}/.fossamail
15mkdir ${HOME}/.gnupg 15mkdir ${HOME}/.gnupg
16allow ${HOME}/.cache/fossamail 16whitelist ${HOME}/.cache/fossamail
17allow ${HOME}/.fossamail 17whitelist ${HOME}/.fossamail
18allow ${HOME}/.gnupg 18whitelist ${HOME}/.gnupg
19include whitelist-common.inc 19include whitelist-common.inc
20 20
21# allow browsers 21# allow browsers
diff --git a/etc/profile-a-l/four-in-a-row.profile b/etc/profile-a-l/four-in-a-row.profile
index 97fd4a626..eb0c43ca5 100644
--- a/etc/profile-a-l/four-in-a-row.profile
+++ b/etc/profile-a-l/four-in-a-row.profile
@@ -9,7 +9,7 @@ include globals.local
9ignore machine-id 9ignore machine-id
10ignore nosound 10ignore nosound
11 11
12allow /usr/share/four-in-a-row 12whitelist /usr/share/four-in-a-row
13 13
14private-bin four-in-a-row 14private-bin four-in-a-row
15 15
diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile
index 8edc9b02d..1b1d031b4 100644
--- a/etc/profile-a-l/fractal.profile
+++ b/etc/profile-a-l/fractal.profile
@@ -6,7 +6,7 @@ include fractal.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/fractal 9noblacklist ${HOME}/.cache/fractal
10 10
11# Allow python (blacklisted by disable-interpreters.inc) 11# Allow python (blacklisted by disable-interpreters.inc)
12include allow-python2.inc 12include allow-python2.inc
@@ -22,8 +22,8 @@ include disable-shell.inc
22include disable-xdg.inc 22include disable-xdg.inc
23 23
24mkdir ${HOME}/.cache/fractal 24mkdir ${HOME}/.cache/fractal
25allow ${HOME}/.cache/fractal 25whitelist ${HOME}/.cache/fractal
26allow ${DOWNLOADS} 26whitelist ${DOWNLOADS}
27include whitelist-common.inc 27include whitelist-common.inc
28include whitelist-runuser-common.inc 28include whitelist-runuser-common.inc
29include whitelist-usr-share-common.inc 29include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/franz.profile b/etc/profile-a-l/franz.profile
index 1a8ec8f99..9b780a572 100644
--- a/etc/profile-a-l/franz.profile
+++ b/etc/profile-a-l/franz.profile
@@ -7,10 +7,10 @@ include globals.local
7 7
8ignore noexec /tmp 8ignore noexec /tmp
9 9
10nodeny ${HOME}/.cache/Franz 10noblacklist ${HOME}/.cache/Franz
11nodeny ${HOME}/.config/Franz 11noblacklist ${HOME}/.config/Franz
12nodeny ${HOME}/.pki 12noblacklist ${HOME}/.pki
13nodeny ${HOME}/.local/share/pki 13noblacklist ${HOME}/.local/share/pki
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Franz
22mkdir ${HOME}/.config/Franz 22mkdir ${HOME}/.config/Franz
23mkdir ${HOME}/.pki 23mkdir ${HOME}/.pki
24mkdir ${HOME}/.local/share/pki 24mkdir ${HOME}/.local/share/pki
25allow ${DOWNLOADS} 25whitelist ${DOWNLOADS}
26allow ${HOME}/.cache/Franz 26whitelist ${HOME}/.cache/Franz
27allow ${HOME}/.config/Franz 27whitelist ${HOME}/.config/Franz
28allow ${HOME}/.pki 28whitelist ${HOME}/.pki
29allow ${HOME}/.local/share/pki 29whitelist ${HOME}/.local/share/pki
30include whitelist-common.inc 30include whitelist-common.inc
31 31
32caps.drop all 32caps.drop all
diff --git a/etc/profile-a-l/freecad.profile b/etc/profile-a-l/freecad.profile
index a45ad4c7a..8043d0530 100644
--- a/etc/profile-a-l/freecad.profile
+++ b/etc/profile-a-l/freecad.profile
@@ -6,8 +6,8 @@ include freecad.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/FreeCAD 9noblacklist ${HOME}/.config/FreeCAD
10nodeny ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12# Allow python (blacklisted by disable-interpreters.inc) 12# Allow python (blacklisted by disable-interpreters.inc)
13include allow-python2.inc 13include allow-python2.inc
diff --git a/etc/profile-a-l/freeciv.profile b/etc/profile-a-l/freeciv.profile
index 20abd4056..23c19682c 100644
--- a/etc/profile-a-l/freeciv.profile
+++ b/etc/profile-a-l/freeciv.profile
@@ -6,7 +6,7 @@ include freeciv.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.freeciv 9noblacklist ${HOME}/.freeciv
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19mkdir ${HOME}/.freeciv 19mkdir ${HOME}/.freeciv
20allow ${HOME}/.freeciv 20whitelist ${HOME}/.freeciv
21include whitelist-common.inc 21include whitelist-common.inc
22include whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
diff --git a/etc/profile-a-l/freecol.profile b/etc/profile-a-l/freecol.profile
index 79ccf4101..93fa7da03 100644
--- a/etc/profile-a-l/freecol.profile
+++ b/etc/profile-a-l/freecol.profile
@@ -6,10 +6,10 @@ include freecol.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.freecol 9noblacklist ${HOME}/.freecol
10nodeny ${HOME}/.cache/freecol 10noblacklist ${HOME}/.cache/freecol
11nodeny ${HOME}/.config/freecol 11noblacklist ${HOME}/.config/freecol
12nodeny ${HOME}/.local/share/freecol 12noblacklist ${HOME}/.local/share/freecol
13 13
14# Allow java (blacklisted by disable-devel.inc) 14# Allow java (blacklisted by disable-devel.inc)
15include allow-java.inc 15include allow-java.inc
@@ -26,11 +26,11 @@ mkdir ${HOME}/.java
26mkdir ${HOME}/.cache/freecol 26mkdir ${HOME}/.cache/freecol
27mkdir ${HOME}/.config/freecol 27mkdir ${HOME}/.config/freecol
28mkdir ${HOME}/.local/share/freecol 28mkdir ${HOME}/.local/share/freecol
29allow ${HOME}/.freecol 29whitelist ${HOME}/.freecol
30allow ${HOME}/.java 30whitelist ${HOME}/.java
31allow ${HOME}/.cache/freecol 31whitelist ${HOME}/.cache/freecol
32allow ${HOME}/.config/freecol 32whitelist ${HOME}/.config/freecol
33allow ${HOME}/.local/share/freecol 33whitelist ${HOME}/.local/share/freecol
34include whitelist-common.inc 34include whitelist-common.inc
35include whitelist-var-common.inc 35include whitelist-var-common.inc
36 36
diff --git a/etc/profile-a-l/freemind.profile b/etc/profile-a-l/freemind.profile
index ba52dd208..699177039 100644
--- a/etc/profile-a-l/freemind.profile
+++ b/etc/profile-a-l/freemind.profile
@@ -6,8 +6,8 @@ include freemind.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10nodeny ${HOME}/.freemind 10noblacklist ${HOME}/.freemind
11 11
12# Allow java (blacklisted by disable-devel.inc) 12# Allow java (blacklisted by disable-devel.inc)
13include allow-java.inc 13include allow-java.inc
diff --git a/etc/profile-a-l/freetube.profile b/etc/profile-a-l/freetube.profile
index 4c321322c..e6aff533d 100644
--- a/etc/profile-a-l/freetube.profile
+++ b/etc/profile-a-l/freetube.profile
@@ -6,12 +6,12 @@ include freetube.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/FreeTube 9noblacklist ${HOME}/.config/FreeTube
10 10
11include disable-shell.inc 11include disable-shell.inc
12 12
13mkdir ${HOME}/.config/FreeTube 13mkdir ${HOME}/.config/FreeTube
14allow ${HOME}/.config/FreeTube 14whitelist ${HOME}/.config/FreeTube
15 15
16private-bin freetube 16private-bin freetube
17private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg 17private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg
diff --git a/etc/profile-a-l/frogatto.profile b/etc/profile-a-l/frogatto.profile
index 3a6dfcfd6..b4ad81046 100644
--- a/etc/profile-a-l/frogatto.profile
+++ b/etc/profile-a-l/frogatto.profile
@@ -6,7 +6,7 @@ include frogatto.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.frogatto 9noblacklist ${HOME}/.frogatto
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-programs.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19mkdir ${HOME}/.frogatto 19mkdir ${HOME}/.frogatto
20allow ${HOME}/.frogatto 20whitelist ${HOME}/.frogatto
21allow /usr/libexec/frogatto 21whitelist /usr/libexec/frogatto
22allow /usr/share/frogatto 22whitelist /usr/share/frogatto
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-runuser-common.inc 24include whitelist-runuser-common.inc
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/frozen-bubble.profile b/etc/profile-a-l/frozen-bubble.profile
index 12eca8eb0..76352e41e 100644
--- a/etc/profile-a-l/frozen-bubble.profile
+++ b/etc/profile-a-l/frozen-bubble.profile
@@ -6,7 +6,7 @@ include frozen-bubble.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.frozen-bubble 9noblacklist ${HOME}/.frozen-bubble
10 10
11# Allow perl (blacklisted by disable-interpreters.inc) 11# Allow perl (blacklisted by disable-interpreters.inc)
12include allow-perl.inc 12include allow-perl.inc
@@ -20,7 +20,7 @@ include disable-programs.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22mkdir ${HOME}/.frozen-bubble 22mkdir ${HOME}/.frozen-bubble
23allow ${HOME}/.frozen-bubble 23whitelist ${HOME}/.frozen-bubble
24include whitelist-common.inc 24include whitelist-common.inc
25include whitelist-runuser-common.inc 25include whitelist-runuser-common.inc
26include whitelist-usr-share-common.inc 26include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/funnyboat.profile b/etc/profile-a-l/funnyboat.profile
index 07030df4b..8852925b1 100644
--- a/etc/profile-a-l/funnyboat.profile
+++ b/etc/profile-a-l/funnyboat.profile
@@ -5,7 +5,7 @@ include funnyboat.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.funnyboat 8noblacklist ${HOME}/.funnyboat
9 9
10ignore noexec /dev/shm 10ignore noexec /dev/shm
11include allow-python2.inc 11include allow-python2.inc
@@ -21,12 +21,12 @@ include disable-programs.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23mkdir ${HOME}/.funnyboat 23mkdir ${HOME}/.funnyboat
24allow ${HOME}/.funnyboat 24whitelist ${HOME}/.funnyboat
25include whitelist-common.inc 25include whitelist-common.inc
26include whitelist-runuser-common.inc 26include whitelist-runuser-common.inc
27allow /usr/share/funnyboat 27whitelist /usr/share/funnyboat
28# Debian: 28# Debian:
29allow /usr/share/games/funnyboat 29whitelist /usr/share/games/funnyboat
30include whitelist-usr-share-common.inc 30include whitelist-usr-share-common.inc
31include whitelist-var-common.inc 31include whitelist-var-common.inc
32 32
diff --git a/etc/profile-a-l/gajim.profile b/etc/profile-a-l/gajim.profile
index 4cd2cb1e6..ed3f0357d 100644
--- a/etc/profile-a-l/gajim.profile
+++ b/etc/profile-a-l/gajim.profile
@@ -6,10 +6,10 @@ include gajim.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.gnupg 9noblacklist ${HOME}/.gnupg
10nodeny ${HOME}/.cache/gajim 10noblacklist ${HOME}/.cache/gajim
11nodeny ${HOME}/.config/gajim 11noblacklist ${HOME}/.config/gajim
12nodeny ${HOME}/.local/share/gajim 12noblacklist ${HOME}/.local/share/gajim
13 13
14# Allow python (blacklisted by disable-interpreters.inc) 14# Allow python (blacklisted by disable-interpreters.inc)
15#include allow-python2.inc 15#include allow-python2.inc
@@ -28,14 +28,14 @@ mkdir ${HOME}/.gnupg
28mkdir ${HOME}/.cache/gajim 28mkdir ${HOME}/.cache/gajim
29mkdir ${HOME}/.config/gajim 29mkdir ${HOME}/.config/gajim
30mkdir ${HOME}/.local/share/gajim 30mkdir ${HOME}/.local/share/gajim
31allow ${HOME}/.gnupg 31whitelist ${HOME}/.gnupg
32allow ${HOME}/.cache/gajim 32whitelist ${HOME}/.cache/gajim
33allow ${HOME}/.config/gajim 33whitelist ${HOME}/.config/gajim
34allow ${HOME}/.local/share/gajim 34whitelist ${HOME}/.local/share/gajim
35allow ${DOWNLOADS} 35whitelist ${DOWNLOADS}
36allow ${RUNUSER}/gnupg 36whitelist ${RUNUSER}/gnupg
37allow /usr/share/gnupg 37whitelist /usr/share/gnupg
38allow /usr/share/gnupg2 38whitelist /usr/share/gnupg2
39include whitelist-common.inc 39include whitelist-common.inc
40include whitelist-runuser-common.inc 40include whitelist-runuser-common.inc
41include whitelist-usr-share-common.inc 41include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/galculator.profile b/etc/profile-a-l/galculator.profile
index 0b1b595a6..550b3808b 100644
--- a/etc/profile-a-l/galculator.profile
+++ b/etc/profile-a-l/galculator.profile
@@ -6,7 +6,7 @@ include galculator.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/galculator 9noblacklist ${HOME}/.config/galculator
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.config/galculator 20mkdir ${HOME}/.config/galculator
21allow ${HOME}/.config/galculator 21whitelist ${HOME}/.config/galculator
22include whitelist-common.inc 22include whitelist-common.inc
23include whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile
index 00b830234..3a8c055f2 100644
--- a/etc/profile-a-l/gapplication.profile
+++ b/etc/profile-a-l/gapplication.profile
@@ -6,8 +6,8 @@ include gapplication.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9deny ${RUNUSER}/wayland-* 9blacklist ${RUNUSER}/wayland-*
10deny /usr/libexec 10blacklist /usr/libexec
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-a-l/gcloud.profile b/etc/profile-a-l/gcloud.profile
index 896a100fc..388f4c0df 100644
--- a/etc/profile-a-l/gcloud.profile
+++ b/etc/profile-a-l/gcloud.profile
@@ -8,9 +8,9 @@ include globals.local
8# noexec ${HOME} will break user-local installs of gcloud tooling 8# noexec ${HOME} will break user-local installs of gcloud tooling
9ignore noexec ${HOME} 9ignore noexec ${HOME}
10 10
11nodeny ${HOME}/.boto 11noblacklist ${HOME}/.boto
12nodeny ${HOME}/.config/gcloud 12noblacklist ${HOME}/.config/gcloud
13nodeny /var/run/docker.sock 13noblacklist /var/run/docker.sock
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
diff --git a/etc/profile-a-l/gconf-editor.profile b/etc/profile-a-l/gconf-editor.profile
index 8f72f0b34..cb39174e5 100644
--- a/etc/profile-a-l/gconf-editor.profile
+++ b/etc/profile-a-l/gconf-editor.profile
@@ -7,9 +7,9 @@ include gconf-editor.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10deny /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
12allow /usr/share/gconf-editor 12whitelist /usr/share/gconf-editor
13 13
14ignore x11 none 14ignore x11 none
15 15
diff --git a/etc/profile-a-l/gconf.profile b/etc/profile-a-l/gconf.profile
index 8c7013574..fec1a555a 100644
--- a/etc/profile-a-l/gconf.profile
+++ b/etc/profile-a-l/gconf.profile
@@ -6,9 +6,9 @@ include gconf.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9deny ${RUNUSER}/wayland-* 9blacklist ${RUNUSER}/wayland-*
10 10
11nodeny ${HOME}/.config/gconf 11noblacklist ${HOME}/.config/gconf
12 12
13# Allow python (blacklisted by disable-interpreters.inc) 13# Allow python (blacklisted by disable-interpreters.inc)
14include allow-python2.inc 14include allow-python2.inc
@@ -23,9 +23,9 @@ include disable-programs.inc
23include disable-xdg.inc 23include disable-xdg.inc
24 24
25mkdir ${HOME}/.config/gconf 25mkdir ${HOME}/.config/gconf
26allow ${HOME}/.config/gconf 26whitelist ${HOME}/.config/gconf
27allow /usr/share/GConf 27whitelist /usr/share/GConf
28allow /usr/share/gconf 28whitelist /usr/share/gconf
29include whitelist-common.inc 29include whitelist-common.inc
30include whitelist-usr-share-common.inc 30include whitelist-usr-share-common.inc
31include whitelist-var-common.inc 31include whitelist-var-common.inc
diff --git a/etc/profile-a-l/geany.profile b/etc/profile-a-l/geany.profile
index 706a85c75..6fdb9b37a 100644
--- a/etc/profile-a-l/geany.profile
+++ b/etc/profile-a-l/geany.profile
@@ -6,7 +6,7 @@ include geany.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/geany 9noblacklist ${HOME}/.config/geany
10 10
11# Allows files commonly used by IDEs 11# Allows files commonly used by IDEs
12include allow-common-devel.inc 12include allow-common-devel.inc
diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile
index 512fc1e59..74e135a7c 100644
--- a/etc/profile-a-l/geary.profile
+++ b/etc/profile-a-l/geary.profile
@@ -6,14 +6,14 @@ include geary.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/evolution 9noblacklist ${HOME}/.cache/evolution
10nodeny ${HOME}/.cache/folks 10noblacklist ${HOME}/.cache/folks
11nodeny ${HOME}/.cache/geary 11noblacklist ${HOME}/.cache/geary
12nodeny ${HOME}/.config/evolution 12noblacklist ${HOME}/.config/evolution
13nodeny ${HOME}/.config/geary 13noblacklist ${HOME}/.config/geary
14nodeny ${HOME}/.local/share/evolution 14noblacklist ${HOME}/.local/share/evolution
15nodeny ${HOME}/.local/share/geary 15noblacklist ${HOME}/.local/share/geary
16nodeny ${HOME}/.mozilla 16noblacklist ${HOME}/.mozilla
17 17
18include disable-common.inc 18include disable-common.inc
19include disable-devel.inc 19include disable-devel.inc
@@ -31,16 +31,16 @@ mkdir ${HOME}/.config/evolution
31mkdir ${HOME}/.config/geary 31mkdir ${HOME}/.config/geary
32mkdir ${HOME}/.local/share/evolution 32mkdir ${HOME}/.local/share/evolution
33mkdir ${HOME}/.local/share/geary 33mkdir ${HOME}/.local/share/geary
34allow ${DOWNLOADS} 34whitelist ${DOWNLOADS}
35allow ${HOME}/.cache/evolution 35whitelist ${HOME}/.cache/evolution
36allow ${HOME}/.cache/folks 36whitelist ${HOME}/.cache/folks
37allow ${HOME}/.cache/geary 37whitelist ${HOME}/.cache/geary
38allow ${HOME}/.config/evolution 38whitelist ${HOME}/.config/evolution
39allow ${HOME}/.config/geary 39whitelist ${HOME}/.config/geary
40allow ${HOME}/.local/share/evolution 40whitelist ${HOME}/.local/share/evolution
41allow ${HOME}/.local/share/geary 41whitelist ${HOME}/.local/share/geary
42allow ${HOME}/.mozilla/firefox/profiles.ini 42whitelist ${HOME}/.mozilla/firefox/profiles.ini
43allow /usr/share/geary 43whitelist /usr/share/geary
44include whitelist-common.inc 44include whitelist-common.inc
45include whitelist-runuser-common.inc 45include whitelist-runuser-common.inc
46include whitelist-usr-share-common.inc 46include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gedit.profile b/etc/profile-a-l/gedit.profile
index f11540374..108b7041d 100644
--- a/etc/profile-a-l/gedit.profile
+++ b/etc/profile-a-l/gedit.profile
@@ -6,8 +6,8 @@ include gedit.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/enchant 9noblacklist ${HOME}/.config/enchant
10nodeny ${HOME}/.config/gedit 10noblacklist ${HOME}/.config/gedit
11 11
12# Allows files commonly used by IDEs 12# Allows files commonly used by IDEs
13include allow-common-devel.inc 13include allow-common-devel.inc
diff --git a/etc/profile-a-l/geeqie.profile b/etc/profile-a-l/geeqie.profile
index 8ec3bbaf9..dd33b3fb5 100644
--- a/etc/profile-a-l/geeqie.profile
+++ b/etc/profile-a-l/geeqie.profile
@@ -6,9 +6,9 @@ include geeqie.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/geeqie 9noblacklist ${HOME}/.cache/geeqie
10nodeny ${HOME}/.config/geeqie 10noblacklist ${HOME}/.config/geeqie
11nodeny ${HOME}/.local/share/geeqie 11noblacklist ${HOME}/.local/share/geeqie
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile
index 1661da639..f894a42ca 100644
--- a/etc/profile-a-l/gfeeds.profile
+++ b/etc/profile-a-l/gfeeds.profile
@@ -6,10 +6,10 @@ include gfeeds.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/gfeeds 9noblacklist ${HOME}/.cache/gfeeds
10nodeny ${HOME}/.cache/org.gabmus.gfeeds 10noblacklist ${HOME}/.cache/org.gabmus.gfeeds
11nodeny ${HOME}/.config/org.gabmus.gfeeds.json 11noblacklist ${HOME}/.config/org.gabmus.gfeeds.json
12nodeny ${HOME}/.config/org.gabmus.gfeeds.saved_articles 12noblacklist ${HOME}/.config/org.gabmus.gfeeds.saved_articles
13 13
14# Allow python (blacklisted by disable-interpreters.inc) 14# Allow python (blacklisted by disable-interpreters.inc)
15include allow-python3.inc 15include allow-python3.inc
@@ -27,12 +27,12 @@ mkdir ${HOME}/.cache/gfeeds
27mkdir ${HOME}/.cache/org.gabmus.gfeeds 27mkdir ${HOME}/.cache/org.gabmus.gfeeds
28mkfile ${HOME}/.config/org.gabmus.gfeeds.json 28mkfile ${HOME}/.config/org.gabmus.gfeeds.json
29mkdir ${HOME}/.config/org.gabmus.gfeeds.saved_articles 29mkdir ${HOME}/.config/org.gabmus.gfeeds.saved_articles
30allow ${HOME}/.cache/gfeeds 30whitelist ${HOME}/.cache/gfeeds
31allow ${HOME}/.cache/org.gabmus.gfeeds 31whitelist ${HOME}/.cache/org.gabmus.gfeeds
32allow ${HOME}/.config/org.gabmus.gfeeds.json 32whitelist ${HOME}/.config/org.gabmus.gfeeds.json
33allow ${HOME}/.config/org.gabmus.gfeeds.saved_articles 33whitelist ${HOME}/.config/org.gabmus.gfeeds.saved_articles
34allow /usr/libexec/webkit2gtk-4.0 34whitelist /usr/libexec/webkit2gtk-4.0
35allow /usr/share/gfeeds 35whitelist /usr/share/gfeeds
36include whitelist-common.inc 36include whitelist-common.inc
37include whitelist-runuser-common.inc 37include whitelist-runuser-common.inc
38include whitelist-usr-share-common.inc 38include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile
index 06929dbe3..d9c5a0d9a 100644
--- a/etc/profile-a-l/gget.profile
+++ b/etc/profile-a-l/gget.profile
@@ -7,8 +7,8 @@ include gget.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11deny ${RUNUSER} 11blacklist ${RUNUSER}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
19include disable-shell.inc 19include disable-shell.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22allow ${DOWNLOADS} 22whitelist ${DOWNLOADS}
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-runuser-common.inc 24include whitelist-runuser-common.inc
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/ghostwriter.profile b/etc/profile-a-l/ghostwriter.profile
index 0577fe24f..276ab76df 100644
--- a/etc/profile-a-l/ghostwriter.profile
+++ b/etc/profile-a-l/ghostwriter.profile
@@ -6,10 +6,10 @@ include ghostwriter.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/ghostwriter 9noblacklist ${HOME}/.config/ghostwriter
10nodeny ${HOME}/.local/share/ghostwriter 10noblacklist ${HOME}/.local/share/ghostwriter
11nodeny ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12nodeny ${PICTURES} 12noblacklist ${PICTURES}
13 13
14include allow-lua.inc 14include allow-lua.inc
15 15
@@ -22,10 +22,10 @@ include disable-programs.inc
22include disable-shell.inc 22include disable-shell.inc
23include disable-xdg.inc 23include disable-xdg.inc
24 24
25allow /usr/share/ghostwriter 25whitelist /usr/share/ghostwriter
26allow /usr/share/mozilla-dicts 26whitelist /usr/share/mozilla-dicts
27allow /usr/share/texlive 27whitelist /usr/share/texlive
28allow /usr/share/pandoc* 28whitelist /usr/share/pandoc*
29include whitelist-runuser-common.inc 29include whitelist-runuser-common.inc
30include whitelist-usr-share-common.inc 30include whitelist-usr-share-common.inc
31include whitelist-var-common.inc 31include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile
index de9db8d0f..dfc1304d1 100644
--- a/etc/profile-a-l/gimp.profile
+++ b/etc/profile-a-l/gimp.profile
@@ -18,13 +18,13 @@ include globals.local
18# If you are not using external plugins, you can add 'noexec ${HOME}' to your gimp.local. 18# If you are not using external plugins, you can add 'noexec ${HOME}' to your gimp.local.
19ignore noexec ${HOME} 19ignore noexec ${HOME}
20 20
21nodeny ${HOME}/.cache/babl 21noblacklist ${HOME}/.cache/babl
22nodeny ${HOME}/.cache/gegl-0.4 22noblacklist ${HOME}/.cache/gegl-0.4
23nodeny ${HOME}/.cache/gimp 23noblacklist ${HOME}/.cache/gimp
24nodeny ${HOME}/.config/GIMP 24noblacklist ${HOME}/.config/GIMP
25nodeny ${HOME}/.gimp* 25noblacklist ${HOME}/.gimp*
26nodeny ${DOCUMENTS} 26noblacklist ${DOCUMENTS}
27nodeny ${PICTURES} 27noblacklist ${PICTURES}
28 28
29include disable-common.inc 29include disable-common.inc
30include disable-exec.inc 30include disable-exec.inc
@@ -33,10 +33,10 @@ include disable-passwdmgr.inc
33include disable-programs.inc 33include disable-programs.inc
34include disable-xdg.inc 34include disable-xdg.inc
35 35
36allow /usr/share/gegl-0.4 36whitelist /usr/share/gegl-0.4
37allow /usr/share/gimp 37whitelist /usr/share/gimp
38allow /usr/share/mypaint-data 38whitelist /usr/share/mypaint-data
39allow /usr/share/lensfun 39whitelist /usr/share/lensfun
40include whitelist-usr-share-common.inc 40include whitelist-usr-share-common.inc
41include whitelist-var-common.inc 41include whitelist-var-common.inc
42 42
diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile
index e601d3ab0..661c3a375 100644
--- a/etc/profile-a-l/gist.profile
+++ b/etc/profile-a-l/gist.profile
@@ -7,10 +7,10 @@ include gist.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11deny ${RUNUSER}/wayland-* 11blacklist ${RUNUSER}/wayland-*
12 12
13nodeny ${HOME}/.gist 13noblacklist ${HOME}/.gist
14 14
15# Allow ruby (blacklisted by disable-interpreters.inc) 15# Allow ruby (blacklisted by disable-interpreters.inc)
16include allow-ruby.inc 16include allow-ruby.inc
@@ -24,8 +24,8 @@ include disable-programs.inc
24include disable-xdg.inc 24include disable-xdg.inc
25 25
26mkdir ${HOME}/.gist 26mkdir ${HOME}/.gist
27allow ${HOME}/.gist 27whitelist ${HOME}/.gist
28allow ${DOWNLOADS} 28whitelist ${DOWNLOADS}
29include whitelist-common.inc 29include whitelist-common.inc
30include whitelist-usr-share-common.inc 30include whitelist-usr-share-common.inc
31include whitelist-var-common.inc 31include whitelist-var-common.inc
diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile
index 74b7506cf..5e4249376 100644
--- a/etc/profile-a-l/git-cola.profile
+++ b/etc/profile-a-l/git-cola.profile
@@ -8,12 +8,12 @@ include globals.local
8 8
9ignore noexec ${HOME} 9ignore noexec ${HOME}
10 10
11nodeny ${HOME}/.gitconfig 11noblacklist ${HOME}/.gitconfig
12nodeny ${HOME}/.git-credentials 12noblacklist ${HOME}/.git-credentials
13nodeny ${HOME}/.gnupg 13noblacklist ${HOME}/.gnupg
14nodeny ${HOME}/.subversion 14noblacklist ${HOME}/.subversion
15nodeny ${HOME}/.config/git 15noblacklist ${HOME}/.config/git
16nodeny ${HOME}/.config/git-cola 16noblacklist ${HOME}/.config/git-cola
17# Add your editor/diff viewer config paths and the next line to your git-cola.local to load settings. 17# Add your editor/diff viewer config paths and the next line to your git-cola.local to load settings.
18#noblacklist ${HOME}/ 18#noblacklist ${HOME}/
19 19
@@ -32,17 +32,17 @@ include disable-passwdmgr.inc
32include disable-programs.inc 32include disable-programs.inc
33include disable-xdg.inc 33include disable-xdg.inc
34 34
35allow ${RUNUSER}/gnupg 35whitelist ${RUNUSER}/gnupg
36allow ${RUNUSER}/keyring 36whitelist ${RUNUSER}/keyring
37# Add additional whitelist paths below /usr/share to your git-cola.local to support your editor/diff viewer. 37# Add additional whitelist paths below /usr/share to your git-cola.local to support your editor/diff viewer.
38allow /usr/share/git 38whitelist /usr/share/git
39allow /usr/share/git-cola 39whitelist /usr/share/git-cola
40allow /usr/share/git-core 40whitelist /usr/share/git-core
41allow /usr/share/git-gui 41whitelist /usr/share/git-gui
42allow /usr/share/gitk 42whitelist /usr/share/gitk
43allow /usr/share/gitweb 43whitelist /usr/share/gitweb
44allow /usr/share/gnupg 44whitelist /usr/share/gnupg
45allow /usr/share/gnupg2 45whitelist /usr/share/gnupg2
46include whitelist-runuser-common.inc 46include whitelist-runuser-common.inc
47include whitelist-usr-share-common.inc 47include whitelist-usr-share-common.inc
48include whitelist-var-common.inc 48include whitelist-var-common.inc
diff --git a/etc/profile-a-l/git.profile b/etc/profile-a-l/git.profile
index 680e91085..bfa0081c6 100644
--- a/etc/profile-a-l/git.profile
+++ b/etc/profile-a-l/git.profile
@@ -7,33 +7,33 @@ include git.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${HOME}/.config/git 10noblacklist ${HOME}/.config/git
11nodeny ${HOME}/.config/nano 11noblacklist ${HOME}/.config/nano
12nodeny ${HOME}/.emacs 12noblacklist ${HOME}/.emacs
13nodeny ${HOME}/.emacs.d 13noblacklist ${HOME}/.emacs.d
14nodeny ${HOME}/.gitconfig 14noblacklist ${HOME}/.gitconfig
15nodeny ${HOME}/.git-credentials 15noblacklist ${HOME}/.git-credentials
16nodeny ${HOME}/.gnupg 16noblacklist ${HOME}/.gnupg
17nodeny ${HOME}/.nanorc 17noblacklist ${HOME}/.nanorc
18nodeny ${HOME}/.vim 18noblacklist ${HOME}/.vim
19nodeny ${HOME}/.viminfo 19noblacklist ${HOME}/.viminfo
20 20
21# Allow ssh (blacklisted by disable-common.inc) 21# Allow ssh (blacklisted by disable-common.inc)
22include allow-ssh.inc 22include allow-ssh.inc
23 23
24deny /tmp/.X11-unix 24blacklist /tmp/.X11-unix
25deny ${RUNUSER}/wayland-* 25blacklist ${RUNUSER}/wayland-*
26 26
27include disable-common.inc 27include disable-common.inc
28include disable-exec.inc 28include disable-exec.inc
29include disable-passwdmgr.inc 29include disable-passwdmgr.inc
30include disable-programs.inc 30include disable-programs.inc
31 31
32allow /usr/share/git 32whitelist /usr/share/git
33allow /usr/share/git-core 33whitelist /usr/share/git-core
34allow /usr/share/gitgui 34whitelist /usr/share/gitgui
35allow /usr/share/gitweb 35whitelist /usr/share/gitweb
36allow /usr/share/nano 36whitelist /usr/share/nano
37include whitelist-usr-share-common.inc 37include whitelist-usr-share-common.inc
38include whitelist-var-common.inc 38include whitelist-var-common.inc
39 39
diff --git a/etc/profile-a-l/gitg.profile b/etc/profile-a-l/gitg.profile
index d313b5022..05d7dffa9 100644
--- a/etc/profile-a-l/gitg.profile
+++ b/etc/profile-a-l/gitg.profile
@@ -6,10 +6,10 @@ include gitg.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/git 9noblacklist ${HOME}/.config/git
10nodeny ${HOME}/.gitconfig 10noblacklist ${HOME}/.gitconfig
11nodeny ${HOME}/.git-credentials 11noblacklist ${HOME}/.git-credentials
12nodeny ${HOME}/.local/share/gitg 12noblacklist ${HOME}/.local/share/gitg
13 13
14# Allow ssh (blacklisted by disable-common.inc) 14# Allow ssh (blacklisted by disable-common.inc)
15include allow-ssh.inc 15include allow-ssh.inc
@@ -29,7 +29,7 @@ include disable-programs.inc
29#whitelist ${HOME}/.ssh 29#whitelist ${HOME}/.ssh
30#include whitelist-common.inc 30#include whitelist-common.inc
31 31
32allow /usr/share/gitg 32whitelist /usr/share/gitg
33include whitelist-runuser-common.inc 33include whitelist-runuser-common.inc
34include whitelist-usr-share-common.inc 34include whitelist-usr-share-common.inc
35include whitelist-var-common.inc 35include whitelist-var-common.inc
diff --git a/etc/profile-a-l/github-desktop.profile b/etc/profile-a-l/github-desktop.profile
index 81b534a74..325c54ced 100644
--- a/etc/profile-a-l/github-desktop.profile
+++ b/etc/profile-a-l/github-desktop.profile
@@ -22,10 +22,10 @@ ignore apparmor
22ignore dbus-user none 22ignore dbus-user none
23ignore dbus-system none 23ignore dbus-system none
24 24
25nodeny ${HOME}/.config/GitHub Desktop 25noblacklist ${HOME}/.config/GitHub Desktop
26nodeny ${HOME}/.config/git 26noblacklist ${HOME}/.config/git
27nodeny ${HOME}/.gitconfig 27noblacklist ${HOME}/.gitconfig
28nodeny ${HOME}/.git-credentials 28noblacklist ${HOME}/.git-credentials
29 29
30# no3d 30# no3d
31nosound 31nosound
diff --git a/etc/profile-a-l/gitter.profile b/etc/profile-a-l/gitter.profile
index 2d1694ef7..460e2b990 100644
--- a/etc/profile-a-l/gitter.profile
+++ b/etc/profile-a-l/gitter.profile
@@ -5,8 +5,8 @@ include gitter.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/autostart 8noblacklist ${HOME}/.config/autostart
9nodeny ${HOME}/.config/Gitter 9noblacklist ${HOME}/.config/Gitter
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-passwdmgr.inc
16include disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.config/Gitter 18mkdir ${HOME}/.config/Gitter
19allow ${DOWNLOADS} 19whitelist ${DOWNLOADS}
20allow ${HOME}/.config/autostart 20whitelist ${HOME}/.config/autostart
21allow ${HOME}/.config/Gitter 21whitelist ${HOME}/.config/Gitter
22include whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
diff --git a/etc/profile-a-l/gjs.profile b/etc/profile-a-l/gjs.profile
index e00bb1dbf..ed68b3c2d 100644
--- a/etc/profile-a-l/gjs.profile
+++ b/etc/profile-a-l/gjs.profile
@@ -8,10 +8,10 @@ include globals.local
8 8
9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
10 10
11nodeny ${HOME}/.cache/libgweather 11noblacklist ${HOME}/.cache/libgweather
12nodeny ${HOME}/.cache/org.gnome.Books 12noblacklist ${HOME}/.cache/org.gnome.Books
13nodeny ${HOME}/.config/libreoffice 13noblacklist ${HOME}/.config/libreoffice
14nodeny ${HOME}/.local/share/gnome-photos 14noblacklist ${HOME}/.local/share/gnome-photos
15 15
16# Allow gjs (blacklisted by disable-interpreters.inc) 16# Allow gjs (blacklisted by disable-interpreters.inc)
17include allow-gjs.inc 17include allow-gjs.inc
diff --git a/etc/profile-a-l/gl-117.profile b/etc/profile-a-l/gl-117.profile
index a3236c2be..c8cefc67e 100644
--- a/etc/profile-a-l/gl-117.profile
+++ b/etc/profile-a-l/gl-117.profile
@@ -6,7 +6,7 @@ include gl-117.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.gl-117 9noblacklist ${HOME}/.gl-117
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.gl-117 20mkdir ${HOME}/.gl-117
21allow ${HOME}/.gl-117 21whitelist ${HOME}/.gl-117
22allow /usr/share/gl-117 22whitelist /usr/share/gl-117
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-runuser-common.inc 24include whitelist-runuser-common.inc
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/glaxium.profile b/etc/profile-a-l/glaxium.profile
index ec894a5f3..ee7af0546 100644
--- a/etc/profile-a-l/glaxium.profile
+++ b/etc/profile-a-l/glaxium.profile
@@ -6,7 +6,7 @@ include glaxium.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.glaxiumrc 9noblacklist ${HOME}/.glaxiumrc
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkfile ${HOME}/.glaxiumrc 20mkfile ${HOME}/.glaxiumrc
21allow ${HOME}/.glaxiumrc 21whitelist ${HOME}/.glaxiumrc
22allow /usr/share/glaxium 22whitelist /usr/share/glaxium
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-runuser-common.inc 24include whitelist-runuser-common.inc
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/globaltime.profile b/etc/profile-a-l/globaltime.profile
index e091b811f..14b3ef811 100644
--- a/etc/profile-a-l/globaltime.profile
+++ b/etc/profile-a-l/globaltime.profile
@@ -5,7 +5,7 @@ include globaltime.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/globaltime 8noblacklist ${HOME}/.config/globaltime
9 9
10include disable-common.inc 10include disable-common.inc
11include disable-devel.inc 11include disable-devel.inc
diff --git a/etc/profile-a-l/gmpc.profile b/etc/profile-a-l/gmpc.profile
index 79397d28f..b3aad8b2c 100644
--- a/etc/profile-a-l/gmpc.profile
+++ b/etc/profile-a-l/gmpc.profile
@@ -6,8 +6,8 @@ include gmpc.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/gmpc 9noblacklist ${HOME}/.config/gmpc
10nodeny ${MUSIC} 10noblacklist ${MUSIC}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-programs.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.config/gmpc 20mkdir ${HOME}/.config/gmpc
21allow ${HOME}/.config/gmpc 21whitelist ${HOME}/.config/gmpc
22allow ${MUSIC} 22whitelist ${MUSIC}
23allow /usr/share/gmpc 23whitelist /usr/share/gmpc
24include whitelist-common.inc 24include whitelist-common.inc
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
26include whitelist-var-common.inc 26include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-2048.profile b/etc/profile-a-l/gnome-2048.profile
index c723f6e46..777c81dbe 100644
--- a/etc/profile-a-l/gnome-2048.profile
+++ b/etc/profile-a-l/gnome-2048.profile
@@ -6,10 +6,10 @@ include gnome-2048.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.local/share/gnome-2048 9noblacklist ${HOME}/.local/share/gnome-2048
10 10
11mkdir ${HOME}/.local/share/gnome-2048 11mkdir ${HOME}/.local/share/gnome-2048
12allow ${HOME}/.local/share/gnome-2048 12whitelist ${HOME}/.local/share/gnome-2048
13 13
14private-bin gnome-2048 14private-bin gnome-2048
15 15
diff --git a/etc/profile-a-l/gnome-books.profile b/etc/profile-a-l/gnome-books.profile
index 2ed5fa76b..34a7f557c 100644
--- a/etc/profile-a-l/gnome-books.profile
+++ b/etc/profile-a-l/gnome-books.profile
@@ -7,8 +7,8 @@ include globals.local
7 7
8# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 8# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
9 9
10nodeny ${HOME}/.cache/org.gnome.Books 10noblacklist ${HOME}/.cache/org.gnome.Books
11nodeny ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13# Allow gjs (blacklisted by disable-interpreters.inc) 13# Allow gjs (blacklisted by disable-interpreters.inc)
14include allow-gjs.inc 14include allow-gjs.inc
diff --git a/etc/profile-a-l/gnome-builder.profile b/etc/profile-a-l/gnome-builder.profile
index 7dd1c6e22..37ca5aeff 100644
--- a/etc/profile-a-l/gnome-builder.profile
+++ b/etc/profile-a-l/gnome-builder.profile
@@ -6,11 +6,11 @@ include gnome-builder.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.bash_history 9noblacklist ${HOME}/.bash_history
10 10
11nodeny ${HOME}/.cache/gnome-builder 11noblacklist ${HOME}/.cache/gnome-builder
12nodeny ${HOME}/.config/gnome-builder 12noblacklist ${HOME}/.config/gnome-builder
13nodeny ${HOME}/.local/share/gnome-builder 13noblacklist ${HOME}/.local/share/gnome-builder
14 14
15# Allows files commonly used by IDEs 15# Allows files commonly used by IDEs
16include allow-common-devel.inc 16include allow-common-devel.inc
diff --git a/etc/profile-a-l/gnome-calendar.profile b/etc/profile-a-l/gnome-calendar.profile
index d91fbaa4b..03acd66aa 100644
--- a/etc/profile-a-l/gnome-calendar.profile
+++ b/etc/profile-a-l/gnome-calendar.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
15include disable-shell.inc 15include disable-shell.inc
16include disable-xdg.inc 16include disable-xdg.inc
17 17
18allow /usr/share/libgweather 18whitelist /usr/share/libgweather
19include whitelist-common.inc 19include whitelist-common.inc
20include whitelist-runuser-common.inc 20include whitelist-runuser-common.inc
21include whitelist-usr-share-common.inc 21include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-characters.profile b/etc/profile-a-l/gnome-characters.profile
index 806d7e571..741fe9bf7 100644
--- a/etc/profile-a-l/gnome-characters.profile
+++ b/etc/profile-a-l/gnome-characters.profile
@@ -18,7 +18,7 @@ include disable-programs.inc
18include disable-shell.inc 18include disable-shell.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21allow /usr/share/org.gnome.Characters 21whitelist /usr/share/org.gnome.Characters
22include whitelist-common.inc 22include whitelist-common.inc
23include whitelist-runuser-common.inc 23include whitelist-runuser-common.inc
24include whitelist-usr-share-common.inc 24include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-chess.profile b/etc/profile-a-l/gnome-chess.profile
index 095210565..bd39f625c 100644
--- a/etc/profile-a-l/gnome-chess.profile
+++ b/etc/profile-a-l/gnome-chess.profile
@@ -6,8 +6,8 @@ include gnome-chess.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/gnome-chess 9noblacklist ${HOME}/.config/gnome-chess
10nodeny ${HOME}/.local/share/gnome-chess 10noblacklist ${HOME}/.local/share/gnome-chess
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -22,8 +22,8 @@ include disable-xdg.inc
22#whitelist ${HOME}/.local/share/gnome-chess 22#whitelist ${HOME}/.local/share/gnome-chess
23#include whitelist-common.inc 23#include whitelist-common.inc
24 24
25allow /usr/share/gnuchess 25whitelist /usr/share/gnuchess
26allow /usr/share/gnome-chess 26whitelist /usr/share/gnome-chess
27include whitelist-runuser-common.inc 27include whitelist-runuser-common.inc
28include whitelist-usr-share-common.inc 28include whitelist-usr-share-common.inc
29include whitelist-var-common.inc 29include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-clocks.profile b/etc/profile-a-l/gnome-clocks.profile
index 7e2d458fd..1e7c70b84 100644
--- a/etc/profile-a-l/gnome-clocks.profile
+++ b/etc/profile-a-l/gnome-clocks.profile
@@ -15,8 +15,8 @@ include disable-programs.inc
15include disable-shell.inc 15include disable-shell.inc
16include disable-xdg.inc 16include disable-xdg.inc
17 17
18allow /usr/share/gnome-clocks 18whitelist /usr/share/gnome-clocks
19allow /usr/share/libgweather 19whitelist /usr/share/libgweather
20include whitelist-common.inc 20include whitelist-common.inc
21include whitelist-runuser-common.inc 21include whitelist-runuser-common.inc
22include whitelist-usr-share-common.inc 22include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-contacts.profile b/etc/profile-a-l/gnome-contacts.profile
index 7902fa169..dcc6163b6 100644
--- a/etc/profile-a-l/gnome-contacts.profile
+++ b/etc/profile-a-l/gnome-contacts.profile
@@ -6,7 +6,7 @@ include gnome-contacts.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-documents.profile b/etc/profile-a-l/gnome-documents.profile
index 0f601149f..29ad67af8 100644
--- a/etc/profile-a-l/gnome-documents.profile
+++ b/etc/profile-a-l/gnome-documents.profile
@@ -8,8 +8,8 @@ include globals.local
8 8
9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
10 10
11nodeny ${HOME}/.config/libreoffice 11noblacklist ${HOME}/.config/libreoffice
12nodeny ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
13 13
14# Allow gjs (blacklisted by disable-interpreters.inc) 14# Allow gjs (blacklisted by disable-interpreters.inc)
15include allow-gjs.inc 15include allow-gjs.inc
diff --git a/etc/profile-a-l/gnome-hexgl.profile b/etc/profile-a-l/gnome-hexgl.profile
index 50c3e2c6f..2db956faf 100644
--- a/etc/profile-a-l/gnome-hexgl.profile
+++ b/etc/profile-a-l/gnome-hexgl.profile
@@ -16,7 +16,7 @@ include disable-shell.inc
16include disable-xdg.inc 16include disable-xdg.inc
17 17
18mkdir ${HOME}/.cache/mesa_shader_cache 18mkdir ${HOME}/.cache/mesa_shader_cache
19allow /usr/share/gnome-hexgl 19whitelist /usr/share/gnome-hexgl
20include whitelist-runuser-common.inc 20include whitelist-runuser-common.inc
21include whitelist-usr-share-common.inc 21include whitelist-usr-share-common.inc
22include whitelist-var-common.inc 22include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-keyring.profile b/etc/profile-a-l/gnome-keyring.profile
index 62a5a34ea..25b4c47de 100644
--- a/etc/profile-a-l/gnome-keyring.profile
+++ b/etc/profile-a-l/gnome-keyring.profile
@@ -7,7 +7,7 @@ include gnome-keyring.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${HOME}/.gnupg 10noblacklist ${HOME}/.gnupg
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -18,12 +18,12 @@ include disable-programs.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.gnupg 20mkdir ${HOME}/.gnupg
21allow ${HOME}/.gnupg 21whitelist ${HOME}/.gnupg
22allow ${DOWNLOADS} 22whitelist ${DOWNLOADS}
23allow ${RUNUSER}/gnupg 23whitelist ${RUNUSER}/gnupg
24allow ${RUNUSER}/keyring 24whitelist ${RUNUSER}/keyring
25allow /usr/share/gnupg 25whitelist /usr/share/gnupg
26allow /usr/share/gnupg2 26whitelist /usr/share/gnupg2
27include whitelist-common.inc 27include whitelist-common.inc
28include whitelist-runuser-common.inc 28include whitelist-runuser-common.inc
29include whitelist-usr-share-common.inc 29include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-klotski.profile b/etc/profile-a-l/gnome-klotski.profile
index ed074f944..c67a5c0da 100644
--- a/etc/profile-a-l/gnome-klotski.profile
+++ b/etc/profile-a-l/gnome-klotski.profile
@@ -6,10 +6,10 @@ include gnome-klotski.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.local/share/gnome-klotski 9noblacklist ${HOME}/.local/share/gnome-klotski
10 10
11mkdir ${HOME}/.local/share/gnome-klotski 11mkdir ${HOME}/.local/share/gnome-klotski
12allow ${HOME}/.local/share/gnome-klotski 12whitelist ${HOME}/.local/share/gnome-klotski
13 13
14private-bin gnome-klotski 14private-bin gnome-klotski
15 15
diff --git a/etc/profile-a-l/gnome-latex.profile b/etc/profile-a-l/gnome-latex.profile
index 4a03a7ff5..1a7eafeca 100644
--- a/etc/profile-a-l/gnome-latex.profile
+++ b/etc/profile-a-l/gnome-latex.profile
@@ -6,8 +6,8 @@ include gnome-latex.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/gnome-latex 9noblacklist ${HOME}/.config/gnome-latex
10nodeny ${HOME}/.local/share/gnome-latex 10noblacklist ${HOME}/.local/share/gnome-latex
11 11
12# Allow perl (blacklisted by disable-interpreters.inc) 12# Allow perl (blacklisted by disable-interpreters.inc)
13include allow-perl.inc 13include allow-perl.inc
@@ -19,8 +19,8 @@ include disable-interpreters.inc
19include disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include disable-programs.inc 20include disable-programs.inc
21 21
22allow /usr/share/gnome-latex 22whitelist /usr/share/gnome-latex
23allow /usr/share/texlive 23whitelist /usr/share/texlive
24include whitelist-runuser-common.inc 24include whitelist-runuser-common.inc
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
26# May cause issues. 26# May cause issues.
diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile
index fcc02dc76..9d2ea7b7b 100644
--- a/etc/profile-a-l/gnome-logs.profile
+++ b/etc/profile-a-l/gnome-logs.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
15include disable-shell.inc 15include disable-shell.inc
16include disable-xdg.inc 16include disable-xdg.inc
17 17
18allow /var/log/journal 18whitelist /var/log/journal
19include whitelist-runuser-common.inc 19include whitelist-runuser-common.inc
20include whitelist-usr-share-common.inc 20include whitelist-usr-share-common.inc
21include whitelist-var-common.inc 21include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-mahjongg.profile b/etc/profile-a-l/gnome-mahjongg.profile
index e21f03efe..42409dce8 100644
--- a/etc/profile-a-l/gnome-mahjongg.profile
+++ b/etc/profile-a-l/gnome-mahjongg.profile
@@ -6,7 +6,7 @@ include gnome-mahjongg.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9allow /usr/share/gnome-mahjongg 9whitelist /usr/share/gnome-mahjongg
10 10
11private-bin gnome-mahjongg 11private-bin gnome-mahjongg
12 12
diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile
index cf4eceee3..23aab343f 100644
--- a/etc/profile-a-l/gnome-maps.profile
+++ b/etc/profile-a-l/gnome-maps.profile
@@ -11,14 +11,14 @@ include globals.local
11 11
12# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 12# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
13 13
14nodeny ${HOME}/.cache/champlain 14noblacklist ${HOME}/.cache/champlain
15nodeny ${HOME}/.cache/org.gnome.Maps 15noblacklist ${HOME}/.cache/org.gnome.Maps
16nodeny ${HOME}/.local/share/maps-places.json 16noblacklist ${HOME}/.local/share/maps-places.json
17 17
18# Allow gjs (blacklisted by disable-interpreters.inc) 18# Allow gjs (blacklisted by disable-interpreters.inc)
19include allow-gjs.inc 19include allow-gjs.inc
20 20
21deny /usr/libexec 21blacklist /usr/libexec
22 22
23include disable-common.inc 23include disable-common.inc
24include disable-devel.inc 24include disable-devel.inc
@@ -31,12 +31,12 @@ include disable-xdg.inc
31 31
32mkdir ${HOME}/.cache/champlain 32mkdir ${HOME}/.cache/champlain
33mkfile ${HOME}/.local/share/maps-places.json 33mkfile ${HOME}/.local/share/maps-places.json
34allow ${HOME}/.cache/champlain 34whitelist ${HOME}/.cache/champlain
35allow ${HOME}/.local/share/maps-places.json 35whitelist ${HOME}/.local/share/maps-places.json
36allow ${DOWNLOADS} 36whitelist ${DOWNLOADS}
37allow ${PICTURES} 37whitelist ${PICTURES}
38allow /usr/share/gnome-maps 38whitelist /usr/share/gnome-maps
39allow /usr/share/libgweather 39whitelist /usr/share/libgweather
40include whitelist-common.inc 40include whitelist-common.inc
41include whitelist-runuser-common.inc 41include whitelist-runuser-common.inc
42include whitelist-usr-share-common.inc 42include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-mines.profile b/etc/profile-a-l/gnome-mines.profile
index 1b2949bc5..4fe8986c2 100644
--- a/etc/profile-a-l/gnome-mines.profile
+++ b/etc/profile-a-l/gnome-mines.profile
@@ -6,11 +6,11 @@ include gnome-mines.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.local/share/gnome-mines 9noblacklist ${HOME}/.local/share/gnome-mines
10 10
11mkdir ${HOME}/.local/share/gnome-mines 11mkdir ${HOME}/.local/share/gnome-mines
12allow ${HOME}/.local/share/gnome-mines 12whitelist ${HOME}/.local/share/gnome-mines
13allow /usr/share/gnome-mines 13whitelist /usr/share/gnome-mines
14 14
15private-bin gnome-mines 15private-bin gnome-mines
16 16
diff --git a/etc/profile-a-l/gnome-mplayer.profile b/etc/profile-a-l/gnome-mplayer.profile
index c1cbc796a..43fe71f5e 100644
--- a/etc/profile-a-l/gnome-mplayer.profile
+++ b/etc/profile-a-l/gnome-mplayer.profile
@@ -6,9 +6,9 @@ include gnome-mplayer.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/gnome-mplayer 9noblacklist ${HOME}/.config/gnome-mplayer
10nodeny ${MUSIC} 10noblacklist ${MUSIC}
11nodeny ${VIDEOS} 11noblacklist ${VIDEOS}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-music.profile b/etc/profile-a-l/gnome-music.profile
index 8fd0826c4..2fcbe9910 100644
--- a/etc/profile-a-l/gnome-music.profile
+++ b/etc/profile-a-l/gnome-music.profile
@@ -6,8 +6,8 @@ include gnome-music.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.local/share/gnome-music 9noblacklist ${HOME}/.local/share/gnome-music
10nodeny ${MUSIC} 10noblacklist ${MUSIC}
11 11
12# Allow python (blacklisted by disable-interpreters.inc) 12# Allow python (blacklisted by disable-interpreters.inc)
13include allow-python2.inc 13include allow-python2.inc
diff --git a/etc/profile-a-l/gnome-nettool.profile b/etc/profile-a-l/gnome-nettool.profile
index a929582f8..814751db3 100644
--- a/etc/profile-a-l/gnome-nettool.profile
+++ b/etc/profile-a-l/gnome-nettool.profile
@@ -14,7 +14,7 @@ include disable-passwdmgr.inc
14include disable-programs.inc 14include disable-programs.inc
15include disable-xdg.inc 15include disable-xdg.inc
16 16
17allow /usr/share/gnome-nettool 17whitelist /usr/share/gnome-nettool
18#include whitelist-common.inc -- see #903 18#include whitelist-common.inc -- see #903
19include whitelist-runuser-common.inc 19include whitelist-runuser-common.inc
20include whitelist-usr-share-common.inc 20include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-nibbles.profile b/etc/profile-a-l/gnome-nibbles.profile
index d4c037a41..b22810d34 100644
--- a/etc/profile-a-l/gnome-nibbles.profile
+++ b/etc/profile-a-l/gnome-nibbles.profile
@@ -9,11 +9,11 @@ include globals.local
9ignore machine-id 9ignore machine-id
10ignore nosound 10ignore nosound
11 11
12nodeny ${HOME}/.local/share/gnome-nibbles 12noblacklist ${HOME}/.local/share/gnome-nibbles
13 13
14mkdir ${HOME}/.local/share/gnome-nibbles 14mkdir ${HOME}/.local/share/gnome-nibbles
15allow ${HOME}/.local/share/gnome-nibbles 15whitelist ${HOME}/.local/share/gnome-nibbles
16allow /usr/share/gnome-nibbles 16whitelist /usr/share/gnome-nibbles
17 17
18private-bin gnome-nibbles 18private-bin gnome-nibbles
19 19
diff --git a/etc/profile-a-l/gnome-passwordsafe.profile b/etc/profile-a-l/gnome-passwordsafe.profile
index d2cf828cc..fee5f88b9 100644
--- a/etc/profile-a-l/gnome-passwordsafe.profile
+++ b/etc/profile-a-l/gnome-passwordsafe.profile
@@ -6,14 +6,14 @@ include gnome-passwordsafe.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10nodeny ${HOME}/*.kdb 10noblacklist ${HOME}/*.kdb
11nodeny ${HOME}/*.kdbx 11noblacklist ${HOME}/*.kdbx
12 12
13# Allow python (blacklisted by disable-interpreters.inc) 13# Allow python (blacklisted by disable-interpreters.inc)
14include allow-python3.inc 14include allow-python3.inc
15 15
16deny /usr/libexec 16blacklist /usr/libexec
17 17
18include disable-common.inc 18include disable-common.inc
19include disable-devel.inc 19include disable-devel.inc
@@ -24,8 +24,8 @@ include disable-programs.inc
24include disable-shell.inc 24include disable-shell.inc
25include disable-xdg.inc 25include disable-xdg.inc
26 26
27allow /usr/share/cracklib 27whitelist /usr/share/cracklib
28allow /usr/share/passwordsafe 28whitelist /usr/share/passwordsafe
29include whitelist-runuser-common.inc 29include whitelist-runuser-common.inc
30include whitelist-usr-share-common.inc 30include whitelist-usr-share-common.inc
31include whitelist-var-common.inc 31include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-photos.profile b/etc/profile-a-l/gnome-photos.profile
index 3702da2c7..58bf3f349 100644
--- a/etc/profile-a-l/gnome-photos.profile
+++ b/etc/profile-a-l/gnome-photos.profile
@@ -8,7 +8,7 @@ include globals.local
8 8
9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
10 10
11nodeny ${HOME}/.local/share/gnome-photos 11noblacklist ${HOME}/.local/share/gnome-photos
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-pie.profile b/etc/profile-a-l/gnome-pie.profile
index e9ae2bcb0..41903b136 100644
--- a/etc/profile-a-l/gnome-pie.profile
+++ b/etc/profile-a-l/gnome-pie.profile
@@ -6,7 +6,7 @@ include gnome-pie.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/gnome-pie 9noblacklist ${HOME}/.config/gnome-pie
10 10
11#include disable-common.inc 11#include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-pomodoro.profile b/etc/profile-a-l/gnome-pomodoro.profile
index bec23910c..c2ba7556d 100644
--- a/etc/profile-a-l/gnome-pomodoro.profile
+++ b/etc/profile-a-l/gnome-pomodoro.profile
@@ -6,7 +6,7 @@ include gnome-pomodoro.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.local/share/gnome-pomodoro 9noblacklist ${HOME}/.local/share/gnome-pomodoro
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19mkdir ${HOME}/.local/share/gnome-pomodoro 19mkdir ${HOME}/.local/share/gnome-pomodoro
20allow ${HOME}/.local/share/gnome-pomodoro 20whitelist ${HOME}/.local/share/gnome-pomodoro
21allow /usr/share/gnome-pomodoro 21whitelist /usr/share/gnome-pomodoro
22include whitelist-common.inc 22include whitelist-common.inc
23include whitelist-usr-share-common.inc 23include whitelist-usr-share-common.inc
24include whitelist-runuser-common.inc 24include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/gnome-recipes.profile b/etc/profile-a-l/gnome-recipes.profile
index 5ef33fdd8..48c98ebe0 100644
--- a/etc/profile-a-l/gnome-recipes.profile
+++ b/etc/profile-a-l/gnome-recipes.profile
@@ -7,8 +7,8 @@ include gnome-recipes.local
7include globals.local 7include globals.local
8 8
9 9
10nodeny ${HOME}/.cache/gnome-recipes 10noblacklist ${HOME}/.cache/gnome-recipes
11nodeny ${HOME}/.local/share/gnome-recipes 11noblacklist ${HOME}/.local/share/gnome-recipes
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-shell.inc
20 20
21mkdir ${HOME}/.cache/gnome-recipes 21mkdir ${HOME}/.cache/gnome-recipes
22mkdir ${HOME}/.local/share/gnome-recipes 22mkdir ${HOME}/.local/share/gnome-recipes
23allow ${HOME}/.cache/gnome-recipes 23whitelist ${HOME}/.cache/gnome-recipes
24allow ${HOME}/.local/share/gnome-recipes 24whitelist ${HOME}/.local/share/gnome-recipes
25allow /usr/share/gnome-recipes 25whitelist /usr/share/gnome-recipes
26include whitelist-common.inc 26include whitelist-common.inc
27include whitelist-usr-share-common.inc 27include whitelist-usr-share-common.inc
28include whitelist-var-common.inc 28include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-ring.profile b/etc/profile-a-l/gnome-ring.profile
index b34d264f4..78ceb9c4f 100644
--- a/etc/profile-a-l/gnome-ring.profile
+++ b/etc/profile-a-l/gnome-ring.profile
@@ -5,7 +5,7 @@ include gnome-ring.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.local/share/gnome-ring 8noblacklist ${HOME}/.local/share/gnome-ring
9 9
10include disable-common.inc 10include disable-common.inc
11include disable-devel.inc 11include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-robots.profile b/etc/profile-a-l/gnome-robots.profile
index 836d4e2b2..8835f2b93 100644
--- a/etc/profile-a-l/gnome-robots.profile
+++ b/etc/profile-a-l/gnome-robots.profile
@@ -9,7 +9,7 @@ include globals.local
9ignore machine-id 9ignore machine-id
10ignore nosound 10ignore nosound
11 11
12allow /usr/share/gnome-robots 12whitelist /usr/share/gnome-robots
13 13
14private-bin gnome-robots 14private-bin gnome-robots
15 15
diff --git a/etc/profile-a-l/gnome-schedule.profile b/etc/profile-a-l/gnome-schedule.profile
index 146f8bc4e..69c90b33d 100644
--- a/etc/profile-a-l/gnome-schedule.profile
+++ b/etc/profile-a-l/gnome-schedule.profile
@@ -6,17 +6,17 @@ include gnome-schedule.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.gnome/gnome-schedule 9noblacklist ${HOME}/.gnome/gnome-schedule
10 10
11# Needs at and crontab to read/write user cron 11# Needs at and crontab to read/write user cron
12nodeny ${PATH}/at 12noblacklist ${PATH}/at
13nodeny ${PATH}/crontab 13noblacklist ${PATH}/crontab
14 14
15# Needs access to these files/dirs 15# Needs access to these files/dirs
16nodeny /etc/cron.allow 16noblacklist /etc/cron.allow
17nodeny /etc/cron.deny 17noblacklist /etc/cron.deny
18nodeny /etc/shadow 18noblacklist /etc/shadow
19nodeny /var/spool/cron 19noblacklist /var/spool/cron
20 20
21# cron job testing needs a terminal, resulting in sandbox escape (see disable-common.inc) 21# cron job testing needs a terminal, resulting in sandbox escape (see disable-common.inc)
22# add 'noblacklist ${PATH}/your-terminal' to gnome-schedule.local if you need that functionality 22# add 'noblacklist ${PATH}/your-terminal' to gnome-schedule.local if you need that functionality
@@ -34,10 +34,10 @@ include disable-programs.inc
34include disable-xdg.inc 34include disable-xdg.inc
35 35
36mkfile ${HOME}/.gnome/gnome-schedule 36mkfile ${HOME}/.gnome/gnome-schedule
37allow ${HOME}/.gnome/gnome-schedule 37whitelist ${HOME}/.gnome/gnome-schedule
38allow /usr/share/gnome-schedule 38whitelist /usr/share/gnome-schedule
39allow /var/spool/atd 39whitelist /var/spool/atd
40allow /var/spool/cron 40whitelist /var/spool/cron
41include whitelist-common.inc 41include whitelist-common.inc
42include whitelist-runuser-common.inc 42include whitelist-runuser-common.inc
43include whitelist-usr-share-common.inc 43include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-screenshot.profile b/etc/profile-a-l/gnome-screenshot.profile
index 175549e99..b683b6f6c 100644
--- a/etc/profile-a-l/gnome-screenshot.profile
+++ b/etc/profile-a-l/gnome-screenshot.profile
@@ -6,8 +6,8 @@ include gnome-screenshot.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${PICTURES} 9noblacklist ${PICTURES}
10nodeny ${HOME}/.cache/gnome-screenshot 10noblacklist ${HOME}/.cache/gnome-screenshot
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-sound-recorder.profile b/etc/profile-a-l/gnome-sound-recorder.profile
index c2fb14fa4..34f5fdeff 100644
--- a/etc/profile-a-l/gnome-sound-recorder.profile
+++ b/etc/profile-a-l/gnome-sound-recorder.profile
@@ -6,8 +6,8 @@ include gnome-sound-recorder.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${MUSIC} 9noblacklist ${MUSIC}
10nodeny ${HOME}/.local/share/Trash 10noblacklist ${HOME}/.local/share/Trash
11 11
12# Allow gjs (blacklisted by disable-interpreters.inc) 12# Allow gjs (blacklisted by disable-interpreters.inc)
13include allow-gjs.inc 13include allow-gjs.inc
diff --git a/etc/profile-a-l/gnome-sudoku.profile b/etc/profile-a-l/gnome-sudoku.profile
index 3b7835e52..12fd48a86 100644
--- a/etc/profile-a-l/gnome-sudoku.profile
+++ b/etc/profile-a-l/gnome-sudoku.profile
@@ -6,10 +6,10 @@ include gnome-sudoku.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.local/share/gnome-sudoku 9noblacklist ${HOME}/.local/share/gnome-sudoku
10 10
11mkdir ${HOME}/.local/share/gnome-sudoku 11mkdir ${HOME}/.local/share/gnome-sudoku
12allow ${HOME}/.local/share/gnome-sudoku 12whitelist ${HOME}/.local/share/gnome-sudoku
13 13
14private-bin gnome-sudoku 14private-bin gnome-sudoku
15 15
diff --git a/etc/profile-a-l/gnome-system-log.profile b/etc/profile-a-l/gnome-system-log.profile
index 6978f7cab..8a818695d 100644
--- a/etc/profile-a-l/gnome-system-log.profile
+++ b/etc/profile-a-l/gnome-system-log.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
15include disable-shell.inc 15include disable-shell.inc
16include disable-xdg.inc 16include disable-xdg.inc
17 17
18allow /var/log 18whitelist /var/log
19include whitelist-common.inc 19include whitelist-common.inc
20include whitelist-usr-share-common.inc 20include whitelist-usr-share-common.inc
21include whitelist-var-common.inc 21include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-taquin.profile b/etc/profile-a-l/gnome-taquin.profile
index ac87cf70f..2341334f7 100644
--- a/etc/profile-a-l/gnome-taquin.profile
+++ b/etc/profile-a-l/gnome-taquin.profile
@@ -9,7 +9,7 @@ include globals.local
9ignore machine-id 9ignore machine-id
10ignore nosound 10ignore nosound
11 11
12allow /usr/share/gnome-taquin 12whitelist /usr/share/gnome-taquin
13 13
14private-bin gnome-taquin 14private-bin gnome-taquin
15 15
diff --git a/etc/profile-a-l/gnome-todo.profile b/etc/profile-a-l/gnome-todo.profile
index 092fd58a3..3b147cd48 100644
--- a/etc/profile-a-l/gnome-todo.profile
+++ b/etc/profile-a-l/gnome-todo.profile
@@ -18,7 +18,7 @@ include disable-programs.inc
18include disable-shell.inc 18include disable-shell.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21allow /usr/share/gnome-todo 21whitelist /usr/share/gnome-todo
22include whitelist-common.inc 22include whitelist-common.inc
23include whitelist-usr-share-common.inc 23include whitelist-usr-share-common.inc
24include whitelist-runuser-common.inc 24include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/gnome-twitch.profile b/etc/profile-a-l/gnome-twitch.profile
index d76872ea6..b8ec195d3 100644
--- a/etc/profile-a-l/gnome-twitch.profile
+++ b/etc/profile-a-l/gnome-twitch.profile
@@ -6,8 +6,8 @@ include gnome-twitch.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/gnome-twitch 9noblacklist ${HOME}/.cache/gnome-twitch
10nodeny ${HOME}/.local/share/gnome-twitch 10noblacklist ${HOME}/.local/share/gnome-twitch
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
18 18
19mkdir ${HOME}/.cache/gnome-twitch 19mkdir ${HOME}/.cache/gnome-twitch
20mkdir ${HOME}/.local/share/gnome-twitch 20mkdir ${HOME}/.local/share/gnome-twitch
21allow ${HOME}/.cache/gnome-twitch 21whitelist ${HOME}/.cache/gnome-twitch
22allow ${HOME}/.local/share/gnome-twitch 22whitelist ${HOME}/.local/share/gnome-twitch
23include whitelist-common.inc 23include whitelist-common.inc
24 24
25caps.drop all 25caps.drop all
diff --git a/etc/profile-a-l/gnome-weather.profile b/etc/profile-a-l/gnome-weather.profile
index 6f557ff8d..2e08fa41d 100644
--- a/etc/profile-a-l/gnome-weather.profile
+++ b/etc/profile-a-l/gnome-weather.profile
@@ -8,7 +8,7 @@ include globals.local
8 8
9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
10 10
11nodeny ${HOME}/.cache/libgweather 11noblacklist ${HOME}/.cache/libgweather
12 12
13# Allow gjs (blacklisted by disable-interpreters.inc) 13# Allow gjs (blacklisted by disable-interpreters.inc)
14include allow-gjs.inc 14include allow-gjs.inc
diff --git a/etc/profile-a-l/gnote.profile b/etc/profile-a-l/gnote.profile
index 261efefac..c3014a288 100644
--- a/etc/profile-a-l/gnote.profile
+++ b/etc/profile-a-l/gnote.profile
@@ -6,8 +6,8 @@ include gnote.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/gnote 9noblacklist ${HOME}/.config/gnote
10nodeny ${HOME}/.local/share/gnote 10noblacklist ${HOME}/.local/share/gnote
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
20 20
21mkdir ${HOME}/.config/gnote 21mkdir ${HOME}/.config/gnote
22mkdir ${HOME}/.local/share/gnote 22mkdir ${HOME}/.local/share/gnote
23allow ${HOME}/.config/gnote 23whitelist ${HOME}/.config/gnote
24allow ${HOME}/.local/share/gnote 24whitelist ${HOME}/.local/share/gnote
25allow /usr/share/gnote 25whitelist /usr/share/gnote
26include whitelist-common.inc 26include whitelist-common.inc
27include whitelist-runuser-common.inc 27include whitelist-runuser-common.inc
28include whitelist-usr-share-common.inc 28include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnubik.profile b/etc/profile-a-l/gnubik.profile
index e6fbca26f..22851ce9f 100644
--- a/etc/profile-a-l/gnubik.profile
+++ b/etc/profile-a-l/gnubik.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
15include disable-shell.inc 15include disable-shell.inc
16include disable-xdg.inc 16include disable-xdg.inc
17 17
18allow /usr/share/gnubik 18whitelist /usr/share/gnubik
19include whitelist-common.inc 19include whitelist-common.inc
20include whitelist-runuser-common.inc 20include whitelist-runuser-common.inc
21include whitelist-usr-share-common.inc 21include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/godot.profile b/etc/profile-a-l/godot.profile
index f35a53ca4..09ca17caa 100644
--- a/etc/profile-a-l/godot.profile
+++ b/etc/profile-a-l/godot.profile
@@ -6,9 +6,9 @@ include godot.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/godot 9noblacklist ${HOME}/.cache/godot
10nodeny ${HOME}/.config/godot 10noblacklist ${HOME}/.config/godot
11nodeny ${HOME}/.local/share/godot 11noblacklist ${HOME}/.local/share/godot
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-a-l/goobox.profile b/etc/profile-a-l/goobox.profile
index 95dd41c2a..8399d77c4 100644
--- a/etc/profile-a-l/goobox.profile
+++ b/etc/profile-a-l/goobox.profile
@@ -6,7 +6,7 @@ include goobox.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${MUSIC} 9noblacklist ${MUSIC}
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-a-l/google-chrome-beta.profile b/etc/profile-a-l/google-chrome-beta.profile
index 07f0e587d..ebe5e870b 100644
--- a/etc/profile-a-l/google-chrome-beta.profile
+++ b/etc/profile-a-l/google-chrome-beta.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
10ignore include whitelist-runuser-common.inc 10ignore include whitelist-runuser-common.inc
11ignore include whitelist-usr-share-common.inc 11ignore include whitelist-usr-share-common.inc
12 12
13nodeny ${HOME}/.cache/google-chrome-beta 13noblacklist ${HOME}/.cache/google-chrome-beta
14nodeny ${HOME}/.config/google-chrome-beta 14noblacklist ${HOME}/.config/google-chrome-beta
15 15
16nodeny ${HOME}/.config/chrome-beta-flags.conf 16noblacklist ${HOME}/.config/chrome-beta-flags.conf
17nodeny ${HOME}/.config/chrome-beta-flags.config 17noblacklist ${HOME}/.config/chrome-beta-flags.config
18 18
19mkdir ${HOME}/.cache/google-chrome-beta 19mkdir ${HOME}/.cache/google-chrome-beta
20mkdir ${HOME}/.config/google-chrome-beta 20mkdir ${HOME}/.config/google-chrome-beta
21allow ${HOME}/.cache/google-chrome-beta 21whitelist ${HOME}/.cache/google-chrome-beta
22allow ${HOME}/.config/google-chrome-beta 22whitelist ${HOME}/.config/google-chrome-beta
23 23
24allow ${HOME}/.config/chrome-beta-flags.conf 24whitelist ${HOME}/.config/chrome-beta-flags.conf
25allow ${HOME}/.config/chrome-beta-flags.config 25whitelist ${HOME}/.config/chrome-beta-flags.config
26 26
27# Redirect 27# Redirect
28include chromium-common.profile 28include chromium-common.profile
diff --git a/etc/profile-a-l/google-chrome-unstable.profile b/etc/profile-a-l/google-chrome-unstable.profile
index 229904411..4d303f71b 100644
--- a/etc/profile-a-l/google-chrome-unstable.profile
+++ b/etc/profile-a-l/google-chrome-unstable.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
10ignore include whitelist-runuser-common.inc 10ignore include whitelist-runuser-common.inc
11ignore include whitelist-usr-share-common.inc 11ignore include whitelist-usr-share-common.inc
12 12
13nodeny ${HOME}/.cache/google-chrome-unstable 13noblacklist ${HOME}/.cache/google-chrome-unstable
14nodeny ${HOME}/.config/google-chrome-unstable 14noblacklist ${HOME}/.config/google-chrome-unstable
15 15
16nodeny ${HOME}/.config/chrome-unstable-flags.conf 16noblacklist ${HOME}/.config/chrome-unstable-flags.conf
17nodeny ${HOME}/.config/chrome-unstable-flags.config 17noblacklist ${HOME}/.config/chrome-unstable-flags.config
18 18
19mkdir ${HOME}/.cache/google-chrome-unstable 19mkdir ${HOME}/.cache/google-chrome-unstable
20mkdir ${HOME}/.config/google-chrome-unstable 20mkdir ${HOME}/.config/google-chrome-unstable
21allow ${HOME}/.cache/google-chrome-unstable 21whitelist ${HOME}/.cache/google-chrome-unstable
22allow ${HOME}/.config/google-chrome-unstable 22whitelist ${HOME}/.config/google-chrome-unstable
23 23
24allow ${HOME}/.config/chrome-unstable-flags.conf 24whitelist ${HOME}/.config/chrome-unstable-flags.conf
25allow ${HOME}/.config/chrome-unstable-flags.config 25whitelist ${HOME}/.config/chrome-unstable-flags.config
26 26
27# Redirect 27# Redirect
28include chromium-common.profile 28include chromium-common.profile
diff --git a/etc/profile-a-l/google-chrome.profile b/etc/profile-a-l/google-chrome.profile
index f61642f17..ed2595f72 100644
--- a/etc/profile-a-l/google-chrome.profile
+++ b/etc/profile-a-l/google-chrome.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
10ignore include whitelist-runuser-common.inc 10ignore include whitelist-runuser-common.inc
11ignore include whitelist-usr-share-common.inc 11ignore include whitelist-usr-share-common.inc
12 12
13nodeny ${HOME}/.cache/google-chrome 13noblacklist ${HOME}/.cache/google-chrome
14nodeny ${HOME}/.config/google-chrome 14noblacklist ${HOME}/.config/google-chrome
15 15
16nodeny ${HOME}/.config/chrome-flags.conf 16noblacklist ${HOME}/.config/chrome-flags.conf
17nodeny ${HOME}/.config/chrome-flags.config 17noblacklist ${HOME}/.config/chrome-flags.config
18 18
19mkdir ${HOME}/.cache/google-chrome 19mkdir ${HOME}/.cache/google-chrome
20mkdir ${HOME}/.config/google-chrome 20mkdir ${HOME}/.config/google-chrome
21allow ${HOME}/.cache/google-chrome 21whitelist ${HOME}/.cache/google-chrome
22allow ${HOME}/.config/google-chrome 22whitelist ${HOME}/.config/google-chrome
23 23
24allow ${HOME}/.config/chrome-flags.conf 24whitelist ${HOME}/.config/chrome-flags.conf
25allow ${HOME}/.config/chrome-flags.config 25whitelist ${HOME}/.config/chrome-flags.config
26 26
27# Redirect 27# Redirect
28include chromium-common.profile 28include chromium-common.profile
diff --git a/etc/profile-a-l/google-earth.profile b/etc/profile-a-l/google-earth.profile
index 6039f7cbd..65ac04771 100644
--- a/etc/profile-a-l/google-earth.profile
+++ b/etc/profile-a-l/google-earth.profile
@@ -5,8 +5,8 @@ include google-earth.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/Google 8noblacklist ${HOME}/.config/Google
9nodeny ${HOME}/.googleearth 9noblacklist ${HOME}/.googleearth
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
17 17
18mkdir ${HOME}/.config/Google 18mkdir ${HOME}/.config/Google
19mkdir ${HOME}/.googleearth 19mkdir ${HOME}/.googleearth
20allow ${HOME}/.config/Google 20whitelist ${HOME}/.config/Google
21allow ${HOME}/.googleearth 21whitelist ${HOME}/.googleearth
22include whitelist-common.inc 22include whitelist-common.inc
23 23
24caps.drop all 24caps.drop all
diff --git a/etc/profile-a-l/google-play-music-desktop-player.profile b/etc/profile-a-l/google-play-music-desktop-player.profile
index fdb65b93c..a7aabe105 100644
--- a/etc/profile-a-l/google-play-music-desktop-player.profile
+++ b/etc/profile-a-l/google-play-music-desktop-player.profile
@@ -8,7 +8,7 @@ include globals.local
8# noexec /tmp breaks mpris support 8# noexec /tmp breaks mpris support
9ignore noexec /tmp 9ignore noexec /tmp
10 10
11nodeny ${HOME}/.config/Google Play Music Desktop Player 11noblacklist ${HOME}/.config/Google Play Music Desktop Player
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -20,7 +20,7 @@ include disable-programs.inc
20mkdir ${HOME}/.config/Google Play Music Desktop Player 20mkdir ${HOME}/.config/Google Play Music Desktop Player
21# whitelist ${HOME}/.config/pulse 21# whitelist ${HOME}/.config/pulse
22# whitelist ${HOME}/.pulse 22# whitelist ${HOME}/.pulse
23allow ${HOME}/.config/Google Play Music Desktop Player 23whitelist ${HOME}/.config/Google Play Music Desktop Player
24include whitelist-common.inc 24include whitelist-common.inc
25 25
26caps.drop all 26caps.drop all
diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile
index 952c9c1d4..2d0bce52b 100644
--- a/etc/profile-a-l/googler-common.profile
+++ b/etc/profile-a-l/googler-common.profile
@@ -7,10 +7,10 @@ include googler-common.local
7# added by caller profile 7# added by caller profile
8#include globals.local 8#include globals.local
9 9
10deny /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11deny ${RUNUSER} 11blacklist ${RUNUSER}
12 12
13nodeny ${HOME}/.w3m 13noblacklist ${HOME}/.w3m
14 14
15# Allow /bin/sh (blacklisted by disable-shell.inc) 15# Allow /bin/sh (blacklisted by disable-shell.inc)
16include allow-bin-sh.inc 16include allow-bin-sh.inc
@@ -26,7 +26,7 @@ include disable-programs.inc
26include disable-shell.inc 26include disable-shell.inc
27include disable-xdg.inc 27include disable-xdg.inc
28 28
29allow ${HOME}/.w3m 29whitelist ${HOME}/.w3m
30include whitelist-usr-share-common.inc 30include whitelist-usr-share-common.inc
31include whitelist-var-common.inc 31include whitelist-var-common.inc
32 32
diff --git a/etc/profile-a-l/gpa.profile b/etc/profile-a-l/gpa.profile
index 9b8da361b..37b4f0b1c 100644
--- a/etc/profile-a-l/gpa.profile
+++ b/etc/profile-a-l/gpa.profile
@@ -6,7 +6,7 @@ include gpa.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.gnupg 9noblacklist ${HOME}/.gnupg
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-a-l/gpg-agent.profile b/etc/profile-a-l/gpg-agent.profile
index 5fa66bb55..7f0b614b1 100644
--- a/etc/profile-a-l/gpg-agent.profile
+++ b/etc/profile-a-l/gpg-agent.profile
@@ -7,10 +7,10 @@ include gpg-agent.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${HOME}/.gnupg 10noblacklist ${HOME}/.gnupg
11 11
12deny /tmp/.X11-unix 12blacklist /tmp/.X11-unix
13deny ${RUNUSER}/wayland-* 13blacklist ${RUNUSER}/wayland-*
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
@@ -20,11 +20,11 @@ include disable-programs.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22mkdir ${HOME}/.gnupg 22mkdir ${HOME}/.gnupg
23allow ${HOME}/.gnupg 23whitelist ${HOME}/.gnupg
24allow ${RUNUSER}/gnupg 24whitelist ${RUNUSER}/gnupg
25allow ${RUNUSER}/keyring 25whitelist ${RUNUSER}/keyring
26allow /usr/share/gnupg 26whitelist /usr/share/gnupg
27allow /usr/share/gnupg2 27whitelist /usr/share/gnupg2
28include whitelist-common.inc 28include whitelist-common.inc
29include whitelist-runuser-common.inc 29include whitelist-runuser-common.inc
30include whitelist-usr-share-common.inc 30include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gpg.profile b/etc/profile-a-l/gpg.profile
index 2ad896abe..4a4d6527c 100644
--- a/etc/profile-a-l/gpg.profile
+++ b/etc/profile-a-l/gpg.profile
@@ -7,10 +7,10 @@ include gpg.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${HOME}/.gnupg 10noblacklist ${HOME}/.gnupg
11 11
12deny /tmp/.X11-unix 12blacklist /tmp/.X11-unix
13deny ${RUNUSER}/wayland-* 13blacklist ${RUNUSER}/wayland-*
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
@@ -18,11 +18,11 @@ include disable-interpreters.inc
18include disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include disable-programs.inc 19include disable-programs.inc
20 20
21allow ${RUNUSER}/gnupg 21whitelist ${RUNUSER}/gnupg
22allow ${RUNUSER}/keyring 22whitelist ${RUNUSER}/keyring
23allow /usr/share/gnupg 23whitelist /usr/share/gnupg
24allow /usr/share/gnupg2 24whitelist /usr/share/gnupg2
25allow /usr/share/pacman/keyrings 25whitelist /usr/share/pacman/keyrings
26include whitelist-runuser-common.inc 26include whitelist-runuser-common.inc
27include whitelist-usr-share-common.inc 27include whitelist-usr-share-common.inc
28include whitelist-var-common.inc 28include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gpicview.profile b/etc/profile-a-l/gpicview.profile
index 0552dc3d7..fa53c26c8 100644
--- a/etc/profile-a-l/gpicview.profile
+++ b/etc/profile-a-l/gpicview.profile
@@ -6,7 +6,7 @@ include gpicview.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/gpicview 9noblacklist ${HOME}/.config/gpicview
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
16include disable-programs.inc 16include disable-programs.inc
17include disable-shell.inc 17include disable-shell.inc
18 18
19allow /usr/share/gpicview 19whitelist /usr/share/gpicview
20include whitelist-usr-share-common.inc 20include whitelist-usr-share-common.inc
21include whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
diff --git a/etc/profile-a-l/gpredict.profile b/etc/profile-a-l/gpredict.profile
index c9e62a73f..253d644f1 100644
--- a/etc/profile-a-l/gpredict.profile
+++ b/etc/profile-a-l/gpredict.profile
@@ -6,7 +6,7 @@ include gpredict.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/Gpredict 9noblacklist ${HOME}/.config/Gpredict
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
17include disable-shell.inc 17include disable-shell.inc
18 18
19mkdir ${HOME}/.config/Gpredict 19mkdir ${HOME}/.config/Gpredict
20allow ${HOME}/.config/Gpredict 20whitelist ${HOME}/.config/Gpredict
21include whitelist-common.inc 21include whitelist-common.inc
22 22
23caps.drop all 23caps.drop all
diff --git a/etc/profile-a-l/gradio.profile b/etc/profile-a-l/gradio.profile
index 2aebe2338..2b4c536d2 100644
--- a/etc/profile-a-l/gradio.profile
+++ b/etc/profile-a-l/gradio.profile
@@ -5,8 +5,8 @@ include gradio.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.cache/gradio 8noblacklist ${HOME}/.cache/gradio
9nodeny ${HOME}/.local/share/gradio 9noblacklist ${HOME}/.local/share/gradio
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-xdg.inc
18 18
19mkdir ${HOME}/.cache/gradio 19mkdir ${HOME}/.cache/gradio
20mkdir ${HOME}/.local/share/gradio 20mkdir ${HOME}/.local/share/gradio
21allow ${HOME}/.cache/gradio 21whitelist ${HOME}/.cache/gradio
22allow ${HOME}/.local/share/gradio 22whitelist ${HOME}/.local/share/gradio
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-runuser-common.inc 24include whitelist-runuser-common.inc
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gramps.profile b/etc/profile-a-l/gramps.profile
index 53f0baccb..c7e0c2977 100644
--- a/etc/profile-a-l/gramps.profile
+++ b/etc/profile-a-l/gramps.profile
@@ -6,7 +6,7 @@ include gramps.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.gramps 9noblacklist ${HOME}/.gramps
10 10
11# Allow python (blacklisted by disable-interpreters.inc) 11# Allow python (blacklisted by disable-interpreters.inc)
12#include allow-python2.inc 12#include allow-python2.inc
@@ -21,7 +21,7 @@ include disable-programs.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23mkdir ${HOME}/.gramps 23mkdir ${HOME}/.gramps
24allow ${HOME}/.gramps 24whitelist ${HOME}/.gramps
25include whitelist-common.inc 25include whitelist-common.inc
26include whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
diff --git a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
index ecc871c2e..890ba2560 100644
--- a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
+++ b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
15include disable-shell.inc 15include disable-shell.inc
16include disable-xdg.inc 16include disable-xdg.inc
17 17
18allow /usr/share/gravity-beams-and-evaporating-stars 18whitelist /usr/share/gravity-beams-and-evaporating-stars
19include whitelist-common.inc 19include whitelist-common.inc
20include whitelist-usr-share-common.inc 20include whitelist-usr-share-common.inc
21include whitelist-var-common.inc 21include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gthumb.profile b/etc/profile-a-l/gthumb.profile
index 9a4f7b4fb..5927e8c4d 100644
--- a/etc/profile-a-l/gthumb.profile
+++ b/etc/profile-a-l/gthumb.profile
@@ -6,9 +6,9 @@ include gthumb.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/gthumb 9noblacklist ${HOME}/.config/gthumb
10nodeny ${HOME}/.Steam 10noblacklist ${HOME}/.Steam
11nodeny ${HOME}/.steam 11noblacklist ${HOME}/.steam
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-a-l/gtk-update-icon-cache.profile b/etc/profile-a-l/gtk-update-icon-cache.profile
index d6bb9902a..c8addae75 100644
--- a/etc/profile-a-l/gtk-update-icon-cache.profile
+++ b/etc/profile-a-l/gtk-update-icon-cache.profile
@@ -7,7 +7,7 @@ include gtk-update-icon-cache.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny ${RUNUSER}/wayland-* 10blacklist ${RUNUSER}/wayland-*
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-a-l/gtk2-youtube-viewer.profile b/etc/profile-a-l/gtk2-youtube-viewer.profile
index 8241de43a..787c7bd90 100644
--- a/etc/profile-a-l/gtk2-youtube-viewer.profile
+++ b/etc/profile-a-l/gtk2-youtube-viewer.profile
@@ -8,8 +8,8 @@ include gtk2-youtube-viewer.local
8 8
9ignore quiet 9ignore quiet
10 10
11nodeny /tmp/.X11-unix 11noblacklist /tmp/.X11-unix
12nodeny ${RUNUSER} 12noblacklist ${RUNUSER}
13 13
14include whitelist-runuser-common.inc 14include whitelist-runuser-common.inc
15 15
diff --git a/etc/profile-a-l/gtk3-youtube-viewer.profile b/etc/profile-a-l/gtk3-youtube-viewer.profile
index 6ea4ebbdc..988882622 100644
--- a/etc/profile-a-l/gtk3-youtube-viewer.profile
+++ b/etc/profile-a-l/gtk3-youtube-viewer.profile
@@ -8,8 +8,8 @@ include gtk3-youtube-viewer.local
8 8
9ignore quiet 9ignore quiet
10 10
11nodeny /tmp/.X11-unix 11noblacklist /tmp/.X11-unix
12nodeny ${RUNUSER} 12noblacklist ${RUNUSER}
13 13
14include whitelist-runuser-common.inc 14include whitelist-runuser-common.inc
15 15
diff --git a/etc/profile-a-l/guayadeque.profile b/etc/profile-a-l/guayadeque.profile
index 731bcad1d..3d2b71e9d 100644
--- a/etc/profile-a-l/guayadeque.profile
+++ b/etc/profile-a-l/guayadeque.profile
@@ -5,8 +5,8 @@ include guayadeque.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.guayadeque 8noblacklist ${HOME}/.guayadeque
9nodeny ${MUSIC} 9noblacklist ${MUSIC}
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-a-l/gummi.profile b/etc/profile-a-l/gummi.profile
index 5cdc2cc18..2223c37a1 100644
--- a/etc/profile-a-l/gummi.profile
+++ b/etc/profile-a-l/gummi.profile
@@ -5,8 +5,8 @@ include gummi.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.cache/gummi 8noblacklist ${HOME}/.cache/gummi
9nodeny ${HOME}/.config/gummi 9noblacklist ${HOME}/.config/gummi
10 10
11# Allow lua (blacklisted by disable-interpreters.inc) 11# Allow lua (blacklisted by disable-interpreters.inc)
12include allow-lua.inc 12include allow-lua.inc
diff --git a/etc/profile-a-l/guvcview.profile b/etc/profile-a-l/guvcview.profile
index 3404f5177..9221ca31c 100644
--- a/etc/profile-a-l/guvcview.profile
+++ b/etc/profile-a-l/guvcview.profile
@@ -6,10 +6,10 @@ include guvcview.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/guvcview2 9noblacklist ${HOME}/.config/guvcview2
10 10
11nodeny ${PICTURES} 11noblacklist ${PICTURES}
12nodeny ${VIDEOS} 12noblacklist ${VIDEOS}
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
@@ -21,9 +21,9 @@ include disable-shell.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23mkdir ${HOME}/.config/guvcview2 23mkdir ${HOME}/.config/guvcview2
24allow ${HOME}/.config/guvcview2 24whitelist ${HOME}/.config/guvcview2
25allow ${PICTURES} 25whitelist ${PICTURES}
26allow ${VIDEOS} 26whitelist ${VIDEOS}
27include whitelist-common.inc 27include whitelist-common.inc
28include whitelist-runuser-common.inc 28include whitelist-runuser-common.inc
29include whitelist-usr-share-common.inc 29include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gwenview.profile b/etc/profile-a-l/gwenview.profile
index 132b5a2e2..d33e2a673 100644
--- a/etc/profile-a-l/gwenview.profile
+++ b/etc/profile-a-l/gwenview.profile
@@ -6,17 +6,17 @@ include gwenview.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/GIMP 9noblacklist ${HOME}/.config/GIMP
10nodeny ${HOME}/.config/gwenviewrc 10noblacklist ${HOME}/.config/gwenviewrc
11nodeny ${HOME}/.config/org.kde.gwenviewrc 11noblacklist ${HOME}/.config/org.kde.gwenviewrc
12nodeny ${HOME}/.gimp* 12noblacklist ${HOME}/.gimp*
13nodeny ${HOME}/.kde/share/apps/gwenview 13noblacklist ${HOME}/.kde/share/apps/gwenview
14nodeny ${HOME}/.kde/share/config/gwenviewrc 14noblacklist ${HOME}/.kde/share/config/gwenviewrc
15nodeny ${HOME}/.kde4/share/apps/gwenview 15noblacklist ${HOME}/.kde4/share/apps/gwenview
16nodeny ${HOME}/.kde4/share/config/gwenviewrc 16noblacklist ${HOME}/.kde4/share/config/gwenviewrc
17nodeny ${HOME}/.local/share/gwenview 17noblacklist ${HOME}/.local/share/gwenview
18nodeny ${HOME}/.local/share/kxmlgui5/gwenview 18noblacklist ${HOME}/.local/share/kxmlgui5/gwenview
19nodeny ${HOME}/.local/share/org.kde.gwenview 19noblacklist ${HOME}/.local/share/org.kde.gwenview
20 20
21include disable-common.inc 21include disable-common.inc
22include disable-devel.inc 22include disable-devel.inc
diff --git a/etc/profile-a-l/gzip.profile b/etc/profile-a-l/gzip.profile
index 46c98bdc2..b261c16f4 100644
--- a/etc/profile-a-l/gzip.profile
+++ b/etc/profile-a-l/gzip.profile
@@ -9,7 +9,7 @@ include globals.local
9 9
10# Arch Linux (based distributions) need access to /var/lib/pacman. As we drop 10# Arch Linux (based distributions) need access to /var/lib/pacman. As we drop
11# all capabilities this is automatically read-only. 11# all capabilities this is automatically read-only.
12nodeny /var/lib/pacman 12noblacklist /var/lib/pacman
13 13
14# Redirect 14# Redirect
15include archiver-common.profile 15include archiver-common.profile
diff --git a/etc/profile-a-l/handbrake.profile b/etc/profile-a-l/handbrake.profile
index c102ac4cb..847e1ec1e 100644
--- a/etc/profile-a-l/handbrake.profile
+++ b/etc/profile-a-l/handbrake.profile
@@ -6,9 +6,9 @@ include handbrake.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/ghb 9noblacklist ${HOME}/.config/ghb
10nodeny ${MUSIC} 10noblacklist ${MUSIC}
11nodeny ${VIDEOS} 11noblacklist ${VIDEOS}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-a-l/hashcat.profile b/etc/profile-a-l/hashcat.profile
index d98a1b554..aab4b0c21 100644
--- a/etc/profile-a-l/hashcat.profile
+++ b/etc/profile-a-l/hashcat.profile
@@ -7,11 +7,11 @@ include hashcat.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny ${RUNUSER}/wayland-* 10blacklist ${RUNUSER}/wayland-*
11 11
12nodeny ${HOME}/.hashcat 12noblacklist ${HOME}/.hashcat
13nodeny /usr/include 13noblacklist /usr/include
14nodeny ${DOCUMENTS} 14noblacklist ${DOCUMENTS}
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
diff --git a/etc/profile-a-l/hasher-common.profile b/etc/profile-a-l/hasher-common.profile
index 1c2a44e06..44584f26b 100644
--- a/etc/profile-a-l/hasher-common.profile
+++ b/etc/profile-a-l/hasher-common.profile
@@ -4,7 +4,7 @@ include hasher-common.local
4 4
5# common profile for hasher/checksum tools 5# common profile for hasher/checksum tools
6 6
7deny ${RUNUSER} 7blacklist ${RUNUSER}
8 8
9# Comment/uncomment the relevant include file(s) in your hasher-common.local 9# Comment/uncomment the relevant include file(s) in your hasher-common.local
10# to (un)restrict file access for **all** hashers. Another option is to do this **per hasher** 10# to (un)restrict file access for **all** hashers. Another option is to do this **per hasher**
diff --git a/etc/profile-a-l/hedgewars.profile b/etc/profile-a-l/hedgewars.profile
index 90833af91..c0675d8ec 100644
--- a/etc/profile-a-l/hedgewars.profile
+++ b/etc/profile-a-l/hedgewars.profile
@@ -6,7 +6,7 @@ include hedgewars.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.hedgewars 9noblacklist ${HOME}/.hedgewars
10 10
11include allow-lua.inc 11include allow-lua.inc
12 12
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
17include disable-programs.inc 17include disable-programs.inc
18 18
19mkdir ${HOME}/.hedgewars 19mkdir ${HOME}/.hedgewars
20allow ${HOME}/.hedgewars 20whitelist ${HOME}/.hedgewars
21include whitelist-common.inc 21include whitelist-common.inc
22 22
23caps.drop all 23caps.drop all
diff --git a/etc/profile-a-l/hexchat.profile b/etc/profile-a-l/hexchat.profile
index 993efb591..b887de147 100644
--- a/etc/profile-a-l/hexchat.profile
+++ b/etc/profile-a-l/hexchat.profile
@@ -6,7 +6,7 @@ include hexchat.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/hexchat 9noblacklist ${HOME}/.config/hexchat
10 10
11# Allow /bin/sh (blacklisted by disable-shell.inc) 11# Allow /bin/sh (blacklisted by disable-shell.inc)
12include allow-bin-sh.inc 12include allow-bin-sh.inc
@@ -28,7 +28,7 @@ include disable-shell.inc
28include disable-xdg.inc 28include disable-xdg.inc
29 29
30mkdir ${HOME}/.config/hexchat 30mkdir ${HOME}/.config/hexchat
31allow ${HOME}/.config/hexchat 31whitelist ${HOME}/.config/hexchat
32include whitelist-common.inc 32include whitelist-common.inc
33include whitelist-var-common.inc 33include whitelist-var-common.inc
34 34
diff --git a/etc/profile-a-l/highlight.profile b/etc/profile-a-l/highlight.profile
index 53db642dc..643736ac7 100644
--- a/etc/profile-a-l/highlight.profile
+++ b/etc/profile-a-l/highlight.profile
@@ -6,7 +6,7 @@ include highlight.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9deny ${RUNUSER} 9blacklist ${RUNUSER}
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-a-l/homebank.profile b/etc/profile-a-l/homebank.profile
index ef259cc00..199b1a5e5 100644
--- a/etc/profile-a-l/homebank.profile
+++ b/etc/profile-a-l/homebank.profile
@@ -6,7 +6,7 @@ include homebank.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/homebank 9noblacklist ${HOME}/.config/homebank
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.config/homebank 20mkdir ${HOME}/.config/homebank
21allow ${DOWNLOADS} 21whitelist ${DOWNLOADS}
22allow ${HOME}/.config/homebank 22whitelist ${HOME}/.config/homebank
23allow /usr/share/homebank 23whitelist /usr/share/homebank
24include whitelist-common.inc 24include whitelist-common.inc
25include whitelist-runuser-common.inc 25include whitelist-runuser-common.inc
26include whitelist-usr-share-common.inc 26include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/host.profile b/etc/profile-a-l/host.profile
index 63e1be259..00d9f7a76 100644
--- a/etc/profile-a-l/host.profile
+++ b/etc/profile-a-l/host.profile
@@ -7,8 +7,8 @@ include host.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny ${RUNUSER} 10blacklist ${RUNUSER}
11nodeny ${PATH}/host 11noblacklist ${PATH}/host
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-a-l/hugin.profile b/etc/profile-a-l/hugin.profile
index db5cd29cc..267712c87 100644
--- a/etc/profile-a-l/hugin.profile
+++ b/etc/profile-a-l/hugin.profile
@@ -6,9 +6,9 @@ include hugin.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.hugin 9noblacklist ${HOME}/.hugin
10nodeny ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11nodeny ${PICTURES} 11noblacklist ${PICTURES}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-a-l/hyperrogue.profile b/etc/profile-a-l/hyperrogue.profile
index 1fb33ceb8..e66ffd7e1 100644
--- a/etc/profile-a-l/hyperrogue.profile
+++ b/etc/profile-a-l/hyperrogue.profile
@@ -6,7 +6,7 @@ include hyperrogue.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/hyperrogue.ini 9noblacklist ${HOME}/hyperrogue.ini
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkfile ${HOME}/hyperrogue.ini 20mkfile ${HOME}/hyperrogue.ini
21allow ${HOME}/hyperrogue.ini 21whitelist ${HOME}/hyperrogue.ini
22allow /usr/share/hyperrogue 22whitelist /usr/share/hyperrogue
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-usr-share-common.inc 24include whitelist-usr-share-common.inc
25include whitelist-var-common.inc 25include whitelist-var-common.inc
diff --git a/etc/profile-a-l/i2prouter.profile b/etc/profile-a-l/i2prouter.profile
index c8a2e8a04..47c984175 100644
--- a/etc/profile-a-l/i2prouter.profile
+++ b/etc/profile-a-l/i2prouter.profile
@@ -14,12 +14,12 @@ include globals.local
14# Only needed when i2prouter binary resides in home directory (official I2P java installer does so). 14# Only needed when i2prouter binary resides in home directory (official I2P java installer does so).
15ignore noexec ${HOME} 15ignore noexec ${HOME}
16 16
17nodeny ${HOME}/.config/i2p 17noblacklist ${HOME}/.config/i2p
18nodeny ${HOME}/.i2p 18noblacklist ${HOME}/.i2p
19nodeny ${HOME}/.local/share/i2p 19noblacklist ${HOME}/.local/share/i2p
20nodeny ${HOME}/i2p 20noblacklist ${HOME}/i2p
21# Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so). 21# Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so).
22nodeny /usr/sbin 22noblacklist /usr/sbin
23 23
24# Allow java (blacklisted by disable-devel.inc) 24# Allow java (blacklisted by disable-devel.inc)
25include allow-java.inc 25include allow-java.inc
@@ -36,12 +36,12 @@ mkdir ${HOME}/.config/i2p
36mkdir ${HOME}/.i2p 36mkdir ${HOME}/.i2p
37mkdir ${HOME}/.local/share/i2p 37mkdir ${HOME}/.local/share/i2p
38mkdir ${HOME}/i2p 38mkdir ${HOME}/i2p
39allow ${HOME}/.config/i2p 39whitelist ${HOME}/.config/i2p
40allow ${HOME}/.i2p 40whitelist ${HOME}/.i2p
41allow ${HOME}/.local/share/i2p 41whitelist ${HOME}/.local/share/i2p
42allow ${HOME}/i2p 42whitelist ${HOME}/i2p
43# Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so). 43# Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so).
44allow /usr/sbin/wrapper* 44whitelist /usr/sbin/wrapper*
45 45
46include whitelist-common.inc 46include whitelist-common.inc
47 47
diff --git a/etc/profile-a-l/i3.profile b/etc/profile-a-l/i3.profile
index 95ddad221..e96b1843c 100644
--- a/etc/profile-a-l/i3.profile
+++ b/etc/profile-a-l/i3.profile
@@ -7,7 +7,7 @@ include i3.local
7include globals.local 7include globals.local
8 8
9# all applications started in i3 will run in this profile 9# all applications started in i3 will run in this profile
10nodeny ${HOME}/.config/i3 10noblacklist ${HOME}/.config/i3
11include disable-common.inc 11include disable-common.inc
12 12
13caps.drop all 13caps.drop all
diff --git a/etc/profile-a-l/icecat.profile b/etc/profile-a-l/icecat.profile
index 0de2f658b..660343a29 100644
--- a/etc/profile-a-l/icecat.profile
+++ b/etc/profile-a-l/icecat.profile
@@ -5,13 +5,13 @@ include icecat.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.cache/mozilla 8noblacklist ${HOME}/.cache/mozilla
9nodeny ${HOME}/.mozilla 9noblacklist ${HOME}/.mozilla
10 10
11mkdir ${HOME}/.cache/mozilla/icecat 11mkdir ${HOME}/.cache/mozilla/icecat
12mkdir ${HOME}/.mozilla 12mkdir ${HOME}/.mozilla
13allow ${HOME}/.cache/mozilla/icecat 13whitelist ${HOME}/.cache/mozilla/icecat
14allow ${HOME}/.mozilla 14whitelist ${HOME}/.mozilla
15 15
16# private-etc must first be enabled in firefox-common.profile 16# private-etc must first be enabled in firefox-common.profile
17#private-etc icecat 17#private-etc icecat
diff --git a/etc/profile-a-l/icedove.profile b/etc/profile-a-l/icedove.profile
index 0c22d87d0..19690cd5a 100644
--- a/etc/profile-a-l/icedove.profile
+++ b/etc/profile-a-l/icedove.profile
@@ -9,16 +9,16 @@ include icedove.local
9# Users have icedove set to open a browser by clicking a link in an email 9# Users have icedove set to open a browser by clicking a link in an email
10# We are not allowed to blacklist browser-specific directories 10# We are not allowed to blacklist browser-specific directories
11 11
12nodeny ${HOME}/.cache/icedove 12noblacklist ${HOME}/.cache/icedove
13nodeny ${HOME}/.gnupg 13noblacklist ${HOME}/.gnupg
14nodeny ${HOME}/.icedove 14noblacklist ${HOME}/.icedove
15 15
16mkdir ${HOME}/.cache/icedove 16mkdir ${HOME}/.cache/icedove
17mkdir ${HOME}/.gnupg 17mkdir ${HOME}/.gnupg
18mkdir ${HOME}/.icedove 18mkdir ${HOME}/.icedove
19allow ${HOME}/.cache/icedove 19whitelist ${HOME}/.cache/icedove
20allow ${HOME}/.gnupg 20whitelist ${HOME}/.gnupg
21allow ${HOME}/.icedove 21whitelist ${HOME}/.icedove
22include whitelist-common.inc 22include whitelist-common.inc
23 23
24ignore private-tmp 24ignore private-tmp
diff --git a/etc/profile-a-l/idea.sh.profile b/etc/profile-a-l/idea.sh.profile
index 180b62ec2..680b8e777 100644
--- a/etc/profile-a-l/idea.sh.profile
+++ b/etc/profile-a-l/idea.sh.profile
@@ -5,12 +5,12 @@ include idea.sh.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.IdeaIC* 8noblacklist ${HOME}/.IdeaIC*
9nodeny ${HOME}/.android 9noblacklist ${HOME}/.android
10nodeny ${HOME}/.jack-server 10noblacklist ${HOME}/.jack-server
11nodeny ${HOME}/.jack-settings 11noblacklist ${HOME}/.jack-settings
12nodeny ${HOME}/.local/share/JetBrains 12noblacklist ${HOME}/.local/share/JetBrains
13nodeny ${HOME}/.tooling 13noblacklist ${HOME}/.tooling
14 14
15# Allows files commonly used by IDEs 15# Allows files commonly used by IDEs
16include allow-common-devel.inc 16include allow-common-devel.inc
diff --git a/etc/profile-a-l/imagej.profile b/etc/profile-a-l/imagej.profile
index 5d28e7aca..12ce7976b 100644
--- a/etc/profile-a-l/imagej.profile
+++ b/etc/profile-a-l/imagej.profile
@@ -6,7 +6,7 @@ include imagej.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.imagej 9noblacklist ${HOME}/.imagej
10 10
11# Allow java (blacklisted by disable-devel.inc) 11# Allow java (blacklisted by disable-devel.inc)
12include allow-java.inc 12include allow-java.inc
diff --git a/etc/profile-a-l/img2txt.profile b/etc/profile-a-l/img2txt.profile
index 70d56a7dc..c26958d06 100644
--- a/etc/profile-a-l/img2txt.profile
+++ b/etc/profile-a-l/img2txt.profile
@@ -5,10 +5,10 @@ include img2txt.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8deny ${RUNUSER}/wayland-* 8blacklist ${RUNUSER}/wayland-*
9 9
10nodeny ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11nodeny ${PICTURES} 11noblacklist ${PICTURES}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-passwdmgr.inc
18include disable-programs.inc 18include disable-programs.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21allow /usr/share/imlib2 21whitelist /usr/share/imlib2
22include whitelist-usr-share-common.inc 22include whitelist-usr-share-common.inc
23include whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
diff --git a/etc/profile-a-l/impressive.profile b/etc/profile-a-l/impressive.profile
index 4914cd9d0..c152be01c 100644
--- a/etc/profile-a-l/impressive.profile
+++ b/etc/profile-a-l/impressive.profile
@@ -6,9 +6,9 @@ include impressive.local
6# Persistent global definitions 6# Persistent global definitions
7#include globals.local 7#include globals.local
8 8
9nodeny ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10nodeny /sbin 10noblacklist /sbin
11nodeny /usr/sbin 11noblacklist /usr/sbin
12 12
13# Allow python (blacklisted by disable-interpreters.inc) 13# Allow python (blacklisted by disable-interpreters.inc)
14#include allow-python2.inc 14#include allow-python2.inc
@@ -23,8 +23,8 @@ include disable-programs.inc
23include disable-xdg.inc 23include disable-xdg.inc
24 24
25mkdir ${HOME}/.cache/mesa_shader_cache 25mkdir ${HOME}/.cache/mesa_shader_cache
26allow /usr/share/opengl-games-utils 26whitelist /usr/share/opengl-games-utils
27allow /usr/share/zenity 27whitelist /usr/share/zenity
28include whitelist-usr-share-common.inc 28include whitelist-usr-share-common.inc
29include whitelist-var-common.inc 29include whitelist-var-common.inc
30 30
diff --git a/etc/profile-a-l/inkscape.profile b/etc/profile-a-l/inkscape.profile
index 1a949b300..35dd86b32 100644
--- a/etc/profile-a-l/inkscape.profile
+++ b/etc/profile-a-l/inkscape.profile
@@ -6,14 +6,14 @@ include inkscape.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/inkscape 9noblacklist ${HOME}/.cache/inkscape
10nodeny ${HOME}/.config/inkscape 10noblacklist ${HOME}/.config/inkscape
11nodeny ${HOME}/.inkscape 11noblacklist ${HOME}/.inkscape
12nodeny ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
13nodeny ${PICTURES} 13noblacklist ${PICTURES}
14# Allow exporting .xcf files 14# Allow exporting .xcf files
15nodeny ${HOME}/.config/GIMP 15noblacklist ${HOME}/.config/GIMP
16nodeny ${HOME}/.gimp* 16noblacklist ${HOME}/.gimp*
17 17
18 18
19# Allow python (blacklisted by disable-interpreters.inc) 19# Allow python (blacklisted by disable-interpreters.inc)
@@ -28,7 +28,7 @@ include disable-passwdmgr.inc
28include disable-programs.inc 28include disable-programs.inc
29include disable-xdg.inc 29include disable-xdg.inc
30 30
31allow /usr/share/inkscape 31whitelist /usr/share/inkscape
32include whitelist-usr-share-common.inc 32include whitelist-usr-share-common.inc
33include whitelist-var-common.inc 33include whitelist-var-common.inc
34 34
diff --git a/etc/profile-a-l/inox.profile b/etc/profile-a-l/inox.profile
index 1591ed7ea..a5cac12f2 100644
--- a/etc/profile-a-l/inox.profile
+++ b/etc/profile-a-l/inox.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
10ignore include whitelist-runuser-common.inc 10ignore include whitelist-runuser-common.inc
11ignore include whitelist-usr-share-common.inc 11ignore include whitelist-usr-share-common.inc
12 12
13nodeny ${HOME}/.cache/inox 13noblacklist ${HOME}/.cache/inox
14nodeny ${HOME}/.config/inox 14noblacklist ${HOME}/.config/inox
15 15
16mkdir ${HOME}/.cache/inox 16mkdir ${HOME}/.cache/inox
17mkdir ${HOME}/.config/inox 17mkdir ${HOME}/.config/inox
18allow ${HOME}/.cache/inox 18whitelist ${HOME}/.cache/inox
19allow ${HOME}/.config/inox 19whitelist ${HOME}/.config/inox
20 20
21# Redirect 21# Redirect
22include chromium-common.profile 22include chromium-common.profile
diff --git a/etc/profile-a-l/iridium.profile b/etc/profile-a-l/iridium.profile
index f361fd663..3037d00e9 100644
--- a/etc/profile-a-l/iridium.profile
+++ b/etc/profile-a-l/iridium.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
10ignore include whitelist-runuser-common.inc 10ignore include whitelist-runuser-common.inc
11ignore include whitelist-usr-share-common.inc 11ignore include whitelist-usr-share-common.inc
12 12
13nodeny ${HOME}/.cache/iridium 13noblacklist ${HOME}/.cache/iridium
14nodeny ${HOME}/.config/iridium 14noblacklist ${HOME}/.config/iridium
15 15
16mkdir ${HOME}/.cache/iridium 16mkdir ${HOME}/.cache/iridium
17mkdir ${HOME}/.config/iridium 17mkdir ${HOME}/.config/iridium
18allow ${HOME}/.cache/iridium 18whitelist ${HOME}/.cache/iridium
19allow ${HOME}/.config/iridium 19whitelist ${HOME}/.config/iridium
20 20
21# Redirect 21# Redirect
22include chromium-common.profile 22include chromium-common.profile
diff --git a/etc/profile-a-l/itch.profile b/etc/profile-a-l/itch.profile
index fa0bcf986..e02dcbdb1 100644
--- a/etc/profile-a-l/itch.profile
+++ b/etc/profile-a-l/itch.profile
@@ -8,8 +8,8 @@ include globals.local
8# itch.io has native firejail/sandboxing support bundled in 8# itch.io has native firejail/sandboxing support bundled in
9# See https://itch.io/docs/itch/using/sandbox/linux.html 9# See https://itch.io/docs/itch/using/sandbox/linux.html
10 10
11nodeny ${HOME}/.itch 11noblacklist ${HOME}/.itch
12nodeny ${HOME}/.config/itch 12noblacklist ${HOME}/.config/itch
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-programs.inc
19 19
20mkdir ${HOME}/.itch 20mkdir ${HOME}/.itch
21mkdir ${HOME}/.config/itch 21mkdir ${HOME}/.config/itch
22allow ${HOME}/.itch 22whitelist ${HOME}/.itch
23allow ${HOME}/.config/itch 23whitelist ${HOME}/.config/itch
24include whitelist-common.inc 24include whitelist-common.inc
25 25
26caps.drop all 26caps.drop all
diff --git a/etc/profile-a-l/jami-gnome.profile b/etc/profile-a-l/jami-gnome.profile
index e4be574df..3e9abf369 100644
--- a/etc/profile-a-l/jami-gnome.profile
+++ b/etc/profile-a-l/jami-gnome.profile
@@ -6,8 +6,8 @@ include jami-gnome.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/jami 9noblacklist ${HOME}/.config/jami
10nodeny ${HOME}/.local/share/jami 10noblacklist ${HOME}/.local/share/jami
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
18 18
19mkdir ${HOME}/.config/jami 19mkdir ${HOME}/.config/jami
20mkdir ${HOME}/.local/share/jami 20mkdir ${HOME}/.local/share/jami
21allow ${HOME}/.config/jami 21whitelist ${HOME}/.config/jami
22allow ${HOME}/.local/share/jami 22whitelist ${HOME}/.local/share/jami
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
diff --git a/etc/profile-a-l/jd-gui.profile b/etc/profile-a-l/jd-gui.profile
index bfea84c69..7d29f1068 100644
--- a/etc/profile-a-l/jd-gui.profile
+++ b/etc/profile-a-l/jd-gui.profile
@@ -5,7 +5,7 @@ include jd-gui.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/jd-gui.cfg 8noblacklist ${HOME}/.config/jd-gui.cfg
9 9
10# Allow java (blacklisted by disable-devel.inc) 10# Allow java (blacklisted by disable-devel.inc)
11include allow-java.inc 11include allow-java.inc
diff --git a/etc/profile-a-l/jerry.profile b/etc/profile-a-l/jerry.profile
index c41027618..85b1f2120 100644
--- a/etc/profile-a-l/jerry.profile
+++ b/etc/profile-a-l/jerry.profile
@@ -6,7 +6,7 @@ include jerry.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/dkl 9noblacklist ${HOME}/.config/dkl
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-a-l/jitsi-meet-desktop.profile b/etc/profile-a-l/jitsi-meet-desktop.profile
index 9ca30c36d..edb7ed840 100644
--- a/etc/profile-a-l/jitsi-meet-desktop.profile
+++ b/etc/profile-a-l/jitsi-meet-desktop.profile
@@ -13,12 +13,12 @@ ignore shell none
13 13
14ignore noexec /tmp 14ignore noexec /tmp
15 15
16nodeny ${HOME}/.config/Jitsi Meet 16noblacklist ${HOME}/.config/Jitsi Meet
17 17
18noallow ${DOWNLOADS} 18nowhitelist ${DOWNLOADS}
19 19
20mkdir ${HOME}/.config/Jitsi Meet 20mkdir ${HOME}/.config/Jitsi Meet
21allow ${HOME}/.config/Jitsi Meet 21whitelist ${HOME}/.config/Jitsi Meet
22 22
23private-bin bash,electron,electron[0-9],electron[0-9][0-9],jitsi-meet-desktop,sh 23private-bin bash,electron,electron[0-9],electron[0-9][0-9],jitsi-meet-desktop,sh
24private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg 24private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg
diff --git a/etc/profile-a-l/jitsi.profile b/etc/profile-a-l/jitsi.profile
index f53e6ca32..223c360b8 100644
--- a/etc/profile-a-l/jitsi.profile
+++ b/etc/profile-a-l/jitsi.profile
@@ -5,7 +5,7 @@ include jitsi.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.jitsi 8noblacklist ${HOME}/.jitsi
9 9
10# Allow java (blacklisted by disable-devel.inc) 10# Allow java (blacklisted by disable-devel.inc)
11include allow-java.inc 11include allow-java.inc
diff --git a/etc/profile-a-l/jumpnbump.profile b/etc/profile-a-l/jumpnbump.profile
index c0a78ecc0..9954b8aea 100644
--- a/etc/profile-a-l/jumpnbump.profile
+++ b/etc/profile-a-l/jumpnbump.profile
@@ -6,7 +6,7 @@ include jumpnbump.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.jumpnbump 9noblacklist ${HOME}/.jumpnbump
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19mkdir ${HOME}/.jumpnbump 19mkdir ${HOME}/.jumpnbump
20allow ${HOME}/.jumpnbump 20whitelist ${HOME}/.jumpnbump
21allow /usr/share/jumpnbump 21whitelist /usr/share/jumpnbump
22include whitelist-common.inc 22include whitelist-common.inc
23include whitelist-usr-share-common.inc 23include whitelist-usr-share-common.inc
24include whitelist-var-common.inc 24include whitelist-var-common.inc
diff --git a/etc/profile-a-l/k3b.profile b/etc/profile-a-l/k3b.profile
index 73ce8670f..5ae90dff6 100644
--- a/etc/profile-a-l/k3b.profile
+++ b/etc/profile-a-l/k3b.profile
@@ -6,11 +6,11 @@ include k3b.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/k3brc 9noblacklist ${HOME}/.config/k3brc
10nodeny ${HOME}/.kde/share/config/k3brc 10noblacklist ${HOME}/.kde/share/config/k3brc
11nodeny ${HOME}/.kde4/share/config/k3brc 11noblacklist ${HOME}/.kde4/share/config/k3brc
12nodeny ${HOME}/.local/share/kxmlgui5/k3b 12noblacklist ${HOME}/.local/share/kxmlgui5/k3b
13nodeny ${MUSIC} 13noblacklist ${MUSIC}
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
diff --git a/etc/profile-a-l/kaffeine.profile b/etc/profile-a-l/kaffeine.profile
index e6a00e350..d55fd22cb 100644
--- a/etc/profile-a-l/kaffeine.profile
+++ b/etc/profile-a-l/kaffeine.profile
@@ -6,14 +6,14 @@ include kaffeine.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/kaffeinerc 9noblacklist ${HOME}/.config/kaffeinerc
10nodeny ${HOME}/.kde/share/apps/kaffeine 10noblacklist ${HOME}/.kde/share/apps/kaffeine
11nodeny ${HOME}/.kde/share/config/kaffeinerc 11noblacklist ${HOME}/.kde/share/config/kaffeinerc
12nodeny ${HOME}/.kde4/share/apps/kaffeine 12noblacklist ${HOME}/.kde4/share/apps/kaffeine
13nodeny ${HOME}/.kde4/share/config/kaffeinerc 13noblacklist ${HOME}/.kde4/share/config/kaffeinerc
14nodeny ${HOME}/.local/share/kaffeine 14noblacklist ${HOME}/.local/share/kaffeine
15nodeny ${MUSIC} 15noblacklist ${MUSIC}
16nodeny ${VIDEOS} 16noblacklist ${VIDEOS}
17 17
18include disable-common.inc 18include disable-common.inc
19include disable-devel.inc 19include disable-devel.inc
diff --git a/etc/profile-a-l/kalgebra.profile b/etc/profile-a-l/kalgebra.profile
index 98b04353e..503dac4b6 100644
--- a/etc/profile-a-l/kalgebra.profile
+++ b/etc/profile-a-l/kalgebra.profile
@@ -6,8 +6,8 @@ include kalgebra.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/kalgebrarc 9noblacklist ${HOME}/.config/kalgebrarc
10nodeny ${HOME}/.local/share/kalgebra 10noblacklist ${HOME}/.local/share/kalgebra
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
17include disable-programs.inc 17include disable-programs.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20allow /usr/share/kalgebramobile 20whitelist /usr/share/kalgebramobile
21include whitelist-usr-share-common.inc 21include whitelist-usr-share-common.inc
22include whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
diff --git a/etc/profile-a-l/karbon.profile b/etc/profile-a-l/karbon.profile
index db5394550..231299a2f 100644
--- a/etc/profile-a-l/karbon.profile
+++ b/etc/profile-a-l/karbon.profile
@@ -6,7 +6,7 @@ include karbon.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.local/share/kxmlgui5/karbon 9noblacklist ${HOME}/.local/share/kxmlgui5/karbon
10 10
11# Redirect 11# Redirect
12include krita.profile 12include krita.profile
diff --git a/etc/profile-a-l/kate.profile b/etc/profile-a-l/kate.profile
index d2b180492..27b87e7c3 100644
--- a/etc/profile-a-l/kate.profile
+++ b/etc/profile-a-l/kate.profile
@@ -8,20 +8,20 @@ include globals.local
8 8
9ignore noexec ${HOME} 9ignore noexec ${HOME}
10 10
11nodeny ${HOME}/.config/katemetainfos 11noblacklist ${HOME}/.config/katemetainfos
12nodeny ${HOME}/.config/katepartrc 12noblacklist ${HOME}/.config/katepartrc
13nodeny ${HOME}/.config/katerc 13noblacklist ${HOME}/.config/katerc
14nodeny ${HOME}/.config/kateschemarc 14noblacklist ${HOME}/.config/kateschemarc
15nodeny ${HOME}/.config/katesyntaxhighlightingrc 15noblacklist ${HOME}/.config/katesyntaxhighlightingrc
16nodeny ${HOME}/.config/katevirc 16noblacklist ${HOME}/.config/katevirc
17nodeny ${HOME}/.local/share/kate 17noblacklist ${HOME}/.local/share/kate
18nodeny ${HOME}/.local/share/kxmlgui5/kate 18noblacklist ${HOME}/.local/share/kxmlgui5/kate
19nodeny ${HOME}/.local/share/kxmlgui5/katefiletree 19noblacklist ${HOME}/.local/share/kxmlgui5/katefiletree
20nodeny ${HOME}/.local/share/kxmlgui5/katekonsole 20noblacklist ${HOME}/.local/share/kxmlgui5/katekonsole
21nodeny ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin 21noblacklist ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin
22nodeny ${HOME}/.local/share/kxmlgui5/katepart 22noblacklist ${HOME}/.local/share/kxmlgui5/katepart
23nodeny ${HOME}/.local/share/kxmlgui5/kateproject 23noblacklist ${HOME}/.local/share/kxmlgui5/kateproject
24nodeny ${HOME}/.local/share/kxmlgui5/katesearch 24noblacklist ${HOME}/.local/share/kxmlgui5/katesearch
25 25
26include disable-common.inc 26include disable-common.inc
27# include disable-devel.inc 27# include disable-devel.inc
diff --git a/etc/profile-a-l/kazam.profile b/etc/profile-a-l/kazam.profile
index a4e2e64f4..9795cf168 100644
--- a/etc/profile-a-l/kazam.profile
+++ b/etc/profile-a-l/kazam.profile
@@ -8,9 +8,9 @@ include globals.local
8 8
9ignore noexec ${HOME} 9ignore noexec ${HOME}
10 10
11nodeny ${PICTURES} 11noblacklist ${PICTURES}
12nodeny ${VIDEOS} 12noblacklist ${VIDEOS}
13nodeny ${HOME}/.config/kazam 13noblacklist ${HOME}/.config/kazam
14 14
15# Allow python (blacklisted by disable-interpreters.inc) 15# Allow python (blacklisted by disable-interpreters.inc)
16include allow-python2.inc 16include allow-python2.inc
@@ -25,7 +25,7 @@ include disable-passwdmgr.inc
25include disable-shell.inc 25include disable-shell.inc
26include disable-xdg.inc 26include disable-xdg.inc
27 27
28allow /usr/share/kazam 28whitelist /usr/share/kazam
29include whitelist-runuser-common.inc 29include whitelist-runuser-common.inc
30include whitelist-usr-share-common.inc 30include whitelist-usr-share-common.inc
31include whitelist-var-common.inc 31include whitelist-var-common.inc
diff --git a/etc/profile-a-l/kcalc.profile b/etc/profile-a-l/kcalc.profile
index fcb168d4d..e36ee5ed2 100644
--- a/etc/profile-a-l/kcalc.profile
+++ b/etc/profile-a-l/kcalc.profile
@@ -6,7 +6,7 @@ include kcalc.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.local/share/kxmlgui5/kcalc 9noblacklist ${HOME}/.local/share/kxmlgui5/kcalc
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -21,13 +21,13 @@ mkdir ${HOME}/.local/share/kxmlgui5/kcalc
21mkfile ${HOME}/.config/kcalcrc 21mkfile ${HOME}/.config/kcalcrc
22mkfile ${HOME}/.kde/share/config/kcalcrc 22mkfile ${HOME}/.kde/share/config/kcalcrc
23mkfile ${HOME}/.kde4/share/config/kcalcrc 23mkfile ${HOME}/.kde4/share/config/kcalcrc
24allow ${HOME}/.config/kcalcrc 24whitelist ${HOME}/.config/kcalcrc
25allow ${HOME}/.kde/share/config/kcalcrc 25whitelist ${HOME}/.kde/share/config/kcalcrc
26allow ${HOME}/.kde4/share/config/kcalcrc 26whitelist ${HOME}/.kde4/share/config/kcalcrc
27allow ${HOME}/.local/share/kxmlgui5/kcalc 27whitelist ${HOME}/.local/share/kxmlgui5/kcalc
28allow /usr/share/config.kcfg/kcalc.kcfg 28whitelist /usr/share/config.kcfg/kcalc.kcfg
29allow /usr/share/kcalc 29whitelist /usr/share/kcalc
30allow /usr/share/kconf_update/kcalcrc.upd 30whitelist /usr/share/kconf_update/kcalcrc.upd
31include whitelist-common.inc 31include whitelist-common.inc
32include whitelist-runuser-common.inc 32include whitelist-runuser-common.inc
33include whitelist-usr-share-common.inc 33include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/kdenlive.profile b/etc/profile-a-l/kdenlive.profile
index 4acafbf2a..d2a08a269 100644
--- a/etc/profile-a-l/kdenlive.profile
+++ b/etc/profile-a-l/kdenlive.profile
@@ -8,10 +8,10 @@ include globals.local
8 8
9ignore noexec ${HOME} 9ignore noexec ${HOME}
10 10
11nodeny ${HOME}/.cache/kdenlive 11noblacklist ${HOME}/.cache/kdenlive
12nodeny ${HOME}/.config/kdenliverc 12noblacklist ${HOME}/.config/kdenliverc
13nodeny ${HOME}/.local/share/kdenlive 13noblacklist ${HOME}/.local/share/kdenlive
14nodeny ${HOME}/.local/share/kxmlgui5/kdenlive 14noblacklist ${HOME}/.local/share/kxmlgui5/kdenlive
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
diff --git a/etc/profile-a-l/kdiff3.profile b/etc/profile-a-l/kdiff3.profile
index 0c37f7968..7c1cb2294 100644
--- a/etc/profile-a-l/kdiff3.profile
+++ b/etc/profile-a-l/kdiff3.profile
@@ -6,14 +6,14 @@ include kdiff3.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/kdiff3fileitemactionrc 9noblacklist ${HOME}/.config/kdiff3fileitemactionrc
10nodeny ${HOME}/.config/kdiff3rc 10noblacklist ${HOME}/.config/kdiff3rc
11 11
12# Add the next line to your kdiff3.local if you don't need to compare files in disable-common.inc. 12# Add the next line to your kdiff3.local if you don't need to compare files in disable-common.inc.
13# By default we deny access only to .ssh and .gnupg. 13# By default we deny access only to .ssh and .gnupg.
14#include disable-common.inc 14#include disable-common.inc
15deny ${HOME}/.ssh 15blacklist ${HOME}/.ssh
16deny ${HOME}/.gnupg 16blacklist ${HOME}/.gnupg
17 17
18include disable-devel.inc 18include disable-devel.inc
19include disable-exec.inc 19include disable-exec.inc
diff --git a/etc/profile-a-l/keepass.profile b/etc/profile-a-l/keepass.profile
index 9c06962bc..ae8971ab4 100644
--- a/etc/profile-a-l/keepass.profile
+++ b/etc/profile-a-l/keepass.profile
@@ -6,14 +6,14 @@ include keepass.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/*.kdb 9noblacklist ${HOME}/*.kdb
10nodeny ${HOME}/*.kdbx 10noblacklist ${HOME}/*.kdbx
11nodeny ${HOME}/.config/KeePass 11noblacklist ${HOME}/.config/KeePass
12nodeny ${HOME}/.config/keepass 12noblacklist ${HOME}/.config/keepass
13nodeny ${HOME}/.keepass 13noblacklist ${HOME}/.keepass
14nodeny ${HOME}/.local/share/KeePass 14noblacklist ${HOME}/.local/share/KeePass
15nodeny ${HOME}/.local/share/keepass 15noblacklist ${HOME}/.local/share/keepass
16nodeny ${DOCUMENTS} 16noblacklist ${DOCUMENTS}
17 17
18include disable-common.inc 18include disable-common.inc
19include disable-devel.inc 19include disable-devel.inc
diff --git a/etc/profile-a-l/keepassx.profile b/etc/profile-a-l/keepassx.profile
index 2772fa8bf..ac364986d 100644
--- a/etc/profile-a-l/keepassx.profile
+++ b/etc/profile-a-l/keepassx.profile
@@ -6,11 +6,11 @@ include keepassx.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/*.kdb 9noblacklist ${HOME}/*.kdb
10nodeny ${HOME}/*.kdbx 10noblacklist ${HOME}/*.kdbx
11nodeny ${HOME}/.config/keepassx 11noblacklist ${HOME}/.config/keepassx
12nodeny ${HOME}/.keepassx 12noblacklist ${HOME}/.keepassx
13nodeny ${DOCUMENTS} 13noblacklist ${DOCUMENTS}
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile
index 9c530b20d..f71dcf82b 100644
--- a/etc/profile-a-l/keepassxc.profile
+++ b/etc/profile-a-l/keepassxc.profile
@@ -6,23 +6,23 @@ include keepassxc.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/*.kdb 9noblacklist ${HOME}/*.kdb
10nodeny ${HOME}/*.kdbx 10noblacklist ${HOME}/*.kdbx
11nodeny ${HOME}/.cache/keepassxc 11noblacklist ${HOME}/.cache/keepassxc
12nodeny ${HOME}/.config/keepassxc 12noblacklist ${HOME}/.config/keepassxc
13nodeny ${HOME}/.config/KeePassXCrc 13noblacklist ${HOME}/.config/KeePassXCrc
14nodeny ${HOME}/.keepassxc 14noblacklist ${HOME}/.keepassxc
15nodeny ${DOCUMENTS} 15noblacklist ${DOCUMENTS}
16 16
17# Allow browser profiles, required for browser integration. 17# Allow browser profiles, required for browser integration.
18nodeny ${HOME}/.config/BraveSoftware 18noblacklist ${HOME}/.config/BraveSoftware
19nodeny ${HOME}/.config/chromium 19noblacklist ${HOME}/.config/chromium
20nodeny ${HOME}/.config/google-chrome 20noblacklist ${HOME}/.config/google-chrome
21nodeny ${HOME}/.config/vivaldi 21noblacklist ${HOME}/.config/vivaldi
22nodeny ${HOME}/.local/share/torbrowser 22noblacklist ${HOME}/.local/share/torbrowser
23nodeny ${HOME}/.mozilla 23noblacklist ${HOME}/.mozilla
24 24
25deny /usr/libexec 25blacklist /usr/libexec
26 26
27include disable-common.inc 27include disable-common.inc
28include disable-devel.inc 28include disable-devel.inc
@@ -57,7 +57,7 @@ include disable-xdg.inc
57#whitelist ${HOME}/.config/KeePassXCrc 57#whitelist ${HOME}/.config/KeePassXCrc
58#include whitelist-common.inc 58#include whitelist-common.inc
59 59
60allow /usr/share/keepassxc 60whitelist /usr/share/keepassxc
61include whitelist-usr-share-common.inc 61include whitelist-usr-share-common.inc
62include whitelist-var-common.inc 62include whitelist-var-common.inc
63 63
diff --git a/etc/profile-a-l/kget.profile b/etc/profile-a-l/kget.profile
index 30c041cbc..2c684504b 100644
--- a/etc/profile-a-l/kget.profile
+++ b/etc/profile-a-l/kget.profile
@@ -6,13 +6,13 @@ include kget.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/kgetrc 9noblacklist ${HOME}/.config/kgetrc
10nodeny ${HOME}/.kde/share/apps/kget 10noblacklist ${HOME}/.kde/share/apps/kget
11nodeny ${HOME}/.kde/share/config/kgetrc 11noblacklist ${HOME}/.kde/share/config/kgetrc
12nodeny ${HOME}/.kde4/share/apps/kget 12noblacklist ${HOME}/.kde4/share/apps/kget
13nodeny ${HOME}/.kde4/share/config/kgetrc 13noblacklist ${HOME}/.kde4/share/config/kgetrc
14nodeny ${HOME}/.local/share/kget 14noblacklist ${HOME}/.local/share/kget
15nodeny ${HOME}/.local/share/kxmlgui5/kget 15noblacklist ${HOME}/.local/share/kxmlgui5/kget
16 16
17include disable-common.inc 17include disable-common.inc
18include disable-devel.inc 18include disable-devel.inc
diff --git a/etc/profile-a-l/kid3-qt.profile b/etc/profile-a-l/kid3-qt.profile
index 84d135fc3..9bcede077 100644
--- a/etc/profile-a-l/kid3-qt.profile
+++ b/etc/profile-a-l/kid3-qt.profile
@@ -2,7 +2,7 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3include kid3-qt.local 3include kid3-qt.local
4 4
5nodeny ${HOME}/.config/Kid3 5noblacklist ${HOME}/.config/Kid3
6 6
7# Redirect 7# Redirect
8include kid3.profile 8include kid3.profile
diff --git a/etc/profile-a-l/kid3.profile b/etc/profile-a-l/kid3.profile
index 0ef2a7845..e18292e99 100644
--- a/etc/profile-a-l/kid3.profile
+++ b/etc/profile-a-l/kid3.profile
@@ -6,9 +6,9 @@ include kid3.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${MUSIC} 9noblacklist ${MUSIC}
10nodeny ${HOME}/.config/kid3rc 10noblacklist ${HOME}/.config/kid3rc
11nodeny ${HOME}/.local/share/kxmlgui5/kid3 11noblacklist ${HOME}/.local/share/kxmlgui5/kid3
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-a-l/kino.profile b/etc/profile-a-l/kino.profile
index 833c1d22a..74014ffe6 100644
--- a/etc/profile-a-l/kino.profile
+++ b/etc/profile-a-l/kino.profile
@@ -6,8 +6,8 @@ include kino.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.kino-history 9noblacklist ${HOME}/.kino-history
10nodeny ${HOME}/.kinorc 10noblacklist ${HOME}/.kinorc
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-a-l/kiwix-desktop.profile b/etc/profile-a-l/kiwix-desktop.profile
index b188ba0e3..40ee0bbc7 100644
--- a/etc/profile-a-l/kiwix-desktop.profile
+++ b/etc/profile-a-l/kiwix-desktop.profile
@@ -6,8 +6,8 @@ include kiwix-desktop.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.local/share/kiwix 9noblacklist ${HOME}/.local/share/kiwix
10nodeny ${HOME}/.local/share/kiwix-desktop 10noblacklist ${HOME}/.local/share/kiwix-desktop
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
19 19
20mkdir ${HOME}/.local/share/kiwix 20mkdir ${HOME}/.local/share/kiwix
21mkdir ${HOME}/.local/share/kiwix-desktop 21mkdir ${HOME}/.local/share/kiwix-desktop
22allow ${HOME}/.local/share/kiwix 22whitelist ${HOME}/.local/share/kiwix
23allow ${HOME}/.local/share/kiwix-desktop 23whitelist ${HOME}/.local/share/kiwix-desktop
24include whitelist-common.inc 24include whitelist-common.inc
25include whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
diff --git a/etc/profile-a-l/klatexformula.profile b/etc/profile-a-l/klatexformula.profile
index e087e4973..c6a9023f1 100644
--- a/etc/profile-a-l/klatexformula.profile
+++ b/etc/profile-a-l/klatexformula.profile
@@ -6,8 +6,8 @@ include klatexformula.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.kde/share/apps/klatexformula 9noblacklist ${HOME}/.kde/share/apps/klatexformula
10nodeny ${HOME}/.klatexformula 10noblacklist ${HOME}/.klatexformula
11 11
12# Allow python (blacklisted by disable-interpreters.inc) 12# Allow python (blacklisted by disable-interpreters.inc)
13include allow-python2.inc 13include allow-python2.inc
diff --git a/etc/profile-a-l/klavaro.profile b/etc/profile-a-l/klavaro.profile
index ec3912419..f5cd3a48c 100644
--- a/etc/profile-a-l/klavaro.profile
+++ b/etc/profile-a-l/klavaro.profile
@@ -6,8 +6,8 @@ include klavaro.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/klavaro 9noblacklist ${HOME}/.config/klavaro
10nodeny ${HOME}/.local/share/klavaro 10noblacklist ${HOME}/.local/share/klavaro
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
19 19
20mkdir ${HOME}/.local/share/klavaro 20mkdir ${HOME}/.local/share/klavaro
21mkdir ${HOME}/.config/klavaro 21mkdir ${HOME}/.config/klavaro
22allow ${HOME}/.local/share/klavaro 22whitelist ${HOME}/.local/share/klavaro
23allow ${HOME}/.config/klavaro 23whitelist ${HOME}/.config/klavaro
24include whitelist-common.inc 24include whitelist-common.inc
25include whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile
index 3c582c08c..95ae98e53 100644
--- a/etc/profile-a-l/kmail.profile
+++ b/etc/profile-a-l/kmail.profile
@@ -9,27 +9,27 @@ include globals.local
9# kmail has problems launching akonadi in debian and ubuntu. 9# kmail has problems launching akonadi in debian and ubuntu.
10# one solution is to have akonadi already running when kmail is started 10# one solution is to have akonadi already running when kmail is started
11 11
12nodeny ${HOME}/.cache/akonadi* 12noblacklist ${HOME}/.cache/akonadi*
13nodeny ${HOME}/.cache/kmail2 13noblacklist ${HOME}/.cache/kmail2
14nodeny ${HOME}/.config/akonadi* 14noblacklist ${HOME}/.config/akonadi*
15nodeny ${HOME}/.config/baloorc 15noblacklist ${HOME}/.config/baloorc
16nodeny ${HOME}/.config/emaildefaults 16noblacklist ${HOME}/.config/emaildefaults
17nodeny ${HOME}/.config/emailidentities 17noblacklist ${HOME}/.config/emailidentities
18nodeny ${HOME}/.config/kmail2rc 18noblacklist ${HOME}/.config/kmail2rc
19nodeny ${HOME}/.config/kmailsearchindexingrc 19noblacklist ${HOME}/.config/kmailsearchindexingrc
20nodeny ${HOME}/.config/mailtransports 20noblacklist ${HOME}/.config/mailtransports
21nodeny ${HOME}/.config/specialmailcollectionsrc 21noblacklist ${HOME}/.config/specialmailcollectionsrc
22nodeny ${HOME}/.gnupg 22noblacklist ${HOME}/.gnupg
23nodeny ${HOME}/.local/share/akonadi* 23noblacklist ${HOME}/.local/share/akonadi*
24nodeny ${HOME}/.local/share/apps/korganizer 24noblacklist ${HOME}/.local/share/apps/korganizer
25nodeny ${HOME}/.local/share/contacts 25noblacklist ${HOME}/.local/share/contacts
26nodeny ${HOME}/.local/share/emailidentities 26noblacklist ${HOME}/.local/share/emailidentities
27nodeny ${HOME}/.local/share/kmail2 27noblacklist ${HOME}/.local/share/kmail2
28nodeny ${HOME}/.local/share/kxmlgui5/kmail 28noblacklist ${HOME}/.local/share/kxmlgui5/kmail
29nodeny ${HOME}/.local/share/kxmlgui5/kmail2 29noblacklist ${HOME}/.local/share/kxmlgui5/kmail2
30nodeny ${HOME}/.local/share/local-mail 30noblacklist ${HOME}/.local/share/local-mail
31nodeny ${HOME}/.local/share/notes 31noblacklist ${HOME}/.local/share/notes
32nodeny /tmp/akonadi-* 32noblacklist /tmp/akonadi-*
33 33
34include disable-common.inc 34include disable-common.inc
35include disable-devel.inc 35include disable-devel.inc
diff --git a/etc/profile-a-l/kmplayer.profile b/etc/profile-a-l/kmplayer.profile
index d2ce14ab6..e88b53499 100644
--- a/etc/profile-a-l/kmplayer.profile
+++ b/etc/profile-a-l/kmplayer.profile
@@ -6,11 +6,11 @@ include kmplayer.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/kmplayerrc 9noblacklist ${HOME}/.config/kmplayerrc
10nodeny ${HOME}/.kde/share/config/kmplayerrc 10noblacklist ${HOME}/.kde/share/config/kmplayerrc
11nodeny ${HOME}/.local/share/kmplayer 11noblacklist ${HOME}/.local/share/kmplayer
12nodeny ${MUSIC} 12noblacklist ${MUSIC}
13nodeny ${VIDEOS} 13noblacklist ${VIDEOS}
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
diff --git a/etc/profile-a-l/knotes.profile b/etc/profile-a-l/knotes.profile
index 5a9ac34da..f155d0ad6 100644
--- a/etc/profile-a-l/knotes.profile
+++ b/etc/profile-a-l/knotes.profile
@@ -10,9 +10,9 @@ include knotes.local
10# knotes has problems launching akonadi in debian and ubuntu. 10# knotes has problems launching akonadi in debian and ubuntu.
11# one solution is to have akonadi already running when knotes is started 11# one solution is to have akonadi already running when knotes is started
12 12
13nodeny ${HOME}/.config/knotesrc 13noblacklist ${HOME}/.config/knotesrc
14nodeny ${HOME}/.local/share/knotes 14noblacklist ${HOME}/.local/share/knotes
15nodeny ${HOME}/.local/share/kxmlgui5/knotes 15noblacklist ${HOME}/.local/share/kxmlgui5/knotes
16 16
17# Redirect 17# Redirect
18include kmail.profile 18include kmail.profile
diff --git a/etc/profile-a-l/kodi.profile b/etc/profile-a-l/kodi.profile
index 2725c87be..b7091f1fc 100644
--- a/etc/profile-a-l/kodi.profile
+++ b/etc/profile-a-l/kodi.profile
@@ -13,10 +13,10 @@ ignore noexec ${HOME}
13#ignore noroot 13#ignore noroot
14#ignore private-dev 14#ignore private-dev
15 15
16nodeny ${HOME}/.kodi 16noblacklist ${HOME}/.kodi
17nodeny ${MUSIC} 17noblacklist ${MUSIC}
18nodeny ${PICTURES} 18noblacklist ${PICTURES}
19nodeny ${VIDEOS} 19noblacklist ${VIDEOS}
20 20
21# Allow python (blacklisted by disable-interpreters.inc) 21# Allow python (blacklisted by disable-interpreters.inc)
22include allow-python2.inc 22include allow-python2.inc
diff --git a/etc/profile-a-l/konversation.profile b/etc/profile-a-l/konversation.profile
index d8ce33838..5b5ed6e24 100644
--- a/etc/profile-a-l/konversation.profile
+++ b/etc/profile-a-l/konversation.profile
@@ -6,11 +6,11 @@ include konversation.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/konversationrc 9noblacklist ${HOME}/.config/konversationrc
10nodeny ${HOME}/.config/konversation.notifyrc 10noblacklist ${HOME}/.config/konversation.notifyrc
11nodeny ${HOME}/.kde/share/config/konversationrc 11noblacklist ${HOME}/.kde/share/config/konversationrc
12nodeny ${HOME}/.kde4/share/config/konversationrc 12noblacklist ${HOME}/.kde4/share/config/konversationrc
13nodeny ${HOME}/.local/share/kxmlgui5/konversation 13noblacklist ${HOME}/.local/share/kxmlgui5/konversation
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
diff --git a/etc/profile-a-l/kopete.profile b/etc/profile-a-l/kopete.profile
index 749591f32..88f47d1bf 100644
--- a/etc/profile-a-l/kopete.profile
+++ b/etc/profile-a-l/kopete.profile
@@ -6,11 +6,11 @@ include kopete.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.kde/share/apps/kopete 9noblacklist ${HOME}/.kde/share/apps/kopete
10nodeny ${HOME}/.kde/share/config/kopeterc 10noblacklist ${HOME}/.kde/share/config/kopeterc
11nodeny ${HOME}/.kde4/share/apps/kopete 11noblacklist ${HOME}/.kde4/share/apps/kopete
12nodeny ${HOME}/.kde4/share/config/kopeterc 12noblacklist ${HOME}/.kde4/share/config/kopeterc
13nodeny ${HOME}/.local/share/kxmlgui5/kopete 13noblacklist ${HOME}/.local/share/kxmlgui5/kopete
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-interpreters.inc
19include disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include disable-programs.inc 20include disable-programs.inc
21 21
22allow /var/lib/winpopup 22whitelist /var/lib/winpopup
23include whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
diff --git a/etc/profile-a-l/krita.profile b/etc/profile-a-l/krita.profile
index 950341def..8604e63d0 100644
--- a/etc/profile-a-l/krita.profile
+++ b/etc/profile-a-l/krita.profile
@@ -9,10 +9,10 @@ include globals.local
9# noexec ${HOME} may break krita, see issue #1953 9# noexec ${HOME} may break krita, see issue #1953
10ignore noexec ${HOME} 10ignore noexec ${HOME}
11 11
12nodeny ${HOME}/.config/kritarc 12noblacklist ${HOME}/.config/kritarc
13nodeny ${HOME}/.local/share/krita 13noblacklist ${HOME}/.local/share/krita
14nodeny ${DOCUMENTS} 14noblacklist ${DOCUMENTS}
15nodeny ${PICTURES} 15noblacklist ${PICTURES}
16 16
17# Allow python (blacklisted by disable-interpreters.inc) 17# Allow python (blacklisted by disable-interpreters.inc)
18include allow-python2.inc 18include allow-python2.inc
diff --git a/etc/profile-a-l/krunner.profile b/etc/profile-a-l/krunner.profile
index 7b325d273..9cb5eff87 100644
--- a/etc/profile-a-l/krunner.profile
+++ b/etc/profile-a-l/krunner.profile
@@ -13,9 +13,9 @@ include globals.local
13# noblacklist ${HOME}/.cache/krunner 13# noblacklist ${HOME}/.cache/krunner
14# noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* 14# noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite*
15# noblacklist ${HOME}/.config/chromium 15# noblacklist ${HOME}/.config/chromium
16nodeny ${HOME}/.config/krunnerrc 16noblacklist ${HOME}/.config/krunnerrc
17nodeny ${HOME}/.kde/share/config/krunnerrc 17noblacklist ${HOME}/.kde/share/config/krunnerrc
18nodeny ${HOME}/.kde4/share/config/krunnerrc 18noblacklist ${HOME}/.kde4/share/config/krunnerrc
19# noblacklist ${HOME}/.local/share/baloo 19# noblacklist ${HOME}/.local/share/baloo
20# noblacklist ${HOME}/.mozilla 20# noblacklist ${HOME}/.mozilla
21 21
diff --git a/etc/profile-a-l/ktorrent.profile b/etc/profile-a-l/ktorrent.profile
index ac9fee585..5a85194e0 100644
--- a/etc/profile-a-l/ktorrent.profile
+++ b/etc/profile-a-l/ktorrent.profile
@@ -6,13 +6,13 @@ include ktorrent.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/ktorrentrc 9noblacklist ${HOME}/.config/ktorrentrc
10nodeny ${HOME}/.kde/share/apps/ktorrent 10noblacklist ${HOME}/.kde/share/apps/ktorrent
11nodeny ${HOME}/.kde/share/config/ktorrentrc 11noblacklist ${HOME}/.kde/share/config/ktorrentrc
12nodeny ${HOME}/.kde4/share/apps/ktorrent 12noblacklist ${HOME}/.kde4/share/apps/ktorrent
13nodeny ${HOME}/.kde4/share/config/ktorrentrc 13noblacklist ${HOME}/.kde4/share/config/ktorrentrc
14nodeny ${HOME}/.local/share/ktorrent 14noblacklist ${HOME}/.local/share/ktorrent
15nodeny ${HOME}/.local/share/kxmlgui5/ktorrent 15noblacklist ${HOME}/.local/share/kxmlgui5/ktorrent
16 16
17include disable-common.inc 17include disable-common.inc
18include disable-devel.inc 18include disable-devel.inc
@@ -29,14 +29,14 @@ mkdir ${HOME}/.local/share/kxmlgui5/ktorrent
29mkfile ${HOME}/.config/ktorrentrc 29mkfile ${HOME}/.config/ktorrentrc
30mkfile ${HOME}/.kde/share/config/ktorrentrc 30mkfile ${HOME}/.kde/share/config/ktorrentrc
31mkfile ${HOME}/.kde4/share/config/ktorrentrc 31mkfile ${HOME}/.kde4/share/config/ktorrentrc
32allow ${DOWNLOADS} 32whitelist ${DOWNLOADS}
33allow ${HOME}/.config/ktorrentrc 33whitelist ${HOME}/.config/ktorrentrc
34allow ${HOME}/.kde/share/apps/ktorrent 34whitelist ${HOME}/.kde/share/apps/ktorrent
35allow ${HOME}/.kde/share/config/ktorrentrc 35whitelist ${HOME}/.kde/share/config/ktorrentrc
36allow ${HOME}/.kde4/share/apps/ktorrent 36whitelist ${HOME}/.kde4/share/apps/ktorrent
37allow ${HOME}/.kde4/share/config/ktorrentrc 37whitelist ${HOME}/.kde4/share/config/ktorrentrc
38allow ${HOME}/.local/share/ktorrent 38whitelist ${HOME}/.local/share/ktorrent
39allow ${HOME}/.local/share/kxmlgui5/ktorrent 39whitelist ${HOME}/.local/share/kxmlgui5/ktorrent
40include whitelist-common.inc 40include whitelist-common.inc
41include whitelist-var-common.inc 41include whitelist-var-common.inc
42 42
diff --git a/etc/profile-a-l/ktouch.profile b/etc/profile-a-l/ktouch.profile
index 71f8e4977..4cf72b74c 100644
--- a/etc/profile-a-l/ktouch.profile
+++ b/etc/profile-a-l/ktouch.profile
@@ -6,8 +6,8 @@ include ktouch.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/ktouch2rc 9noblacklist ${HOME}/.config/ktouch2rc
10nodeny ${HOME}/.local/share/ktouch 10noblacklist ${HOME}/.local/share/ktouch
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -20,8 +20,8 @@ include disable-xdg.inc
20 20
21mkfile ${HOME}/.config/ktouch2rc 21mkfile ${HOME}/.config/ktouch2rc
22mkdir ${HOME}/.local/share/ktouch 22mkdir ${HOME}/.local/share/ktouch
23allow ${HOME}/.config/ktouch2rc 23whitelist ${HOME}/.config/ktouch2rc
24allow ${HOME}/.local/share/ktouch 24whitelist ${HOME}/.local/share/ktouch
25include whitelist-common.inc 25include whitelist-common.inc
26include whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile
index 74ffd1162..4e9a12e5f 100644
--- a/etc/profile-a-l/kube.profile
+++ b/etc/profile-a-l/kube.profile
@@ -6,13 +6,13 @@ include kube.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.gnupg 9noblacklist ${HOME}/.gnupg
10nodeny ${HOME}/.mozilla 10noblacklist ${HOME}/.mozilla
11nodeny ${HOME}/.cache/kube 11noblacklist ${HOME}/.cache/kube
12nodeny ${HOME}/.config/kube 12noblacklist ${HOME}/.config/kube
13nodeny ${HOME}/.config/sink 13noblacklist ${HOME}/.config/sink
14nodeny ${HOME}/.local/share/kube 14noblacklist ${HOME}/.local/share/kube
15nodeny ${HOME}/.local/share/sink 15noblacklist ${HOME}/.local/share/sink
16 16
17include disable-common.inc 17include disable-common.inc
18include disable-devel.inc 18include disable-devel.inc
@@ -29,17 +29,17 @@ mkdir ${HOME}/.config/kube
29mkdir ${HOME}/.config/sink 29mkdir ${HOME}/.config/sink
30mkdir ${HOME}/.local/share/kube 30mkdir ${HOME}/.local/share/kube
31mkdir ${HOME}/.local/share/sink 31mkdir ${HOME}/.local/share/sink
32allow ${HOME}/.gnupg 32whitelist ${HOME}/.gnupg
33allow ${HOME}/.mozilla/firefox/profiles.ini 33whitelist ${HOME}/.mozilla/firefox/profiles.ini
34allow ${HOME}/.cache/kube 34whitelist ${HOME}/.cache/kube
35allow ${HOME}/.config/kube 35whitelist ${HOME}/.config/kube
36allow ${HOME}/.config/sink 36whitelist ${HOME}/.config/sink
37allow ${HOME}/.local/share/kube 37whitelist ${HOME}/.local/share/kube
38allow ${HOME}/.local/share/sink 38whitelist ${HOME}/.local/share/sink
39allow ${RUNUSER}/gnupg 39whitelist ${RUNUSER}/gnupg
40allow /usr/share/kube 40whitelist /usr/share/kube
41allow /usr/share/gnupg 41whitelist /usr/share/gnupg
42allow /usr/share/gnupg2 42whitelist /usr/share/gnupg2
43include whitelist-common.inc 43include whitelist-common.inc
44include whitelist-runuser-common.inc 44include whitelist-runuser-common.inc
45include whitelist-usr-share-common.inc 45include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/kwin_x11.profile b/etc/profile-a-l/kwin_x11.profile
index 580f93736..15e7ceb17 100644
--- a/etc/profile-a-l/kwin_x11.profile
+++ b/etc/profile-a-l/kwin_x11.profile
@@ -8,10 +8,10 @@ include globals.local
8# fix automatical kwin_x11 sandboxing: 8# fix automatical kwin_x11 sandboxing:
9# echo KDEWM=kwin_x11 >> ~/.pam_environment 9# echo KDEWM=kwin_x11 >> ~/.pam_environment
10 10
11nodeny ${HOME}/.cache/kwin 11noblacklist ${HOME}/.cache/kwin
12nodeny ${HOME}/.config/kwinrc 12noblacklist ${HOME}/.config/kwinrc
13nodeny ${HOME}/.config/kwinrulesrc 13noblacklist ${HOME}/.config/kwinrulesrc
14nodeny ${HOME}/.local/share/kwin 14noblacklist ${HOME}/.local/share/kwin
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
diff --git a/etc/profile-a-l/kwrite.profile b/etc/profile-a-l/kwrite.profile
index 08b0e0224..804ffafeb 100644
--- a/etc/profile-a-l/kwrite.profile
+++ b/etc/profile-a-l/kwrite.profile
@@ -6,15 +6,15 @@ include kwrite.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/katepartrc 9noblacklist ${HOME}/.config/katepartrc
10nodeny ${HOME}/.config/katerc 10noblacklist ${HOME}/.config/katerc
11nodeny ${HOME}/.config/kateschemarc 11noblacklist ${HOME}/.config/kateschemarc
12nodeny ${HOME}/.config/katesyntaxhighlightingrc 12noblacklist ${HOME}/.config/katesyntaxhighlightingrc
13nodeny ${HOME}/.config/katevirc 13noblacklist ${HOME}/.config/katevirc
14nodeny ${HOME}/.config/kwriterc 14noblacklist ${HOME}/.config/kwriterc
15nodeny ${HOME}/.local/share/kwrite 15noblacklist ${HOME}/.local/share/kwrite
16nodeny ${HOME}/.local/share/kxmlgui5/kwrite 16noblacklist ${HOME}/.local/share/kxmlgui5/kwrite
17nodeny ${DOCUMENTS} 17noblacklist ${DOCUMENTS}
18 18
19include disable-common.inc 19include disable-common.inc
20include disable-devel.inc 20include disable-devel.inc
diff --git a/etc/profile-a-l/latex-common.profile b/etc/profile-a-l/latex-common.profile
index 91693bfc1..ac1b8785d 100644
--- a/etc/profile-a-l/latex-common.profile
+++ b/etc/profile-a-l/latex-common.profile
@@ -13,7 +13,7 @@ include disable-interpreters.inc
13include disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include disable-programs.inc 14include disable-programs.inc
15 15
16allow /var/lib 16whitelist /var/lib
17include whitelist-runuser-common.inc 17include whitelist-runuser-common.inc
18include whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
diff --git a/etc/profile-a-l/leafpad.profile b/etc/profile-a-l/leafpad.profile
index e154708eb..4bbb0a86d 100644
--- a/etc/profile-a-l/leafpad.profile
+++ b/etc/profile-a-l/leafpad.profile
@@ -6,7 +6,7 @@ include leafpad.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/leafpad 9noblacklist ${HOME}/.config/leafpad
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-a-l/less.profile b/etc/profile-a-l/less.profile
index abee392de..8eb5ad0c2 100644
--- a/etc/profile-a-l/less.profile
+++ b/etc/profile-a-l/less.profile
@@ -7,9 +7,9 @@ include less.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny ${RUNUSER} 10blacklist ${RUNUSER}
11 11
12nodeny ${HOME}/.lesshst 12noblacklist ${HOME}/.lesshst
13 13
14include disable-devel.inc 14include disable-devel.inc
15include disable-exec.inc 15include disable-exec.inc
diff --git a/etc/profile-a-l/librecad.profile b/etc/profile-a-l/librecad.profile
index 8ec41eee3..c57eae73d 100644
--- a/etc/profile-a-l/librecad.profile
+++ b/etc/profile-a-l/librecad.profile
@@ -4,8 +4,8 @@ include librecad.local
4# Persistent global definitions 4# Persistent global definitions
5include globals.local 5include globals.local
6 6
7nodeny ${HOME}/.config/LibreCAD 7noblacklist ${HOME}/.config/LibreCAD
8nodeny ${HOME}/.local/share/LibreCAD 8noblacklist ${HOME}/.local/share/LibreCAD
9 9
10include disable-common.inc 10include disable-common.inc
11include disable-devel.inc 11include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-programs.inc
16include disable-shell.inc 16include disable-shell.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19allow /usr/share/librecad 19whitelist /usr/share/librecad
20include whitelist-usr-share-common.inc 20include whitelist-usr-share-common.inc
21include whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile
index ae01d39b8..b1a24888c 100644
--- a/etc/profile-a-l/libreoffice.profile
+++ b/etc/profile-a-l/libreoffice.profile
@@ -6,15 +6,15 @@ include libreoffice.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny /usr/local/sbin 9noblacklist /usr/local/sbin
10nodeny ${HOME}/.config/libreoffice 10noblacklist ${HOME}/.config/libreoffice
11 11
12# libreoffice uses java for some functionality. 12# libreoffice uses java for some functionality.
13# Add 'ignore include allow-java.inc' to your libreoffice.local if you don't need that functionality. 13# Add 'ignore include allow-java.inc' to your libreoffice.local if you don't need that functionality.
14# Allow java (blacklisted by disable-devel.inc) 14# Allow java (blacklisted by disable-devel.inc)
15include allow-java.inc 15include allow-java.inc
16 16
17deny /usr/libexec 17blacklist /usr/libexec
18 18
19include disable-common.inc 19include disable-common.inc
20include disable-devel.inc 20include disable-devel.inc
diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile
index 5c614ab8e..da047357a 100644
--- a/etc/profile-a-l/librewolf.profile
+++ b/etc/profile-a-l/librewolf.profile
@@ -6,13 +6,13 @@ include librewolf.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/librewolf 9noblacklist ${HOME}/.cache/librewolf
10nodeny ${HOME}/.librewolf 10noblacklist ${HOME}/.librewolf
11 11
12mkdir ${HOME}/.cache/librewolf 12mkdir ${HOME}/.cache/librewolf
13mkdir ${HOME}/.librewolf 13mkdir ${HOME}/.librewolf
14allow ${HOME}/.cache/librewolf 14whitelist ${HOME}/.cache/librewolf
15allow ${HOME}/.librewolf 15whitelist ${HOME}/.librewolf
16 16
17# Add the next lines to your librewolf.local if you want to use the migration wizard. 17# Add the next lines to your librewolf.local if you want to use the migration wizard.
18#noblacklist ${HOME}/.mozilla 18#noblacklist ${HOME}/.mozilla
@@ -23,10 +23,10 @@ allow ${HOME}/.librewolf
23#whitelist ${RUNUSER}/kpxc_server 23#whitelist ${RUNUSER}/kpxc_server
24#whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer 24#whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
25 25
26allow /usr/share/doc 26whitelist /usr/share/doc
27allow /usr/share/gtk-doc/html 27whitelist /usr/share/gtk-doc/html
28allow /usr/share/mozilla 28whitelist /usr/share/mozilla
29allow /usr/share/webext 29whitelist /usr/share/webext
30include whitelist-usr-share-common.inc 30include whitelist-usr-share-common.inc
31 31
32# Add the next line to your librewolf.local to enable private-bin (Arch Linux). 32# Add the next line to your librewolf.local to enable private-bin (Arch Linux).
diff --git a/etc/profile-a-l/liferea.profile b/etc/profile-a-l/liferea.profile
index 595ecc257..7afca1d5f 100644
--- a/etc/profile-a-l/liferea.profile
+++ b/etc/profile-a-l/liferea.profile
@@ -6,9 +6,9 @@ include liferea.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/liferea 9noblacklist ${HOME}/.cache/liferea
10nodeny ${HOME}/.config/liferea 10noblacklist ${HOME}/.config/liferea
11nodeny ${HOME}/.local/share/liferea 11noblacklist ${HOME}/.local/share/liferea
12 12
13# Allow python (blacklisted by disable-interpreters.inc) 13# Allow python (blacklisted by disable-interpreters.inc)
14include allow-python2.inc 14include allow-python2.inc
@@ -24,10 +24,10 @@ include disable-programs.inc
24mkdir ${HOME}/.cache/liferea 24mkdir ${HOME}/.cache/liferea
25mkdir ${HOME}/.config/liferea 25mkdir ${HOME}/.config/liferea
26mkdir ${HOME}/.local/share/liferea 26mkdir ${HOME}/.local/share/liferea
27allow ${HOME}/.cache/liferea 27whitelist ${HOME}/.cache/liferea
28allow ${HOME}/.config/liferea 28whitelist ${HOME}/.config/liferea
29allow ${HOME}/.local/share/liferea 29whitelist ${HOME}/.local/share/liferea
30allow /usr/share/liferea 30whitelist /usr/share/liferea
31include whitelist-common.inc 31include whitelist-common.inc
32include whitelist-usr-share-common.inc 32include whitelist-usr-share-common.inc
33include whitelist-var-common.inc 33include whitelist-var-common.inc
diff --git a/etc/profile-a-l/lightsoff.profile b/etc/profile-a-l/lightsoff.profile
index 58d5bcd6d..c065c44a9 100644
--- a/etc/profile-a-l/lightsoff.profile
+++ b/etc/profile-a-l/lightsoff.profile
@@ -6,7 +6,7 @@ include lightsoff.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9allow /usr/share/lightsoff 9whitelist /usr/share/lightsoff
10 10
11private-bin lightsoff 11private-bin lightsoff
12 12
diff --git a/etc/profile-a-l/lincity-ng.profile b/etc/profile-a-l/lincity-ng.profile
index e14c50d77..4254b7f33 100644
--- a/etc/profile-a-l/lincity-ng.profile
+++ b/etc/profile-a-l/lincity-ng.profile
@@ -6,7 +6,7 @@ include lincity-ng.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.lincity-ng 9noblacklist ${HOME}/.lincity-ng
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.lincity-ng 20mkdir ${HOME}/.lincity-ng
21allow ${HOME}/.lincity-ng 21whitelist ${HOME}/.lincity-ng
22include whitelist-common.inc 22include whitelist-common.inc
23include whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
diff --git a/etc/profile-a-l/links-common.profile b/etc/profile-a-l/links-common.profile
index 51e3d5b94..cd885b1d4 100644
--- a/etc/profile-a-l/links-common.profile
+++ b/etc/profile-a-l/links-common.profile
@@ -4,8 +4,8 @@ include links-common.local
4 4
5# common profile for links browsers 5# common profile for links browsers
6 6
7deny /tmp/.X11-unix 7blacklist /tmp/.X11-unix
8deny ${RUNUSER}/wayland-* 8blacklist ${RUNUSER}/wayland-*
9 9
10include disable-common.inc 10include disable-common.inc
11include disable-devel.inc 11include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
17include disable-programs.inc 17include disable-programs.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20allow ${DOWNLOADS} 20whitelist ${DOWNLOADS}
21include whitelist-runuser-common.inc 21include whitelist-runuser-common.inc
22include whitelist-usr-share-common.inc 22include whitelist-usr-share-common.inc
23include whitelist-var-common.inc 23include whitelist-var-common.inc
diff --git a/etc/profile-a-l/links.profile b/etc/profile-a-l/links.profile
index ae57601ca..8ce39cc7f 100644
--- a/etc/profile-a-l/links.profile
+++ b/etc/profile-a-l/links.profile
@@ -7,10 +7,10 @@ include links.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${HOME}/.links 10noblacklist ${HOME}/.links
11 11
12mkdir ${HOME}/.links 12mkdir ${HOME}/.links
13allow ${HOME}/.links 13whitelist ${HOME}/.links
14 14
15private-bin links 15private-bin links
16 16
diff --git a/etc/profile-a-l/links2.profile b/etc/profile-a-l/links2.profile
index eb349c73a..5f91dfcd2 100644
--- a/etc/profile-a-l/links2.profile
+++ b/etc/profile-a-l/links2.profile
@@ -7,10 +7,10 @@ include links2.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${HOME}/.links2 10noblacklist ${HOME}/.links2
11 11
12mkdir ${HOME}/.links2 12mkdir ${HOME}/.links2
13allow ${HOME}/.links2 13whitelist ${HOME}/.links2
14 14
15private-bin links2 15private-bin links2
16 16
diff --git a/etc/profile-a-l/linphone.profile b/etc/profile-a-l/linphone.profile
index dd1dac05b..7ebdbef4c 100644
--- a/etc/profile-a-l/linphone.profile
+++ b/etc/profile-a-l/linphone.profile
@@ -6,10 +6,10 @@ include linphone.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/linphone 9noblacklist ${HOME}/.config/linphone
10nodeny ${HOME}/.linphone-history.db 10noblacklist ${HOME}/.linphone-history.db
11nodeny ${HOME}/.linphonerc 11noblacklist ${HOME}/.linphonerc
12nodeny ${HOME}/.local/share/linphone 12noblacklist ${HOME}/.local/share/linphone
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
@@ -23,11 +23,11 @@ include disable-programs.inc
23# ${HOME}/.linphone-history.db and ${HOME}/.linphonerc but no longer mkfile. 23# ${HOME}/.linphone-history.db and ${HOME}/.linphonerc but no longer mkfile.
24mkdir ${HOME}/.config/linphone 24mkdir ${HOME}/.config/linphone
25mkdir ${HOME}/.local/share/linphone 25mkdir ${HOME}/.local/share/linphone
26allow ${HOME}/.config/linphone 26whitelist ${HOME}/.config/linphone
27allow ${HOME}/.linphone-history.db 27whitelist ${HOME}/.linphone-history.db
28allow ${HOME}/.linphonerc 28whitelist ${HOME}/.linphonerc
29allow ${HOME}/.local/share/linphone 29whitelist ${HOME}/.local/share/linphone
30allow ${DOWNLOADS} 30whitelist ${DOWNLOADS}
31include whitelist-common.inc 31include whitelist-common.inc
32 32
33caps.drop all 33caps.drop all
diff --git a/etc/profile-a-l/lmms.profile b/etc/profile-a-l/lmms.profile
index b22110fdc..48b0e14dc 100644
--- a/etc/profile-a-l/lmms.profile
+++ b/etc/profile-a-l/lmms.profile
@@ -6,9 +6,9 @@ include lmms.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.lmmsrc.xml 9noblacklist ${HOME}/.lmmsrc.xml
10nodeny ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11nodeny ${MUSIC} 11noblacklist ${MUSIC}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-a-l/lollypop.profile b/etc/profile-a-l/lollypop.profile
index 0a7ce86e8..f2676fec5 100644
--- a/etc/profile-a-l/lollypop.profile
+++ b/etc/profile-a-l/lollypop.profile
@@ -6,8 +6,8 @@ include lollypop.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.local/share/lollypop 9noblacklist ${HOME}/.local/share/lollypop
10nodeny ${MUSIC} 10noblacklist ${MUSIC}
11 11
12# Allow python (blacklisted by disable-interpreters.inc) 12# Allow python (blacklisted by disable-interpreters.inc)
13include allow-python2.inc 13include allow-python2.inc
diff --git a/etc/profile-a-l/lugaru.profile b/etc/profile-a-l/lugaru.profile
index 30802b3b7..174c65a65 100644
--- a/etc/profile-a-l/lugaru.profile
+++ b/etc/profile-a-l/lugaru.profile
@@ -8,8 +8,8 @@ include globals.local
8 8
9# note: crashes after entering 9# note: crashes after entering
10 10
11nodeny ${HOME}/.config/lugaru 11noblacklist ${HOME}/.config/lugaru
12nodeny ${HOME}/.local/share/lugaru 12noblacklist ${HOME}/.local/share/lugaru
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
@@ -22,8 +22,8 @@ include disable-xdg.inc
22 22
23mkdir ${HOME}/.config/lugaru 23mkdir ${HOME}/.config/lugaru
24mkdir ${HOME}/.local/share/lugaru 24mkdir ${HOME}/.local/share/lugaru
25allow ${HOME}/.config/lugaru 25whitelist ${HOME}/.config/lugaru
26allow ${HOME}/.local/share/lugaru 26whitelist ${HOME}/.local/share/lugaru
27include whitelist-common.inc 27include whitelist-common.inc
28include whitelist-var-common.inc 28include whitelist-var-common.inc
29 29
diff --git a/etc/profile-a-l/luminance-hdr.profile b/etc/profile-a-l/luminance-hdr.profile
index 73400dbd6..31067034e 100644
--- a/etc/profile-a-l/luminance-hdr.profile
+++ b/etc/profile-a-l/luminance-hdr.profile
@@ -6,8 +6,8 @@ include luminance-hdr.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/Luminance 9noblacklist ${HOME}/.config/Luminance
10nodeny ${PICTURES} 10noblacklist ${PICTURES}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-a-l/lutris.profile b/etc/profile-a-l/lutris.profile
index 9d5169b80..80a3aba86 100644
--- a/etc/profile-a-l/lutris.profile
+++ b/etc/profile-a-l/lutris.profile
@@ -6,18 +6,18 @@ include lutris.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${PATH}/llvm* 9noblacklist ${PATH}/llvm*
10nodeny ${HOME}/Games 10noblacklist ${HOME}/Games
11nodeny ${HOME}/.cache/lutris 11noblacklist ${HOME}/.cache/lutris
12nodeny ${HOME}/.cache/winetricks 12noblacklist ${HOME}/.cache/winetricks
13nodeny ${HOME}/.config/lutris 13noblacklist ${HOME}/.config/lutris
14nodeny ${HOME}/.local/share/lutris 14noblacklist ${HOME}/.local/share/lutris
15# noblacklist ${HOME}/.wine 15# noblacklist ${HOME}/.wine
16nodeny /tmp/.wine-* 16noblacklist /tmp/.wine-*
17# Don't block access to /sbin and /usr/sbin to allow using ldconfig. Otherwise 17# Don't block access to /sbin and /usr/sbin to allow using ldconfig. Otherwise
18# Lutris won't even start. 18# Lutris won't even start.
19nodeny /sbin 19noblacklist /sbin
20nodeny /usr/sbin 20noblacklist /usr/sbin
21 21
22ignore noexec ${HOME} 22ignore noexec ${HOME}
23 23
@@ -39,15 +39,15 @@ mkdir ${HOME}/.cache/winetricks
39mkdir ${HOME}/.config/lutris 39mkdir ${HOME}/.config/lutris
40mkdir ${HOME}/.local/share/lutris 40mkdir ${HOME}/.local/share/lutris
41# mkdir ${HOME}/.wine 41# mkdir ${HOME}/.wine
42allow ${DOWNLOADS} 42whitelist ${DOWNLOADS}
43allow ${HOME}/Games 43whitelist ${HOME}/Games
44allow ${HOME}/.cache/lutris 44whitelist ${HOME}/.cache/lutris
45allow ${HOME}/.cache/winetricks 45whitelist ${HOME}/.cache/winetricks
46allow ${HOME}/.config/lutris 46whitelist ${HOME}/.config/lutris
47allow ${HOME}/.local/share/lutris 47whitelist ${HOME}/.local/share/lutris
48# whitelist ${HOME}/.wine 48# whitelist ${HOME}/.wine
49allow /usr/share/lutris 49whitelist /usr/share/lutris
50allow /usr/share/wine 50whitelist /usr/share/wine
51include whitelist-common.inc 51include whitelist-common.inc
52include whitelist-usr-share-common.inc 52include whitelist-usr-share-common.inc
53include whitelist-runuser-common.inc 53include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/lximage-qt.profile b/etc/profile-a-l/lximage-qt.profile
index 43147211b..b2a56012e 100644
--- a/etc/profile-a-l/lximage-qt.profile
+++ b/etc/profile-a-l/lximage-qt.profile
@@ -6,7 +6,7 @@ include lximage-qt.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/lximage-qt 9noblacklist ${HOME}/.config/lximage-qt
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-a-l/lxmusic.profile b/etc/profile-a-l/lxmusic.profile
index c849f2ad2..cc4b95551 100644
--- a/etc/profile-a-l/lxmusic.profile
+++ b/etc/profile-a-l/lxmusic.profile
@@ -6,9 +6,9 @@ include lxmusic.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/xmms2 9noblacklist ${HOME}/.cache/xmms2
10nodeny ${HOME}/.config/xmms2 10noblacklist ${HOME}/.config/xmms2
11nodeny ${MUSIC} 11noblacklist ${MUSIC}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-a-l/lynx.profile b/etc/profile-a-l/lynx.profile
index 15c8f1faa..a919e924b 100644
--- a/etc/profile-a-l/lynx.profile
+++ b/etc/profile-a-l/lynx.profile
@@ -7,8 +7,8 @@ include lynx.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11deny ${RUNUSER}/wayland-* 11blacklist ${RUNUSER}/wayland-*
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-a-l/lyx.profile b/etc/profile-a-l/lyx.profile
index 358dbf2f2..fa69463d1 100644
--- a/etc/profile-a-l/lyx.profile
+++ b/etc/profile-a-l/lyx.profile
@@ -8,8 +8,8 @@ include globals.local
8 8
9ignore private-tmp 9ignore private-tmp
10 10
11nodeny ${HOME}/.config/LyX 11noblacklist ${HOME}/.config/LyX
12nodeny ${HOME}/.lyx 12noblacklist ${HOME}/.lyx
13 13
14# Allow lua (blacklisted by disable-interpreters.inc) 14# Allow lua (blacklisted by disable-interpreters.inc)
15include allow-lua.inc 15include allow-lua.inc
@@ -21,11 +21,11 @@ include allow-perl.inc
21include allow-python2.inc 21include allow-python2.inc
22include allow-python3.inc 22include allow-python3.inc
23 23
24allow /usr/share/lyx 24whitelist /usr/share/lyx
25allow /usr/share/texinfo 25whitelist /usr/share/texinfo
26allow /usr/share/texlive 26whitelist /usr/share/texlive
27allow /usr/share/texmf-dist 27whitelist /usr/share/texmf-dist
28allow /usr/share/tlpkg 28whitelist /usr/share/tlpkg
29include whitelist-usr-share-common.inc 29include whitelist-usr-share-common.inc
30 30
31apparmor 31apparmor
diff --git a/etc/profile-a-l/sway.profile b/etc/profile-a-l/sway.profile
index 3a4edcf69..4637419bf 100644
--- a/etc/profile-a-l/sway.profile
+++ b/etc/profile-a-l/sway.profile
@@ -7,9 +7,9 @@ include sway.local
7include globals.local 7include globals.local
8 8
9# all applications started in sway will run in this profile 9# all applications started in sway will run in this profile
10nodeny ${HOME}/.config/sway 10noblacklist ${HOME}/.config/sway
11# sway uses ~/.config/i3 as fallback if there is no ~/.config/sway 11# sway uses ~/.config/i3 as fallback if there is no ~/.config/sway
12nodeny ${HOME}/.config/i3 12noblacklist ${HOME}/.config/i3
13include disable-common.inc 13include disable-common.inc
14 14
15caps.drop all 15caps.drop all
diff --git a/etc/profile-m-z/Maelstrom.profile b/etc/profile-m-z/Maelstrom.profile
index e6c43007d..62d0a8b3a 100644
--- a/etc/profile-m-z/Maelstrom.profile
+++ b/etc/profile-m-z/Maelstrom.profile
@@ -6,7 +6,7 @@ include Maelstrom.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny /var/lib/games/Maelstrom-Scores 9noblacklist /var/lib/games/Maelstrom-Scores
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
17include disable-shell.inc 17include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20allow /var/lib/games 20whitelist /var/lib/games
21include whitelist-common.inc 21include whitelist-common.inc
22include whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
diff --git a/etc/profile-m-z/Mathematica.profile b/etc/profile-m-z/Mathematica.profile
index bd929d21a..c2734b1c1 100644
--- a/etc/profile-m-z/Mathematica.profile
+++ b/etc/profile-m-z/Mathematica.profile
@@ -5,8 +5,8 @@ include Mathematica.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.Mathematica 8noblacklist ${HOME}/.Mathematica
9nodeny ${HOME}/.Wolfram Research 9noblacklist ${HOME}/.Wolfram Research
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-programs.inc
17mkdir ${HOME}/.Mathematica 17mkdir ${HOME}/.Mathematica
18mkdir ${HOME}/.Wolfram Research 18mkdir ${HOME}/.Wolfram Research
19mkdir ${HOME}/Documents/Wolfram Mathematica 19mkdir ${HOME}/Documents/Wolfram Mathematica
20allow ${HOME}/.Mathematica 20whitelist ${HOME}/.Mathematica
21allow ${HOME}/.Wolfram Research 21whitelist ${HOME}/.Wolfram Research
22allow ${HOME}/Documents/Wolfram Mathematica 22whitelist ${HOME}/Documents/Wolfram Mathematica
23include whitelist-common.inc 23include whitelist-common.inc
24 24
25caps.drop all 25caps.drop all
diff --git a/etc/profile-m-z/PCSX2.profile b/etc/profile-m-z/PCSX2.profile
index f833b9446..e678b7204 100644
--- a/etc/profile-m-z/PCSX2.profile
+++ b/etc/profile-m-z/PCSX2.profile
@@ -8,7 +8,7 @@ include globals.local
8 8
9# Note: you must whitelist your games folder in your PCSX2.local. 9# Note: you must whitelist your games folder in your PCSX2.local.
10 10
11nodeny ${HOME}/.config/PCSX2 11noblacklist ${HOME}/.config/PCSX2
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -21,7 +21,7 @@ include disable-write-mnt.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23mkdir ${HOME}/.config/PCSX2 23mkdir ${HOME}/.config/PCSX2
24allow ${HOME}/.config/PCSX2 24whitelist ${HOME}/.config/PCSX2
25include whitelist-common.inc 25include whitelist-common.inc
26include whitelist-runuser-common.inc 26include whitelist-runuser-common.inc
27include whitelist-usr-share-common.inc 27include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/QMediathekView.profile b/etc/profile-m-z/QMediathekView.profile
index d7b01fe06..86120587b 100644
--- a/etc/profile-m-z/QMediathekView.profile
+++ b/etc/profile-m-z/QMediathekView.profile
@@ -6,18 +6,18 @@ include QMediathekView.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/QMediathekView 9noblacklist ${HOME}/.config/QMediathekView
10nodeny ${HOME}/.local/share/QMediathekView 10noblacklist ${HOME}/.local/share/QMediathekView
11 11
12nodeny ${HOME}/.config/mpv 12noblacklist ${HOME}/.config/mpv
13nodeny ${HOME}/.config/smplayer 13noblacklist ${HOME}/.config/smplayer
14nodeny ${HOME}/.config/totem 14noblacklist ${HOME}/.config/totem
15nodeny ${HOME}/.config/vlc 15noblacklist ${HOME}/.config/vlc
16nodeny ${HOME}/.config/xplayer 16noblacklist ${HOME}/.config/xplayer
17nodeny ${HOME}/.local/share/totem 17noblacklist ${HOME}/.local/share/totem
18nodeny ${HOME}/.local/share/xplayer 18noblacklist ${HOME}/.local/share/xplayer
19nodeny ${HOME}/.mplayer 19noblacklist ${HOME}/.mplayer
20nodeny ${VIDEOS} 20noblacklist ${VIDEOS}
21 21
22include disable-common.inc 22include disable-common.inc
23include disable-devel.inc 23include disable-devel.inc
@@ -28,7 +28,7 @@ include disable-programs.inc
28include disable-shell.inc 28include disable-shell.inc
29include disable-xdg.inc 29include disable-xdg.inc
30 30
31allow /usr/share/qtchooser 31whitelist /usr/share/qtchooser
32include whitelist-usr-share-common.inc 32include whitelist-usr-share-common.inc
33include whitelist-var-common.inc 33include whitelist-var-common.inc
34 34
diff --git a/etc/profile-m-z/QOwnNotes.profile b/etc/profile-m-z/QOwnNotes.profile
index 4ca42730a..660378089 100644
--- a/etc/profile-m-z/QOwnNotes.profile
+++ b/etc/profile-m-z/QOwnNotes.profile
@@ -6,10 +6,10 @@ include QOwnNotes.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10nodeny ${HOME}/Nextcloud/Notes 10noblacklist ${HOME}/Nextcloud/Notes
11nodeny ${HOME}/.config/PBE 11noblacklist ${HOME}/.config/PBE
12nodeny ${HOME}/.local/share/PBE 12noblacklist ${HOME}/.local/share/PBE
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
@@ -23,10 +23,10 @@ include disable-xdg.inc
23mkdir ${HOME}/Nextcloud/Notes 23mkdir ${HOME}/Nextcloud/Notes
24mkdir ${HOME}/.config/PBE 24mkdir ${HOME}/.config/PBE
25mkdir ${HOME}/.local/share/PBE 25mkdir ${HOME}/.local/share/PBE
26allow ${DOCUMENTS} 26whitelist ${DOCUMENTS}
27allow ${HOME}/Nextcloud/Notes 27whitelist ${HOME}/Nextcloud/Notes
28allow ${HOME}/.config/PBE 28whitelist ${HOME}/.config/PBE
29allow ${HOME}/.local/share/PBE 29whitelist ${HOME}/.local/share/PBE
30include whitelist-common.inc 30include whitelist-common.inc
31include whitelist-var-common.inc 31include whitelist-var-common.inc
32 32
diff --git a/etc/profile-m-z/Viber.profile b/etc/profile-m-z/Viber.profile
index b98847d3a..3195e39fa 100644
--- a/etc/profile-m-z/Viber.profile
+++ b/etc/profile-m-z/Viber.profile
@@ -5,8 +5,8 @@ include Viber.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.ViberPC 8noblacklist ${HOME}/.ViberPC
9nodeny ${PATH}/dig 9noblacklist ${PATH}/dig
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc
16include disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.ViberPC 18mkdir ${HOME}/.ViberPC
19allow ${DOWNLOADS} 19whitelist ${DOWNLOADS}
20allow ${HOME}/.ViberPC 20whitelist ${HOME}/.ViberPC
21include whitelist-common.inc 21include whitelist-common.inc
22 22
23caps.drop all 23caps.drop all
diff --git a/etc/profile-m-z/XMind.profile b/etc/profile-m-z/XMind.profile
index c9cf7adf7..d78e04595 100644
--- a/etc/profile-m-z/XMind.profile
+++ b/etc/profile-m-z/XMind.profile
@@ -5,7 +5,7 @@ include XMind.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.xmind 8noblacklist ${HOME}/.xmind
9 9
10include disable-common.inc 10include disable-common.inc
11include disable-devel.inc 11include disable-devel.inc
@@ -15,8 +15,8 @@ include disable-passwdmgr.inc
15include disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.xmind 17mkdir ${HOME}/.xmind
18allow ${HOME}/.xmind 18whitelist ${HOME}/.xmind
19allow ${DOWNLOADS} 19whitelist ${DOWNLOADS}
20include whitelist-common.inc 20include whitelist-common.inc
21 21
22caps.drop all 22caps.drop all
diff --git a/etc/profile-m-z/Xephyr.profile b/etc/profile-m-z/Xephyr.profile
index 7ba1cdac9..5cf5161ce 100644
--- a/etc/profile-m-z/Xephyr.profile
+++ b/etc/profile-m-z/Xephyr.profile
@@ -15,7 +15,7 @@ include globals.local
15# or run "sudo firecfg" 15# or run "sudo firecfg"
16# 16#
17 17
18allow /var/lib/xkb 18whitelist /var/lib/xkb
19include whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
diff --git a/etc/profile-m-z/Xvfb.profile b/etc/profile-m-z/Xvfb.profile
index a246ccb23..1acd43023 100644
--- a/etc/profile-m-z/Xvfb.profile
+++ b/etc/profile-m-z/Xvfb.profile
@@ -18,7 +18,7 @@ include globals.local
18# some Linux distributions. Also, older versions of Xpra use Xvfb. 18# some Linux distributions. Also, older versions of Xpra use Xvfb.
19# 19#
20 20
21allow /var/lib/xkb 21whitelist /var/lib/xkb
22include whitelist-common.inc 22include whitelist-common.inc
23 23
24caps.drop all 24caps.drop all
diff --git a/etc/profile-m-z/ZeGrapher.profile b/etc/profile-m-z/ZeGrapher.profile
index 4f65ad7d1..7686c3442 100644
--- a/etc/profile-m-z/ZeGrapher.profile
+++ b/etc/profile-m-z/ZeGrapher.profile
@@ -6,7 +6,7 @@ include ZeGrapher.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/ZeGrapher Project 9noblacklist ${HOME}/.config/ZeGrapher Project
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
16include disable-programs.inc 16include disable-programs.inc
17include disable-shell.inc 17include disable-shell.inc
18 18
19allow /usr/share/ZeGrapher 19whitelist /usr/share/ZeGrapher
20include whitelist-runuser-common.inc 20include whitelist-runuser-common.inc
21include whitelist-usr-share-common.inc 21include whitelist-usr-share-common.inc
22include whitelist-var-common.inc 22include whitelist-var-common.inc
diff --git a/etc/profile-m-z/macrofusion.profile b/etc/profile-m-z/macrofusion.profile
index 763d475bb..d1dcb6fe0 100644
--- a/etc/profile-m-z/macrofusion.profile
+++ b/etc/profile-m-z/macrofusion.profile
@@ -5,8 +5,8 @@ include macrofusion.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/mfusion 8noblacklist ${HOME}/.config/mfusion
9nodeny ${PICTURES} 9noblacklist ${PICTURES}
10 10
11# Allow python (blacklisted by disable-interpreters.inc) 11# Allow python (blacklisted by disable-interpreters.inc)
12include allow-python2.inc 12include allow-python2.inc
diff --git a/etc/profile-m-z/magicor.profile b/etc/profile-m-z/magicor.profile
index d561a5095..8a27b2626 100644
--- a/etc/profile-m-z/magicor.profile
+++ b/etc/profile-m-z/magicor.profile
@@ -6,7 +6,7 @@ include magicor.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.magicor 9noblacklist ${HOME}/.magicor
10 10
11# Allow python (blacklisted by disable-interpreters.inc) 11# Allow python (blacklisted by disable-interpreters.inc)
12include allow-python2.inc 12include allow-python2.inc
@@ -21,8 +21,8 @@ include disable-shell.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23mkdir ${HOME}/.magicor 23mkdir ${HOME}/.magicor
24allow ${HOME}/.magicor 24whitelist ${HOME}/.magicor
25allow /usr/share/magicor 25whitelist /usr/share/magicor
26include whitelist-common.inc 26include whitelist-common.inc
27include whitelist-usr-share-common.inc 27include whitelist-usr-share-common.inc
28include whitelist-var-common.inc 28include whitelist-var-common.inc
diff --git a/etc/profile-m-z/makepkg.profile b/etc/profile-m-z/makepkg.profile
index a7c486c9f..513fcae55 100644
--- a/etc/profile-m-z/makepkg.profile
+++ b/etc/profile-m-z/makepkg.profile
@@ -6,8 +6,8 @@ include makepkg.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9deny /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10deny ${RUNUSER}/wayland-* 10blacklist ${RUNUSER}/wayland-*
11 11
12# Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138 12# Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138
13# for potential issues and their solutions when Firejailing makepkg 13# for potential issues and their solutions when Firejailing makepkg
@@ -17,18 +17,18 @@ deny ${RUNUSER}/wayland-*
17# whitelist ${HOME}/.gnupg 17# whitelist ${HOME}/.gnupg
18 18
19# Enable severely restricted access to ${HOME}/.gnupg 19# Enable severely restricted access to ${HOME}/.gnupg
20nodeny ${HOME}/.gnupg 20noblacklist ${HOME}/.gnupg
21read-only ${HOME}/.gnupg/gpg.conf 21read-only ${HOME}/.gnupg/gpg.conf
22read-only ${HOME}/.gnupg/trustdb.gpg 22read-only ${HOME}/.gnupg/trustdb.gpg
23read-only ${HOME}/.gnupg/pubring.kbx 23read-only ${HOME}/.gnupg/pubring.kbx
24deny ${HOME}/.gnupg/random_seed 24blacklist ${HOME}/.gnupg/random_seed
25deny ${HOME}/.gnupg/pubring.kbx~ 25blacklist ${HOME}/.gnupg/pubring.kbx~
26deny ${HOME}/.gnupg/private-keys-v1.d 26blacklist ${HOME}/.gnupg/private-keys-v1.d
27deny ${HOME}/.gnupg/crls.d 27blacklist ${HOME}/.gnupg/crls.d
28deny ${HOME}/.gnupg/openpgp-revocs.d 28blacklist ${HOME}/.gnupg/openpgp-revocs.d
29 29
30# Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. 30# Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only.
31nodeny /var/lib/pacman 31noblacklist /var/lib/pacman
32 32
33include disable-common.inc 33include disable-common.inc
34include disable-exec.inc 34include disable-exec.inc
diff --git a/etc/profile-m-z/man.profile b/etc/profile-m-z/man.profile
index 383eeeeb7..bd510fcac 100644
--- a/etc/profile-m-z/man.profile
+++ b/etc/profile-m-z/man.profile
@@ -7,10 +7,10 @@ include man.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny ${RUNUSER} 10blacklist ${RUNUSER}
11 11
12nodeny ${HOME}/.local/share/man 12noblacklist ${HOME}/.local/share/man
13nodeny ${HOME}/.rustup 13noblacklist ${HOME}/.rustup
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
@@ -23,12 +23,12 @@ include disable-xdg.inc
23#mkdir ${HOME}/.local/share/man 23#mkdir ${HOME}/.local/share/man
24#whitelist ${HOME}/.local/share/man 24#whitelist ${HOME}/.local/share/man
25#whitelist ${HOME}/.manpath 25#whitelist ${HOME}/.manpath
26allow /usr/share/groff 26whitelist /usr/share/groff
27allow /usr/share/info 27whitelist /usr/share/info
28allow /usr/share/lintian 28whitelist /usr/share/lintian
29allow /usr/share/locale 29whitelist /usr/share/locale
30allow /usr/share/man 30whitelist /usr/share/man
31allow /var/cache/man 31whitelist /var/cache/man
32#include whitelist-common.inc 32#include whitelist-common.inc
33include whitelist-runuser-common.inc 33include whitelist-runuser-common.inc
34include whitelist-usr-share-common.inc 34include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/manaplus.profile b/etc/profile-m-z/manaplus.profile
index 67ee783a6..f59a56ac6 100644
--- a/etc/profile-m-z/manaplus.profile
+++ b/etc/profile-m-z/manaplus.profile
@@ -6,8 +6,8 @@ include manaplus.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/mana 9noblacklist ${HOME}/.config/mana
10nodeny ${HOME}/.local/share/mana 10noblacklist ${HOME}/.local/share/mana
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -21,8 +21,8 @@ include disable-xdg.inc
21mkdir ${HOME}/.config/mana 21mkdir ${HOME}/.config/mana
22mkdir ${HOME}/.config/mana/mana 22mkdir ${HOME}/.config/mana/mana
23mkdir ${HOME}/.local/share/mana 23mkdir ${HOME}/.local/share/mana
24allow ${HOME}/.config/mana 24whitelist ${HOME}/.config/mana
25allow ${HOME}/.local/share/mana 25whitelist ${HOME}/.local/share/mana
26include whitelist-common.inc 26include whitelist-common.inc
27include whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
diff --git a/etc/profile-m-z/marker.profile b/etc/profile-m-z/marker.profile
index 7645ad335..bd56a8221 100644
--- a/etc/profile-m-z/marker.profile
+++ b/etc/profile-m-z/marker.profile
@@ -11,8 +11,8 @@ include globals.local
11#protocol unix,inet,inet6 11#protocol unix,inet,inet6
12#private-etc ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf 12#private-etc ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf
13 13
14nodeny ${HOME}/.cache/marker 14noblacklist ${HOME}/.cache/marker
15nodeny ${DOCUMENTS} 15noblacklist ${DOCUMENTS}
16 16
17include allow-python3.inc 17include allow-python3.inc
18 18
@@ -25,8 +25,8 @@ include disable-programs.inc
25include disable-shell.inc 25include disable-shell.inc
26include disable-xdg.inc 26include disable-xdg.inc
27 27
28allow /usr/libexec/webkit2gtk-4.0 28whitelist /usr/libexec/webkit2gtk-4.0
29allow /usr/share/com.github.fabiocolacio.marker 29whitelist /usr/share/com.github.fabiocolacio.marker
30include whitelist-runuser-common.inc 30include whitelist-runuser-common.inc
31include whitelist-usr-share-common.inc 31include whitelist-usr-share-common.inc
32include whitelist-var-common.inc 32include whitelist-var-common.inc
diff --git a/etc/profile-m-z/masterpdfeditor.profile b/etc/profile-m-z/masterpdfeditor.profile
index d8b215b7f..de1135071 100644
--- a/etc/profile-m-z/masterpdfeditor.profile
+++ b/etc/profile-m-z/masterpdfeditor.profile
@@ -6,8 +6,8 @@ include masterpdfeditor.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/Code Industry 9noblacklist ${HOME}/.config/Code Industry
10nodeny ${HOME}/.masterpdfeditor 10noblacklist ${HOME}/.masterpdfeditor
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-m-z/mate-calc.profile b/etc/profile-m-z/mate-calc.profile
index 92832783e..39ee7439d 100644
--- a/etc/profile-m-z/mate-calc.profile
+++ b/etc/profile-m-z/mate-calc.profile
@@ -6,7 +6,7 @@ include mate-calc.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/mate-calc 9noblacklist ${HOME}/.config/mate-calc
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-programs.inc
18mkdir ${HOME}/.cache/mate-calc 18mkdir ${HOME}/.cache/mate-calc
19mkdir ${HOME}/.config/caja 19mkdir ${HOME}/.config/caja
20mkdir ${HOME}/.config/mate-menu 20mkdir ${HOME}/.config/mate-menu
21allow ${HOME}/.cache/mate-calc 21whitelist ${HOME}/.cache/mate-calc
22allow ${HOME}/.config/caja 22whitelist ${HOME}/.config/caja
23allow ${HOME}/.config/mate-menu 23whitelist ${HOME}/.config/mate-menu
24include whitelist-common.inc 24include whitelist-common.inc
25include whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
diff --git a/etc/profile-m-z/mate-dictionary.profile b/etc/profile-m-z/mate-dictionary.profile
index 90c9d0993..ae1fcbf62 100644
--- a/etc/profile-m-z/mate-dictionary.profile
+++ b/etc/profile-m-z/mate-dictionary.profile
@@ -5,7 +5,7 @@ include mate-dictionary.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/mate/mate-dictionary 8noblacklist ${HOME}/.config/mate/mate-dictionary
9 9
10include disable-common.inc 10include disable-common.inc
11include disable-devel.inc 11include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-programs.inc
16include disable-shell.inc 16include disable-shell.inc
17 17
18mkdir ${HOME}/.config/mate/mate-dictionary 18mkdir ${HOME}/.config/mate/mate-dictionary
19allow ${HOME}/.config/mate/mate-dictionary 19whitelist ${HOME}/.config/mate/mate-dictionary
20include whitelist-common.inc 20include whitelist-common.inc
21 21
22apparmor 22apparmor
diff --git a/etc/profile-m-z/matrix-mirage.profile b/etc/profile-m-z/matrix-mirage.profile
index 8ee470a50..b3080df88 100644
--- a/etc/profile-m-z/matrix-mirage.profile
+++ b/etc/profile-m-z/matrix-mirage.profile
@@ -7,16 +7,16 @@ include matrix-mirage.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10nodeny ${HOME}/.cache/matrix-mirage 10noblacklist ${HOME}/.cache/matrix-mirage
11nodeny ${HOME}/.config/matrix-mirage 11noblacklist ${HOME}/.config/matrix-mirage
12nodeny ${HOME}/.local/share/matrix-mirage 12noblacklist ${HOME}/.local/share/matrix-mirage
13 13
14mkdir ${HOME}/.cache/matrix-mirage 14mkdir ${HOME}/.cache/matrix-mirage
15mkdir ${HOME}/.config/matrix-mirage 15mkdir ${HOME}/.config/matrix-mirage
16mkdir ${HOME}/.local/share/matrix-mirage 16mkdir ${HOME}/.local/share/matrix-mirage
17allow ${HOME}/.cache/matrix-mirage 17whitelist ${HOME}/.cache/matrix-mirage
18allow ${HOME}/.config/matrix-mirage 18whitelist ${HOME}/.config/matrix-mirage
19allow ${HOME}/.local/share/matrix-mirage 19whitelist ${HOME}/.local/share/matrix-mirage
20 20
21private-bin matrix-mirage 21private-bin matrix-mirage
22 22
diff --git a/etc/profile-m-z/mattermost-desktop.profile b/etc/profile-m-z/mattermost-desktop.profile
index 01076a90a..3c2bf4fa3 100644
--- a/etc/profile-m-z/mattermost-desktop.profile
+++ b/etc/profile-m-z/mattermost-desktop.profile
@@ -10,12 +10,12 @@ ignore apparmor
10ignore dbus-user none 10ignore dbus-user none
11ignore dbus-system none 11ignore dbus-system none
12 12
13nodeny ${HOME}/.config/Mattermost 13noblacklist ${HOME}/.config/Mattermost
14 14
15include disable-shell.inc 15include disable-shell.inc
16 16
17mkdir ${HOME}/.config/Mattermost 17mkdir ${HOME}/.config/Mattermost
18allow ${HOME}/.config/Mattermost 18whitelist ${HOME}/.config/Mattermost
19 19
20private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl 20private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl
21 21
diff --git a/etc/profile-m-z/mcabber.profile b/etc/profile-m-z/mcabber.profile
index ae749114a..38d2d8d63 100644
--- a/etc/profile-m-z/mcabber.profile
+++ b/etc/profile-m-z/mcabber.profile
@@ -6,8 +6,8 @@ include mcabber.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.mcabber 9noblacklist ${HOME}/.mcabber
10nodeny ${HOME}/.mcabberrc 10noblacklist ${HOME}/.mcabberrc
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-m-z/mcomix.profile b/etc/profile-m-z/mcomix.profile
index d9e12fb5d..fcd1e24e5 100644
--- a/etc/profile-m-z/mcomix.profile
+++ b/etc/profile-m-z/mcomix.profile
@@ -6,9 +6,9 @@ include mcomix.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/mcomix 9noblacklist ${HOME}/.config/mcomix
10nodeny ${HOME}/.local/share/mcomix 10noblacklist ${HOME}/.local/share/mcomix
11nodeny ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13# Allow /bin/sh (blacklisted by disable-shell.inc) 13# Allow /bin/sh (blacklisted by disable-shell.inc)
14include allow-bin-sh.inc 14include allow-bin-sh.inc
@@ -30,7 +30,7 @@ include disable-xdg.inc
30 30
31mkdir ${HOME}/.config/mcomix 31mkdir ${HOME}/.config/mcomix
32mkdir ${HOME}/.local/share/mcomix 32mkdir ${HOME}/.local/share/mcomix
33allow /usr/share/mcomix 33whitelist /usr/share/mcomix
34include whitelist-usr-share-common.inc 34include whitelist-usr-share-common.inc
35include whitelist-var-common.inc 35include whitelist-var-common.inc
36include whitelist-runuser-common.inc 36include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/mdr.profile b/etc/profile-m-z/mdr.profile
index 9e8656290..5d3f8dc41 100644
--- a/etc/profile-m-z/mdr.profile
+++ b/etc/profile-m-z/mdr.profile
@@ -5,7 +5,7 @@ include mdr.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8deny ${RUNUSER}/wayland-* 8blacklist ${RUNUSER}/wayland-*
9 9
10include disable-common.inc 10include disable-common.inc
11include disable-devel.inc 11include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-programs.inc
16include disable-shell.inc 16include disable-shell.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19allow ${DOWNLOADS} 19whitelist ${DOWNLOADS}
20include whitelist-usr-share-common.inc 20include whitelist-usr-share-common.inc
21include whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
diff --git a/etc/profile-m-z/mediainfo.profile b/etc/profile-m-z/mediainfo.profile
index ae34ea321..17363624f 100644
--- a/etc/profile-m-z/mediainfo.profile
+++ b/etc/profile-m-z/mediainfo.profile
@@ -6,7 +6,7 @@ include mediainfo.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9deny ${RUNUSER}/wayland-* 9blacklist ${RUNUSER}/wayland-*
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-m-z/mediathekview.profile b/etc/profile-m-z/mediathekview.profile
index 3459ad4cf..0063badd8 100644
--- a/etc/profile-m-z/mediathekview.profile
+++ b/etc/profile-m-z/mediathekview.profile
@@ -6,16 +6,16 @@ include mediathekview.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/mpv 9noblacklist ${HOME}/.config/mpv
10nodeny ${HOME}/.config/smplayer 10noblacklist ${HOME}/.config/smplayer
11nodeny ${HOME}/.config/totem 11noblacklist ${HOME}/.config/totem
12nodeny ${HOME}/.config/vlc 12noblacklist ${HOME}/.config/vlc
13nodeny ${HOME}/.config/xplayer 13noblacklist ${HOME}/.config/xplayer
14nodeny ${HOME}/.local/share/totem 14noblacklist ${HOME}/.local/share/totem
15nodeny ${HOME}/.local/share/xplayer 15noblacklist ${HOME}/.local/share/xplayer
16nodeny ${HOME}/.mediathek3 16noblacklist ${HOME}/.mediathek3
17nodeny ${HOME}/.mplayer 17noblacklist ${HOME}/.mplayer
18nodeny ${VIDEOS} 18noblacklist ${VIDEOS}
19 19
20# Allow java (blacklisted by disable-devel.inc) 20# Allow java (blacklisted by disable-devel.inc)
21include allow-java.inc 21include allow-java.inc
diff --git a/etc/profile-m-z/megaglest.profile b/etc/profile-m-z/megaglest.profile
index ad9094ddf..f07b9166a 100644
--- a/etc/profile-m-z/megaglest.profile
+++ b/etc/profile-m-z/megaglest.profile
@@ -6,7 +6,7 @@ include megaglest.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.megaglest 9noblacklist ${HOME}/.megaglest
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.megaglest 20mkdir ${HOME}/.megaglest
21allow ${HOME}/.megaglest 21whitelist ${HOME}/.megaglest
22allow /usr/share/megaglest 22whitelist /usr/share/megaglest
23allow /usr/share/games/megaglest # Debian version 23whitelist /usr/share/games/megaglest # Debian version
24include whitelist-common.inc 24include whitelist-common.inc
25include whitelist-runuser-common.inc 25include whitelist-runuser-common.inc
26include whitelist-usr-share-common.inc 26include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/meld.profile b/etc/profile-m-z/meld.profile
index 06ee572c9..2a8bb3acf 100644
--- a/etc/profile-m-z/meld.profile
+++ b/etc/profile-m-z/meld.profile
@@ -13,12 +13,12 @@ include globals.local
13# Calling it by its absolute path (example for git mergetool): 13# Calling it by its absolute path (example for git mergetool):
14# $ git config --global mergetool.meld.cmd /usr/bin/meld 14# $ git config --global mergetool.meld.cmd /usr/bin/meld
15 15
16nodeny ${HOME}/.config/meld 16noblacklist ${HOME}/.config/meld
17nodeny ${HOME}/.config/git 17noblacklist ${HOME}/.config/git
18nodeny ${HOME}/.gitconfig 18noblacklist ${HOME}/.gitconfig
19nodeny ${HOME}/.git-credentials 19noblacklist ${HOME}/.git-credentials
20nodeny ${HOME}/.local/share/meld 20noblacklist ${HOME}/.local/share/meld
21nodeny ${HOME}/.subversion 21noblacklist ${HOME}/.subversion
22 22
23# Allow python (blacklisted by disable-interpreters.inc) 23# Allow python (blacklisted by disable-interpreters.inc)
24# Python 2 is EOL (see #3164). Add the next line to your meld.local if you understand the risks 24# Python 2 is EOL (see #3164). Add the next line to your meld.local if you understand the risks
@@ -29,7 +29,7 @@ include allow-python3.inc
29# Allow ssh (blacklisted by disable-common.inc) 29# Allow ssh (blacklisted by disable-common.inc)
30include allow-ssh.inc 30include allow-ssh.inc
31 31
32deny /usr/libexec 32blacklist /usr/libexec
33 33
34# Add the next line to your meld.local if you don't need to compare files in disable-common.inc. 34# Add the next line to your meld.local if you don't need to compare files in disable-common.inc.
35#include disable-common.inc 35#include disable-common.inc
diff --git a/etc/profile-m-z/mendeleydesktop.profile b/etc/profile-m-z/mendeleydesktop.profile
index e33d6c157..c0bdbb230 100644
--- a/etc/profile-m-z/mendeleydesktop.profile
+++ b/etc/profile-m-z/mendeleydesktop.profile
@@ -6,13 +6,13 @@ include mendeleydesktop.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10nodeny ${HOME}/.cache/Mendeley Ltd. 10noblacklist ${HOME}/.cache/Mendeley Ltd.
11nodeny ${HOME}/.config/Mendeley Ltd. 11noblacklist ${HOME}/.config/Mendeley Ltd.
12nodeny ${HOME}/.local/share/Mendeley Ltd. 12noblacklist ${HOME}/.local/share/Mendeley Ltd.
13nodeny ${HOME}/.local/share/data/Mendeley Ltd. 13noblacklist ${HOME}/.local/share/data/Mendeley Ltd.
14nodeny ${HOME}/.pki 14noblacklist ${HOME}/.pki
15nodeny ${HOME}/.local/share/pki 15noblacklist ${HOME}/.local/share/pki
16 16
17# Allow python (blacklisted by disable-interpreters.inc) 17# Allow python (blacklisted by disable-interpreters.inc)
18include allow-python2.inc 18include allow-python2.inc
diff --git a/etc/profile-m-z/menulibre.profile b/etc/profile-m-z/menulibre.profile
index 52808a5b5..2081b8c96 100644
--- a/etc/profile-m-z/menulibre.profile
+++ b/etc/profile-m-z/menulibre.profile
@@ -19,13 +19,13 @@ include disable-passwdmgr.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21# Whitelist your system icon directory,varies by distro 21# Whitelist your system icon directory,varies by distro
22allow /usr/share/app-info 22whitelist /usr/share/app-info
23allow /usr/share/desktop-directories 23whitelist /usr/share/desktop-directories
24allow /usr/share/icons 24whitelist /usr/share/icons
25allow /usr/share/menulibre 25whitelist /usr/share/menulibre
26allow /var/lib/app-info/icons 26whitelist /var/lib/app-info/icons
27allow /var/lib/flatpak/exports/share/applications 27whitelist /var/lib/flatpak/exports/share/applications
28allow /var/lib/flatpak/exports/share/icons 28whitelist /var/lib/flatpak/exports/share/icons
29include whitelist-runuser-common.inc 29include whitelist-runuser-common.inc
30include whitelist-usr-share-common.inc 30include whitelist-usr-share-common.inc
31include whitelist-var-common.inc 31include whitelist-var-common.inc
diff --git a/etc/profile-m-z/meteo-qt.profile b/etc/profile-m-z/meteo-qt.profile
index 48f936632..85ed7bc74 100644
--- a/etc/profile-m-z/meteo-qt.profile
+++ b/etc/profile-m-z/meteo-qt.profile
@@ -6,8 +6,8 @@ include meteo-qt.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/autostart 9noblacklist ${HOME}/.config/autostart
10nodeny ${HOME}/.config/meteo-qt 10noblacklist ${HOME}/.config/meteo-qt
11 11
12# Allow python (blacklisted by disable-interpreters.inc) 12# Allow python (blacklisted by disable-interpreters.inc)
13include allow-python3.inc 13include allow-python3.inc
@@ -22,8 +22,8 @@ include disable-shell.inc
22include disable-xdg.inc 22include disable-xdg.inc
23 23
24mkdir ${HOME}/.config/meteo-qt 24mkdir ${HOME}/.config/meteo-qt
25allow ${HOME}/.config/autostart 25whitelist ${HOME}/.config/autostart
26allow ${HOME}/.config/meteo-qt 26whitelist ${HOME}/.config/meteo-qt
27include whitelist-common.inc 27include whitelist-common.inc
28include whitelist-var-common.inc 28include whitelist-var-common.inc
29 29
diff --git a/etc/profile-m-z/microsoft-edge-beta.profile b/etc/profile-m-z/microsoft-edge-beta.profile
index 259d39a5f..34d9f470a 100644
--- a/etc/profile-m-z/microsoft-edge-beta.profile
+++ b/etc/profile-m-z/microsoft-edge-beta.profile
@@ -6,13 +6,13 @@ include microsoft-edge-beta.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/microsoft-edge-beta 9noblacklist ${HOME}/.cache/microsoft-edge-beta
10nodeny ${HOME}/.config/microsoft-edge-beta 10noblacklist ${HOME}/.config/microsoft-edge-beta
11 11
12mkdir ${HOME}/.cache/microsoft-edge-beta 12mkdir ${HOME}/.cache/microsoft-edge-beta
13mkdir ${HOME}/.config/microsoft-edge-beta 13mkdir ${HOME}/.config/microsoft-edge-beta
14allow ${HOME}/.cache/microsoft-edge-beta 14whitelist ${HOME}/.cache/microsoft-edge-beta
15allow ${HOME}/.config/microsoft-edge-beta 15whitelist ${HOME}/.config/microsoft-edge-beta
16 16
17private-opt microsoft 17private-opt microsoft
18 18
diff --git a/etc/profile-m-z/microsoft-edge-dev.profile b/etc/profile-m-z/microsoft-edge-dev.profile
index 96465866c..039cd36a8 100644
--- a/etc/profile-m-z/microsoft-edge-dev.profile
+++ b/etc/profile-m-z/microsoft-edge-dev.profile
@@ -6,13 +6,13 @@ include microsoft-edge-dev.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/microsoft-edge-dev 9noblacklist ${HOME}/.cache/microsoft-edge-dev
10nodeny ${HOME}/.config/microsoft-edge-dev 10noblacklist ${HOME}/.config/microsoft-edge-dev
11 11
12mkdir ${HOME}/.cache/microsoft-edge-dev 12mkdir ${HOME}/.cache/microsoft-edge-dev
13mkdir ${HOME}/.config/microsoft-edge-dev 13mkdir ${HOME}/.config/microsoft-edge-dev
14allow ${HOME}/.cache/microsoft-edge-dev 14whitelist ${HOME}/.cache/microsoft-edge-dev
15allow ${HOME}/.config/microsoft-edge-dev 15whitelist ${HOME}/.config/microsoft-edge-dev
16 16
17private-opt microsoft 17private-opt microsoft
18 18
diff --git a/etc/profile-m-z/midori.profile b/etc/profile-m-z/midori.profile
index c4a444e0d..e15259608 100644
--- a/etc/profile-m-z/midori.profile
+++ b/etc/profile-m-z/midori.profile
@@ -9,17 +9,17 @@ include globals.local
9# noexec ${HOME} breaks DRM binaries. 9# noexec ${HOME} breaks DRM binaries.
10?BROWSER_ALLOW_DRM: ignore noexec ${HOME} 10?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
11 11
12nodeny ${HOME}/.cache/midori 12noblacklist ${HOME}/.cache/midori
13nodeny ${HOME}/.config/midori 13noblacklist ${HOME}/.config/midori
14nodeny ${HOME}/.local/share/midori 14noblacklist ${HOME}/.local/share/midori
15# noblacklist ${HOME}/.local/share/webkit 15# noblacklist ${HOME}/.local/share/webkit
16# noblacklist ${HOME}/.local/share/webkitgtk 16# noblacklist ${HOME}/.local/share/webkitgtk
17nodeny ${HOME}/.pki 17noblacklist ${HOME}/.pki
18nodeny ${HOME}/.local/share/pki 18noblacklist ${HOME}/.local/share/pki
19 19
20nodeny ${HOME}/.cache/gnome-mplayer 20noblacklist ${HOME}/.cache/gnome-mplayer
21nodeny ${HOME}/.config/gnome-mplayer 21noblacklist ${HOME}/.config/gnome-mplayer
22nodeny ${HOME}/.lastpass 22noblacklist ${HOME}/.lastpass
23 23
24include disable-common.inc 24include disable-common.inc
25include disable-devel.inc 25include disable-devel.inc
@@ -36,17 +36,17 @@ mkdir ${HOME}/.local/share/webkit
36mkdir ${HOME}/.local/share/webkitgtk 36mkdir ${HOME}/.local/share/webkitgtk
37mkdir ${HOME}/.pki 37mkdir ${HOME}/.pki
38mkdir ${HOME}/.local/share/pki 38mkdir ${HOME}/.local/share/pki
39allow ${DOWNLOADS} 39whitelist ${DOWNLOADS}
40allow ${HOME}/.cache/gnome-mplayer/plugin 40whitelist ${HOME}/.cache/gnome-mplayer/plugin
41allow ${HOME}/.cache/midori 41whitelist ${HOME}/.cache/midori
42allow ${HOME}/.config/gnome-mplayer 42whitelist ${HOME}/.config/gnome-mplayer
43allow ${HOME}/.config/midori 43whitelist ${HOME}/.config/midori
44allow ${HOME}/.lastpass 44whitelist ${HOME}/.lastpass
45allow ${HOME}/.local/share/midori 45whitelist ${HOME}/.local/share/midori
46allow ${HOME}/.local/share/webkit 46whitelist ${HOME}/.local/share/webkit
47allow ${HOME}/.local/share/webkitgtk 47whitelist ${HOME}/.local/share/webkitgtk
48allow ${HOME}/.pki 48whitelist ${HOME}/.pki
49allow ${HOME}/.local/share/pki 49whitelist ${HOME}/.local/share/pki
50include whitelist-common.inc 50include whitelist-common.inc
51include whitelist-var-common.inc 51include whitelist-var-common.inc
52 52
diff --git a/etc/profile-m-z/min.profile b/etc/profile-m-z/min.profile
index 214332184..7f3aeab44 100644
--- a/etc/profile-m-z/min.profile
+++ b/etc/profile-m-z/min.profile
@@ -6,10 +6,10 @@ include min.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/Min 9noblacklist ${HOME}/.config/Min
10 10
11mkdir ${HOME}/.config/Min 11mkdir ${HOME}/.config/Min
12allow ${HOME}/.config/Min 12whitelist ${HOME}/.config/Min
13 13
14# Redirect 14# Redirect
15include chromium-common.profile 15include chromium-common.profile
diff --git a/etc/profile-m-z/mindless.profile b/etc/profile-m-z/mindless.profile
index ee8402b87..fbf6b58e8 100644
--- a/etc/profile-m-z/mindless.profile
+++ b/etc/profile-m-z/mindless.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
15include disable-shell.inc 15include disable-shell.inc
16include disable-xdg.inc 16include disable-xdg.inc
17 17
18allow /usr/share/mindless 18whitelist /usr/share/mindless
19include whitelist-usr-share-common.inc 19include whitelist-usr-share-common.inc
20include whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
diff --git a/etc/profile-m-z/minecraft-launcher.profile b/etc/profile-m-z/minecraft-launcher.profile
index 595313851..1028e374a 100644
--- a/etc/profile-m-z/minecraft-launcher.profile
+++ b/etc/profile-m-z/minecraft-launcher.profile
@@ -11,7 +11,7 @@ include globals.local
11 11
12ignore noexec ${HOME} 12ignore noexec ${HOME}
13 13
14nodeny ${HOME}/.minecraft 14noblacklist ${HOME}/.minecraft
15 15
16include allow-java.inc 16include allow-java.inc
17 17
@@ -25,7 +25,7 @@ include disable-shell.inc
25include disable-xdg.inc 25include disable-xdg.inc
26 26
27mkdir ${HOME}/.minecraft 27mkdir ${HOME}/.minecraft
28allow ${HOME}/.minecraft 28whitelist ${HOME}/.minecraft
29include whitelist-common.inc 29include whitelist-common.inc
30include whitelist-runuser-common.inc 30include whitelist-runuser-common.inc
31include whitelist-usr-share-common.inc 31include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/minetest.profile b/etc/profile-m-z/minetest.profile
index 11d0859b7..cad1adbda 100644
--- a/etc/profile-m-z/minetest.profile
+++ b/etc/profile-m-z/minetest.profile
@@ -9,8 +9,8 @@ include globals.local
9# In order to save in-game screenshots to a persistent location edit ~/.minetest/minetest.conf: 9# In order to save in-game screenshots to a persistent location edit ~/.minetest/minetest.conf:
10# screenshot_path = /home/<USER>/.minetest/screenshots 10# screenshot_path = /home/<USER>/.minetest/screenshots
11 11
12nodeny ${HOME}/.cache/minetest 12noblacklist ${HOME}/.cache/minetest
13nodeny ${HOME}/.minetest 13noblacklist ${HOME}/.minetest
14 14
15# Allow lua (blacklisted by disable-interpreters.inc) 15# Allow lua (blacklisted by disable-interpreters.inc)
16include allow-lua.inc 16include allow-lua.inc
@@ -26,10 +26,10 @@ include disable-xdg.inc
26 26
27mkdir ${HOME}/.cache/minetest 27mkdir ${HOME}/.cache/minetest
28mkdir ${HOME}/.minetest 28mkdir ${HOME}/.minetest
29allow ${HOME}/.cache/minetest 29whitelist ${HOME}/.cache/minetest
30allow ${HOME}/.minetest 30whitelist ${HOME}/.minetest
31allow /usr/share/games/minetest 31whitelist /usr/share/games/minetest
32allow /usr/share/minetest 32whitelist /usr/share/minetest
33include whitelist-common.inc 33include whitelist-common.inc
34include whitelist-runuser-common.inc 34include whitelist-runuser-common.inc
35include whitelist-usr-share-common.inc 35include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/minitube.profile b/etc/profile-m-z/minitube.profile
index 192913dbf..3fe3428d0 100644
--- a/etc/profile-m-z/minitube.profile
+++ b/etc/profile-m-z/minitube.profile
@@ -6,10 +6,10 @@ include minitube.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${PICTURES} 9noblacklist ${PICTURES}
10nodeny ${HOME}/.cache/Flavio Tordini 10noblacklist ${HOME}/.cache/Flavio Tordini
11nodeny ${HOME}/.config/Flavio Tordini 11noblacklist ${HOME}/.config/Flavio Tordini
12nodeny ${HOME}/.local/share/Flavio Tordini 12noblacklist ${HOME}/.local/share/Flavio Tordini
13 13
14include allow-lua.inc 14include allow-lua.inc
15 15
@@ -25,11 +25,11 @@ include disable-xdg.inc
25mkdir ${HOME}/.cache/Flavio Tordini 25mkdir ${HOME}/.cache/Flavio Tordini
26mkdir ${HOME}/.config/Flavio Tordini 26mkdir ${HOME}/.config/Flavio Tordini
27mkdir ${HOME}/.local/share/Flavio Tordini 27mkdir ${HOME}/.local/share/Flavio Tordini
28allow ${PICTURES} 28whitelist ${PICTURES}
29allow ${HOME}/.cache/Flavio Tordini 29whitelist ${HOME}/.cache/Flavio Tordini
30allow ${HOME}/.config/Flavio Tordini 30whitelist ${HOME}/.config/Flavio Tordini
31allow ${HOME}/.local/share/Flavio Tordini 31whitelist ${HOME}/.local/share/Flavio Tordini
32allow /usr/share/minitube 32whitelist /usr/share/minitube
33include whitelist-common.inc 33include whitelist-common.inc
34include whitelist-runuser-common.inc 34include whitelist-runuser-common.inc
35include whitelist-usr-share-common.inc 35include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/mirage.profile b/etc/profile-m-z/mirage.profile
index b2f2cc5b1..505009283 100644
--- a/etc/profile-m-z/mirage.profile
+++ b/etc/profile-m-z/mirage.profile
@@ -6,10 +6,10 @@ include mirage.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/mirage 9noblacklist ${HOME}/.cache/mirage
10nodeny ${HOME}/.config/mirage 10noblacklist ${HOME}/.config/mirage
11nodeny ${HOME}/.local/share/mirage 11noblacklist ${HOME}/.local/share/mirage
12nodeny /sbin 12noblacklist /sbin
13 13
14# Allow python (blacklisted by disable-interpreters.inc) 14# Allow python (blacklisted by disable-interpreters.inc)
15include allow-python2.inc 15include allow-python2.inc
@@ -27,10 +27,10 @@ include disable-xdg.inc
27mkdir ${HOME}/.cache/mirage 27mkdir ${HOME}/.cache/mirage
28mkdir ${HOME}/.config/mirage 28mkdir ${HOME}/.config/mirage
29mkdir ${HOME}/.local/share/mirage 29mkdir ${HOME}/.local/share/mirage
30allow ${HOME}/.cache/mirage 30whitelist ${HOME}/.cache/mirage
31allow ${HOME}/.config/mirage 31whitelist ${HOME}/.config/mirage
32allow ${HOME}/.local/share/mirage 32whitelist ${HOME}/.local/share/mirage
33allow ${DOWNLOADS} 33whitelist ${DOWNLOADS}
34include whitelist-common.inc 34include whitelist-common.inc
35include whitelist-runuser-common.inc 35include whitelist-runuser-common.inc
36include whitelist-usr-share-common.inc 36include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/mirrormagic.profile b/etc/profile-m-z/mirrormagic.profile
index d5ebfd4b0..58dfd56f5 100644
--- a/etc/profile-m-z/mirrormagic.profile
+++ b/etc/profile-m-z/mirrormagic.profile
@@ -6,7 +6,7 @@ include mirrormagic.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.mirrormagic 9noblacklist ${HOME}/.mirrormagic
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.mirrormagic 20mkdir ${HOME}/.mirrormagic
21allow ${HOME}/.mirrormagic 21whitelist ${HOME}/.mirrormagic
22allow /usr/share/mirrormagic 22whitelist /usr/share/mirrormagic
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-usr-share-common.inc 24include whitelist-usr-share-common.inc
25include whitelist-var-common.inc 25include whitelist-var-common.inc
diff --git a/etc/profile-m-z/mocp.profile b/etc/profile-m-z/mocp.profile
index b734bd7c0..e71ba4569 100644
--- a/etc/profile-m-z/mocp.profile
+++ b/etc/profile-m-z/mocp.profile
@@ -7,8 +7,8 @@ include mocp.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${HOME}/.moc 10noblacklist ${HOME}/.moc
11nodeny ${MUSIC} 11noblacklist ${MUSIC}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-m-z/mousepad.profile b/etc/profile-m-z/mousepad.profile
index a02b29b61..98063fa7c 100644
--- a/etc/profile-m-z/mousepad.profile
+++ b/etc/profile-m-z/mousepad.profile
@@ -6,7 +6,7 @@ include mousepad.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/Mousepad 9noblacklist ${HOME}/.config/Mousepad
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-m-z/mp3splt-gtk.profile b/etc/profile-m-z/mp3splt-gtk.profile
index f47384753..37ce60e04 100644
--- a/etc/profile-m-z/mp3splt-gtk.profile
+++ b/etc/profile-m-z/mp3splt-gtk.profile
@@ -6,7 +6,7 @@ include mp3splt-gtk.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.mp3splt-gtk 9noblacklist ${HOME}/.mp3splt-gtk
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-m-z/mp3splt.profile b/etc/profile-m-z/mp3splt.profile
index 8a2ab15bd..070de8451 100644
--- a/etc/profile-m-z/mp3splt.profile
+++ b/etc/profile-m-z/mp3splt.profile
@@ -6,9 +6,9 @@ include mp3splt.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9deny ${RUNUSER}/wayland-* 9blacklist ${RUNUSER}/wayland-*
10 10
11nodeny ${MUSIC} 11noblacklist ${MUSIC}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-m-z/mpDris2.profile b/etc/profile-m-z/mpDris2.profile
index 6994b0429..55a0b5897 100644
--- a/etc/profile-m-z/mpDris2.profile
+++ b/etc/profile-m-z/mpDris2.profile
@@ -6,13 +6,13 @@ include mpDris2.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/mpDris2 9noblacklist ${HOME}/.config/mpDris2
10 10
11# Allow python (blacklisted by disable-interpreters.inc) 11# Allow python (blacklisted by disable-interpreters.inc)
12include allow-python2.inc 12include allow-python2.inc
13include allow-python3.inc 13include allow-python3.inc
14 14
15nodeny ${MUSIC} 15noblacklist ${MUSIC}
16 16
17include disable-common.inc 17include disable-common.inc
18include disable-devel.inc 18include disable-devel.inc
@@ -23,10 +23,10 @@ include disable-programs.inc
23include disable-shell.inc 23include disable-shell.inc
24include disable-xdg.inc 24include disable-xdg.inc
25 25
26allow ${MUSIC} 26whitelist ${MUSIC}
27 27
28mkdir ${HOME}/.config/mpDris2 28mkdir ${HOME}/.config/mpDris2
29allow ${HOME}/.config/mpDris2 29whitelist ${HOME}/.config/mpDris2
30include whitelist-usr-share-common.inc 30include whitelist-usr-share-common.inc
31include whitelist-var-common.inc 31include whitelist-var-common.inc
32 32
diff --git a/etc/profile-m-z/mpd.profile b/etc/profile-m-z/mpd.profile
index 8b3350ac8..b517d4ab2 100644
--- a/etc/profile-m-z/mpd.profile
+++ b/etc/profile-m-z/mpd.profile
@@ -6,10 +6,10 @@ include mpd.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/mpd 9noblacklist ${HOME}/.config/mpd
10nodeny ${HOME}/.mpd 10noblacklist ${HOME}/.mpd
11nodeny ${HOME}/.mpdconf 11noblacklist ${HOME}/.mpdconf
12nodeny ${MUSIC} 12noblacklist ${MUSIC}
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
diff --git a/etc/profile-m-z/mpg123.profile b/etc/profile-m-z/mpg123.profile
index 03bd44daa..25187e894 100644
--- a/etc/profile-m-z/mpg123.profile
+++ b/etc/profile-m-z/mpg123.profile
@@ -7,7 +7,7 @@ include mpg123.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${MUSIC} 10noblacklist ${MUSIC}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-m-z/mplayer.profile b/etc/profile-m-z/mplayer.profile
index 84754aeb2..5d023b7f1 100644
--- a/etc/profile-m-z/mplayer.profile
+++ b/etc/profile-m-z/mplayer.profile
@@ -6,7 +6,7 @@ include mplayer.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.mplayer 9noblacklist ${HOME}/.mplayer
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
17 17
18read-only ${DESKTOP} 18read-only ${DESKTOP}
19mkdir ${HOME}/.mplayer 19mkdir ${HOME}/.mplayer
20allow ${HOME}/.mplayer 20whitelist ${HOME}/.mplayer
21include whitelist-common.inc 21include whitelist-common.inc
22include whitelist-player-common.inc 22include whitelist-player-common.inc
23include whitelist-usr-share-common.inc 23include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/mpsyt.profile b/etc/profile-m-z/mpsyt.profile
index d35519103..bfe57a132 100644
--- a/etc/profile-m-z/mpsyt.profile
+++ b/etc/profile-m-z/mpsyt.profile
@@ -6,12 +6,12 @@ include mpsyt.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/mps-youtube 9noblacklist ${HOME}/.config/mps-youtube
10nodeny ${HOME}/.config/mpv 10noblacklist ${HOME}/.config/mpv
11nodeny ${HOME}/.config/youtube-dl 11noblacklist ${HOME}/.config/youtube-dl
12nodeny ${HOME}/.mplayer 12noblacklist ${HOME}/.mplayer
13nodeny ${HOME}/.netrc 13noblacklist ${HOME}/.netrc
14nodeny ${HOME}/mps 14noblacklist ${HOME}/mps
15 15
16# Allow lua (blacklisted by disable-interpreters.inc) 16# Allow lua (blacklisted by disable-interpreters.inc)
17include allow-lua.inc 17include allow-lua.inc
@@ -20,8 +20,8 @@ include allow-lua.inc
20include allow-python2.inc 20include allow-python2.inc
21include allow-python3.inc 21include allow-python3.inc
22 22
23nodeny ${MUSIC} 23noblacklist ${MUSIC}
24nodeny ${VIDEOS} 24noblacklist ${VIDEOS}
25 25
26include disable-common.inc 26include disable-common.inc
27include disable-devel.inc 27include disable-devel.inc
@@ -37,12 +37,12 @@ mkdir ${HOME}/.config/mpv
37mkdir ${HOME}/.config/youtube-dl 37mkdir ${HOME}/.config/youtube-dl
38mkdir ${HOME}/.mplayer 38mkdir ${HOME}/.mplayer
39mkdir ${HOME}/mps 39mkdir ${HOME}/mps
40allow ${HOME}/.config/mps-youtube 40whitelist ${HOME}/.config/mps-youtube
41allow ${HOME}/.config/mpv 41whitelist ${HOME}/.config/mpv
42allow ${HOME}/.config/youtube-dl 42whitelist ${HOME}/.config/youtube-dl
43allow ${HOME}/.mplayer 43whitelist ${HOME}/.mplayer
44allow ${HOME}/.netrc 44whitelist ${HOME}/.netrc
45allow ${HOME}/mps 45whitelist ${HOME}/mps
46include whitelist-common.inc 46include whitelist-common.inc
47include whitelist-player-common.inc 47include whitelist-player-common.inc
48include whitelist-var-common.inc 48include whitelist-var-common.inc
diff --git a/etc/profile-m-z/mpv.profile b/etc/profile-m-z/mpv.profile
index 4ea2dd348..af5c214f7 100644
--- a/etc/profile-m-z/mpv.profile
+++ b/etc/profile-m-z/mpv.profile
@@ -24,9 +24,9 @@ include globals.local
24#include allow-bin-sh.inc 24#include allow-bin-sh.inc
25#private-bin sh 25#private-bin sh
26 26
27nodeny ${HOME}/.config/mpv 27noblacklist ${HOME}/.config/mpv
28nodeny ${HOME}/.config/youtube-dl 28noblacklist ${HOME}/.config/youtube-dl
29nodeny ${HOME}/.netrc 29noblacklist ${HOME}/.netrc
30 30
31# Allow lua (blacklisted by disable-interpreters.inc) 31# Allow lua (blacklisted by disable-interpreters.inc)
32include allow-lua.inc 32include allow-lua.inc
@@ -35,7 +35,7 @@ include allow-lua.inc
35include allow-python2.inc 35include allow-python2.inc
36include allow-python3.inc 36include allow-python3.inc
37 37
38deny /usr/libexec 38blacklist /usr/libexec
39 39
40include disable-common.inc 40include disable-common.inc
41include disable-devel.inc 41include disable-devel.inc
@@ -49,14 +49,14 @@ read-only ${DESKTOP}
49mkdir ${HOME}/.config/mpv 49mkdir ${HOME}/.config/mpv
50mkdir ${HOME}/.config/youtube-dl 50mkdir ${HOME}/.config/youtube-dl
51mkfile ${HOME}/.netrc 51mkfile ${HOME}/.netrc
52allow ${HOME}/.config/mpv 52whitelist ${HOME}/.config/mpv
53allow ${HOME}/.config/youtube-dl 53whitelist ${HOME}/.config/youtube-dl
54allow ${HOME}/.netrc 54whitelist ${HOME}/.netrc
55include whitelist-common.inc 55include whitelist-common.inc
56include whitelist-player-common.inc 56include whitelist-player-common.inc
57allow /usr/share/lua 57whitelist /usr/share/lua
58allow /usr/share/lua* 58whitelist /usr/share/lua*
59allow /usr/share/vulkan 59whitelist /usr/share/vulkan
60include whitelist-usr-share-common.inc 60include whitelist-usr-share-common.inc
61include whitelist-var-common.inc 61include whitelist-var-common.inc
62 62
diff --git a/etc/profile-m-z/mrrescue.profile b/etc/profile-m-z/mrrescue.profile
index a8c49a690..e3ceb3bd4 100644
--- a/etc/profile-m-z/mrrescue.profile
+++ b/etc/profile-m-z/mrrescue.profile
@@ -6,7 +6,7 @@ include mrrescue.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.local/share/love 9noblacklist ${HOME}/.local/share/love
10 10
11# Allow /bin/sh (blacklisted by disable-shell.inc) 11# Allow /bin/sh (blacklisted by disable-shell.inc)
12include allow-bin-sh.inc 12include allow-bin-sh.inc
@@ -14,7 +14,7 @@ include allow-bin-sh.inc
14# Allow lua (blacklisted by disable-interpreters.inc) 14# Allow lua (blacklisted by disable-interpreters.inc)
15include allow-lua.inc 15include allow-lua.inc
16 16
17deny /usr/libexec 17blacklist /usr/libexec
18 18
19include disable-common.inc 19include disable-common.inc
20include disable-devel.inc 20include disable-devel.inc
@@ -26,8 +26,8 @@ include disable-shell.inc
26include disable-xdg.inc 26include disable-xdg.inc
27 27
28mkdir ${HOME}/.local/share/love 28mkdir ${HOME}/.local/share/love
29allow ${HOME}/.local/share/love 29whitelist ${HOME}/.local/share/love
30allow /usr/share/mrrescue 30whitelist /usr/share/mrrescue
31include whitelist-common.inc 31include whitelist-common.inc
32include whitelist-runuser-common.inc 32include whitelist-runuser-common.inc
33include whitelist-usr-share-common.inc 33include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/ms-excel.profile b/etc/profile-m-z/ms-excel.profile
index 5fea86ae7..db24e8f9b 100644
--- a/etc/profile-m-z/ms-excel.profile
+++ b/etc/profile-m-z/ms-excel.profile
@@ -6,7 +6,7 @@ include ms-excel.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.cache/ms-excel-online 9noblacklist ${HOME}/.cache/ms-excel-online
10private-bin ms-excel 10private-bin ms-excel
11 11
12# Redirect 12# Redirect
diff --git a/etc/profile-m-z/ms-office.profile b/etc/profile-m-z/ms-office.profile
index 4033627f7..38fc84ecc 100644
--- a/etc/profile-m-z/ms-office.profile
+++ b/etc/profile-m-z/ms-office.profile
@@ -5,8 +5,8 @@ include ms-office.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.cache/ms-office-online 8noblacklist ${HOME}/.cache/ms-office-online
9nodeny ${HOME}/.jak 9noblacklist ${HOME}/.jak
10 10
11# Allow python (blacklisted by disable-interpreters.inc) 11# Allow python (blacklisted by disable-interpreters.inc)
12include allow-python2.inc 12include allow-python2.inc
diff --git a/etc/profile-m-z/ms-onenote.profile b/etc/profile-m-z/ms-onenote.profile
index 805de5102..9ea0637bd 100644
--- a/etc/profile-m-z/ms-onenote.profile
+++ b/etc/profile-m-z/ms-onenote.profile
@@ -6,7 +6,7 @@ include ms-onenote.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.cache/ms-onenote-online 9noblacklist ${HOME}/.cache/ms-onenote-online
10private-bin ms-onenote 10private-bin ms-onenote
11 11
12# Redirect 12# Redirect
diff --git a/etc/profile-m-z/ms-outlook.profile b/etc/profile-m-z/ms-outlook.profile
index bd14fb7d3..fc3e7c009 100644
--- a/etc/profile-m-z/ms-outlook.profile
+++ b/etc/profile-m-z/ms-outlook.profile
@@ -6,7 +6,7 @@ include ms-outlook.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.cache/ms-outlook-online 9noblacklist ${HOME}/.cache/ms-outlook-online
10private-bin ms-outlook 10private-bin ms-outlook
11 11
12# Redirect 12# Redirect
diff --git a/etc/profile-m-z/ms-powerpoint.profile b/etc/profile-m-z/ms-powerpoint.profile
index 02a7424e2..dadcd5b1e 100644
--- a/etc/profile-m-z/ms-powerpoint.profile
+++ b/etc/profile-m-z/ms-powerpoint.profile
@@ -6,7 +6,7 @@ include ms-powerpoint.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.cache/ms-powerpoint-online 9noblacklist ${HOME}/.cache/ms-powerpoint-online
10private-bin ms-powerpoint 10private-bin ms-powerpoint
11 11
12# Redirect 12# Redirect
diff --git a/etc/profile-m-z/ms-skype.profile b/etc/profile-m-z/ms-skype.profile
index 01729f9a2..df1618361 100644
--- a/etc/profile-m-z/ms-skype.profile
+++ b/etc/profile-m-z/ms-skype.profile
@@ -8,7 +8,7 @@ include ms-skype.local
8 8
9ignore novideo 9ignore novideo
10 10
11nodeny ${HOME}/.cache/ms-skype-online 11noblacklist ${HOME}/.cache/ms-skype-online
12 12
13private-bin ms-skype 13private-bin ms-skype
14 14
diff --git a/etc/profile-m-z/ms-word.profile b/etc/profile-m-z/ms-word.profile
index 34cf02128..5a617a893 100644
--- a/etc/profile-m-z/ms-word.profile
+++ b/etc/profile-m-z/ms-word.profile
@@ -6,7 +6,7 @@ include ms-word.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.cache/ms-word-online 9noblacklist ${HOME}/.cache/ms-word-online
10private-bin ms-word 10private-bin ms-word
11 11
12# Redirect 12# Redirect
diff --git a/etc/profile-m-z/mtpaint.profile b/etc/profile-m-z/mtpaint.profile
index ec7cd5d04..85c3ee9f2 100644
--- a/etc/profile-m-z/mtpaint.profile
+++ b/etc/profile-m-z/mtpaint.profile
@@ -6,7 +6,7 @@ include mtpaint.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${PICTURES} 9noblacklist ${PICTURES}
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-m-z/multimc5.profile b/etc/profile-m-z/multimc5.profile
index 447e7753f..6df681df1 100644
--- a/etc/profile-m-z/multimc5.profile
+++ b/etc/profile-m-z/multimc5.profile
@@ -5,9 +5,9 @@ include multimc5.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.local/share/multimc 8noblacklist ${HOME}/.local/share/multimc
9nodeny ${HOME}/.local/share/multimc5 9noblacklist ${HOME}/.local/share/multimc5
10nodeny ${HOME}/.multimc5 10noblacklist ${HOME}/.multimc5
11 11
12# Allow java (blacklisted by disable-devel.inc) 12# Allow java (blacklisted by disable-devel.inc)
13include allow-java.inc 13include allow-java.inc
@@ -22,9 +22,9 @@ include disable-programs.inc
22mkdir ${HOME}/.local/share/multimc 22mkdir ${HOME}/.local/share/multimc
23mkdir ${HOME}/.local/share/multimc5 23mkdir ${HOME}/.local/share/multimc5
24mkdir ${HOME}/.multimc5 24mkdir ${HOME}/.multimc5
25allow ${HOME}/.local/share/multimc 25whitelist ${HOME}/.local/share/multimc
26allow ${HOME}/.local/share/multimc5 26whitelist ${HOME}/.local/share/multimc5
27allow ${HOME}/.multimc5 27whitelist ${HOME}/.multimc5
28include whitelist-common.inc 28include whitelist-common.inc
29 29
30caps.drop all 30caps.drop all
diff --git a/etc/profile-m-z/mumble.profile b/etc/profile-m-z/mumble.profile
index 1d72e07b8..c7f59c5ee 100644
--- a/etc/profile-m-z/mumble.profile
+++ b/etc/profile-m-z/mumble.profile
@@ -6,9 +6,9 @@ include mumble.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/Mumble 9noblacklist ${HOME}/.config/Mumble
10nodeny ${HOME}/.local/share/data/Mumble 10noblacklist ${HOME}/.local/share/data/Mumble
11nodeny ${HOME}/.local/share/Mumble 11noblacklist ${HOME}/.local/share/Mumble
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -21,9 +21,9 @@ include disable-shell.inc
21mkdir ${HOME}/.config/Mumble 21mkdir ${HOME}/.config/Mumble
22mkdir ${HOME}/.local/share/data/Mumble 22mkdir ${HOME}/.local/share/data/Mumble
23mkdir ${HOME}/.local/share/Mumble 23mkdir ${HOME}/.local/share/Mumble
24allow ${HOME}/.config/Mumble 24whitelist ${HOME}/.config/Mumble
25allow ${HOME}/.local/share/data/Mumble 25whitelist ${HOME}/.local/share/data/Mumble
26allow ${HOME}/.local/share/Mumble 26whitelist ${HOME}/.local/share/Mumble
27include whitelist-common.inc 27include whitelist-common.inc
28include whitelist-var-common.inc 28include whitelist-var-common.inc
29 29
diff --git a/etc/profile-m-z/mupdf-gl.profile b/etc/profile-m-z/mupdf-gl.profile
index c208a5e54..be94a9083 100644
--- a/etc/profile-m-z/mupdf-gl.profile
+++ b/etc/profile-m-z/mupdf-gl.profile
@@ -7,7 +7,7 @@ include mupdf-gl.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10nodeny ${HOME}/.mupdf.history 10noblacklist ${HOME}/.mupdf.history
11 11
12# Redirect 12# Redirect
13include mupdf.profile 13include mupdf.profile
diff --git a/etc/profile-m-z/mupdf.profile b/etc/profile-m-z/mupdf.profile
index e602b1429..9e4609c48 100644
--- a/etc/profile-m-z/mupdf.profile
+++ b/etc/profile-m-z/mupdf.profile
@@ -6,7 +6,7 @@ include mupdf.local
6# Persistent global definitions 6# Persistent global definitions
7#include globals.local 7#include globals.local
8 8
9nodeny ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-m-z/mupen64plus.profile b/etc/profile-m-z/mupen64plus.profile
index ecc7e2957..00983a8f3 100644
--- a/etc/profile-m-z/mupen64plus.profile
+++ b/etc/profile-m-z/mupen64plus.profile
@@ -6,8 +6,8 @@ include mupen64plus.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/mupen64plus 9noblacklist ${HOME}/.config/mupen64plus
10nodeny ${HOME}/.local/share/mupen64plus 10noblacklist ${HOME}/.local/share/mupen64plus
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
18# you'll need to manually whitelist ROM files 18# you'll need to manually whitelist ROM files
19mkdir ${HOME}/.config/mupen64plus 19mkdir ${HOME}/.config/mupen64plus
20mkdir ${HOME}/.local/share/mupen64plus 20mkdir ${HOME}/.local/share/mupen64plus
21allow ${HOME}/.config/mupen64plus 21whitelist ${HOME}/.config/mupen64plus
22allow ${HOME}/.local/share/mupen64plus 22whitelist ${HOME}/.local/share/mupen64plus
23include whitelist-common.inc 23include whitelist-common.inc
24 24
25caps.drop all 25caps.drop all
diff --git a/etc/profile-m-z/musescore.profile b/etc/profile-m-z/musescore.profile
index aa141f9c0..679e82ae8 100644
--- a/etc/profile-m-z/musescore.profile
+++ b/etc/profile-m-z/musescore.profile
@@ -6,12 +6,12 @@ include musescore.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/MusE 9noblacklist ${HOME}/.config/MusE
10nodeny ${HOME}/.config/MuseScore 10noblacklist ${HOME}/.config/MuseScore
11nodeny ${HOME}/.local/share/data/MusE 11noblacklist ${HOME}/.local/share/data/MusE
12nodeny ${HOME}/.local/share/data/MuseScore 12noblacklist ${HOME}/.local/share/data/MuseScore
13nodeny ${DOCUMENTS} 13noblacklist ${DOCUMENTS}
14nodeny ${MUSIC} 14noblacklist ${MUSIC}
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
diff --git a/etc/profile-m-z/musictube.profile b/etc/profile-m-z/musictube.profile
index 5ab1303a2..04500ac6a 100644
--- a/etc/profile-m-z/musictube.profile
+++ b/etc/profile-m-z/musictube.profile
@@ -6,9 +6,9 @@ include musictube.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/Flavio Tordini 9noblacklist ${HOME}/.cache/Flavio Tordini
10nodeny ${HOME}/.config/Flavio Tordini 10noblacklist ${HOME}/.config/Flavio Tordini
11nodeny ${HOME}/.local/share/Flavio Tordini 11noblacklist ${HOME}/.local/share/Flavio Tordini
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -22,10 +22,10 @@ include disable-xdg.inc
22mkdir ${HOME}/.cache/Flavio Tordini 22mkdir ${HOME}/.cache/Flavio Tordini
23mkdir ${HOME}/.config/Flavio Tordini 23mkdir ${HOME}/.config/Flavio Tordini
24mkdir ${HOME}/.local/share/Flavio Tordini 24mkdir ${HOME}/.local/share/Flavio Tordini
25allow ${HOME}/.cache/Flavio Tordini 25whitelist ${HOME}/.cache/Flavio Tordini
26allow ${HOME}/.config/Flavio Tordini 26whitelist ${HOME}/.config/Flavio Tordini
27allow ${HOME}/.local/share/Flavio Tordini 27whitelist ${HOME}/.local/share/Flavio Tordini
28allow /usr/share/musictube 28whitelist /usr/share/musictube
29include whitelist-common.inc 29include whitelist-common.inc
30include whitelist-runuser-common.inc 30include whitelist-runuser-common.inc
31include whitelist-usr-share-common.inc 31include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/musixmatch.profile b/etc/profile-m-z/musixmatch.profile
index 9390f9dcf..74b3e9a5f 100644
--- a/etc/profile-m-z/musixmatch.profile
+++ b/etc/profile-m-z/musixmatch.profile
@@ -5,7 +5,7 @@ include musixmatch.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${MUSIC} 8noblacklist ${MUSIC}
9 9
10include disable-common.inc 10include disable-common.inc
11include disable-devel.inc 11include disable-devel.inc
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile
index 91606bdfa..debf81659 100644
--- a/etc/profile-m-z/mutt.profile
+++ b/etc/profile-m-z/mutt.profile
@@ -7,36 +7,36 @@ include mutt.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny /var/mail 10noblacklist /var/mail
11nodeny /var/spool/mail 11noblacklist /var/spool/mail
12nodeny ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
13nodeny ${HOME}/.Mail 13noblacklist ${HOME}/.Mail
14nodeny ${HOME}/.bogofilter 14noblacklist ${HOME}/.bogofilter
15nodeny ${HOME}/.cache/mutt 15noblacklist ${HOME}/.cache/mutt
16nodeny ${HOME}/.config/mutt 16noblacklist ${HOME}/.config/mutt
17nodeny ${HOME}/.config/nano 17noblacklist ${HOME}/.config/nano
18nodeny ${HOME}/.elinks 18noblacklist ${HOME}/.elinks
19nodeny ${HOME}/.emacs 19noblacklist ${HOME}/.emacs
20nodeny ${HOME}/.emacs.d 20noblacklist ${HOME}/.emacs.d
21nodeny ${HOME}/.gnupg 21noblacklist ${HOME}/.gnupg
22nodeny ${HOME}/.mail 22noblacklist ${HOME}/.mail
23nodeny ${HOME}/.mailcap 23noblacklist ${HOME}/.mailcap
24nodeny ${HOME}/.msmtprc 24noblacklist ${HOME}/.msmtprc
25nodeny ${HOME}/.mutt 25noblacklist ${HOME}/.mutt
26nodeny ${HOME}/.muttrc 26noblacklist ${HOME}/.muttrc
27nodeny ${HOME}/.nanorc 27noblacklist ${HOME}/.nanorc
28nodeny ${HOME}/.signature 28noblacklist ${HOME}/.signature
29nodeny ${HOME}/.vim 29noblacklist ${HOME}/.vim
30nodeny ${HOME}/.viminfo 30noblacklist ${HOME}/.viminfo
31nodeny ${HOME}/.vimrc 31noblacklist ${HOME}/.vimrc
32nodeny ${HOME}/.w3m 32noblacklist ${HOME}/.w3m
33nodeny ${HOME}/Mail 33noblacklist ${HOME}/Mail
34nodeny ${HOME}/mail 34noblacklist ${HOME}/mail
35nodeny ${HOME}/postponed 35noblacklist ${HOME}/postponed
36nodeny ${HOME}/sent 36noblacklist ${HOME}/sent
37 37
38deny /tmp/.X11-unix 38blacklist /tmp/.X11-unix
39deny ${RUNUSER}/wayland-* 39blacklist ${RUNUSER}/wayland-*
40 40
41# Add the next lines to your mutt.local for oauth.py,S/MIME support. 41# Add the next lines to your mutt.local for oauth.py,S/MIME support.
42#include allow-perl.inc 42#include allow-perl.inc
@@ -75,37 +75,37 @@ mkfile ${HOME}/.nanorc
75mkfile ${HOME}/.signature 75mkfile ${HOME}/.signature
76mkfile ${HOME}/.viminfo 76mkfile ${HOME}/.viminfo
77mkfile ${HOME}/.vimrc 77mkfile ${HOME}/.vimrc
78allow ${DOCUMENTS} 78whitelist ${DOCUMENTS}
79allow ${DOWNLOADS} 79whitelist ${DOWNLOADS}
80allow ${HOME}/.Mail 80whitelist ${HOME}/.Mail
81allow ${HOME}/.bogofilter 81whitelist ${HOME}/.bogofilter
82allow ${HOME}/.cache/mutt 82whitelist ${HOME}/.cache/mutt
83allow ${HOME}/.config/mutt 83whitelist ${HOME}/.config/mutt
84allow ${HOME}/.config/nano 84whitelist ${HOME}/.config/nano
85allow ${HOME}/.elinks 85whitelist ${HOME}/.elinks
86allow ${HOME}/.emacs 86whitelist ${HOME}/.emacs
87allow ${HOME}/.emacs.d 87whitelist ${HOME}/.emacs.d
88allow ${HOME}/.gnupg 88whitelist ${HOME}/.gnupg
89allow ${HOME}/.mail 89whitelist ${HOME}/.mail
90allow ${HOME}/.mailcap 90whitelist ${HOME}/.mailcap
91allow ${HOME}/.msmtprc 91whitelist ${HOME}/.msmtprc
92allow ${HOME}/.mutt 92whitelist ${HOME}/.mutt
93allow ${HOME}/.muttrc 93whitelist ${HOME}/.muttrc
94allow ${HOME}/.nanorc 94whitelist ${HOME}/.nanorc
95allow ${HOME}/.signature 95whitelist ${HOME}/.signature
96allow ${HOME}/.vim 96whitelist ${HOME}/.vim
97allow ${HOME}/.viminfo 97whitelist ${HOME}/.viminfo
98allow ${HOME}/.vimrc 98whitelist ${HOME}/.vimrc
99allow ${HOME}/.w3m 99whitelist ${HOME}/.w3m
100allow ${HOME}/Mail 100whitelist ${HOME}/Mail
101allow ${HOME}/mail 101whitelist ${HOME}/mail
102allow ${HOME}/postponed 102whitelist ${HOME}/postponed
103allow ${HOME}/sent 103whitelist ${HOME}/sent
104allow /usr/share/gnupg 104whitelist /usr/share/gnupg
105allow /usr/share/gnupg2 105whitelist /usr/share/gnupg2
106allow /usr/share/mutt 106whitelist /usr/share/mutt
107allow /var/mail 107whitelist /var/mail
108allow /var/spool/mail 108whitelist /var/spool/mail
109include whitelist-common.inc 109include whitelist-common.inc
110include whitelist-runuser-common.inc 110include whitelist-runuser-common.inc
111include whitelist-usr-share-common.inc 111include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/mypaint.profile b/etc/profile-m-z/mypaint.profile
index 19af47498..d8d487fe7 100644
--- a/etc/profile-m-z/mypaint.profile
+++ b/etc/profile-m-z/mypaint.profile
@@ -6,10 +6,10 @@ include mypaint.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/mypaint 9noblacklist ${HOME}/.cache/mypaint
10nodeny ${HOME}/.config/mypaint 10noblacklist ${HOME}/.config/mypaint
11nodeny ${HOME}/.local/share/mypaint 11noblacklist ${HOME}/.local/share/mypaint
12nodeny ${PICTURES} 12noblacklist ${PICTURES}
13 13
14# Allow python (blacklisted by disable-interpreters.inc) 14# Allow python (blacklisted by disable-interpreters.inc)
15include allow-python2.inc 15include allow-python2.inc
diff --git a/etc/profile-m-z/nano.profile b/etc/profile-m-z/nano.profile
index f0553bed5..4698c2287 100644
--- a/etc/profile-m-z/nano.profile
+++ b/etc/profile-m-z/nano.profile
@@ -7,10 +7,10 @@ include nano.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny ${RUNUSER}/wayland-* 10blacklist ${RUNUSER}/wayland-*
11 11
12nodeny ${HOME}/.config/nano 12noblacklist ${HOME}/.config/nano
13nodeny ${HOME}/.nanorc 13noblacklist ${HOME}/.nanorc
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-interpreters.inc
19include disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include disable-programs.inc 20include disable-programs.inc
21 21
22allow /usr/share/nano 22whitelist /usr/share/nano
23include whitelist-usr-share-common.inc 23include whitelist-usr-share-common.inc
24 24
25apparmor 25apparmor
diff --git a/etc/profile-m-z/natron.profile b/etc/profile-m-z/natron.profile
index 35d152748..5bf152f84 100644
--- a/etc/profile-m-z/natron.profile
+++ b/etc/profile-m-z/natron.profile
@@ -5,9 +5,9 @@ include natron.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.Natron 8noblacklist ${HOME}/.Natron
9nodeny ${HOME}/.cache/INRIA/Natron 9noblacklist ${HOME}/.cache/INRIA/Natron
10nodeny ${HOME}/.config/INRIA 10noblacklist ${HOME}/.config/INRIA
11 11
12# Allow python (blacklisted by disable-interpreters.inc) 12# Allow python (blacklisted by disable-interpreters.inc)
13include allow-python2.inc 13include allow-python2.inc
diff --git a/etc/profile-m-z/ncdu.profile b/etc/profile-m-z/ncdu.profile
index 38646dc90..063e30366 100644
--- a/etc/profile-m-z/ncdu.profile
+++ b/etc/profile-m-z/ncdu.profile
@@ -6,7 +6,7 @@ include ncdu.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9deny ${RUNUSER}/wayland-* 9blacklist ${RUNUSER}/wayland-*
10 10
11include disable-exec.inc 11include disable-exec.inc
12 12
diff --git a/etc/profile-m-z/neochat.profile b/etc/profile-m-z/neochat.profile
index ceb885908..9f00448c8 100644
--- a/etc/profile-m-z/neochat.profile
+++ b/etc/profile-m-z/neochat.profile
@@ -6,12 +6,12 @@ include neochat.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/KDE/neochat 9noblacklist ${HOME}/.cache/KDE/neochat
10nodeny ${HOME}/.config/KDE 10noblacklist ${HOME}/.config/KDE
11nodeny ${HOME}/.config/KDE/neochat 11noblacklist ${HOME}/.config/KDE/neochat
12nodeny ${HOME}/.config/neochatrc 12noblacklist ${HOME}/.config/neochatrc
13nodeny ${HOME}/.config/neochat.notifyrc 13noblacklist ${HOME}/.config/neochat.notifyrc
14nodeny ${HOME}/.local/share/KDE/neochat 14noblacklist ${HOME}/.local/share/KDE/neochat
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
@@ -24,9 +24,9 @@ include disable-xdg.inc
24 24
25mkdir ${HOME}/.cache/KDE/neochat 25mkdir ${HOME}/.cache/KDE/neochat
26mkdir ${HOME}/.local/share/KDE/neochat 26mkdir ${HOME}/.local/share/KDE/neochat
27allow ${HOME}/.cache/KDE/neochat 27whitelist ${HOME}/.cache/KDE/neochat
28allow ${HOME}/.local/share/KDE/neochat 28whitelist ${HOME}/.local/share/KDE/neochat
29allow ${DOWNLOADS} 29whitelist ${DOWNLOADS}
30include whitelist-1793-workaround.inc 30include whitelist-1793-workaround.inc
31include whitelist-common.inc 31include whitelist-common.inc
32include whitelist-runuser-common.inc 32include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile
index 939d6f111..fafa129e4 100644
--- a/etc/profile-m-z/neomutt.profile
+++ b/etc/profile-m-z/neomutt.profile
@@ -7,38 +7,38 @@ include neomutt.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11nodeny ${HOME}/.Mail 11noblacklist ${HOME}/.Mail
12nodeny ${HOME}/.bogofilter 12noblacklist ${HOME}/.bogofilter
13nodeny ${HOME}/.config/mutt 13noblacklist ${HOME}/.config/mutt
14nodeny ${HOME}/.config/nano 14noblacklist ${HOME}/.config/nano
15nodeny ${HOME}/.config/neomutt 15noblacklist ${HOME}/.config/neomutt
16nodeny ${HOME}/.elinks 16noblacklist ${HOME}/.elinks
17nodeny ${HOME}/.emacs 17noblacklist ${HOME}/.emacs
18nodeny ${HOME}/.emacs.d 18noblacklist ${HOME}/.emacs.d
19nodeny ${HOME}/.gnupg 19noblacklist ${HOME}/.gnupg
20nodeny ${HOME}/.mail 20noblacklist ${HOME}/.mail
21nodeny ${HOME}/.mailcap 21noblacklist ${HOME}/.mailcap
22nodeny ${HOME}/.msmtprc 22noblacklist ${HOME}/.msmtprc
23nodeny ${HOME}/.mutt 23noblacklist ${HOME}/.mutt
24nodeny ${HOME}/.muttrc 24noblacklist ${HOME}/.muttrc
25nodeny ${HOME}/.nanorc 25noblacklist ${HOME}/.nanorc
26nodeny ${HOME}/.neomutt 26noblacklist ${HOME}/.neomutt
27nodeny ${HOME}/.neomuttrc 27noblacklist ${HOME}/.neomuttrc
28nodeny ${HOME}/.signature 28noblacklist ${HOME}/.signature
29nodeny ${HOME}/.vim 29noblacklist ${HOME}/.vim
30nodeny ${HOME}/.viminfo 30noblacklist ${HOME}/.viminfo
31nodeny ${HOME}/.vimrc 31noblacklist ${HOME}/.vimrc
32nodeny ${HOME}/.w3m 32noblacklist ${HOME}/.w3m
33nodeny ${HOME}/Mail 33noblacklist ${HOME}/Mail
34nodeny ${HOME}/mail 34noblacklist ${HOME}/mail
35nodeny ${HOME}/postponed 35noblacklist ${HOME}/postponed
36nodeny ${HOME}/sent 36noblacklist ${HOME}/sent
37nodeny /var/mail 37noblacklist /var/mail
38nodeny /var/spool/mail 38noblacklist /var/spool/mail
39 39
40deny /tmp/.X11-unix 40blacklist /tmp/.X11-unix
41deny ${RUNUSER}/wayland-* 41blacklist ${RUNUSER}/wayland-*
42 42
43include allow-lua.inc 43include allow-lua.inc
44 44
@@ -76,39 +76,39 @@ mkfile ${HOME}/.neomuttrc
76mkfile ${HOME}/.signature 76mkfile ${HOME}/.signature
77mkfile ${HOME}/.viminfo 77mkfile ${HOME}/.viminfo
78mkfile ${HOME}/.vimrc 78mkfile ${HOME}/.vimrc
79allow ${DOCUMENTS} 79whitelist ${DOCUMENTS}
80allow ${DOWNLOADS} 80whitelist ${DOWNLOADS}
81allow ${HOME}/.Mail 81whitelist ${HOME}/.Mail
82allow ${HOME}/.bogofilter 82whitelist ${HOME}/.bogofilter
83allow ${HOME}/.config/mutt 83whitelist ${HOME}/.config/mutt
84allow ${HOME}/.config/nano 84whitelist ${HOME}/.config/nano
85allow ${HOME}/.config/neomutt 85whitelist ${HOME}/.config/neomutt
86allow ${HOME}/.elinks 86whitelist ${HOME}/.elinks
87allow ${HOME}/.emacs 87whitelist ${HOME}/.emacs
88allow ${HOME}/.emacs.d 88whitelist ${HOME}/.emacs.d
89allow ${HOME}/.gnupg 89whitelist ${HOME}/.gnupg
90allow ${HOME}/.mail 90whitelist ${HOME}/.mail
91allow ${HOME}/.mailcap 91whitelist ${HOME}/.mailcap
92allow ${HOME}/.msmtprc 92whitelist ${HOME}/.msmtprc
93allow ${HOME}/.mutt 93whitelist ${HOME}/.mutt
94allow ${HOME}/.muttrc 94whitelist ${HOME}/.muttrc
95allow ${HOME}/.nanorc 95whitelist ${HOME}/.nanorc
96allow ${HOME}/.neomutt 96whitelist ${HOME}/.neomutt
97allow ${HOME}/.neomuttrc 97whitelist ${HOME}/.neomuttrc
98allow ${HOME}/.signature 98whitelist ${HOME}/.signature
99allow ${HOME}/.vim 99whitelist ${HOME}/.vim
100allow ${HOME}/.viminfo 100whitelist ${HOME}/.viminfo
101allow ${HOME}/.vimrc 101whitelist ${HOME}/.vimrc
102allow ${HOME}/.w3m 102whitelist ${HOME}/.w3m
103allow ${HOME}/Mail 103whitelist ${HOME}/Mail
104allow ${HOME}/mail 104whitelist ${HOME}/mail
105allow ${HOME}/postponed 105whitelist ${HOME}/postponed
106allow ${HOME}/sent 106whitelist ${HOME}/sent
107allow /usr/share/gnupg 107whitelist /usr/share/gnupg
108allow /usr/share/gnupg2 108whitelist /usr/share/gnupg2
109allow /usr/share/neomutt 109whitelist /usr/share/neomutt
110allow /var/mail 110whitelist /var/mail
111allow /var/spool/mail 111whitelist /var/spool/mail
112include whitelist-common.inc 112include whitelist-common.inc
113include whitelist-runuser-common.inc 113include whitelist-runuser-common.inc
114include whitelist-usr-share-common.inc 114include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/netactview.profile b/etc/profile-m-z/netactview.profile
index 68297c110..5d45dd7bc 100644
--- a/etc/profile-m-z/netactview.profile
+++ b/etc/profile-m-z/netactview.profile
@@ -6,7 +6,7 @@ include netactview.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.netactview 9noblacklist ${HOME}/.netactview
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkfile ${HOME}/.netactview 20mkfile ${HOME}/.netactview
21allow ${HOME}/.netactview 21whitelist ${HOME}/.netactview
22allow /usr/share/netactview 22whitelist /usr/share/netactview
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-usr-share-common.inc 24include whitelist-usr-share-common.inc
25include whitelist-var-common.inc 25include whitelist-var-common.inc
diff --git a/etc/profile-m-z/nethack-vultures.profile b/etc/profile-m-z/nethack-vultures.profile
index d5bf8a52a..c9a537370 100644
--- a/etc/profile-m-z/nethack-vultures.profile
+++ b/etc/profile-m-z/nethack-vultures.profile
@@ -6,7 +6,7 @@ include nethack.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.vultures 9noblacklist ${HOME}/.vultures
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc
16include disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.vultures 18mkdir ${HOME}/.vultures
19allow ${HOME}/.vultures 19whitelist ${HOME}/.vultures
20allow /var/log/vultures 20whitelist /var/log/vultures
21include whitelist-common.inc 21include whitelist-common.inc
22include whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
diff --git a/etc/profile-m-z/nethack.profile b/etc/profile-m-z/nethack.profile
index 23b57bb52..b57abe260 100644
--- a/etc/profile-m-z/nethack.profile
+++ b/etc/profile-m-z/nethack.profile
@@ -6,7 +6,7 @@ include nethack.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny /var/games/nethack 9noblacklist /var/games/nethack
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -15,7 +15,7 @@ include disable-interpreters.inc
15include disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include disable-programs.inc 16include disable-programs.inc
17 17
18allow /var/games/nethack 18whitelist /var/games/nethack
19include whitelist-common.inc 19include whitelist-common.inc
20include whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
diff --git a/etc/profile-m-z/netsurf.profile b/etc/profile-m-z/netsurf.profile
index b099d6f0c..0ddb7bbbe 100644
--- a/etc/profile-m-z/netsurf.profile
+++ b/etc/profile-m-z/netsurf.profile
@@ -6,8 +6,8 @@ include netsurf.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/netsurf 9noblacklist ${HOME}/.cache/netsurf
10nodeny ${HOME}/.config/netsurf 10noblacklist ${HOME}/.config/netsurf
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-programs.inc
16 16
17mkdir ${HOME}/.cache/netsurf 17mkdir ${HOME}/.cache/netsurf
18mkdir ${HOME}/.config/netsurf 18mkdir ${HOME}/.config/netsurf
19allow ${DOWNLOADS} 19whitelist ${DOWNLOADS}
20allow ${HOME}/.cache/netsurf 20whitelist ${HOME}/.cache/netsurf
21allow ${HOME}/.config/netsurf 21whitelist ${HOME}/.config/netsurf
22include whitelist-common.inc 22include whitelist-common.inc
23 23
24caps.drop all 24caps.drop all
diff --git a/etc/profile-m-z/neverball.profile b/etc/profile-m-z/neverball.profile
index dad90a66c..ecfbb14e4 100644
--- a/etc/profile-m-z/neverball.profile
+++ b/etc/profile-m-z/neverball.profile
@@ -6,7 +6,7 @@ include neverball.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.neverball 9noblacklist ${HOME}/.neverball
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.neverball 20mkdir ${HOME}/.neverball
21allow ${HOME}/.neverball 21whitelist ${HOME}/.neverball
22allow /usr/share/neverball 22whitelist /usr/share/neverball
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-runuser-common.inc 24include whitelist-runuser-common.inc
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/newsbeuter.profile b/etc/profile-m-z/newsbeuter.profile
index c26ba4be0..6efb19502 100644
--- a/etc/profile-m-z/newsbeuter.profile
+++ b/etc/profile-m-z/newsbeuter.profile
@@ -11,15 +11,15 @@ ignore include newsboat.local
11ignore mkdir ${HOME}/.config/newsboat 11ignore mkdir ${HOME}/.config/newsboat
12ignore mkdir ${HOME}/.local/share/newsboat 12ignore mkdir ${HOME}/.local/share/newsboat
13ignore mkdir ${HOME}/.newsboat 13ignore mkdir ${HOME}/.newsboat
14deny ${PATH}/newsboat 14blacklist ${PATH}/newsboat
15 15
16deny ${HOME}/.config/newsboat 16blacklist ${HOME}/.config/newsboat
17deny ${HOME}/.local/share/newsboat 17blacklist ${HOME}/.local/share/newsboat
18deny ${HOME}/.newsboat 18blacklist ${HOME}/.newsboat
19 19
20noallow ${HOME}/.config/newsboat 20nowhitelist ${HOME}/.config/newsboat
21noallow ${HOME}/.local/share/newsboat 21nowhitelist ${HOME}/.local/share/newsboat
22noallow ${HOME}/.newsboat 22nowhitelist ${HOME}/.newsboat
23 23
24mkdir ${HOME}/.config/newsbeuter 24mkdir ${HOME}/.config/newsbeuter
25mkdir ${HOME}/.local/share/newsbeuter 25mkdir ${HOME}/.local/share/newsbeuter
diff --git a/etc/profile-m-z/newsboat.profile b/etc/profile-m-z/newsboat.profile
index e34752b55..13bc3a615 100644
--- a/etc/profile-m-z/newsboat.profile
+++ b/etc/profile-m-z/newsboat.profile
@@ -6,12 +6,12 @@ include newsboat.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/newsbeuter 9noblacklist ${HOME}/.config/newsbeuter
10nodeny ${HOME}/.config/newsboat 10noblacklist ${HOME}/.config/newsboat
11nodeny ${HOME}/.local/share/newsbeuter 11noblacklist ${HOME}/.local/share/newsbeuter
12nodeny ${HOME}/.local/share/newsboat 12noblacklist ${HOME}/.local/share/newsboat
13nodeny ${HOME}/.newsbeuter 13noblacklist ${HOME}/.newsbeuter
14nodeny ${HOME}/.newsboat 14noblacklist ${HOME}/.newsboat
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
@@ -24,12 +24,12 @@ include disable-xdg.inc
24mkdir ${HOME}/.config/newsboat 24mkdir ${HOME}/.config/newsboat
25mkdir ${HOME}/.local/share/newsboat 25mkdir ${HOME}/.local/share/newsboat
26mkdir ${HOME}/.newsboat 26mkdir ${HOME}/.newsboat
27allow ${HOME}/.config/newsbeuter 27whitelist ${HOME}/.config/newsbeuter
28allow ${HOME}/.config/newsboat 28whitelist ${HOME}/.config/newsboat
29allow ${HOME}/.local/share/newsbeuter 29whitelist ${HOME}/.local/share/newsbeuter
30allow ${HOME}/.local/share/newsboat 30whitelist ${HOME}/.local/share/newsboat
31allow ${HOME}/.newsbeuter 31whitelist ${HOME}/.newsbeuter
32allow ${HOME}/.newsboat 32whitelist ${HOME}/.newsboat
33include whitelist-common.inc 33include whitelist-common.inc
34include whitelist-runuser-common.inc 34include whitelist-runuser-common.inc
35include whitelist-var-common.inc 35include whitelist-var-common.inc
diff --git a/etc/profile-m-z/newsflash.profile b/etc/profile-m-z/newsflash.profile
index 273628ea2..18d8c6ed4 100644
--- a/etc/profile-m-z/newsflash.profile
+++ b/etc/profile-m-z/newsflash.profile
@@ -6,9 +6,9 @@ include newsflash.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/NewsFlashGTK 9noblacklist ${HOME}/.cache/NewsFlashGTK
10nodeny ${HOME}/.config/news-flash 10noblacklist ${HOME}/.config/news-flash
11nodeny ${HOME}/.local/share/news-flash 11noblacklist ${HOME}/.local/share/news-flash
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -22,9 +22,9 @@ include disable-xdg.inc
22mkdir ${HOME}/.cache/NewsFlashGTK 22mkdir ${HOME}/.cache/NewsFlashGTK
23mkdir ${HOME}/.config/news-flash 23mkdir ${HOME}/.config/news-flash
24mkdir ${HOME}/.local/share/news-flash 24mkdir ${HOME}/.local/share/news-flash
25allow ${HOME}/.cache/NewsFlashGTK 25whitelist ${HOME}/.cache/NewsFlashGTK
26allow ${HOME}/.config/news-flash 26whitelist ${HOME}/.config/news-flash
27allow ${HOME}/.local/share/news-flash 27whitelist ${HOME}/.local/share/news-flash
28include whitelist-common.inc 28include whitelist-common.inc
29include whitelist-runuser-common.inc 29include whitelist-runuser-common.inc
30include whitelist-usr-share-common.inc 30include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/nextcloud.profile b/etc/profile-m-z/nextcloud.profile
index 7ba46691d..9fd76fbe7 100644
--- a/etc/profile-m-z/nextcloud.profile
+++ b/etc/profile-m-z/nextcloud.profile
@@ -6,9 +6,9 @@ include nextcloud.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/Nextcloud 9noblacklist ${HOME}/Nextcloud
10nodeny ${HOME}/.config/Nextcloud 10noblacklist ${HOME}/.config/Nextcloud
11nodeny ${HOME}/.local/share/Nextcloud 11noblacklist ${HOME}/.local/share/Nextcloud
12# Add the next lines to your nextcloud.local to allow sync in more directories. 12# Add the next lines to your nextcloud.local to allow sync in more directories.
13#noblacklist ${DOCUMENTS} 13#noblacklist ${DOCUMENTS}
14#noblacklist ${MUSIC} 14#noblacklist ${MUSIC}
@@ -27,9 +27,9 @@ include disable-xdg.inc
27mkdir ${HOME}/Nextcloud 27mkdir ${HOME}/Nextcloud
28mkdir ${HOME}/.config/Nextcloud 28mkdir ${HOME}/.config/Nextcloud
29mkdir ${HOME}/.local/share/Nextcloud 29mkdir ${HOME}/.local/share/Nextcloud
30allow ${HOME}/Nextcloud 30whitelist ${HOME}/Nextcloud
31allow ${HOME}/.config/Nextcloud 31whitelist ${HOME}/.config/Nextcloud
32allow ${HOME}/.local/share/Nextcloud 32whitelist ${HOME}/.local/share/Nextcloud
33# Add the next lines to your nextcloud.local to allow sync in more directories. 33# Add the next lines to your nextcloud.local to allow sync in more directories.
34#whitelist ${DOCUMENTS} 34#whitelist ${DOCUMENTS}
35#whitelist ${MUSIC} 35#whitelist ${MUSIC}
diff --git a/etc/profile-m-z/nheko.profile b/etc/profile-m-z/nheko.profile
index 0149e0737..f8062891c 100644
--- a/etc/profile-m-z/nheko.profile
+++ b/etc/profile-m-z/nheko.profile
@@ -6,9 +6,9 @@ include nheko.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/nheko 9noblacklist ${HOME}/.cache/nheko
10nodeny ${HOME}/.config/nheko 10noblacklist ${HOME}/.config/nheko
11nodeny ${HOME}/.local/share/nheko 11noblacklist ${HOME}/.local/share/nheko
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -22,10 +22,10 @@ include disable-xdg.inc
22mkdir ${HOME}/.cache/nheko 22mkdir ${HOME}/.cache/nheko
23mkdir ${HOME}/.config/nheko 23mkdir ${HOME}/.config/nheko
24mkdir ${HOME}/.local/share/nheko 24mkdir ${HOME}/.local/share/nheko
25allow ${HOME}/.cache/nheko 25whitelist ${HOME}/.cache/nheko
26allow ${HOME}/.config/nheko 26whitelist ${HOME}/.config/nheko
27allow ${HOME}/.local/share/nheko 27whitelist ${HOME}/.local/share/nheko
28allow ${DOWNLOADS} 28whitelist ${DOWNLOADS}
29include whitelist-common.inc 29include whitelist-common.inc
30include whitelist-runuser-common.inc 30include whitelist-runuser-common.inc
31include whitelist-usr-share-common.inc 31include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/nicotine.profile b/etc/profile-m-z/nicotine.profile
index b31a7babf..1c7dbc009 100644
--- a/etc/profile-m-z/nicotine.profile
+++ b/etc/profile-m-z/nicotine.profile
@@ -6,7 +6,7 @@ include nicotine.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.nicotine 9noblacklist ${HOME}/.nicotine
10 10
11# Allow python (blacklisted by disable-interpreters.inc) 11# Allow python (blacklisted by disable-interpreters.inc)
12include allow-python2.inc 12include allow-python2.inc
@@ -21,9 +21,9 @@ include disable-shell.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23mkdir ${HOME}/.nicotine 23mkdir ${HOME}/.nicotine
24allow ${DOWNLOADS} 24whitelist ${DOWNLOADS}
25allow ${HOME}/.nicotine 25whitelist ${HOME}/.nicotine
26allow /usr/share/GeoIP 26whitelist /usr/share/GeoIP
27include whitelist-common.inc 27include whitelist-common.inc
28include whitelist-runuser-common.inc 28include whitelist-runuser-common.inc
29include whitelist-usr-share-common.inc 29include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/nitroshare.profile b/etc/profile-m-z/nitroshare.profile
index 70fffd5d4..8dba84f02 100644
--- a/etc/profile-m-z/nitroshare.profile
+++ b/etc/profile-m-z/nitroshare.profile
@@ -6,8 +6,8 @@ include nitroshare.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/Nathan Osman 9noblacklist ${HOME}/.config/Nathan Osman
10nodeny ${HOME}/.config/NitroShare 10noblacklist ${HOME}/.config/NitroShare
11 11
12# Allow python (blacklisted by disable-interpreters.inc) 12# Allow python (blacklisted by disable-interpreters.inc)
13include allow-python2.inc 13include allow-python2.inc
diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile
index 7981ba6ae..fa69f9214 100644
--- a/etc/profile-m-z/nodejs-common.profile
+++ b/etc/profile-m-z/nodejs-common.profile
@@ -7,22 +7,22 @@ include nodejs-common.local
7# added by caller profile 7# added by caller profile
8#include globals.local 8#include globals.local
9 9
10deny /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11deny ${RUNUSER} 11blacklist ${RUNUSER}
12 12
13ignore read-only ${HOME}/.npm-packages 13ignore read-only ${HOME}/.npm-packages
14ignore read-only ${HOME}/.npmrc 14ignore read-only ${HOME}/.npmrc
15ignore read-only ${HOME}/.nvm 15ignore read-only ${HOME}/.nvm
16ignore read-only ${HOME}/.yarnrc 16ignore read-only ${HOME}/.yarnrc
17 17
18nodeny ${HOME}/.node-gyp 18noblacklist ${HOME}/.node-gyp
19nodeny ${HOME}/.npm 19noblacklist ${HOME}/.npm
20nodeny ${HOME}/.npmrc 20noblacklist ${HOME}/.npmrc
21nodeny ${HOME}/.nvm 21noblacklist ${HOME}/.nvm
22nodeny ${HOME}/.yarn 22noblacklist ${HOME}/.yarn
23nodeny ${HOME}/.yarn-config 23noblacklist ${HOME}/.yarn-config
24nodeny ${HOME}/.yarncache 24noblacklist ${HOME}/.yarncache
25nodeny ${HOME}/.yarnrc 25noblacklist ${HOME}/.yarnrc
26 26
27ignore noexec ${HOME} 27ignore noexec ${HOME}
28 28
@@ -58,9 +58,9 @@ include disable-xdg.inc
58#whitelist ${HOME}/Projects 58#whitelist ${HOME}/Projects
59#include whitelist-common.inc 59#include whitelist-common.inc
60 60
61allow /usr/share/doc/node 61whitelist /usr/share/doc/node
62allow /usr/share/nvm 62whitelist /usr/share/nvm
63allow /usr/share/systemtap/tapset/node.stp 63whitelist /usr/share/systemtap/tapset/node.stp
64include whitelist-runuser-common.inc 64include whitelist-runuser-common.inc
65include whitelist-usr-share-common.inc 65include whitelist-usr-share-common.inc
66include whitelist-var-common.inc 66include whitelist-var-common.inc
diff --git a/etc/profile-m-z/nomacs.profile b/etc/profile-m-z/nomacs.profile
index 80fbd0fcb..a36dee874 100644
--- a/etc/profile-m-z/nomacs.profile
+++ b/etc/profile-m-z/nomacs.profile
@@ -6,10 +6,10 @@ include nomacs.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/nomacs 9noblacklist ${HOME}/.config/nomacs
10nodeny ${HOME}/.local/share/nomacs 10noblacklist ${HOME}/.local/share/nomacs
11nodeny ${HOME}/.local/share/data/nomacs 11noblacklist ${HOME}/.local/share/data/nomacs
12nodeny ${PICTURES} 12noblacklist ${PICTURES}
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
diff --git a/etc/profile-m-z/notify-send.profile b/etc/profile-m-z/notify-send.profile
index a3bcc040c..650118c98 100644
--- a/etc/profile-m-z/notify-send.profile
+++ b/etc/profile-m-z/notify-send.profile
@@ -7,7 +7,7 @@ include notify-send.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny ${RUNUSER}/wayland-* 10blacklist ${RUNUSER}/wayland-*
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-m-z/nslookup.profile b/etc/profile-m-z/nslookup.profile
index b3002ad0e..c7a131a2c 100644
--- a/etc/profile-m-z/nslookup.profile
+++ b/etc/profile-m-z/nslookup.profile
@@ -7,10 +7,10 @@ include nslookup.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11deny ${RUNUSER} 11blacklist ${RUNUSER}
12 12
13nodeny ${PATH}/nslookup 13noblacklist ${PATH}/nslookup
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
@@ -20,7 +20,7 @@ include disable-passwdmgr.inc
20include disable-programs.inc 20include disable-programs.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23allow ${HOME}/.nslookuprc 23whitelist ${HOME}/.nslookuprc
24include whitelist-common.inc 24include whitelist-common.inc
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
26include whitelist-var-common.inc 26include whitelist-var-common.inc
diff --git a/etc/profile-m-z/nuclear.profile b/etc/profile-m-z/nuclear.profile
index 67f54f9fc..886403b9e 100644
--- a/etc/profile-m-z/nuclear.profile
+++ b/etc/profile-m-z/nuclear.profile
@@ -8,12 +8,12 @@ include globals.local
8 8
9ignore dbus-user 9ignore dbus-user
10 10
11nodeny ${HOME}/.config/nuclear 11noblacklist ${HOME}/.config/nuclear
12 12
13include disable-shell.inc 13include disable-shell.inc
14 14
15mkdir ${HOME}/.config/nuclear 15mkdir ${HOME}/.config/nuclear
16allow ${HOME}/.config/nuclear 16whitelist ${HOME}/.config/nuclear
17 17
18no3d 18no3d
19 19
diff --git a/etc/profile-m-z/nylas.profile b/etc/profile-m-z/nylas.profile
index ee7710b9c..fe0c2116b 100644
--- a/etc/profile-m-z/nylas.profile
+++ b/etc/profile-m-z/nylas.profile
@@ -5,8 +5,8 @@ include nylas.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/Nylas Mail 8noblacklist ${HOME}/.config/Nylas Mail
9nodeny ${HOME}/.nylas-mail 9noblacklist ${HOME}/.nylas-mail
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-programs.inc
16 16
17mkdir ${HOME}/.config/Nylas Mail 17mkdir ${HOME}/.config/Nylas Mail
18mkdir ${HOME}/.nylas-mail 18mkdir ${HOME}/.nylas-mail
19allow ${DOWNLOADS} 19whitelist ${DOWNLOADS}
20allow ${HOME}/.config/Nylas Mail 20whitelist ${HOME}/.config/Nylas Mail
21allow ${HOME}/.nylas-mail 21whitelist ${HOME}/.nylas-mail
22include whitelist-common.inc 22include whitelist-common.inc
23 23
24caps.drop all 24caps.drop all
diff --git a/etc/profile-m-z/nyx.profile b/etc/profile-m-z/nyx.profile
index 1d606f70c..d040d42af 100644
--- a/etc/profile-m-z/nyx.profile
+++ b/etc/profile-m-z/nyx.profile
@@ -10,7 +10,7 @@ include globals.local
10include allow-python2.inc 10include allow-python2.inc
11include allow-python3.inc 11include allow-python3.inc
12 12
13nodeny ${HOME}/.nyx 13noblacklist ${HOME}/.nyx
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
@@ -22,7 +22,7 @@ include disable-shell.inc
22include disable-xdg.inc 22include disable-xdg.inc
23 23
24mkdir ${HOME}/.nyx 24mkdir ${HOME}/.nyx
25allow ${HOME}/.nyx 25whitelist ${HOME}/.nyx
26include whitelist-common.inc 26include whitelist-common.inc
27include whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
diff --git a/etc/profile-m-z/obs.profile b/etc/profile-m-z/obs.profile
index f70bdc55a..9345cee4f 100644
--- a/etc/profile-m-z/obs.profile
+++ b/etc/profile-m-z/obs.profile
@@ -5,10 +5,10 @@ include obs.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/obs-studio 8noblacklist ${HOME}/.config/obs-studio
9nodeny ${MUSIC} 9noblacklist ${MUSIC}
10nodeny ${PICTURES} 10noblacklist ${PICTURES}
11nodeny ${VIDEOS} 11noblacklist ${VIDEOS}
12 12
13# Allow python (blacklisted by disable-interpreters.inc) 13# Allow python (blacklisted by disable-interpreters.inc)
14include allow-python2.inc 14include allow-python2.inc
diff --git a/etc/profile-m-z/ocenaudio.profile b/etc/profile-m-z/ocenaudio.profile
index 792c2ffc6..7be68a201 100644
--- a/etc/profile-m-z/ocenaudio.profile
+++ b/etc/profile-m-z/ocenaudio.profile
@@ -6,9 +6,9 @@ include ocenaudio.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.local/share/ocenaudio 9noblacklist ${HOME}/.local/share/ocenaudio
10nodeny ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11nodeny ${MUSIC} 11noblacklist ${MUSIC}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-m-z/odt2txt.profile b/etc/profile-m-z/odt2txt.profile
index 61b71ec10..6163d2e22 100644
--- a/etc/profile-m-z/odt2txt.profile
+++ b/etc/profile-m-z/odt2txt.profile
@@ -6,9 +6,9 @@ include odt2txt.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9deny ${RUNUSER}/wayland-* 9blacklist ${RUNUSER}/wayland-*
10 10
11nodeny ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-m-z/okular.profile b/etc/profile-m-z/okular.profile
index feeed86cb..ab8ccf623 100644
--- a/etc/profile-m-z/okular.profile
+++ b/etc/profile-m-z/okular.profile
@@ -6,18 +6,18 @@ include okular.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/okular 9noblacklist ${HOME}/.cache/okular
10nodeny ${HOME}/.config/okularpartrc 10noblacklist ${HOME}/.config/okularpartrc
11nodeny ${HOME}/.config/okularrc 11noblacklist ${HOME}/.config/okularrc
12nodeny ${HOME}/.kde/share/apps/okular 12noblacklist ${HOME}/.kde/share/apps/okular
13nodeny ${HOME}/.kde/share/config/okularpartrc 13noblacklist ${HOME}/.kde/share/config/okularpartrc
14nodeny ${HOME}/.kde/share/config/okularrc 14noblacklist ${HOME}/.kde/share/config/okularrc
15nodeny ${HOME}/.kde4/share/apps/okular 15noblacklist ${HOME}/.kde4/share/apps/okular
16nodeny ${HOME}/.kde4/share/config/okularpartrc 16noblacklist ${HOME}/.kde4/share/config/okularpartrc
17nodeny ${HOME}/.kde4/share/config/okularrc 17noblacklist ${HOME}/.kde4/share/config/okularrc
18nodeny ${HOME}/.local/share/kxmlgui5/okular 18noblacklist ${HOME}/.local/share/kxmlgui5/okular
19nodeny ${HOME}/.local/share/okular 19noblacklist ${HOME}/.local/share/okular
20nodeny ${DOCUMENTS} 20noblacklist ${DOCUMENTS}
21 21
22include disable-common.inc 22include disable-common.inc
23include disable-devel.inc 23include disable-devel.inc
@@ -28,15 +28,15 @@ include disable-programs.inc
28include disable-shell.inc 28include disable-shell.inc
29include disable-xdg.inc 29include disable-xdg.inc
30 30
31allow /usr/share/config.kcfg/gssettings.kcfg 31whitelist /usr/share/config.kcfg/gssettings.kcfg
32allow /usr/share/config.kcfg/pdfsettings.kcfg 32whitelist /usr/share/config.kcfg/pdfsettings.kcfg
33allow /usr/share/config.kcfg/okular.kcfg 33whitelist /usr/share/config.kcfg/okular.kcfg
34allow /usr/share/config.kcfg/okular_core.kcfg 34whitelist /usr/share/config.kcfg/okular_core.kcfg
35allow /usr/share/ghostscript 35whitelist /usr/share/ghostscript
36allow /usr/share/kconf_update/okular.upd 36whitelist /usr/share/kconf_update/okular.upd
37allow /usr/share/kxmlgui5/okular 37whitelist /usr/share/kxmlgui5/okular
38allow /usr/share/okular 38whitelist /usr/share/okular
39allow /usr/share/poppler 39whitelist /usr/share/poppler
40include whitelist-runuser-common.inc 40include whitelist-runuser-common.inc
41include whitelist-usr-share-common.inc 41include whitelist-usr-share-common.inc
42include whitelist-var-common.inc 42include whitelist-var-common.inc
diff --git a/etc/profile-m-z/onboard.profile b/etc/profile-m-z/onboard.profile
index 748d17995..5b367b639 100644
--- a/etc/profile-m-z/onboard.profile
+++ b/etc/profile-m-z/onboard.profile
@@ -6,7 +6,7 @@ include onboard.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/onboard 9noblacklist ${HOME}/.config/onboard
10 10
11# Allow python (blacklisted by disable-interpreters.inc) 11# Allow python (blacklisted by disable-interpreters.inc)
12include allow-python2.inc 12include allow-python2.inc
@@ -22,8 +22,8 @@ include disable-shell.inc
22include disable-xdg.inc 22include disable-xdg.inc
23 23
24mkdir ${HOME}/.config/onboard 24mkdir ${HOME}/.config/onboard
25allow ${HOME}/.config/onboard 25whitelist ${HOME}/.config/onboard
26allow /usr/share/onboard 26whitelist /usr/share/onboard
27include whitelist-common.inc 27include whitelist-common.inc
28include whitelist-usr-share-common.inc 28include whitelist-usr-share-common.inc
29include whitelist-runuser-common.inc 29include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/onionshare-gui.profile b/etc/profile-m-z/onionshare-gui.profile
index 188818a7f..960df9034 100644
--- a/etc/profile-m-z/onionshare-gui.profile
+++ b/etc/profile-m-z/onionshare-gui.profile
@@ -5,7 +5,7 @@ include onionshare-gui.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/onionshare 8noblacklist ${HOME}/.config/onionshare
9 9
10# Allow python (blacklisted by disable-interpreters.inc) 10# Allow python (blacklisted by disable-interpreters.inc)
11include allow-python3.inc 11include allow-python3.inc
diff --git a/etc/profile-m-z/open-invaders.profile b/etc/profile-m-z/open-invaders.profile
index 6e2b31def..7a840d4a9 100644
--- a/etc/profile-m-z/open-invaders.profile
+++ b/etc/profile-m-z/open-invaders.profile
@@ -6,7 +6,7 @@ include open-invaders.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.openinvaders 9noblacklist ${HOME}/.openinvaders
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
17include disable-shell.inc 17include disable-shell.inc
18 18
19mkdir ${HOME}/.openinvaders 19mkdir ${HOME}/.openinvaders
20allow ${HOME}/.openinvaders 20whitelist ${HOME}/.openinvaders
21include whitelist-common.inc 21include whitelist-common.inc
22include whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
diff --git a/etc/profile-m-z/openarena.profile b/etc/profile-m-z/openarena.profile
index dfc78e5a9..36ce0316f 100644
--- a/etc/profile-m-z/openarena.profile
+++ b/etc/profile-m-z/openarena.profile
@@ -6,7 +6,7 @@ include openarena.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.openarena 9noblacklist ${HOME}/.openarena
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19mkdir ${HOME}/.openarena 19mkdir ${HOME}/.openarena
20allow ${HOME}/.openarena 20whitelist ${HOME}/.openarena
21allow /usr/share/openarena 21whitelist /usr/share/openarena
22include whitelist-common.inc 22include whitelist-common.inc
23include whitelist-runuser-common.inc 23include whitelist-runuser-common.inc
24include whitelist-usr-share-common.inc 24include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/openbox.profile b/etc/profile-m-z/openbox.profile
index 5a6b378f0..b49fd9932 100644
--- a/etc/profile-m-z/openbox.profile
+++ b/etc/profile-m-z/openbox.profile
@@ -7,7 +7,7 @@ include openbox.local
7include globals.local 7include globals.local
8 8
9# all applications started in openbox will run in this profile 9# all applications started in openbox will run in this profile
10nodeny ${HOME}/.config/openbox 10noblacklist ${HOME}/.config/openbox
11include disable-common.inc 11include disable-common.inc
12 12
13caps.drop all 13caps.drop all
diff --git a/etc/profile-m-z/opencity.profile b/etc/profile-m-z/opencity.profile
index 268e7cee3..a3d371e15 100644
--- a/etc/profile-m-z/opencity.profile
+++ b/etc/profile-m-z/opencity.profile
@@ -6,7 +6,7 @@ include opencity.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.opencity 9noblacklist ${HOME}/.opencity
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.opencity 20mkdir ${HOME}/.opencity
21allow ${HOME}/.opencity 21whitelist ${HOME}/.opencity
22include whitelist-common.inc 22include whitelist-common.inc
23include whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
diff --git a/etc/profile-m-z/openclonk.profile b/etc/profile-m-z/openclonk.profile
index 588191cb3..32b40df42 100644
--- a/etc/profile-m-z/openclonk.profile
+++ b/etc/profile-m-z/openclonk.profile
@@ -6,7 +6,7 @@ include openclonk.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.clonk 9noblacklist ${HOME}/.clonk
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.clonk 20mkdir ${HOME}/.clonk
21allow ${HOME}/.clonk 21whitelist ${HOME}/.clonk
22include whitelist-common.inc 22include whitelist-common.inc
23include whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
diff --git a/etc/profile-m-z/openmw.profile b/etc/profile-m-z/openmw.profile
index 95d507c98..d1fe67aed 100644
--- a/etc/profile-m-z/openmw.profile
+++ b/etc/profile-m-z/openmw.profile
@@ -6,8 +6,8 @@ include openmw.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/openmw 9noblacklist ${HOME}/.config/openmw
10nodeny ${HOME}/.local/share/openmw 10noblacklist ${HOME}/.local/share/openmw
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -21,11 +21,11 @@ include disable-xdg.inc
21 21
22mkdir ${HOME}/.config/openmw 22mkdir ${HOME}/.config/openmw
23mkdir ${HOME}/.local/share/openmw 23mkdir ${HOME}/.local/share/openmw
24allow ${HOME}/.config/openmw 24whitelist ${HOME}/.config/openmw
25# Copy Morrowind data files into ${HOME}/.local/share/openmw or load them from /mnt. 25# Copy Morrowind data files into ${HOME}/.local/share/openmw or load them from /mnt.
26# Alternatively you can whitelist custom paths in your openmw.local. 26# Alternatively you can whitelist custom paths in your openmw.local.
27allow ${HOME}/.local/share/openmw 27whitelist ${HOME}/.local/share/openmw
28allow /usr/share/openmw 28whitelist /usr/share/openmw
29include whitelist-common.inc 29include whitelist-common.inc
30include whitelist-runuser-common.inc 30include whitelist-runuser-common.inc
31include whitelist-usr-share-common.inc 31include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/openshot.profile b/etc/profile-m-z/openshot.profile
index ebb536b3e..6118630c4 100644
--- a/etc/profile-m-z/openshot.profile
+++ b/etc/profile-m-z/openshot.profile
@@ -6,8 +6,8 @@ include openshot.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.openshot 9noblacklist ${HOME}/.openshot
10nodeny ${HOME}/.openshot_qt 10noblacklist ${HOME}/.openshot_qt
11 11
12# Allow python (blacklisted by disable-interpreters.inc) 12# Allow python (blacklisted by disable-interpreters.inc)
13include allow-python3.inc 13include allow-python3.inc
@@ -19,8 +19,8 @@ include disable-interpreters.inc
19include disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include disable-programs.inc 20include disable-programs.inc
21 21
22allow /usr/share/blender 22whitelist /usr/share/blender
23allow /usr/share/inkscape 23whitelist /usr/share/inkscape
24include whitelist-runuser-common.inc 24include whitelist-runuser-common.inc
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
26include whitelist-var-common.inc 26include whitelist-var-common.inc
diff --git a/etc/profile-m-z/openttd.profile b/etc/profile-m-z/openttd.profile
index 79c1f8ffa..546958bb7 100644
--- a/etc/profile-m-z/openttd.profile
+++ b/etc/profile-m-z/openttd.profile
@@ -6,7 +6,7 @@ include openttd.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.openttd 9noblacklist ${HOME}/.openttd
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.openttd 20mkdir ${HOME}/.openttd
21allow ${HOME}/.openttd 21whitelist ${HOME}/.openttd
22include whitelist-common.inc 22include whitelist-common.inc
23include whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
diff --git a/etc/profile-m-z/opera-beta.profile b/etc/profile-m-z/opera-beta.profile
index 548afc0b4..551f1aba4 100644
--- a/etc/profile-m-z/opera-beta.profile
+++ b/etc/profile-m-z/opera-beta.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
10ignore include whitelist-runuser-common.inc 10ignore include whitelist-runuser-common.inc
11ignore include whitelist-usr-share-common.inc 11ignore include whitelist-usr-share-common.inc
12 12
13nodeny ${HOME}/.cache/opera 13noblacklist ${HOME}/.cache/opera
14nodeny ${HOME}/.config/opera-beta 14noblacklist ${HOME}/.config/opera-beta
15 15
16mkdir ${HOME}/.cache/opera 16mkdir ${HOME}/.cache/opera
17mkdir ${HOME}/.config/opera-beta 17mkdir ${HOME}/.config/opera-beta
18allow ${HOME}/.cache/opera 18whitelist ${HOME}/.cache/opera
19allow ${HOME}/.config/opera-beta 19whitelist ${HOME}/.config/opera-beta
20 20
21# Redirect 21# Redirect
22include chromium-common.profile 22include chromium-common.profile
diff --git a/etc/profile-m-z/opera.profile b/etc/profile-m-z/opera.profile
index 5a3fe064e..2c7c5fc35 100644
--- a/etc/profile-m-z/opera.profile
+++ b/etc/profile-m-z/opera.profile
@@ -11,16 +11,16 @@ ignore whitelist /usr/share/chromium
11ignore include whitelist-runuser-common.inc 11ignore include whitelist-runuser-common.inc
12ignore include whitelist-usr-share-common.inc 12ignore include whitelist-usr-share-common.inc
13 13
14nodeny ${HOME}/.cache/opera 14noblacklist ${HOME}/.cache/opera
15nodeny ${HOME}/.config/opera 15noblacklist ${HOME}/.config/opera
16nodeny ${HOME}/.opera 16noblacklist ${HOME}/.opera
17 17
18mkdir ${HOME}/.cache/opera 18mkdir ${HOME}/.cache/opera
19mkdir ${HOME}/.config/opera 19mkdir ${HOME}/.config/opera
20mkdir ${HOME}/.opera 20mkdir ${HOME}/.opera
21allow ${HOME}/.cache/opera 21whitelist ${HOME}/.cache/opera
22allow ${HOME}/.config/opera 22whitelist ${HOME}/.config/opera
23allow ${HOME}/.opera 23whitelist ${HOME}/.opera
24 24
25# Redirect 25# Redirect
26include chromium-common.profile 26include chromium-common.profile
diff --git a/etc/profile-m-z/orage.profile b/etc/profile-m-z/orage.profile
index a49cbdb91..4e4d8bea5 100644
--- a/etc/profile-m-z/orage.profile
+++ b/etc/profile-m-z/orage.profile
@@ -6,8 +6,8 @@ include orage.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/orage 9noblacklist ${HOME}/.config/orage
10nodeny ${HOME}/.local/share/orage 10noblacklist ${HOME}/.local/share/orage
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-m-z/ostrichriders.profile b/etc/profile-m-z/ostrichriders.profile
index ed881816e..310b90919 100644
--- a/etc/profile-m-z/ostrichriders.profile
+++ b/etc/profile-m-z/ostrichriders.profile
@@ -6,7 +6,7 @@ include ostrichriders.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.ostrichriders 9noblacklist ${HOME}/.ostrichriders
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.ostrichriders 20mkdir ${HOME}/.ostrichriders
21allow ${HOME}/.ostrichriders 21whitelist ${HOME}/.ostrichriders
22allow /usr/share/ostrichriders 22whitelist /usr/share/ostrichriders
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-usr-share-common.inc 24include whitelist-usr-share-common.inc
25include whitelist-var-common.inc 25include whitelist-var-common.inc
diff --git a/etc/profile-m-z/otter-browser.profile b/etc/profile-m-z/otter-browser.profile
index bc9e730a1..20a4e25ed 100644
--- a/etc/profile-m-z/otter-browser.profile
+++ b/etc/profile-m-z/otter-browser.profile
@@ -8,10 +8,10 @@ include globals.local
8 8
9?BROWSER_ALLOW_DRM: ignore noexec ${HOME} 9?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
10 10
11nodeny ${HOME}/.cache/Otter 11noblacklist ${HOME}/.cache/Otter
12nodeny ${HOME}/.config/otter 12noblacklist ${HOME}/.config/otter
13nodeny ${HOME}/.pki 13noblacklist ${HOME}/.pki
14nodeny ${HOME}/.local/share/pki 14noblacklist ${HOME}/.local/share/pki
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
@@ -25,12 +25,12 @@ mkdir ${HOME}/.cache/Otter
25mkdir ${HOME}/.config/otter 25mkdir ${HOME}/.config/otter
26mkdir ${HOME}/.pki 26mkdir ${HOME}/.pki
27mkdir ${HOME}/.local/share/pki 27mkdir ${HOME}/.local/share/pki
28allow ${DOWNLOADS} 28whitelist ${DOWNLOADS}
29allow ${HOME}/.cache/Otter 29whitelist ${HOME}/.cache/Otter
30allow ${HOME}/.config/otter 30whitelist ${HOME}/.config/otter
31allow ${HOME}/.pki 31whitelist ${HOME}/.pki
32allow ${HOME}/.local/share/pki 32whitelist ${HOME}/.local/share/pki
33allow /usr/share/otter-browser 33whitelist /usr/share/otter-browser
34include whitelist-common.inc 34include whitelist-common.inc
35include whitelist-runuser-common.inc 35include whitelist-runuser-common.inc
36include whitelist-usr-share-common.inc 36include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/palemoon.profile b/etc/profile-m-z/palemoon.profile
index 503c141d8..acb2ce176 100644
--- a/etc/profile-m-z/palemoon.profile
+++ b/etc/profile-m-z/palemoon.profile
@@ -5,13 +5,13 @@ include palemoon.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.cache/moonchild productions/pale moon 8noblacklist ${HOME}/.cache/moonchild productions/pale moon
9nodeny ${HOME}/.moonchild productions/pale moon 9noblacklist ${HOME}/.moonchild productions/pale moon
10 10
11mkdir ${HOME}/.cache/moonchild productions/pale moon 11mkdir ${HOME}/.cache/moonchild productions/pale moon
12mkdir ${HOME}/.moonchild productions 12mkdir ${HOME}/.moonchild productions
13allow ${HOME}/.cache/moonchild productions/pale moon 13whitelist ${HOME}/.cache/moonchild productions/pale moon
14allow ${HOME}/.moonchild productions 14whitelist ${HOME}/.moonchild productions
15 15
16# Palemoon can use the full firejail seccomp filter (unlike firefox >= 60) 16# Palemoon can use the full firejail seccomp filter (unlike firefox >= 60)
17seccomp 17seccomp
diff --git a/etc/profile-m-z/pandoc.profile b/etc/profile-m-z/pandoc.profile
index a59f53298..513b4119e 100644
--- a/etc/profile-m-z/pandoc.profile
+++ b/etc/profile-m-z/pandoc.profile
@@ -7,9 +7,9 @@ include pandoc.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny ${RUNUSER} 10blacklist ${RUNUSER}
11 11
12nodeny ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
diff --git a/etc/profile-m-z/parole.profile b/etc/profile-m-z/parole.profile
index a277d1cbc..0a4422a73 100644
--- a/etc/profile-m-z/parole.profile
+++ b/etc/profile-m-z/parole.profile
@@ -6,8 +6,8 @@ include parole.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${MUSIC} 9noblacklist ${MUSIC}
10nodeny ${VIDEOS} 10noblacklist ${VIDEOS}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-m-z/patch.profile b/etc/profile-m-z/patch.profile
index 156c3956d..0de968185 100644
--- a/etc/profile-m-z/patch.profile
+++ b/etc/profile-m-z/patch.profile
@@ -7,9 +7,9 @@ include patch.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny ${RUNUSER} 10blacklist ${RUNUSER}
11 11
12nodeny ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
diff --git a/etc/profile-m-z/pavucontrol-qt.profile b/etc/profile-m-z/pavucontrol-qt.profile
index dcd69cdd0..f96ba14d2 100644
--- a/etc/profile-m-z/pavucontrol-qt.profile
+++ b/etc/profile-m-z/pavucontrol-qt.profile
@@ -7,10 +7,10 @@ include pavucontrol-qt.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10nodeny ${HOME}/.config/pavucontrol-qt 10noblacklist ${HOME}/.config/pavucontrol-qt
11 11
12mkdir ${HOME}/.config/pavucontrol-qt 12mkdir ${HOME}/.config/pavucontrol-qt
13allow ${HOME}/.config/pavucontrol-qt 13whitelist ${HOME}/.config/pavucontrol-qt
14 14
15private-bin pavucontrol-qt 15private-bin pavucontrol-qt
16ignore private-lib 16ignore private-lib
diff --git a/etc/profile-m-z/pavucontrol.profile b/etc/profile-m-z/pavucontrol.profile
index f44730c33..b46fb3026 100644
--- a/etc/profile-m-z/pavucontrol.profile
+++ b/etc/profile-m-z/pavucontrol.profile
@@ -6,7 +6,7 @@ include pavucontrol.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/pavucontrol.ini 9noblacklist ${HOME}/.config/pavucontrol.ini
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
19# whitelisting in ${HOME} is broken, see #3112 19# whitelisting in ${HOME} is broken, see #3112
20#mkfile ${HOME}/.config/pavucontrol.ini 20#mkfile ${HOME}/.config/pavucontrol.ini
21#whitelist ${HOME}/.config/pavucontrol.ini 21#whitelist ${HOME}/.config/pavucontrol.ini
22allow /usr/share/pavucontrol 22whitelist /usr/share/pavucontrol
23allow /usr/share/pavucontrol-qt 23whitelist /usr/share/pavucontrol-qt
24#include whitelist-common.inc 24#include whitelist-common.inc
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
26include whitelist-var-common.inc 26include whitelist-var-common.inc
diff --git a/etc/profile-m-z/pcsxr.profile b/etc/profile-m-z/pcsxr.profile
index 3f920ced8..a6dab2a9a 100644
--- a/etc/profile-m-z/pcsxr.profile
+++ b/etc/profile-m-z/pcsxr.profile
@@ -8,7 +8,7 @@ include globals.local
8 8
9# Note: you must whitelist your games folder in your pcsxr.local 9# Note: you must whitelist your games folder in your pcsxr.local
10 10
11nodeny ${HOME}/.pcsxr 11noblacklist ${HOME}/.pcsxr
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -21,7 +21,7 @@ include disable-write-mnt.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23mkdir ${HOME}/.pcsxr 23mkdir ${HOME}/.pcsxr
24allow ${HOME}/.pcsxr 24whitelist ${HOME}/.pcsxr
25include whitelist-common.inc 25include whitelist-common.inc
26include whitelist-runuser-common.inc 26include whitelist-runuser-common.inc
27include whitelist-usr-share-common.inc 27include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/pdfchain.profile b/etc/profile-m-z/pdfchain.profile
index 13a011072..d72417914 100644
--- a/etc/profile-m-z/pdfchain.profile
+++ b/etc/profile-m-z/pdfchain.profile
@@ -5,7 +5,7 @@ include pdfchain.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${DOCUMENTS} 8noblacklist ${DOCUMENTS}
9 9
10include disable-common.inc 10include disable-common.inc
11include disable-devel.inc 11include disable-devel.inc
diff --git a/etc/profile-m-z/pdfmod.profile b/etc/profile-m-z/pdfmod.profile
index e49ce8073..a19826555 100644
--- a/etc/profile-m-z/pdfmod.profile
+++ b/etc/profile-m-z/pdfmod.profile
@@ -6,9 +6,9 @@ include pdfmod.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/pdfmod 9noblacklist ${HOME}/.cache/pdfmod
10nodeny ${HOME}/.config/pdfmod 10noblacklist ${HOME}/.config/pdfmod
11nodeny ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-m-z/pdfsam.profile b/etc/profile-m-z/pdfsam.profile
index 67c14bbc3..e2808d4d2 100644
--- a/etc/profile-m-z/pdfsam.profile
+++ b/etc/profile-m-z/pdfsam.profile
@@ -6,7 +6,7 @@ include pdfsam.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10 10
11# Allow java (blacklisted by disable-devel.inc) 11# Allow java (blacklisted by disable-devel.inc)
12include allow-java.inc 12include allow-java.inc
diff --git a/etc/profile-m-z/pdftotext.profile b/etc/profile-m-z/pdftotext.profile
index 1c7ebfad5..d3902a51c 100644
--- a/etc/profile-m-z/pdftotext.profile
+++ b/etc/profile-m-z/pdftotext.profile
@@ -6,9 +6,9 @@ include pdftotext.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9deny ${RUNUSER} 9blacklist ${RUNUSER}
10 10
11nodeny ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-programs.inc
19include disable-shell.inc 19include disable-shell.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22allow ${DOCUMENTS} 22whitelist ${DOCUMENTS}
23allow ${DOWNLOADS} 23whitelist ${DOWNLOADS}
24allow /usr/share/poppler 24whitelist /usr/share/poppler
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
26include whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
diff --git a/etc/profile-m-z/peek.profile b/etc/profile-m-z/peek.profile
index e809625ad..c33953687 100644
--- a/etc/profile-m-z/peek.profile
+++ b/etc/profile-m-z/peek.profile
@@ -5,9 +5,9 @@ include peek.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.cache/peek 8noblacklist ${HOME}/.cache/peek
9nodeny ${PICTURES} 9noblacklist ${PICTURES}
10nodeny ${VIDEOS} 10noblacklist ${VIDEOS}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-m-z/penguin-command.profile b/etc/profile-m-z/penguin-command.profile
index 5ebd7b462..f5ad0321d 100644
--- a/etc/profile-m-z/penguin-command.profile
+++ b/etc/profile-m-z/penguin-command.profile
@@ -6,7 +6,7 @@ include penguin-command.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.penguin-command 9noblacklist ${HOME}/.penguin-command
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
16include disable-programs.inc 16include disable-programs.inc
17include disable-shell.inc 17include disable-shell.inc
18 18
19allow ${HOME}/.penguin-command 19whitelist ${HOME}/.penguin-command
20include whitelist-common.inc 20include whitelist-common.inc
21include whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
diff --git a/etc/profile-m-z/photoflare.profile b/etc/profile-m-z/photoflare.profile
index 8dd506850..40068ff78 100644
--- a/etc/profile-m-z/photoflare.profile
+++ b/etc/profile-m-z/photoflare.profile
@@ -6,7 +6,7 @@ include photoflare.local
6# Persistent global definitions 6# Persistent global definitions
7include photoflare.local 7include photoflare.local
8 8
9nodeny ${PICTURES} 9noblacklist ${PICTURES}
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-m-z/picard.profile b/etc/profile-m-z/picard.profile
index ac178ee6c..a5ea47088 100644
--- a/etc/profile-m-z/picard.profile
+++ b/etc/profile-m-z/picard.profile
@@ -6,9 +6,9 @@ include picard.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/MusicBrainz 9noblacklist ${HOME}/.cache/MusicBrainz
10nodeny ${HOME}/.config/MusicBrainz 10noblacklist ${HOME}/.config/MusicBrainz
11nodeny ${MUSIC} 11noblacklist ${MUSIC}
12 12
13# Allow python (blacklisted by disable-interpreters.inc) 13# Allow python (blacklisted by disable-interpreters.inc)
14include allow-python2.inc 14include allow-python2.inc
diff --git a/etc/profile-m-z/pidgin.profile b/etc/profile-m-z/pidgin.profile
index a65abeb2e..26872e9a1 100644
--- a/etc/profile-m-z/pidgin.profile
+++ b/etc/profile-m-z/pidgin.profile
@@ -9,7 +9,7 @@ include globals.local
9ignore noexec ${RUNUSER} 9ignore noexec ${RUNUSER}
10ignore noexec /dev/shm 10ignore noexec /dev/shm
11 11
12nodeny ${HOME}/.purple 12noblacklist ${HOME}/.purple
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-programs.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22mkdir ${HOME}/.purple 22mkdir ${HOME}/.purple
23allow ${HOME}/.purple 23whitelist ${HOME}/.purple
24allow ${DOWNLOADS} 24whitelist ${DOWNLOADS}
25allow ${PICTURES} 25whitelist ${PICTURES}
26include whitelist-common.inc 26include whitelist-common.inc
27include whitelist-usr-share-common.inc 27include whitelist-usr-share-common.inc
28include whitelist-var-common.inc 28include whitelist-var-common.inc
diff --git a/etc/profile-m-z/pinball.profile b/etc/profile-m-z/pinball.profile
index 41e4fb6c0..2e17be2ce 100644
--- a/etc/profile-m-z/pinball.profile
+++ b/etc/profile-m-z/pinball.profile
@@ -6,7 +6,7 @@ include pinball.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/emilia 9noblacklist ${HOME}/.config/emilia
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,11 +18,11 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.config/emilia 20mkdir ${HOME}/.config/emilia
21allow ${HOME}/.config/emilia 21whitelist ${HOME}/.config/emilia
22 22
23allow /usr/share/pinball 23whitelist /usr/share/pinball
24# on debian games are stored under /usr/share/games 24# on debian games are stored under /usr/share/games
25allow /usr/share/games/pinball 25whitelist /usr/share/games/pinball
26include whitelist-common.inc 26include whitelist-common.inc
27include whitelist-runuser-common.inc 27include whitelist-runuser-common.inc
28include whitelist-usr-share-common.inc 28include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/ping.profile b/etc/profile-m-z/ping.profile
index 65e77abfa..e914007c0 100644
--- a/etc/profile-m-z/ping.profile
+++ b/etc/profile-m-z/ping.profile
@@ -7,8 +7,8 @@ include ping.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11deny ${RUNUSER} 11blacklist ${RUNUSER}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-m-z/pingus.profile b/etc/profile-m-z/pingus.profile
index aa2cfe203..f1fdfcbad 100644
--- a/etc/profile-m-z/pingus.profile
+++ b/etc/profile-m-z/pingus.profile
@@ -6,12 +6,12 @@ include pingus.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.pingus 9noblacklist ${HOME}/.pingus
10 10
11# Allow /bin/sh (blacklisted by disable-shell.inc) 11# Allow /bin/sh (blacklisted by disable-shell.inc)
12include allow-bin-sh.inc 12include allow-bin-sh.inc
13 13
14deny /usr/libexec 14blacklist /usr/libexec
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
@@ -23,8 +23,8 @@ include disable-shell.inc
23include disable-xdg.inc 23include disable-xdg.inc
24 24
25mkdir ${HOME}/.pingus 25mkdir ${HOME}/.pingus
26allow ${HOME}/.pingus 26whitelist ${HOME}/.pingus
27allow /usr/share/pingus 27whitelist /usr/share/pingus
28include whitelist-common.inc 28include whitelist-common.inc
29include whitelist-runuser-common.inc 29include whitelist-runuser-common.inc
30include whitelist-usr-share-common.inc 30include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/pinta.profile b/etc/profile-m-z/pinta.profile
index d0d4f1fce..19406c399 100644
--- a/etc/profile-m-z/pinta.profile
+++ b/etc/profile-m-z/pinta.profile
@@ -6,9 +6,9 @@ include pinta.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/Pinta 9noblacklist ${HOME}/.config/Pinta
10nodeny ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11nodeny ${PICTURES} 11noblacklist ${PICTURES}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-m-z/pioneer.profile b/etc/profile-m-z/pioneer.profile
index 6cfea28b6..721b3944a 100644
--- a/etc/profile-m-z/pioneer.profile
+++ b/etc/profile-m-z/pioneer.profile
@@ -6,7 +6,7 @@ include pioneer.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.pioneer 9noblacklist ${HOME}/.pioneer
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.pioneer 20mkdir ${HOME}/.pioneer
21allow ${HOME}/.pioneer 21whitelist ${HOME}/.pioneer
22include whitelist-common.inc 22include whitelist-common.inc
23include whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
diff --git a/etc/profile-m-z/pipe-viewer.profile b/etc/profile-m-z/pipe-viewer.profile
index acd7eeaf2..3de064311 100644
--- a/etc/profile-m-z/pipe-viewer.profile
+++ b/etc/profile-m-z/pipe-viewer.profile
@@ -7,13 +7,13 @@ include pipe-viewer.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${HOME}/.cache/pipe-viewer 10noblacklist ${HOME}/.cache/pipe-viewer
11nodeny ${HOME}/.config/pipe-viewer 11noblacklist ${HOME}/.config/pipe-viewer
12 12
13mkdir ${HOME}/.config/pipe-viewer 13mkdir ${HOME}/.config/pipe-viewer
14mkdir ${HOME}/.cache/pipe-viewer 14mkdir ${HOME}/.cache/pipe-viewer
15allow ${HOME}/.cache/pipe-viewer 15whitelist ${HOME}/.cache/pipe-viewer
16allow ${HOME}/.config/pipe-viewer 16whitelist ${HOME}/.config/pipe-viewer
17 17
18private-bin gtk-pipe-viewer,pipe-viewer 18private-bin gtk-pipe-viewer,pipe-viewer
19 19
diff --git a/etc/profile-m-z/pitivi.profile b/etc/profile-m-z/pitivi.profile
index abce4c911..a2dd809c4 100644
--- a/etc/profile-m-z/pitivi.profile
+++ b/etc/profile-m-z/pitivi.profile
@@ -6,7 +6,7 @@ include pitivi.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/pitivi 9noblacklist ${HOME}/.config/pitivi
10 10
11# Allow python (blacklisted by disable-interpreters.inc) 11# Allow python (blacklisted by disable-interpreters.inc)
12include allow-python2.inc 12include allow-python2.inc
diff --git a/etc/profile-m-z/pix.profile b/etc/profile-m-z/pix.profile
index 63451d352..81d3e9370 100644
--- a/etc/profile-m-z/pix.profile
+++ b/etc/profile-m-z/pix.profile
@@ -5,10 +5,10 @@ include pix.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/pix 8noblacklist ${HOME}/.config/pix
9nodeny ${HOME}/.local/share/pix 9noblacklist ${HOME}/.local/share/pix
10nodeny ${HOME}/.Steam 10noblacklist ${HOME}/.Steam
11nodeny ${HOME}/.steam 11noblacklist ${HOME}/.steam
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-m-z/pkglog.profile b/etc/profile-m-z/pkglog.profile
index 13d7db7f7..4eb41b3bd 100644
--- a/etc/profile-m-z/pkglog.profile
+++ b/etc/profile-m-z/pkglog.profile
@@ -17,9 +17,9 @@ include disable-passwdmgr.inc
17include disable-programs.inc 17include disable-programs.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20allow /var/log/apt/history.log 20whitelist /var/log/apt/history.log
21allow /var/log/dnf.rpm.log 21whitelist /var/log/dnf.rpm.log
22allow /var/log/pacman.log 22whitelist /var/log/pacman.log
23 23
24apparmor 24apparmor
25caps.drop all 25caps.drop all
diff --git a/etc/profile-m-z/playonlinux.profile b/etc/profile-m-z/playonlinux.profile
index 9c23841e2..8e98905b5 100644
--- a/etc/profile-m-z/playonlinux.profile
+++ b/etc/profile-m-z/playonlinux.profile
@@ -7,10 +7,10 @@ include playonlinux.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10nodeny ${HOME}/.PlayOnLinux 10noblacklist ${HOME}/.PlayOnLinux
11 11
12# nc is needed to run playonlinux 12# nc is needed to run playonlinux
13nodeny ${PATH}/nc 13noblacklist ${PATH}/nc
14 14
15# Allow perl (blacklisted by disable-interpreters.inc) 15# Allow perl (blacklisted by disable-interpreters.inc)
16include allow-perl.inc 16include allow-perl.inc
diff --git a/etc/profile-m-z/pluma.profile b/etc/profile-m-z/pluma.profile
index ab7e0c64b..10e12e5b1 100644
--- a/etc/profile-m-z/pluma.profile
+++ b/etc/profile-m-z/pluma.profile
@@ -6,8 +6,8 @@ include pluma.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/enchant 9noblacklist ${HOME}/.config/enchant
10nodeny ${HOME}/.config/pluma 10noblacklist ${HOME}/.config/pluma
11 11
12# Allows files commonly used by IDEs 12# Allows files commonly used by IDEs
13include allow-common-devel.inc 13include allow-common-devel.inc
diff --git a/etc/profile-m-z/plv.profile b/etc/profile-m-z/plv.profile
index 02cb83ef6..5201fd853 100644
--- a/etc/profile-m-z/plv.profile
+++ b/etc/profile-m-z/plv.profile
@@ -6,7 +6,7 @@ include plv.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/PacmanLogViewer 9noblacklist ${HOME}/.config/PacmanLogViewer
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19mkdir ${HOME}/.config/PacmanLogViewer 19mkdir ${HOME}/.config/PacmanLogViewer
20allow ${HOME}/.config/PacmanLogViewer 20whitelist ${HOME}/.config/PacmanLogViewer
21allow /var/log/pacman.log 21whitelist /var/log/pacman.log
22include whitelist-common.inc 22include whitelist-common.inc
23include whitelist-usr-share-common.inc 23include whitelist-usr-share-common.inc
24include whitelist-runuser-common.inc 24include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/pngquant.profile b/etc/profile-m-z/pngquant.profile
index 2c4dda43e..8a181d5a8 100644
--- a/etc/profile-m-z/pngquant.profile
+++ b/etc/profile-m-z/pngquant.profile
@@ -7,9 +7,9 @@ include pngquant.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${PICTURES} 10noblacklist ${PICTURES}
11 11
12deny ${RUNUSER}/wayland-* 12blacklist ${RUNUSER}/wayland-*
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
diff --git a/etc/profile-m-z/polari.profile b/etc/profile-m-z/polari.profile
index 115ac36ab..a3d4f9851 100644
--- a/etc/profile-m-z/polari.profile
+++ b/etc/profile-m-z/polari.profile
@@ -21,12 +21,12 @@ mkdir ${HOME}/.local/share/Empathy
21mkdir ${HOME}/.local/share/TpLogger 21mkdir ${HOME}/.local/share/TpLogger
22mkdir ${HOME}/.local/share/telepathy 22mkdir ${HOME}/.local/share/telepathy
23mkdir ${HOME}/.purple 23mkdir ${HOME}/.purple
24allow ${HOME}/.cache/telepathy 24whitelist ${HOME}/.cache/telepathy
25allow ${HOME}/.config/telepathy-account-widgets 25whitelist ${HOME}/.config/telepathy-account-widgets
26allow ${HOME}/.local/share/Empathy 26whitelist ${HOME}/.local/share/Empathy
27allow ${HOME}/.local/share/TpLogger 27whitelist ${HOME}/.local/share/TpLogger
28allow ${HOME}/.local/share/telepathy 28whitelist ${HOME}/.local/share/telepathy
29allow ${HOME}/.purple 29whitelist ${HOME}/.purple
30include whitelist-common.inc 30include whitelist-common.inc
31include whitelist-runuser-common.inc 31include whitelist-runuser-common.inc
32 32
diff --git a/etc/profile-m-z/ppsspp.profile b/etc/profile-m-z/ppsspp.profile
index 10c59ea32..1f73c1d89 100644
--- a/etc/profile-m-z/ppsspp.profile
+++ b/etc/profile-m-z/ppsspp.profile
@@ -8,7 +8,7 @@ include globals.local
8 8
9# Note: you must whitelist your games folder in your ppsspp.local. 9# Note: you must whitelist your games folder in your ppsspp.local.
10 10
11nodeny ${HOME}/.config/ppsspp 11noblacklist ${HOME}/.config/ppsspp
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -20,8 +20,8 @@ include disable-write-mnt.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22mkdir ${HOME}/.config/ppsspp 22mkdir ${HOME}/.config/ppsspp
23allow ${HOME}/.config/ppsspp 23whitelist ${HOME}/.config/ppsspp
24allow /usr/share/ppsspp 24whitelist /usr/share/ppsspp
25include whitelist-common.inc 25include whitelist-common.inc
26include whitelist-runuser-common.inc 26include whitelist-runuser-common.inc
27include whitelist-usr-share-common.inc 27include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/pragha.profile b/etc/profile-m-z/pragha.profile
index 9b03bf632..f138d785e 100644
--- a/etc/profile-m-z/pragha.profile
+++ b/etc/profile-m-z/pragha.profile
@@ -6,8 +6,8 @@ include pragha.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/pragha 9noblacklist ${HOME}/.config/pragha
10nodeny ${MUSIC} 10noblacklist ${MUSIC}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-m-z/profanity.profile b/etc/profile-m-z/profanity.profile
index 137b4cb20..743458725 100644
--- a/etc/profile-m-z/profanity.profile
+++ b/etc/profile-m-z/profanity.profile
@@ -7,8 +7,8 @@ include profanity.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${HOME}/.config/profanity 10noblacklist ${HOME}/.config/profanity
11nodeny ${HOME}/.local/share/profanity 11noblacklist ${HOME}/.local/share/profanity
12 12
13# Allow Python 13# Allow Python
14include allow-python2.inc 14include allow-python2.inc
diff --git a/etc/profile-m-z/psi-plus.profile b/etc/profile-m-z/psi-plus.profile
index b0e28baf7..5ac58b0ac 100644
--- a/etc/profile-m-z/psi-plus.profile
+++ b/etc/profile-m-z/psi-plus.profile
@@ -6,8 +6,8 @@ include psi-plus.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/psi+ 9noblacklist ${HOME}/.config/psi+
10nodeny ${HOME}/.local/share/psi+ 10noblacklist ${HOME}/.local/share/psi+
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -19,10 +19,10 @@ include disable-programs.inc
19mkdir ${HOME}/.cache/psi+ 19mkdir ${HOME}/.cache/psi+
20mkdir ${HOME}/.config/psi+ 20mkdir ${HOME}/.config/psi+
21mkdir ${HOME}/.local/share/psi+ 21mkdir ${HOME}/.local/share/psi+
22allow ${DOWNLOADS} 22whitelist ${DOWNLOADS}
23allow ${HOME}/.cache/psi+ 23whitelist ${HOME}/.cache/psi+
24allow ${HOME}/.config/psi+ 24whitelist ${HOME}/.config/psi+
25allow ${HOME}/.local/share/psi+ 25whitelist ${HOME}/.local/share/psi+
26include whitelist-common.inc 26include whitelist-common.inc
27 27
28caps.drop all 28caps.drop all
diff --git a/etc/profile-m-z/psi.profile b/etc/profile-m-z/psi.profile
index 2588c3b75..7e0ef99fc 100644
--- a/etc/profile-m-z/psi.profile
+++ b/etc/profile-m-z/psi.profile
@@ -8,11 +8,11 @@ include globals.local
8 8
9# Add the next line to your psi.local to enable GPG support. 9# Add the next line to your psi.local to enable GPG support.
10#noblacklist ${HOME}/.gnupg 10#noblacklist ${HOME}/.gnupg
11nodeny ${HOME}/.cache/psi 11noblacklist ${HOME}/.cache/psi
12nodeny ${HOME}/.cache/Psi 12noblacklist ${HOME}/.cache/Psi
13nodeny ${HOME}/.config/psi 13noblacklist ${HOME}/.config/psi
14nodeny ${HOME}/.local/share/psi 14noblacklist ${HOME}/.local/share/psi
15nodeny ${HOME}/.local/share/Psi 15noblacklist ${HOME}/.local/share/Psi
16 16
17include disable-common.inc 17include disable-common.inc
18include disable-devel.inc 18include disable-devel.inc
@@ -32,16 +32,16 @@ mkdir ${HOME}/.local/share/psi
32mkdir ${HOME}/.local/share/Psi 32mkdir ${HOME}/.local/share/Psi
33# Add the next line to your psi.local to enable GPG support. 33# Add the next line to your psi.local to enable GPG support.
34#whitelist ${HOME}/.gnupg 34#whitelist ${HOME}/.gnupg
35allow ${HOME}/.cache/psi 35whitelist ${HOME}/.cache/psi
36allow ${HOME}/.cache/Psi 36whitelist ${HOME}/.cache/Psi
37allow ${HOME}/.config/psi 37whitelist ${HOME}/.config/psi
38allow ${HOME}/.local/share/psi 38whitelist ${HOME}/.local/share/psi
39allow ${HOME}/.local/share/Psi 39whitelist ${HOME}/.local/share/Psi
40allow ${DOWNLOADS} 40whitelist ${DOWNLOADS}
41# Add the next lines to your psi.local to enable GPG support. 41# Add the next lines to your psi.local to enable GPG support.
42#whitelist /usr/share/gnupg 42#whitelist /usr/share/gnupg
43#whitelist /usr/share/gnupg2 43#whitelist /usr/share/gnupg2
44allow /usr/share/psi 44whitelist /usr/share/psi
45# Add the next lines to your psi.local to enable GPG support. 45# Add the next lines to your psi.local to enable GPG support.
46#whitelist ${RUNUSER}/gnupg 46#whitelist ${RUNUSER}/gnupg
47#whitelist ${RUNUSER}/keyring 47#whitelist ${RUNUSER}/keyring
diff --git a/etc/profile-m-z/pybitmessage.profile b/etc/profile-m-z/pybitmessage.profile
index 1f0e83ab6..60ae37930 100644
--- a/etc/profile-m-z/pybitmessage.profile
+++ b/etc/profile-m-z/pybitmessage.profile
@@ -5,9 +5,9 @@ include pybitmessage.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny /sbin 8noblacklist /sbin
9nodeny /usr/local/sbin 9noblacklist /usr/local/sbin
10nodeny /usr/sbin 10noblacklist /usr/sbin
11 11
12# Allow python (blacklisted by disable-interpreters.inc) 12# Allow python (blacklisted by disable-interpreters.inc)
13include allow-python2.inc 13include allow-python2.inc
diff --git a/etc/profile-m-z/pycharm-community.profile b/etc/profile-m-z/pycharm-community.profile
index b6c08290e..00d7239ae 100644
--- a/etc/profile-m-z/pycharm-community.profile
+++ b/etc/profile-m-z/pycharm-community.profile
@@ -5,7 +5,7 @@ include pycharm-community.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.PyCharmCE* 8noblacklist ${HOME}/.PyCharmCE*
9 9
10# Allow java (blacklisted by disable-devel.inc) 10# Allow java (blacklisted by disable-devel.inc)
11include allow-java.inc 11include allow-java.inc
diff --git a/etc/profile-m-z/pycharm-professional.profile b/etc/profile-m-z/pycharm-professional.profile
index fa0932cc0..b754a18c9 100644
--- a/etc/profile-m-z/pycharm-professional.profile
+++ b/etc/profile-m-z/pycharm-professional.profile
@@ -6,7 +6,7 @@ include pyucharm-professional.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.PyCharm* 9noblacklist ${HOME}/.PyCharm*
10 10
11# Redirect 11# Redirect
12include pycharm-community.profile 12include pycharm-community.profile
diff --git a/etc/profile-m-z/qbittorrent.profile b/etc/profile-m-z/qbittorrent.profile
index fb8e622b0..506b738cc 100644
--- a/etc/profile-m-z/qbittorrent.profile
+++ b/etc/profile-m-z/qbittorrent.profile
@@ -6,10 +6,10 @@ include qbittorrent.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/qBittorrent 9noblacklist ${HOME}/.cache/qBittorrent
10nodeny ${HOME}/.config/qBittorrent 10noblacklist ${HOME}/.config/qBittorrent
11nodeny ${HOME}/.config/qBittorrentrc 11noblacklist ${HOME}/.config/qBittorrentrc
12nodeny ${HOME}/.local/share/data/qBittorrent 12noblacklist ${HOME}/.local/share/data/qBittorrent
13 13
14# Allow python (blacklisted by disable-interpreters.inc) 14# Allow python (blacklisted by disable-interpreters.inc)
15include allow-python2.inc 15include allow-python2.inc
@@ -27,11 +27,11 @@ mkdir ${HOME}/.cache/qBittorrent
27mkdir ${HOME}/.config/qBittorrent 27mkdir ${HOME}/.config/qBittorrent
28mkfile ${HOME}/.config/qBittorrentrc 28mkfile ${HOME}/.config/qBittorrentrc
29mkdir ${HOME}/.local/share/data/qBittorrent 29mkdir ${HOME}/.local/share/data/qBittorrent
30allow ${DOWNLOADS} 30whitelist ${DOWNLOADS}
31allow ${HOME}/.cache/qBittorrent 31whitelist ${HOME}/.cache/qBittorrent
32allow ${HOME}/.config/qBittorrent 32whitelist ${HOME}/.config/qBittorrent
33allow ${HOME}/.config/qBittorrentrc 33whitelist ${HOME}/.config/qBittorrentrc
34allow ${HOME}/.local/share/data/qBittorrent 34whitelist ${HOME}/.local/share/data/qBittorrent
35include whitelist-common.inc 35include whitelist-common.inc
36include whitelist-var-common.inc 36include whitelist-var-common.inc
37 37
diff --git a/etc/profile-m-z/qcomicbook.profile b/etc/profile-m-z/qcomicbook.profile
index 7bcc4b065..0e52d7fc4 100644
--- a/etc/profile-m-z/qcomicbook.profile
+++ b/etc/profile-m-z/qcomicbook.profile
@@ -6,10 +6,10 @@ include qcomicbook.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/PawelStolowski 9noblacklist ${HOME}/.cache/PawelStolowski
10nodeny ${HOME}/.config/PawelStolowski 10noblacklist ${HOME}/.config/PawelStolowski
11nodeny ${HOME}/.local/share/PawelStolowski 11noblacklist ${HOME}/.local/share/PawelStolowski
12nodeny ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
13 13
14# Allow /bin/sh (blacklisted by disable-shell.inc) 14# Allow /bin/sh (blacklisted by disable-shell.inc)
15include allow-bin-sh.inc 15include allow-bin-sh.inc
@@ -27,7 +27,7 @@ include disable-xdg.inc
27mkdir ${HOME}/.cache/PawelStolowski 27mkdir ${HOME}/.cache/PawelStolowski
28mkdir ${HOME}/.config/PawelStolowski 28mkdir ${HOME}/.config/PawelStolowski
29mkdir ${HOME}/.local/share/PawelStolowski 29mkdir ${HOME}/.local/share/PawelStolowski
30allow /usr/share/qcomicbook 30whitelist /usr/share/qcomicbook
31include whitelist-runuser-common.inc 31include whitelist-runuser-common.inc
32include whitelist-usr-share-common.inc 32include whitelist-usr-share-common.inc
33include whitelist-var-common.inc 33include whitelist-var-common.inc
diff --git a/etc/profile-m-z/qemu-launcher.profile b/etc/profile-m-z/qemu-launcher.profile
index d527a2b82..ac60384fd 100644
--- a/etc/profile-m-z/qemu-launcher.profile
+++ b/etc/profile-m-z/qemu-launcher.profile
@@ -5,7 +5,7 @@ include qemu-launcher.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.qemu-launcher 8noblacklist ${HOME}/.qemu-launcher
9 9
10include disable-common.inc 10include disable-common.inc
11include disable-passwdmgr.inc 11include disable-passwdmgr.inc
diff --git a/etc/profile-m-z/qgis.profile b/etc/profile-m-z/qgis.profile
index e99140c22..2e97daea2 100644
--- a/etc/profile-m-z/qgis.profile
+++ b/etc/profile-m-z/qgis.profile
@@ -6,10 +6,10 @@ include qgis.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/QGIS 9noblacklist ${HOME}/.config/QGIS
10nodeny ${HOME}/.local/share/QGIS 10noblacklist ${HOME}/.local/share/QGIS
11nodeny ${HOME}/.qgis2 11noblacklist ${HOME}/.qgis2
12nodeny ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
13 13
14# Allow python (blacklisted by disable-interpreters.inc) 14# Allow python (blacklisted by disable-interpreters.inc)
15include allow-python3.inc 15include allow-python3.inc
@@ -25,10 +25,10 @@ include disable-xdg.inc
25mkdir ${HOME}/.local/share/QGIS 25mkdir ${HOME}/.local/share/QGIS
26mkdir ${HOME}/.qgis2 26mkdir ${HOME}/.qgis2
27mkdir ${HOME}/.config/QGIS 27mkdir ${HOME}/.config/QGIS
28allow ${HOME}/.local/share/QGIS 28whitelist ${HOME}/.local/share/QGIS
29allow ${HOME}/.qgis2 29whitelist ${HOME}/.qgis2
30allow ${HOME}/.config/QGIS 30whitelist ${HOME}/.config/QGIS
31allow ${DOCUMENTS} 31whitelist ${DOCUMENTS}
32include whitelist-common.inc 32include whitelist-common.inc
33include whitelist-var-common.inc 33include whitelist-var-common.inc
34 34
diff --git a/etc/profile-m-z/qlipper.profile b/etc/profile-m-z/qlipper.profile
index 75dc58ae4..6e94d5845 100644
--- a/etc/profile-m-z/qlipper.profile
+++ b/etc/profile-m-z/qlipper.profile
@@ -6,7 +6,7 @@ include qlipper.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/Qlipper 9noblacklist ${HOME}/.config/Qlipper
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-m-z/qmmp.profile b/etc/profile-m-z/qmmp.profile
index d37fce997..c3d982c17 100644
--- a/etc/profile-m-z/qmmp.profile
+++ b/etc/profile-m-z/qmmp.profile
@@ -6,8 +6,8 @@ include qmmp.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.qmmp 9noblacklist ${HOME}/.qmmp
10nodeny ${MUSIC} 10noblacklist ${MUSIC}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-m-z/qnapi.profile b/etc/profile-m-z/qnapi.profile
index f12340052..ca11df5be 100644
--- a/etc/profile-m-z/qnapi.profile
+++ b/etc/profile-m-z/qnapi.profile
@@ -6,7 +6,7 @@ include qnapi.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/qnapi.ini 9noblacklist ${HOME}/.config/qnapi.ini
10 10
11ignore noexec /tmp 11ignore noexec /tmp
12 12
@@ -20,8 +20,8 @@ include disable-shell.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22mkfile ${HOME}/.config/qnapi.ini 22mkfile ${HOME}/.config/qnapi.ini
23allow ${HOME}/.config/qnapi.ini 23whitelist ${HOME}/.config/qnapi.ini
24allow ${DOWNLOADS} 24whitelist ${DOWNLOADS}
25include whitelist-common.inc 25include whitelist-common.inc
26include whitelist-usr-share-common.inc 26include whitelist-usr-share-common.inc
27include whitelist-runuser-common.inc 27include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/qpdfview.profile b/etc/profile-m-z/qpdfview.profile
index 62fae324c..be690ffa4 100644
--- a/etc/profile-m-z/qpdfview.profile
+++ b/etc/profile-m-z/qpdfview.profile
@@ -6,9 +6,9 @@ include qpdfview.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/qpdfview 9noblacklist ${HOME}/.config/qpdfview
10nodeny ${HOME}/.local/share/qpdfview 10noblacklist ${HOME}/.local/share/qpdfview
11nodeny ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-m-z/qrencode.profile b/etc/profile-m-z/qrencode.profile
index 5f0aec804..6cbf8519f 100644
--- a/etc/profile-m-z/qrencode.profile
+++ b/etc/profile-m-z/qrencode.profile
@@ -7,7 +7,7 @@ include qrencode.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny ${RUNUSER} 10blacklist ${RUNUSER}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-m-z/qtox.profile b/etc/profile-m-z/qtox.profile
index 1ad46814e..8ffe24d11 100644
--- a/etc/profile-m-z/qtox.profile
+++ b/etc/profile-m-z/qtox.profile
@@ -6,8 +6,8 @@ include qtox.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/Tox 9noblacklist ${HOME}/.cache/Tox
10nodeny ${HOME}/.config/tox 10noblacklist ${HOME}/.config/tox
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-shell.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21mkdir ${HOME}/.config/tox 21mkdir ${HOME}/.config/tox
22allow ${DOWNLOADS} 22whitelist ${DOWNLOADS}
23allow ${HOME}/.config/tox 23whitelist ${HOME}/.config/tox
24include whitelist-common.inc 24include whitelist-common.inc
25include whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
diff --git a/etc/profile-m-z/quadrapassel.profile b/etc/profile-m-z/quadrapassel.profile
index aee24925c..91e0d9d0d 100644
--- a/etc/profile-m-z/quadrapassel.profile
+++ b/etc/profile-m-z/quadrapassel.profile
@@ -6,11 +6,11 @@ include quadrapassel.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.local/share/quadrapassel 9noblacklist ${HOME}/.local/share/quadrapassel
10 10
11mkdir ${HOME}/.local/share/quadrapassel 11mkdir ${HOME}/.local/share/quadrapassel
12allow ${HOME}/.local/share/quadrapassel 12whitelist ${HOME}/.local/share/quadrapassel
13allow /usr/share/quadrapassel 13whitelist /usr/share/quadrapassel
14 14
15private-bin quadrapassel 15private-bin quadrapassel
16 16
diff --git a/etc/profile-m-z/quaternion.profile b/etc/profile-m-z/quaternion.profile
index a319e1e12..1d146aa39 100644
--- a/etc/profile-m-z/quaternion.profile
+++ b/etc/profile-m-z/quaternion.profile
@@ -6,8 +6,8 @@ include quaternion.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/Quotient/quaternion 9noblacklist ${HOME}/.cache/Quotient/quaternion
10nodeny ${HOME}/.config/Quotient 10noblacklist ${HOME}/.config/Quotient
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -20,10 +20,10 @@ include disable-xdg.inc
20 20
21mkdir ${HOME}/.cache/Quotient/quaternion 21mkdir ${HOME}/.cache/Quotient/quaternion
22mkdir ${HOME}/.config/Quotient 22mkdir ${HOME}/.config/Quotient
23allow ${HOME}/.cache/Quotient/quaternion 23whitelist ${HOME}/.cache/Quotient/quaternion
24allow ${HOME}/.config/Quotient 24whitelist ${HOME}/.config/Quotient
25allow ${DOWNLOADS} 25whitelist ${DOWNLOADS}
26allow /usr/share/Quotient/quaternion 26whitelist /usr/share/Quotient/quaternion
27include whitelist-common.inc 27include whitelist-common.inc
28include whitelist-runuser-common.inc 28include whitelist-runuser-common.inc
29include whitelist-usr-share-common.inc 29include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/quiterss.profile b/etc/profile-m-z/quiterss.profile
index 2693f2ed5..9490089b2 100644
--- a/etc/profile-m-z/quiterss.profile
+++ b/etc/profile-m-z/quiterss.profile
@@ -6,10 +6,10 @@ include quiterss.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/QuiteRss 9noblacklist ${HOME}/.cache/QuiteRss
10nodeny ${HOME}/.config/QuiteRss 10noblacklist ${HOME}/.config/QuiteRss
11nodeny ${HOME}/.config/QuiteRssrc 11noblacklist ${HOME}/.config/QuiteRssrc
12nodeny ${HOME}/.local/share/QuiteRss 12noblacklist ${HOME}/.local/share/QuiteRss
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
@@ -25,12 +25,12 @@ mkdir ${HOME}/.local/share/data
25mkdir ${HOME}/.local/share/data/QuiteRss 25mkdir ${HOME}/.local/share/data/QuiteRss
26mkdir ${HOME}/.local/share/QuiteRss 26mkdir ${HOME}/.local/share/QuiteRss
27mkfile ${HOME}/quiterssfeeds.opml 27mkfile ${HOME}/quiterssfeeds.opml
28allow ${HOME}/.cache/QuiteRss 28whitelist ${HOME}/.cache/QuiteRss
29allow ${HOME}/.config/QuiteRss 29whitelist ${HOME}/.config/QuiteRss
30allow ${HOME}/.config/QuiteRssrc 30whitelist ${HOME}/.config/QuiteRssrc
31allow ${HOME}/.local/share/data/QuiteRss 31whitelist ${HOME}/.local/share/data/QuiteRss
32allow ${HOME}/.local/share/QuiteRss 32whitelist ${HOME}/.local/share/QuiteRss
33allow ${HOME}/quiterssfeeds.opml 33whitelist ${HOME}/quiterssfeeds.opml
34include whitelist-common.inc 34include whitelist-common.inc
35 35
36caps.drop all 36caps.drop all
diff --git a/etc/profile-m-z/quodlibet.profile b/etc/profile-m-z/quodlibet.profile
index 52c120c08..92b02b2bf 100644
--- a/etc/profile-m-z/quodlibet.profile
+++ b/etc/profile-m-z/quodlibet.profile
@@ -6,10 +6,10 @@ include quodlibet.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/quodlibet 9noblacklist ${HOME}/.cache/quodlibet
10nodeny ${HOME}/.config/quodlibet 10noblacklist ${HOME}/.config/quodlibet
11nodeny ${HOME}/.quodlibet 11noblacklist ${HOME}/.quodlibet
12nodeny ${MUSIC} 12noblacklist ${MUSIC}
13 13
14include allow-bin-sh.inc 14include allow-bin-sh.inc
15 15
@@ -30,11 +30,11 @@ mkdir ${HOME}/.cache/quodlibet
30mkdir ${HOME}/.config/quodlibet 30mkdir ${HOME}/.config/quodlibet
31mkdir ${HOME}/.quodlibet 31mkdir ${HOME}/.quodlibet
32 32
33allow ${HOME}/.cache/quodlibet 33whitelist ${HOME}/.cache/quodlibet
34allow ${HOME}/.config/quodlibet 34whitelist ${HOME}/.config/quodlibet
35allow ${HOME}/.quodlibet 35whitelist ${HOME}/.quodlibet
36allow ${DOWNLOADS} 36whitelist ${DOWNLOADS}
37allow ${MUSIC} 37whitelist ${MUSIC}
38include whitelist-common.inc 38include whitelist-common.inc
39include whitelist-runuser-common.inc 39include whitelist-runuser-common.inc
40include whitelist-usr-share-common.inc 40include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/qupzilla.profile b/etc/profile-m-z/qupzilla.profile
index 9bc91808b..7aa71c848 100644
--- a/etc/profile-m-z/qupzilla.profile
+++ b/etc/profile-m-z/qupzilla.profile
@@ -6,8 +6,8 @@ include qupzilla.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.cache/qupzilla 9noblacklist ${HOME}/.cache/qupzilla
10nodeny ${HOME}/.config/qupzilla 10noblacklist ${HOME}/.config/qupzilla
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
18 18
19mkdir ${HOME}/.cache/qupzilla 19mkdir ${HOME}/.cache/qupzilla
20mkdir ${HOME}/.config/qupzilla 20mkdir ${HOME}/.config/qupzilla
21allow ${HOME}/.cache/qupzilla 21whitelist ${HOME}/.cache/qupzilla
22allow ${HOME}/.config/qupzilla 22whitelist ${HOME}/.config/qupzilla
23 23
24# Redirect 24# Redirect
25include falkon.profile 25include falkon.profile
diff --git a/etc/profile-m-z/qutebrowser.profile b/etc/profile-m-z/qutebrowser.profile
index a342e2acd..fc910b589 100644
--- a/etc/profile-m-z/qutebrowser.profile
+++ b/etc/profile-m-z/qutebrowser.profile
@@ -6,9 +6,9 @@ include qutebrowser.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/qutebrowser 9noblacklist ${HOME}/.cache/qutebrowser
10nodeny ${HOME}/.config/qutebrowser 10noblacklist ${HOME}/.config/qutebrowser
11nodeny ${HOME}/.local/share/qutebrowser 11noblacklist ${HOME}/.local/share/qutebrowser
12 12
13# Allow python (blacklisted by disable-interpreters.inc) 13# Allow python (blacklisted by disable-interpreters.inc)
14include allow-python2.inc 14include allow-python2.inc
@@ -22,10 +22,10 @@ include disable-programs.inc
22mkdir ${HOME}/.cache/qutebrowser 22mkdir ${HOME}/.cache/qutebrowser
23mkdir ${HOME}/.config/qutebrowser 23mkdir ${HOME}/.config/qutebrowser
24mkdir ${HOME}/.local/share/qutebrowser 24mkdir ${HOME}/.local/share/qutebrowser
25allow ${DOWNLOADS} 25whitelist ${DOWNLOADS}
26allow ${HOME}/.cache/qutebrowser 26whitelist ${HOME}/.cache/qutebrowser
27allow ${HOME}/.config/qutebrowser 27whitelist ${HOME}/.config/qutebrowser
28allow ${HOME}/.local/share/qutebrowser 28whitelist ${HOME}/.local/share/qutebrowser
29include whitelist-common.inc 29include whitelist-common.inc
30 30
31caps.drop all 31caps.drop all
diff --git a/etc/profile-m-z/rambox.profile b/etc/profile-m-z/rambox.profile
index b1059cee8..ffa2022ee 100644
--- a/etc/profile-m-z/rambox.profile
+++ b/etc/profile-m-z/rambox.profile
@@ -6,9 +6,9 @@ include rambox.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/Rambox 9noblacklist ${HOME}/.config/Rambox
10nodeny ${HOME}/.pki 10noblacklist ${HOME}/.pki
11nodeny ${HOME}/.local/share/pki 11noblacklist ${HOME}/.local/share/pki
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -18,10 +18,10 @@ include disable-programs.inc
18mkdir ${HOME}/.config/Rambox 18mkdir ${HOME}/.config/Rambox
19mkdir ${HOME}/.pki 19mkdir ${HOME}/.pki
20mkdir ${HOME}/.local/share/pki 20mkdir ${HOME}/.local/share/pki
21allow ${DOWNLOADS} 21whitelist ${DOWNLOADS}
22allow ${HOME}/.config/Rambox 22whitelist ${HOME}/.config/Rambox
23allow ${HOME}/.pki 23whitelist ${HOME}/.pki
24allow ${HOME}/.local/share/pki 24whitelist ${HOME}/.local/share/pki
25include whitelist-common.inc 25include whitelist-common.inc
26 26
27caps.drop all 27caps.drop all
diff --git a/etc/profile-m-z/redeclipse.profile b/etc/profile-m-z/redeclipse.profile
index 3b56f651f..9bc196a16 100644
--- a/etc/profile-m-z/redeclipse.profile
+++ b/etc/profile-m-z/redeclipse.profile
@@ -6,7 +6,7 @@ include redeclipse.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.redeclipse 9noblacklist ${HOME}/.redeclipse
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19mkdir ${HOME}/.redeclipse 19mkdir ${HOME}/.redeclipse
20allow ${HOME}/.redeclipse 20whitelist ${HOME}/.redeclipse
21allow /usr/share/redeclipse 21whitelist /usr/share/redeclipse
22include whitelist-common.inc 22include whitelist-common.inc
23include whitelist-runuser-common.inc 23include whitelist-runuser-common.inc
24include whitelist-usr-share-common.inc 24include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/redshift.profile b/etc/profile-m-z/redshift.profile
index 3035e1d74..f87c5f67c 100644
--- a/etc/profile-m-z/redshift.profile
+++ b/etc/profile-m-z/redshift.profile
@@ -7,8 +7,8 @@ include redshift.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${HOME}/.config/redshift 10noblacklist ${HOME}/.config/redshift
11nodeny ${HOME}/.config/redshift.conf 11noblacklist ${HOME}/.config/redshift.conf
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-programs.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21mkdir ${HOME}/.config/redshift 21mkdir ${HOME}/.config/redshift
22allow ${HOME}/.config/redshift 22whitelist ${HOME}/.config/redshift
23allow ${HOME}/.config/redshift.conf 23whitelist ${HOME}/.config/redshift.conf
24include whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26apparmor 26apparmor
diff --git a/etc/profile-m-z/regextester.profile b/etc/profile-m-z/regextester.profile
index 82feafab9..f5131c5d0 100644
--- a/etc/profile-m-z/regextester.profile
+++ b/etc/profile-m-z/regextester.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
15include disable-shell.inc 15include disable-shell.inc
16include disable-xdg.inc 16include disable-xdg.inc
17 17
18allow /usr/share/com.github.artemanufrij.regextester 18whitelist /usr/share/com.github.artemanufrij.regextester
19include whitelist-common.inc 19include whitelist-common.inc
20include whitelist-usr-share-common.inc 20include whitelist-usr-share-common.inc
21include whitelist-var-common.inc 21include whitelist-var-common.inc
diff --git a/etc/profile-m-z/remmina.profile b/etc/profile-m-z/remmina.profile
index 3f385f602..aca22f187 100644
--- a/etc/profile-m-z/remmina.profile
+++ b/etc/profile-m-z/remmina.profile
@@ -6,9 +6,9 @@ include remmina.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.remmina 9noblacklist ${HOME}/.remmina
10nodeny ${HOME}/.config/remmina 10noblacklist ${HOME}/.config/remmina
11nodeny ${HOME}/.local/share/remmina 11noblacklist ${HOME}/.local/share/remmina
12 12
13# Allow ssh (blacklisted by disable-common.inc) 13# Allow ssh (blacklisted by disable-common.inc)
14include allow-ssh.inc 14include allow-ssh.inc
diff --git a/etc/profile-m-z/rhythmbox.profile b/etc/profile-m-z/rhythmbox.profile
index c532d3dc1..970e8ffba 100644
--- a/etc/profile-m-z/rhythmbox.profile
+++ b/etc/profile-m-z/rhythmbox.profile
@@ -6,9 +6,9 @@ include rhythmbox.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${MUSIC} 9noblacklist ${MUSIC}
10nodeny ${HOME}/.cache/rhythmbox 10noblacklist ${HOME}/.cache/rhythmbox
11nodeny ${HOME}/.local/share/rhythmbox 11noblacklist ${HOME}/.local/share/rhythmbox
12 12
13# Allow python (blacklisted by disable-interpreters.inc) 13# Allow python (blacklisted by disable-interpreters.inc)
14include allow-python2.inc 14include allow-python2.inc
@@ -26,10 +26,10 @@ include disable-programs.inc
26include disable-shell.inc 26include disable-shell.inc
27include disable-xdg.inc 27include disable-xdg.inc
28 28
29allow /usr/share/rhythmbox 29whitelist /usr/share/rhythmbox
30allow /usr/share/lua 30whitelist /usr/share/lua
31allow /usr/share/libquvi-scripts 31whitelist /usr/share/libquvi-scripts
32allow /usr/share/tracker 32whitelist /usr/share/tracker
33include whitelist-runuser-common.inc 33include whitelist-runuser-common.inc
34include whitelist-usr-share-common.inc 34include whitelist-usr-share-common.inc
35include whitelist-var-common.inc 35include whitelist-var-common.inc
diff --git a/etc/profile-m-z/ricochet.profile b/etc/profile-m-z/ricochet.profile
index c3ee57ef3..b664a2be3 100644
--- a/etc/profile-m-z/ricochet.profile
+++ b/etc/profile-m-z/ricochet.profile
@@ -5,7 +5,7 @@ include ricochet.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.local/share/Ricochet 8noblacklist ${HOME}/.local/share/Ricochet
9 9
10include disable-common.inc 10include disable-common.inc
11include disable-devel.inc 11include disable-devel.inc
@@ -16,8 +16,8 @@ include disable-programs.inc
16include disable-shell.inc 16include disable-shell.inc
17 17
18mkdir ${HOME}/.local/share/Ricochet 18mkdir ${HOME}/.local/share/Ricochet
19allow ${DOWNLOADS} 19whitelist ${DOWNLOADS}
20allow ${HOME}/.local/share/Ricochet 20whitelist ${HOME}/.local/share/Ricochet
21include whitelist-common.inc 21include whitelist-common.inc
22 22
23caps.drop all 23caps.drop all
diff --git a/etc/profile-m-z/riot-web.profile b/etc/profile-m-z/riot-web.profile
index 782396a50..687c943b0 100644
--- a/etc/profile-m-z/riot-web.profile
+++ b/etc/profile-m-z/riot-web.profile
@@ -8,11 +8,11 @@ include globals.local
8 8
9ignore noexec /tmp 9ignore noexec /tmp
10 10
11nodeny ${HOME}/.config/Riot 11noblacklist ${HOME}/.config/Riot
12 12
13mkdir ${HOME}/.config/Riot 13mkdir ${HOME}/.config/Riot
14allow ${HOME}/.config/Riot 14whitelist ${HOME}/.config/Riot
15allow /usr/share/webapps/element 15whitelist /usr/share/webapps/element
16 16
17# Redirect 17# Redirect
18include electron.profile 18include electron.profile
diff --git a/etc/profile-m-z/ripperx.profile b/etc/profile-m-z/ripperx.profile
index c97ac8090..be815e714 100644
--- a/etc/profile-m-z/ripperx.profile
+++ b/etc/profile-m-z/ripperx.profile
@@ -6,8 +6,8 @@ include ripperx.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.ripperXrc 9noblacklist ${HOME}/.ripperXrc
10nodeny ${MUSIC} 10noblacklist ${MUSIC}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-m-z/ristretto.profile b/etc/profile-m-z/ristretto.profile
index 109d2f8f1..5572cab5a 100644
--- a/etc/profile-m-z/ristretto.profile
+++ b/etc/profile-m-z/ristretto.profile
@@ -6,9 +6,9 @@ include ristretto.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/ristretto 9noblacklist ${HOME}/.config/ristretto
10nodeny ${HOME}/.Steam 10noblacklist ${HOME}/.Steam
11nodeny ${HOME}/.steam 11noblacklist ${HOME}/.steam
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-m-z/rocketchat.profile b/etc/profile-m-z/rocketchat.profile
index 1a76c4211..8d3607c75 100644
--- a/etc/profile-m-z/rocketchat.profile
+++ b/etc/profile-m-z/rocketchat.profile
@@ -21,10 +21,10 @@ ignore private-cache
21ignore private-dev 21ignore private-dev
22ignore private-tmp 22ignore private-tmp
23 23
24nodeny ${HOME}/.config/Rocket.Chat 24noblacklist ${HOME}/.config/Rocket.Chat
25 25
26mkdir ${HOME}/.config/Rocket.Chat 26mkdir ${HOME}/.config/Rocket.Chat
27allow ${HOME}/.config/Rocket.Chat 27whitelist ${HOME}/.config/Rocket.Chat
28 28
29# Redirect 29# Redirect
30include electron.profile 30include electron.profile
diff --git a/etc/profile-m-z/rsync-download_only.profile b/etc/profile-m-z/rsync-download_only.profile
index 4807b7d36..690b44bb1 100644
--- a/etc/profile-m-z/rsync-download_only.profile
+++ b/etc/profile-m-z/rsync-download_only.profile
@@ -11,8 +11,8 @@ include globals.local
11# not as a daemon (rsync --daemon) nor to create backups. 11# not as a daemon (rsync --daemon) nor to create backups.
12# Usage: firejail --profile=rsync-download_only rsync 12# Usage: firejail --profile=rsync-download_only rsync
13 13
14deny /tmp/.X11-unix 14blacklist /tmp/.X11-unix
15deny ${RUNUSER} 15blacklist ${RUNUSER}
16 16
17include disable-common.inc 17include disable-common.inc
18include disable-devel.inc 18include disable-devel.inc
diff --git a/etc/profile-m-z/rtv-addons.profile b/etc/profile-m-z/rtv-addons.profile
index 6b7d6b155..cc6db5043 100644
--- a/etc/profile-m-z/rtv-addons.profile
+++ b/etc/profile-m-z/rtv-addons.profile
@@ -11,16 +11,16 @@ ignore nosound
11ignore private-bin 11ignore private-bin
12ignore dbus-user none 12ignore dbus-user none
13 13
14nodeny ${HOME}/.config/mpv 14noblacklist ${HOME}/.config/mpv
15nodeny ${HOME}/.mailcap 15noblacklist ${HOME}/.mailcap
16nodeny ${HOME}/.netrc 16noblacklist ${HOME}/.netrc
17nodeny ${HOME}/.w3m 17noblacklist ${HOME}/.w3m
18 18
19allow ${HOME}/.cache/youtube-dl/youtube-sigfuncs 19whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs
20allow ${HOME}/.config/mpv 20whitelist ${HOME}/.config/mpv
21allow ${HOME}/.mailcap 21whitelist ${HOME}/.mailcap
22allow ${HOME}/.netrc 22whitelist ${HOME}/.netrc
23allow ${HOME}/.w3m 23whitelist ${HOME}/.w3m
24 24
25#private-bin w3m,mpv,youtube-dl 25#private-bin w3m,mpv,youtube-dl
26 26
diff --git a/etc/profile-m-z/rtv.profile b/etc/profile-m-z/rtv.profile
index 074050792..2f1fe0155 100644
--- a/etc/profile-m-z/rtv.profile
+++ b/etc/profile-m-z/rtv.profile
@@ -6,11 +6,11 @@ include rtv.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9deny /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10deny ${RUNUSER}/wayland-* 10blacklist ${RUNUSER}/wayland-*
11 11
12nodeny ${HOME}/.config/rtv 12noblacklist ${HOME}/.config/rtv
13nodeny ${HOME}/.local/share/rtv 13noblacklist ${HOME}/.local/share/rtv
14 14
15# Allow /bin/sh (blacklisted by disable-shell.inc) 15# Allow /bin/sh (blacklisted by disable-shell.inc)
16include allow-bin-sh.inc 16include allow-bin-sh.inc
@@ -33,8 +33,8 @@ include disable-xdg.inc
33 33
34mkdir ${HOME}/.config/rtv 34mkdir ${HOME}/.config/rtv
35mkdir ${HOME}/.local/share/rtv 35mkdir ${HOME}/.local/share/rtv
36allow ${HOME}/.config/rtv 36whitelist ${HOME}/.config/rtv
37allow ${HOME}/.local/share/rtv 37whitelist ${HOME}/.local/share/rtv
38include whitelist-var-common.inc 38include whitelist-var-common.inc
39 39
40apparmor 40apparmor
diff --git a/etc/profile-m-z/sayonara.profile b/etc/profile-m-z/sayonara.profile
index 963f5da02..de79913cc 100644
--- a/etc/profile-m-z/sayonara.profile
+++ b/etc/profile-m-z/sayonara.profile
@@ -5,8 +5,8 @@ include sayonara.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.Sayonara 8noblacklist ${HOME}/.Sayonara
9nodeny ${MUSIC} 9noblacklist ${MUSIC}
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-m-z/scallion.profile b/etc/profile-m-z/scallion.profile
index 26550b5e0..eb8468c3b 100644
--- a/etc/profile-m-z/scallion.profile
+++ b/etc/profile-m-z/scallion.profile
@@ -6,10 +6,10 @@ include scallion.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${PATH}/llvm* 9noblacklist ${PATH}/llvm*
10nodeny ${PATH}/openssl 10noblacklist ${PATH}/openssl
11nodeny ${PATH}/openssl-1.0 11noblacklist ${PATH}/openssl-1.0
12nodeny ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-exec.inc 15include disable-exec.inc
diff --git a/etc/profile-m-z/scorched3d.profile b/etc/profile-m-z/scorched3d.profile
index 921efb49e..b1989e474 100644
--- a/etc/profile-m-z/scorched3d.profile
+++ b/etc/profile-m-z/scorched3d.profile
@@ -6,7 +6,7 @@ include scorched3d.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.scorched3d 9noblacklist ${HOME}/.scorched3d
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-programs.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19mkdir ${HOME}/.scorched3d 19mkdir ${HOME}/.scorched3d
20allow ${HOME}/.scorched3d 20whitelist ${HOME}/.scorched3d
21allow /usr/share/scorched3d 21whitelist /usr/share/scorched3d
22allow /usr/share/games/scorched3d 22whitelist /usr/share/games/scorched3d
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-runuser-common.inc 24include whitelist-runuser-common.inc
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/scorchwentbonkers.profile b/etc/profile-m-z/scorchwentbonkers.profile
index 54a6c3a01..2cb1df6b5 100644
--- a/etc/profile-m-z/scorchwentbonkers.profile
+++ b/etc/profile-m-z/scorchwentbonkers.profile
@@ -6,7 +6,7 @@ include scorchwentbonkers.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.swb.ini 9noblacklist ${HOME}/.swb.ini
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.swb.ini 20mkdir ${HOME}/.swb.ini
21allow ${HOME}/.swb.ini 21whitelist ${HOME}/.swb.ini
22allow /usr/share/scorchwentbonkers 22whitelist /usr/share/scorchwentbonkers
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-usr-share-common.inc 24include whitelist-usr-share-common.inc
25include whitelist-var-common.inc 25include whitelist-var-common.inc
diff --git a/etc/profile-m-z/scribus.profile b/etc/profile-m-z/scribus.profile
index 6519f8e87..1fdeaa145 100644
--- a/etc/profile-m-z/scribus.profile
+++ b/etc/profile-m-z/scribus.profile
@@ -7,24 +7,24 @@ include scribus.local
7include globals.local 7include globals.local
8 8
9# Support for PDF readers comes with Scribus 1.5 and higher 9# Support for PDF readers comes with Scribus 1.5 and higher
10nodeny ${HOME}/.cache/okular 10noblacklist ${HOME}/.cache/okular
11nodeny ${HOME}/.config/GIMP 11noblacklist ${HOME}/.config/GIMP
12nodeny ${HOME}/.config/okularpartrc 12noblacklist ${HOME}/.config/okularpartrc
13nodeny ${HOME}/.config/okularrc 13noblacklist ${HOME}/.config/okularrc
14nodeny ${HOME}/.config/scribus 14noblacklist ${HOME}/.config/scribus
15nodeny ${HOME}/.config/scribusrc 15noblacklist ${HOME}/.config/scribusrc
16nodeny ${HOME}/.gimp* 16noblacklist ${HOME}/.gimp*
17nodeny ${HOME}/.kde/share/apps/okular 17noblacklist ${HOME}/.kde/share/apps/okular
18nodeny ${HOME}/.kde/share/config/okularpartrc 18noblacklist ${HOME}/.kde/share/config/okularpartrc
19nodeny ${HOME}/.kde/share/config/okularrc 19noblacklist ${HOME}/.kde/share/config/okularrc
20nodeny ${HOME}/.kde4/share/apps/okular 20noblacklist ${HOME}/.kde4/share/apps/okular
21nodeny ${HOME}/.kde4/share/config/okularpartrc 21noblacklist ${HOME}/.kde4/share/config/okularpartrc
22nodeny ${HOME}/.kde4/share/config/okularrc 22noblacklist ${HOME}/.kde4/share/config/okularrc
23nodeny ${HOME}/.local/share/okular 23noblacklist ${HOME}/.local/share/okular
24nodeny ${HOME}/.local/share/scribus 24noblacklist ${HOME}/.local/share/scribus
25nodeny ${HOME}/.scribus 25noblacklist ${HOME}/.scribus
26nodeny ${DOCUMENTS} 26noblacklist ${DOCUMENTS}
27nodeny ${PICTURES} 27noblacklist ${PICTURES}
28 28
29# Allow python (blacklisted by disable-interpreters.inc) 29# Allow python (blacklisted by disable-interpreters.inc)
30include allow-python2.inc 30include allow-python2.inc
diff --git a/etc/profile-m-z/seahorse-adventures.profile b/etc/profile-m-z/seahorse-adventures.profile
index 95cedac3f..7799ab7ed 100644
--- a/etc/profile-m-z/seahorse-adventures.profile
+++ b/etc/profile-m-z/seahorse-adventures.profile
@@ -22,8 +22,8 @@ include disable-programs.inc
22include disable-shell.inc 22include disable-shell.inc
23include disable-xdg.inc 23include disable-xdg.inc
24 24
25allow /usr/share/seahorse-adventures 25whitelist /usr/share/seahorse-adventures
26allow /usr/share/games/seahorse-adventures 26whitelist /usr/share/games/seahorse-adventures
27include whitelist-common.inc 27include whitelist-common.inc
28include whitelist-usr-share-common.inc 28include whitelist-usr-share-common.inc
29include whitelist-var-common.inc 29include whitelist-var-common.inc
diff --git a/etc/profile-m-z/seahorse.profile b/etc/profile-m-z/seahorse.profile
index 66605173b..d3d8e453f 100644
--- a/etc/profile-m-z/seahorse.profile
+++ b/etc/profile-m-z/seahorse.profile
@@ -6,9 +6,9 @@ include seahorse.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9deny /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11nodeny ${HOME}/.gnupg 11noblacklist ${HOME}/.gnupg
12 12
13# Allow ssh (blacklisted by disable-common.inc) 13# Allow ssh (blacklisted by disable-common.inc)
14include allow-ssh.inc 14include allow-ssh.inc
@@ -27,13 +27,13 @@ include disable-xdg.inc
27#mkdir ${HOME}/.ssh 27#mkdir ${HOME}/.ssh
28#whitelist ${HOME}/.gnupg 28#whitelist ${HOME}/.gnupg
29#whitelist ${HOME}/.ssh 29#whitelist ${HOME}/.ssh
30allow /tmp/ssh-* 30whitelist /tmp/ssh-*
31allow /usr/share/gnupg 31whitelist /usr/share/gnupg
32allow /usr/share/gnupg2 32whitelist /usr/share/gnupg2
33allow /usr/share/seahorse 33whitelist /usr/share/seahorse
34allow /usr/share/seahorse-nautilus 34whitelist /usr/share/seahorse-nautilus
35allow ${RUNUSER}/gnupg 35whitelist ${RUNUSER}/gnupg
36allow ${RUNUSER}/keyring 36whitelist ${RUNUSER}/keyring
37#include whitelist-common.inc 37#include whitelist-common.inc
38include whitelist-runuser-common.inc 38include whitelist-runuser-common.inc
39include whitelist-usr-share-common.inc 39include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/seamonkey.profile b/etc/profile-m-z/seamonkey.profile
index c9867719a..807effbeb 100644
--- a/etc/profile-m-z/seamonkey.profile
+++ b/etc/profile-m-z/seamonkey.profile
@@ -6,10 +6,10 @@ include seamonkey.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/mozilla 9noblacklist ${HOME}/.cache/mozilla
10nodeny ${HOME}/.mozilla 10noblacklist ${HOME}/.mozilla
11nodeny ${HOME}/.pki 11noblacklist ${HOME}/.pki
12nodeny ${HOME}/.local/share/pki 12noblacklist ${HOME}/.local/share/pki
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
@@ -20,25 +20,25 @@ mkdir ${HOME}/.cache/mozilla
20mkdir ${HOME}/.mozilla 20mkdir ${HOME}/.mozilla
21mkdir ${HOME}/.pki 21mkdir ${HOME}/.pki
22mkdir ${HOME}/.local/share/pki 22mkdir ${HOME}/.local/share/pki
23allow ${DOWNLOADS} 23whitelist ${DOWNLOADS}
24allow ${HOME}/.cache/gnome-mplayer/plugin 24whitelist ${HOME}/.cache/gnome-mplayer/plugin
25allow ${HOME}/.cache/mozilla 25whitelist ${HOME}/.cache/mozilla
26allow ${HOME}/.config/gnome-mplayer 26whitelist ${HOME}/.config/gnome-mplayer
27allow ${HOME}/.config/pipelight-silverlight5.1 27whitelist ${HOME}/.config/pipelight-silverlight5.1
28allow ${HOME}/.config/pipelight-widevine 28whitelist ${HOME}/.config/pipelight-widevine
29allow ${HOME}/.keysnail.js 29whitelist ${HOME}/.keysnail.js
30allow ${HOME}/.lastpass 30whitelist ${HOME}/.lastpass
31allow ${HOME}/.mozilla 31whitelist ${HOME}/.mozilla
32allow ${HOME}/.pentadactyl 32whitelist ${HOME}/.pentadactyl
33allow ${HOME}/.pentadactylrc 33whitelist ${HOME}/.pentadactylrc
34allow ${HOME}/.pki 34whitelist ${HOME}/.pki
35allow ${HOME}/.local/share/pki 35whitelist ${HOME}/.local/share/pki
36allow ${HOME}/.vimperator 36whitelist ${HOME}/.vimperator
37allow ${HOME}/.vimperatorrc 37whitelist ${HOME}/.vimperatorrc
38allow ${HOME}/.wine-pipelight 38whitelist ${HOME}/.wine-pipelight
39allow ${HOME}/.wine-pipelight64 39whitelist ${HOME}/.wine-pipelight64
40allow ${HOME}/.zotero 40whitelist ${HOME}/.zotero
41allow ${HOME}/dwhelper 41whitelist ${HOME}/dwhelper
42include whitelist-common.inc 42include whitelist-common.inc
43 43
44caps.drop all 44caps.drop all
diff --git a/etc/profile-m-z/server.profile b/etc/profile-m-z/server.profile
index 23f464637..7d56684db 100644
--- a/etc/profile-m-z/server.profile
+++ b/etc/profile-m-z/server.profile
@@ -32,12 +32,12 @@ include globals.local
32# it allows /sbin and /usr/sbin directories - this is where servers are installed 32# it allows /sbin and /usr/sbin directories - this is where servers are installed
33# depending on your usage, you can enable some of the commands below: 33# depending on your usage, you can enable some of the commands below:
34 34
35nodeny /sbin 35noblacklist /sbin
36nodeny /usr/sbin 36noblacklist /usr/sbin
37# noblacklist /var/opt 37# noblacklist /var/opt
38 38
39deny /tmp/.X11-unix 39blacklist /tmp/.X11-unix
40deny ${RUNUSER}/wayland-* 40blacklist ${RUNUSER}/wayland-*
41 41
42include disable-common.inc 42include disable-common.inc
43# include disable-devel.inc 43# include disable-devel.inc
diff --git a/etc/profile-m-z/shellcheck.profile b/etc/profile-m-z/shellcheck.profile
index 0cb9de45a..b7f398f45 100644
--- a/etc/profile-m-z/shellcheck.profile
+++ b/etc/profile-m-z/shellcheck.profile
@@ -7,9 +7,9 @@ include shellcheck.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny ${RUNUSER} 10blacklist ${RUNUSER}
11 11
12nodeny ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-passwdmgr.inc
19include disable-programs.inc 19include disable-programs.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22allow /usr/share/shellcheck 22whitelist /usr/share/shellcheck
23include whitelist-usr-share-common.inc 23include whitelist-usr-share-common.inc
24include whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
diff --git a/etc/profile-m-z/shortwave.profile b/etc/profile-m-z/shortwave.profile
index a8e5f6b18..d629240ec 100644
--- a/etc/profile-m-z/shortwave.profile
+++ b/etc/profile-m-z/shortwave.profile
@@ -6,8 +6,8 @@ include shortwave.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/Shortwave 9noblacklist ${HOME}/.cache/Shortwave
10nodeny ${HOME}/.local/share/Shortwave 10noblacklist ${HOME}/.local/share/Shortwave
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-xdg.inc
19 19
20mkdir ${HOME}/.cache/Shortwave 20mkdir ${HOME}/.cache/Shortwave
21mkdir ${HOME}/.local/share/Shortwave 21mkdir ${HOME}/.local/share/Shortwave
22allow ${HOME}/.cache/Shortwave 22whitelist ${HOME}/.cache/Shortwave
23allow ${HOME}/.local/share/Shortwave 23whitelist ${HOME}/.local/share/Shortwave
24allow /usr/share/shortwave 24whitelist /usr/share/shortwave
25include whitelist-common.inc 25include whitelist-common.inc
26include whitelist-runuser-common.inc 26include whitelist-runuser-common.inc
27include whitelist-usr-share-common.inc 27include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/shotcut.profile b/etc/profile-m-z/shotcut.profile
index 1f3c39c46..63af4d367 100644
--- a/etc/profile-m-z/shotcut.profile
+++ b/etc/profile-m-z/shotcut.profile
@@ -8,7 +8,7 @@ include globals.local
8 8
9ignore noexec ${HOME} 9ignore noexec ${HOME}
10 10
11nodeny ${HOME}/.config/Meltytech 11noblacklist ${HOME}/.config/Meltytech
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-m-z/shotwell.profile b/etc/profile-m-z/shotwell.profile
index b653930c3..ddc8a7743 100644
--- a/etc/profile-m-z/shotwell.profile
+++ b/etc/profile-m-z/shotwell.profile
@@ -6,10 +6,10 @@ include shotwell.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/shotwell 9noblacklist ${HOME}/.cache/shotwell
10nodeny ${HOME}/.local/share/shotwell 10noblacklist ${HOME}/.local/share/shotwell
11 11
12nodeny ${PICTURES} 12noblacklist ${PICTURES}
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
15include disable-exec.inc 15include disable-exec.inc
@@ -21,9 +21,9 @@ include disable-xdg.inc
21 21
22mkdir ${HOME}/.cache/shotwell 22mkdir ${HOME}/.cache/shotwell
23mkdir ${HOME}/.local/share/shotwell 23mkdir ${HOME}/.local/share/shotwell
24allow ${HOME}/.cache/shotwell 24whitelist ${HOME}/.cache/shotwell
25allow ${HOME}/.local/share/shotwell 25whitelist ${HOME}/.local/share/shotwell
26allow ${PICTURES} 26whitelist ${PICTURES}
27include whitelist-common.inc 27include whitelist-common.inc
28include whitelist-runuser-common.inc 28include whitelist-runuser-common.inc
29include whitelist-usr-share-common.inc 29include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/signal-cli.profile b/etc/profile-m-z/signal-cli.profile
index 8a46899f1..478377344 100644
--- a/etc/profile-m-z/signal-cli.profile
+++ b/etc/profile-m-z/signal-cli.profile
@@ -6,10 +6,10 @@ include signal-cli.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9deny /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10deny ${RUNUSER}/wayland-* 10blacklist ${RUNUSER}/wayland-*
11 11
12nodeny ${HOME}/.local/share/signal-cli 12noblacklist ${HOME}/.local/share/signal-cli
13 13
14include allow-java.inc 14include allow-java.inc
15 15
@@ -22,7 +22,7 @@ include disable-programs.inc
22include disable-xdg.inc 22include disable-xdg.inc
23 23
24mkdir ${HOME}/.local/share/signal-cli 24mkdir ${HOME}/.local/share/signal-cli
25allow ${HOME}/.local/share/signal-cli 25whitelist ${HOME}/.local/share/signal-cli
26include whitelist-common.inc 26include whitelist-common.inc
27include whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
diff --git a/etc/profile-m-z/signal-desktop.profile b/etc/profile-m-z/signal-desktop.profile
index a12080748..77a7f5b38 100644
--- a/etc/profile-m-z/signal-desktop.profile
+++ b/etc/profile-m-z/signal-desktop.profile
@@ -9,15 +9,15 @@ ignore novideo
9 9
10ignore noexec /tmp 10ignore noexec /tmp
11 11
12nodeny ${HOME}/.config/Signal 12noblacklist ${HOME}/.config/Signal
13 13
14# These lines are needed to allow Firefox to open links 14# These lines are needed to allow Firefox to open links
15nodeny ${HOME}/.mozilla 15noblacklist ${HOME}/.mozilla
16allow ${HOME}/.mozilla/firefox/profiles.ini 16whitelist ${HOME}/.mozilla/firefox/profiles.ini
17read-only ${HOME}/.mozilla/firefox/profiles.ini 17read-only ${HOME}/.mozilla/firefox/profiles.ini
18 18
19mkdir ${HOME}/.config/Signal 19mkdir ${HOME}/.config/Signal
20allow ${HOME}/.config/Signal 20whitelist ${HOME}/.config/Signal
21 21
22private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl 22private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl
23 23
diff --git a/etc/profile-m-z/simple-scan.profile b/etc/profile-m-z/simple-scan.profile
index 589a44ffc..17920677b 100644
--- a/etc/profile-m-z/simple-scan.profile
+++ b/etc/profile-m-z/simple-scan.profile
@@ -6,8 +6,8 @@ include simple-scan.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/simple-scan 9noblacklist ${HOME}/.cache/simple-scan
10nodeny ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc
16include disable-programs.inc 16include disable-programs.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19allow /usr/share/hplip 19whitelist /usr/share/hplip
20allow /usr/share/simple-scan 20whitelist /usr/share/simple-scan
21include whitelist-usr-share-common.inc 21include whitelist-usr-share-common.inc
22include whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
diff --git a/etc/profile-m-z/simplescreenrecorder.profile b/etc/profile-m-z/simplescreenrecorder.profile
index 83f833508..d664f8bf5 100644
--- a/etc/profile-m-z/simplescreenrecorder.profile
+++ b/etc/profile-m-z/simplescreenrecorder.profile
@@ -6,8 +6,8 @@ include simplescreenrecorder.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${VIDEOS} 9noblacklist ${VIDEOS}
10nodeny ${HOME}/.ssr 10noblacklist ${HOME}/.ssr
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
17include disable-programs.inc 17include disable-programs.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20allow /usr/share/simplescreenrecorder 20whitelist /usr/share/simplescreenrecorder
21include whitelist-usr-share-common.inc 21include whitelist-usr-share-common.inc
22include whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
diff --git a/etc/profile-m-z/simutrans.profile b/etc/profile-m-z/simutrans.profile
index 1d7f41579..afaa0f6d8 100644
--- a/etc/profile-m-z/simutrans.profile
+++ b/etc/profile-m-z/simutrans.profile
@@ -6,7 +6,7 @@ include simutrans.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.simutrans 9noblacklist ${HOME}/.simutrans
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
16include disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.simutrans 18mkdir ${HOME}/.simutrans
19allow ${HOME}/.simutrans 19whitelist ${HOME}/.simutrans
20include whitelist-common.inc 20include whitelist-common.inc
21include whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
diff --git a/etc/profile-m-z/skanlite.profile b/etc/profile-m-z/skanlite.profile
index 98ed624f9..093a61398 100644
--- a/etc/profile-m-z/skanlite.profile
+++ b/etc/profile-m-z/skanlite.profile
@@ -6,7 +6,7 @@ include skanlite.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-m-z/skypeforlinux.profile b/etc/profile-m-z/skypeforlinux.profile
index e7f70eebe..ed04eda8e 100644
--- a/etc/profile-m-z/skypeforlinux.profile
+++ b/etc/profile-m-z/skypeforlinux.profile
@@ -21,7 +21,7 @@ ignore dbus-system none
21ignore apparmor 21ignore apparmor
22ignore noexec /tmp 22ignore noexec /tmp
23 23
24nodeny ${HOME}/.config/skypeforlinux 24noblacklist ${HOME}/.config/skypeforlinux
25 25
26# private-dev - needs /dev/disk 26# private-dev - needs /dev/disk
27 27
diff --git a/etc/profile-m-z/slack.profile b/etc/profile-m-z/slack.profile
index b8299add3..51f6c8b00 100644
--- a/etc/profile-m-z/slack.profile
+++ b/etc/profile-m-z/slack.profile
@@ -16,14 +16,14 @@ ignore private-tmp
16ignore dbus-user none 16ignore dbus-user none
17ignore dbus-system none 17ignore dbus-system none
18 18
19nodeny ${HOME}/.config/Slack 19noblacklist ${HOME}/.config/Slack
20 20
21include allow-bin-sh.inc 21include allow-bin-sh.inc
22 22
23include disable-shell.inc 23include disable-shell.inc
24 24
25mkdir ${HOME}/.config/Slack 25mkdir ${HOME}/.config/Slack
26allow ${HOME}/.config/Slack 26whitelist ${HOME}/.config/Slack
27 27
28private-bin electron,electron[0-9],electron[0-9][0-9],locale,sh,slack 28private-bin electron,electron[0-9],electron[0-9][0-9],locale,sh,slack
29private-etc alternatives,asound.conf,ca-certificates,crypto-policies,debian_version,fedora-release,fonts,group,ld.so.cache,ld.so.conf,localtime,machine-id,os-release,passwd,pki,pulse,redhat-release,resolv.conf,ssl,system-release,system-release-cpe 29private-etc alternatives,asound.conf,ca-certificates,crypto-policies,debian_version,fedora-release,fonts,group,ld.so.cache,ld.so.conf,localtime,machine-id,os-release,passwd,pki,pulse,redhat-release,resolv.conf,ssl,system-release,system-release-cpe
diff --git a/etc/profile-m-z/slashem.profile b/etc/profile-m-z/slashem.profile
index 36a0044dc..c5a31c237 100644
--- a/etc/profile-m-z/slashem.profile
+++ b/etc/profile-m-z/slashem.profile
@@ -6,7 +6,7 @@ include slashem.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny /var/games/slashem 9noblacklist /var/games/slashem
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -15,7 +15,7 @@ include disable-interpreters.inc
15include disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include disable-programs.inc 16include disable-programs.inc
17 17
18allow /var/games/slashem 18whitelist /var/games/slashem
19include whitelist-common.inc 19include whitelist-common.inc
20include whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
diff --git a/etc/profile-m-z/smplayer.profile b/etc/profile-m-z/smplayer.profile
index 4e4334dc0..01547e5c1 100644
--- a/etc/profile-m-z/smplayer.profile
+++ b/etc/profile-m-z/smplayer.profile
@@ -6,9 +6,9 @@ include smplayer.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/smplayer 9noblacklist ${HOME}/.config/smplayer
10nodeny ${HOME}/.config/youtube-dl 10noblacklist ${HOME}/.config/youtube-dl
11nodeny ${HOME}/.mplayer 11noblacklist ${HOME}/.mplayer
12 12
13# Allow lua (blacklisted by disable-interpreters.inc) 13# Allow lua (blacklisted by disable-interpreters.inc)
14include allow-lua.inc 14include allow-lua.inc
@@ -17,8 +17,8 @@ include allow-lua.inc
17include allow-python2.inc 17include allow-python2.inc
18include allow-python3.inc 18include allow-python3.inc
19 19
20nodeny ${MUSIC} 20noblacklist ${MUSIC}
21nodeny ${VIDEOS} 21noblacklist ${VIDEOS}
22 22
23include disable-common.inc 23include disable-common.inc
24include disable-devel.inc 24include disable-devel.inc
@@ -29,9 +29,9 @@ include disable-programs.inc
29include disable-shell.inc 29include disable-shell.inc
30include disable-xdg.inc 30include disable-xdg.inc
31 31
32allow /usr/share/lua* 32whitelist /usr/share/lua*
33allow /usr/share/smplayer 33whitelist /usr/share/smplayer
34allow /usr/share/vulkan 34whitelist /usr/share/vulkan
35include whitelist-usr-share-common.inc 35include whitelist-usr-share-common.inc
36include whitelist-var-common.inc 36include whitelist-var-common.inc
37 37
diff --git a/etc/profile-m-z/smtube.profile b/etc/profile-m-z/smtube.profile
index 99d02ffdf..196950eaf 100644
--- a/etc/profile-m-z/smtube.profile
+++ b/etc/profile-m-z/smtube.profile
@@ -6,14 +6,14 @@ include smtube.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/smplayer 9noblacklist ${HOME}/.config/smplayer
10nodeny ${HOME}/.config/smtube 10noblacklist ${HOME}/.config/smtube
11nodeny ${HOME}/.config/mpv 11noblacklist ${HOME}/.config/mpv
12nodeny ${HOME}/.mplayer 12noblacklist ${HOME}/.mplayer
13nodeny ${HOME}/.config/vlc 13noblacklist ${HOME}/.config/vlc
14nodeny ${HOME}/.local/share/vlc 14noblacklist ${HOME}/.local/share/vlc
15nodeny ${MUSIC} 15noblacklist ${MUSIC}
16nodeny ${VIDEOS} 16noblacklist ${VIDEOS}
17 17
18include disable-common.inc 18include disable-common.inc
19include disable-devel.inc 19include disable-devel.inc
@@ -23,8 +23,8 @@ include disable-passwdmgr.inc
23include disable-programs.inc 23include disable-programs.inc
24include disable-xdg.inc 24include disable-xdg.inc
25 25
26allow /usr/share/smplayer 26whitelist /usr/share/smplayer
27allow /usr/share/smtube 27whitelist /usr/share/smtube
28include whitelist-usr-share-common.inc 28include whitelist-usr-share-common.inc
29include whitelist-var-common.inc 29include whitelist-var-common.inc
30 30
diff --git a/etc/profile-m-z/smuxi-frontend-gnome.profile b/etc/profile-m-z/smuxi-frontend-gnome.profile
index 3a79890cc..c3a9bb858 100644
--- a/etc/profile-m-z/smuxi-frontend-gnome.profile
+++ b/etc/profile-m-z/smuxi-frontend-gnome.profile
@@ -6,9 +6,9 @@ include smuxi-frontend-gnome.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/smuxi 9noblacklist ${HOME}/.cache/smuxi
10nodeny ${HOME}/.config/smuxi 10noblacklist ${HOME}/.config/smuxi
11nodeny ${HOME}/.local/share/smuxi 11noblacklist ${HOME}/.local/share/smuxi
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -21,10 +21,10 @@ include disable-xdg.inc
21mkdir ${HOME}/.cache/smuxi 21mkdir ${HOME}/.cache/smuxi
22mkdir ${HOME}/.config/smuxi 22mkdir ${HOME}/.config/smuxi
23mkdir ${HOME}/.local/share/smuxi 23mkdir ${HOME}/.local/share/smuxi
24allow ${HOME}/.cache/smuxi 24whitelist ${HOME}/.cache/smuxi
25allow ${HOME}/.config/smuxi 25whitelist ${HOME}/.config/smuxi
26allow ${HOME}/.local/share/smuxi 26whitelist ${HOME}/.local/share/smuxi
27allow ${DOWNLOADS} 27whitelist ${DOWNLOADS}
28include whitelist-common.inc 28include whitelist-common.inc
29include whitelist-runuser-common.inc 29include whitelist-runuser-common.inc
30include whitelist-usr-share-common.inc 30include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/snox.profile b/etc/profile-m-z/snox.profile
index 1d315404e..83493652c 100644
--- a/etc/profile-m-z/snox.profile
+++ b/etc/profile-m-z/snox.profile
@@ -10,15 +10,15 @@ ignore whitelist /usr/share/chromium
10ignore include whitelist-runuser-common.inc 10ignore include whitelist-runuser-common.inc
11ignore include whitelist-usr-share-common.inc 11ignore include whitelist-usr-share-common.inc
12 12
13nodeny ${HOME}/.cache/snox 13noblacklist ${HOME}/.cache/snox
14nodeny ${HOME}/.config/snox 14noblacklist ${HOME}/.config/snox
15 15
16#mkdir ${HOME}/.cache/dnox 16#mkdir ${HOME}/.cache/dnox
17#mkdir ${HOME}/.config/dnox 17#mkdir ${HOME}/.config/dnox
18mkdir ${HOME}/.cache/snox 18mkdir ${HOME}/.cache/snox
19mkdir ${HOME}/.config/snox 19mkdir ${HOME}/.config/snox
20allow ${HOME}/.cache/snox 20whitelist ${HOME}/.cache/snox
21allow ${HOME}/.config/snox 21whitelist ${HOME}/.config/snox
22 22
23# Redirect 23# Redirect
24include chromium-common.profile 24include chromium-common.profile
diff --git a/etc/profile-m-z/softmaker-common.profile b/etc/profile-m-z/softmaker-common.profile
index bd4991e81..83315231f 100644
--- a/etc/profile-m-z/softmaker-common.profile
+++ b/etc/profile-m-z/softmaker-common.profile
@@ -10,7 +10,7 @@ include softmaker-common.local
10# with an absolute Exec line. These files are NOT handelt by firecfg, 10# with an absolute Exec line. These files are NOT handelt by firecfg,
11# therefore you must manualy copy them in you home and remove '/usr/bin/'. 11# therefore you must manualy copy them in you home and remove '/usr/bin/'.
12 12
13nodeny ${HOME}/SoftMaker 13noblacklist ${HOME}/SoftMaker
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-interpreters.inc
19include disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include disable-programs.inc 20include disable-programs.inc
21 21
22allow /usr/share/office2018 22whitelist /usr/share/office2018
23allow /usr/share/freeoffice2018 23whitelist /usr/share/freeoffice2018
24include whitelist-usr-share-common.inc 24include whitelist-usr-share-common.inc
25include whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
diff --git a/etc/profile-m-z/sound-juicer.profile b/etc/profile-m-z/sound-juicer.profile
index 16ee39e09..ef00fdfff 100644
--- a/etc/profile-m-z/sound-juicer.profile
+++ b/etc/profile-m-z/sound-juicer.profile
@@ -6,8 +6,8 @@ include sound-juicer.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/sound-juicer 9noblacklist ${HOME}/.config/sound-juicer
10nodeny ${MUSIC} 10noblacklist ${MUSIC}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-m-z/soundconverter.profile b/etc/profile-m-z/soundconverter.profile
index 46da7a453..4dbf34100 100644
--- a/etc/profile-m-z/soundconverter.profile
+++ b/etc/profile-m-z/soundconverter.profile
@@ -10,7 +10,7 @@ include globals.local
10include allow-python2.inc 10include allow-python2.inc
11include allow-python3.inc 11include allow-python3.inc
12 12
13nodeny ${MUSIC} 13noblacklist ${MUSIC}
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-passwdmgr.inc
20include disable-programs.inc 20include disable-programs.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23allow ${DOWNLOADS} 23whitelist ${DOWNLOADS}
24allow ${MUSIC} 24whitelist ${MUSIC}
25allow /usr/share/soundconverter 25whitelist /usr/share/soundconverter
26include whitelist-common.inc 26include whitelist-common.inc
27include whitelist-usr-share-common.inc 27include whitelist-usr-share-common.inc
28include whitelist-var-common.inc 28include whitelist-var-common.inc
diff --git a/etc/profile-m-z/spectacle.profile b/etc/profile-m-z/spectacle.profile
index 08adb5861..4468f21e7 100644
--- a/etc/profile-m-z/spectacle.profile
+++ b/etc/profile-m-z/spectacle.profile
@@ -12,8 +12,8 @@ include globals.local
12#private-etc ca-certificates,crypto-policies,pki,resolv.conf,ssl 12#private-etc ca-certificates,crypto-policies,pki,resolv.conf,ssl
13#protocol unix,inet,inet6 13#protocol unix,inet,inet6
14 14
15nodeny ${HOME}/.config/spectaclerc 15noblacklist ${HOME}/.config/spectaclerc
16nodeny ${PICTURES} 16noblacklist ${PICTURES}
17 17
18include disable-common.inc 18include disable-common.inc
19include disable-devel.inc 19include disable-devel.inc
@@ -24,10 +24,10 @@ include disable-programs.inc
24include disable-xdg.inc 24include disable-xdg.inc
25 25
26mkfile ${HOME}/.config/spectaclerc 26mkfile ${HOME}/.config/spectaclerc
27allow ${HOME}/.config/spectaclerc 27whitelist ${HOME}/.config/spectaclerc
28allow ${PICTURES} 28whitelist ${PICTURES}
29allow /usr/share/kconf_update/spectacle_newConfig.upd 29whitelist /usr/share/kconf_update/spectacle_newConfig.upd
30allow /usr/share/kconf_update/spectacle_shortcuts.upd 30whitelist /usr/share/kconf_update/spectacle_shortcuts.upd
31include whitelist-common.inc 31include whitelist-common.inc
32include whitelist-runuser-common.inc 32include whitelist-runuser-common.inc
33include whitelist-usr-share-common.inc 33include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/spectral.profile b/etc/profile-m-z/spectral.profile
index 4c1b2d3e1..283674517 100644
--- a/etc/profile-m-z/spectral.profile
+++ b/etc/profile-m-z/spectral.profile
@@ -6,8 +6,8 @@ include spectral.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/ENCOM/Spectral 9noblacklist ${HOME}/.cache/ENCOM/Spectral
10nodeny ${HOME}/.config/ENCOM 10noblacklist ${HOME}/.config/ENCOM
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
20 20
21mkdir ${HOME}/.cache/ENCOM/Spectral 21mkdir ${HOME}/.cache/ENCOM/Spectral
22mkdir ${HOME}/.config/ENCOM 22mkdir ${HOME}/.config/ENCOM
23allow ${HOME}/.cache/ENCOM/Spectral 23whitelist ${HOME}/.cache/ENCOM/Spectral
24allow ${HOME}/.config/ENCOM 24whitelist ${HOME}/.config/ENCOM
25allow ${DOWNLOADS} 25whitelist ${DOWNLOADS}
26include whitelist-common.inc 26include whitelist-common.inc
27include whitelist-runuser-common.inc 27include whitelist-runuser-common.inc
28include whitelist-usr-share-common.inc 28include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/spectre-meltdown-checker.profile b/etc/profile-m-z/spectre-meltdown-checker.profile
index 3a3fd838d..984461f90 100644
--- a/etc/profile-m-z/spectre-meltdown-checker.profile
+++ b/etc/profile-m-z/spectre-meltdown-checker.profile
@@ -6,10 +6,10 @@ include spectre-meltdown-checker.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9deny ${RUNUSER}/wayland-* 9blacklist ${RUNUSER}/wayland-*
10 10
11nodeny ${PATH}/mount 11noblacklist ${PATH}/mount
12nodeny ${PATH}/umount 12noblacklist ${PATH}/umount
13 13
14# Allow perl (blacklisted by disable-interpreters.inc) 14# Allow perl (blacklisted by disable-interpreters.inc)
15include allow-perl.inc 15include allow-perl.inc
diff --git a/etc/profile-m-z/spotify.profile b/etc/profile-m-z/spotify.profile
index e1c830268..01bc2bc05 100644
--- a/etc/profile-m-z/spotify.profile
+++ b/etc/profile-m-z/spotify.profile
@@ -5,11 +5,11 @@ include spotify.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.cache/spotify 8noblacklist ${HOME}/.cache/spotify
9nodeny ${HOME}/.config/spotify 9noblacklist ${HOME}/.config/spotify
10nodeny ${HOME}/.local/share/spotify 10noblacklist ${HOME}/.local/share/spotify
11 11
12deny ${HOME}/.bashrc 12blacklist ${HOME}/.bashrc
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
@@ -21,9 +21,9 @@ include disable-programs.inc
21mkdir ${HOME}/.cache/spotify 21mkdir ${HOME}/.cache/spotify
22mkdir ${HOME}/.config/spotify 22mkdir ${HOME}/.config/spotify
23mkdir ${HOME}/.local/share/spotify 23mkdir ${HOME}/.local/share/spotify
24allow ${HOME}/.cache/spotify 24whitelist ${HOME}/.cache/spotify
25allow ${HOME}/.config/spotify 25whitelist ${HOME}/.config/spotify
26allow ${HOME}/.local/share/spotify 26whitelist ${HOME}/.local/share/spotify
27include whitelist-common.inc 27include whitelist-common.inc
28include whitelist-var-common.inc 28include whitelist-var-common.inc
29 29
diff --git a/etc/profile-m-z/sqlitebrowser.profile b/etc/profile-m-z/sqlitebrowser.profile
index aa577b63a..4dd2c7262 100644
--- a/etc/profile-m-z/sqlitebrowser.profile
+++ b/etc/profile-m-z/sqlitebrowser.profile
@@ -6,8 +6,8 @@ include sqlitebrowser.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/sqlitebrowser 9noblacklist ${HOME}/.config/sqlitebrowser
10nodeny ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-m-z/ssh-agent.profile b/etc/profile-m-z/ssh-agent.profile
index e456ebe07..5802299a3 100644
--- a/etc/profile-m-z/ssh-agent.profile
+++ b/etc/profile-m-z/ssh-agent.profile
@@ -9,8 +9,8 @@ include globals.local
9# Allow ssh (blacklisted by disable-common.inc) 9# Allow ssh (blacklisted by disable-common.inc)
10include allow-ssh.inc 10include allow-ssh.inc
11 11
12deny /tmp/.X11-unix 12blacklist /tmp/.X11-unix
13deny ${RUNUSER}/wayland-* 13blacklist ${RUNUSER}/wayland-*
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-passwdmgr.inc 16include disable-passwdmgr.inc
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile
index 8a0d86150..a58642192 100644
--- a/etc/profile-m-z/ssh.profile
+++ b/etc/profile-m-z/ssh.profile
@@ -8,8 +8,8 @@ include ssh.local
8include globals.local 8include globals.local
9 9
10# nc can be used as ProxyCommand, e.g. when using tor 10# nc can be used as ProxyCommand, e.g. when using tor
11nodeny ${PATH}/nc 11noblacklist ${PATH}/nc
12nodeny ${PATH}/ncat 12noblacklist ${PATH}/ncat
13 13
14# Allow ssh (blacklisted by disable-common.inc) 14# Allow ssh (blacklisted by disable-common.inc)
15include allow-ssh.inc 15include allow-ssh.inc
@@ -19,8 +19,8 @@ include disable-exec.inc
19include disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include disable-programs.inc 20include disable-programs.inc
21 21
22allow ${RUNUSER}/gnupg/S.gpg-agent.ssh 22whitelist ${RUNUSER}/gnupg/S.gpg-agent.ssh
23allow ${RUNUSER}/keyring/ssh 23whitelist ${RUNUSER}/keyring/ssh
24include whitelist-usr-share-common.inc 24include whitelist-usr-share-common.inc
25include whitelist-runuser-common.inc 25include whitelist-runuser-common.inc
26 26
diff --git a/etc/profile-m-z/standardnotes-desktop.profile b/etc/profile-m-z/standardnotes-desktop.profile
index 75de118ab..48a532876 100644
--- a/etc/profile-m-z/standardnotes-desktop.profile
+++ b/etc/profile-m-z/standardnotes-desktop.profile
@@ -5,8 +5,8 @@ include standardnotes-desktop.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/Standard Notes Backups 8noblacklist ${HOME}/Standard Notes Backups
9nodeny ${HOME}/.config/Standard Notes 9noblacklist ${HOME}/.config/Standard Notes
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
17 17
18mkdir ${HOME}/Standard Notes Backups 18mkdir ${HOME}/Standard Notes Backups
19mkdir ${HOME}/.config/Standard Notes 19mkdir ${HOME}/.config/Standard Notes
20allow ${HOME}/Standard Notes Backups 20whitelist ${HOME}/Standard Notes Backups
21allow ${HOME}/.config/Standard Notes 21whitelist ${HOME}/.config/Standard Notes
22include whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24apparmor 24apparmor
diff --git a/etc/profile-m-z/start-tor-browser.desktop.profile b/etc/profile-m-z/start-tor-browser.desktop.profile
index 8f75365e8..2f73c9fee 100644
--- a/etc/profile-m-z/start-tor-browser.desktop.profile
+++ b/etc/profile-m-z/start-tor-browser.desktop.profile
@@ -6,71 +6,71 @@ include start-tor-browser.desktop.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser* 9noblacklist ${HOME}/.tor-browser*
10 10
11allow ${HOME}/.tor-browser-ar 11whitelist ${HOME}/.tor-browser-ar
12allow ${HOME}/.tor-browser-ca 12whitelist ${HOME}/.tor-browser-ca
13allow ${HOME}/.tor-browser-cs 13whitelist ${HOME}/.tor-browser-cs
14allow ${HOME}/.tor-browser-da 14whitelist ${HOME}/.tor-browser-da
15allow ${HOME}/.tor-browser-de 15whitelist ${HOME}/.tor-browser-de
16allow ${HOME}/.tor-browser-el 16whitelist ${HOME}/.tor-browser-el
17allow ${HOME}/.tor-browser-en 17whitelist ${HOME}/.tor-browser-en
18allow ${HOME}/.tor-browser-en-us 18whitelist ${HOME}/.tor-browser-en-us
19allow ${HOME}/.tor-browser-es 19whitelist ${HOME}/.tor-browser-es
20allow ${HOME}/.tor-browser-es-es 20whitelist ${HOME}/.tor-browser-es-es
21allow ${HOME}/.tor-browser-fa 21whitelist ${HOME}/.tor-browser-fa
22allow ${HOME}/.tor-browser-fr 22whitelist ${HOME}/.tor-browser-fr
23allow ${HOME}/.tor-browser-ga-ie 23whitelist ${HOME}/.tor-browser-ga-ie
24allow ${HOME}/.tor-browser-he 24whitelist ${HOME}/.tor-browser-he
25allow ${HOME}/.tor-browser-hu 25whitelist ${HOME}/.tor-browser-hu
26allow ${HOME}/.tor-browser-id 26whitelist ${HOME}/.tor-browser-id
27allow ${HOME}/.tor-browser-is 27whitelist ${HOME}/.tor-browser-is
28allow ${HOME}/.tor-browser-it 28whitelist ${HOME}/.tor-browser-it
29allow ${HOME}/.tor-browser-ja 29whitelist ${HOME}/.tor-browser-ja
30allow ${HOME}/.tor-browser-ka 30whitelist ${HOME}/.tor-browser-ka
31allow ${HOME}/.tor-browser-ko 31whitelist ${HOME}/.tor-browser-ko
32allow ${HOME}/.tor-browser-nb 32whitelist ${HOME}/.tor-browser-nb
33allow ${HOME}/.tor-browser-nl 33whitelist ${HOME}/.tor-browser-nl
34allow ${HOME}/.tor-browser-pl 34whitelist ${HOME}/.tor-browser-pl
35allow ${HOME}/.tor-browser-pt-br 35whitelist ${HOME}/.tor-browser-pt-br
36allow ${HOME}/.tor-browser-ru 36whitelist ${HOME}/.tor-browser-ru
37allow ${HOME}/.tor-browser-sv-se 37whitelist ${HOME}/.tor-browser-sv-se
38allow ${HOME}/.tor-browser-tr 38whitelist ${HOME}/.tor-browser-tr
39allow ${HOME}/.tor-browser-vi 39whitelist ${HOME}/.tor-browser-vi
40allow ${HOME}/.tor-browser-zh-cn 40whitelist ${HOME}/.tor-browser-zh-cn
41allow ${HOME}/.tor-browser-zh-tw 41whitelist ${HOME}/.tor-browser-zh-tw
42 42
43allow ${HOME}/.tor-browser_ar 43whitelist ${HOME}/.tor-browser_ar
44allow ${HOME}/.tor-browser_ca 44whitelist ${HOME}/.tor-browser_ca
45allow ${HOME}/.tor-browser_cs 45whitelist ${HOME}/.tor-browser_cs
46allow ${HOME}/.tor-browser_da 46whitelist ${HOME}/.tor-browser_da
47allow ${HOME}/.tor-browser_de 47whitelist ${HOME}/.tor-browser_de
48allow ${HOME}/.tor-browser_el 48whitelist ${HOME}/.tor-browser_el
49allow ${HOME}/.tor-browser_en 49whitelist ${HOME}/.tor-browser_en
50allow ${HOME}/.tor-browser_en_US 50whitelist ${HOME}/.tor-browser_en_US
51allow ${HOME}/.tor-browser_es 51whitelist ${HOME}/.tor-browser_es
52allow ${HOME}/.tor-browser_es-ES 52whitelist ${HOME}/.tor-browser_es-ES
53allow ${HOME}/.tor-browser_fa 53whitelist ${HOME}/.tor-browser_fa
54allow ${HOME}/.tor-browser_fr 54whitelist ${HOME}/.tor-browser_fr
55allow ${HOME}/.tor-browser_ga-IE 55whitelist ${HOME}/.tor-browser_ga-IE
56allow ${HOME}/.tor-browser_he 56whitelist ${HOME}/.tor-browser_he
57allow ${HOME}/.tor-browser_hu 57whitelist ${HOME}/.tor-browser_hu
58allow ${HOME}/.tor-browser_id 58whitelist ${HOME}/.tor-browser_id
59allow ${HOME}/.tor-browser_is 59whitelist ${HOME}/.tor-browser_is
60allow ${HOME}/.tor-browser_it 60whitelist ${HOME}/.tor-browser_it
61allow ${HOME}/.tor-browser_ja 61whitelist ${HOME}/.tor-browser_ja
62allow ${HOME}/.tor-browser_ka 62whitelist ${HOME}/.tor-browser_ka
63allow ${HOME}/.tor-browser_ko 63whitelist ${HOME}/.tor-browser_ko
64allow ${HOME}/.tor-browser_nb 64whitelist ${HOME}/.tor-browser_nb
65allow ${HOME}/.tor-browser_nl 65whitelist ${HOME}/.tor-browser_nl
66allow ${HOME}/.tor-browser_pl 66whitelist ${HOME}/.tor-browser_pl
67allow ${HOME}/.tor-browser_pt-BR 67whitelist ${HOME}/.tor-browser_pt-BR
68allow ${HOME}/.tor-browser_ru 68whitelist ${HOME}/.tor-browser_ru
69allow ${HOME}/.tor-browser_sv-SE 69whitelist ${HOME}/.tor-browser_sv-SE
70allow ${HOME}/.tor-browser_tr 70whitelist ${HOME}/.tor-browser_tr
71allow ${HOME}/.tor-browser_vi 71whitelist ${HOME}/.tor-browser_vi
72allow ${HOME}/.tor-browser_zh-CN 72whitelist ${HOME}/.tor-browser_zh-CN
73allow ${HOME}/.tor-browser_zh-TW 73whitelist ${HOME}/.tor-browser_zh-TW
74 74
75# Redirect 75# Redirect
76include torbrowser-launcher.profile 76include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile
index 09e29373d..06d08f3a2 100644
--- a/etc/profile-m-z/steam.profile
+++ b/etc/profile-m-z/steam.profile
@@ -6,40 +6,40 @@ include steam.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/Epic 9noblacklist ${HOME}/.config/Epic
10nodeny ${HOME}/.config/Loop_Hero 10noblacklist ${HOME}/.config/Loop_Hero
11nodeny ${HOME}/.config/ModTheSpire 11noblacklist ${HOME}/.config/ModTheSpire
12nodeny ${HOME}/.config/RogueLegacy 12noblacklist ${HOME}/.config/RogueLegacy
13nodeny ${HOME}/.config/RogueLegacyStorageContainer 13noblacklist ${HOME}/.config/RogueLegacyStorageContainer
14nodeny ${HOME}/.killingfloor 14noblacklist ${HOME}/.killingfloor
15nodeny ${HOME}/.klei 15noblacklist ${HOME}/.klei
16nodeny ${HOME}/.local/share/3909/PapersPlease 16noblacklist ${HOME}/.local/share/3909/PapersPlease
17nodeny ${HOME}/.local/share/aspyr-media 17noblacklist ${HOME}/.local/share/aspyr-media
18nodeny ${HOME}/.local/share/bohemiainteractive 18noblacklist ${HOME}/.local/share/bohemiainteractive
19nodeny ${HOME}/.local/share/cdprojektred 19noblacklist ${HOME}/.local/share/cdprojektred
20nodeny ${HOME}/.local/share/Dredmor 20noblacklist ${HOME}/.local/share/Dredmor
21nodeny ${HOME}/.local/share/FasterThanLight 21noblacklist ${HOME}/.local/share/FasterThanLight
22nodeny ${HOME}/.local/share/feral-interactive 22noblacklist ${HOME}/.local/share/feral-interactive
23nodeny ${HOME}/.local/share/IntoTheBreach 23noblacklist ${HOME}/.local/share/IntoTheBreach
24nodeny ${HOME}/.local/share/Paradox Interactive 24noblacklist ${HOME}/.local/share/Paradox Interactive
25nodeny ${HOME}/.local/share/PillarsOfEternity 25noblacklist ${HOME}/.local/share/PillarsOfEternity
26nodeny ${HOME}/.local/share/RogueLegacy 26noblacklist ${HOME}/.local/share/RogueLegacy
27nodeny ${HOME}/.local/share/RogueLegacyStorageContainer 27noblacklist ${HOME}/.local/share/RogueLegacyStorageContainer
28nodeny ${HOME}/.local/share/Steam 28noblacklist ${HOME}/.local/share/Steam
29nodeny ${HOME}/.local/share/SteamWorldDig 29noblacklist ${HOME}/.local/share/SteamWorldDig
30nodeny ${HOME}/.local/share/SteamWorld Dig 2 30noblacklist ${HOME}/.local/share/SteamWorld Dig 2
31nodeny ${HOME}/.local/share/SuperHexagon 31noblacklist ${HOME}/.local/share/SuperHexagon
32nodeny ${HOME}/.local/share/Terraria 32noblacklist ${HOME}/.local/share/Terraria
33nodeny ${HOME}/.local/share/vpltd 33noblacklist ${HOME}/.local/share/vpltd
34nodeny ${HOME}/.local/share/vulkan 34noblacklist ${HOME}/.local/share/vulkan
35nodeny ${HOME}/.mbwarband 35noblacklist ${HOME}/.mbwarband
36nodeny ${HOME}/.paradoxinteractive 36noblacklist ${HOME}/.paradoxinteractive
37nodeny ${HOME}/.steam 37noblacklist ${HOME}/.steam
38nodeny ${HOME}/.steampath 38noblacklist ${HOME}/.steampath
39nodeny ${HOME}/.steampid 39noblacklist ${HOME}/.steampid
40# needed for STEAM_RUNTIME_PREFER_HOST_LIBRARIES=1 to work 40# needed for STEAM_RUNTIME_PREFER_HOST_LIBRARIES=1 to work
41nodeny /sbin 41noblacklist /sbin
42nodeny /usr/sbin 42noblacklist /usr/sbin
43 43
44# Allow java (blacklisted by disable-devel.inc) 44# Allow java (blacklisted by disable-devel.inc)
45include allow-java.inc 45include allow-java.inc
@@ -84,38 +84,38 @@ mkdir ${HOME}/.paradoxinteractive
84mkdir ${HOME}/.steam 84mkdir ${HOME}/.steam
85mkfile ${HOME}/.steampath 85mkfile ${HOME}/.steampath
86mkfile ${HOME}/.steampid 86mkfile ${HOME}/.steampid
87allow ${HOME}/.config/Epic 87whitelist ${HOME}/.config/Epic
88allow ${HOME}/.config/Loop_Hero 88whitelist ${HOME}/.config/Loop_Hero
89allow ${HOME}/.config/ModTheSpire 89whitelist ${HOME}/.config/ModTheSpire
90allow ${HOME}/.config/RogueLegacy 90whitelist ${HOME}/.config/RogueLegacy
91allow ${HOME}/.config/RogueLegacyStorageContainer 91whitelist ${HOME}/.config/RogueLegacyStorageContainer
92allow ${HOME}/.config/unity3d 92whitelist ${HOME}/.config/unity3d
93allow ${HOME}/.killingfloor 93whitelist ${HOME}/.killingfloor
94allow ${HOME}/.klei 94whitelist ${HOME}/.klei
95allow ${HOME}/.local/share/3909/PapersPlease 95whitelist ${HOME}/.local/share/3909/PapersPlease
96allow ${HOME}/.local/share/aspyr-media 96whitelist ${HOME}/.local/share/aspyr-media
97allow ${HOME}/.local/share/bohemiainteractive 97whitelist ${HOME}/.local/share/bohemiainteractive
98allow ${HOME}/.local/share/cdprojektred 98whitelist ${HOME}/.local/share/cdprojektred
99allow ${HOME}/.local/share/Dredmor 99whitelist ${HOME}/.local/share/Dredmor
100allow ${HOME}/.local/share/FasterThanLight 100whitelist ${HOME}/.local/share/FasterThanLight
101allow ${HOME}/.local/share/feral-interactive 101whitelist ${HOME}/.local/share/feral-interactive
102allow ${HOME}/.local/share/IntoTheBreach 102whitelist ${HOME}/.local/share/IntoTheBreach
103allow ${HOME}/.local/share/Paradox Interactive 103whitelist ${HOME}/.local/share/Paradox Interactive
104allow ${HOME}/.local/share/PillarsOfEternity 104whitelist ${HOME}/.local/share/PillarsOfEternity
105allow ${HOME}/.local/share/RogueLegacy 105whitelist ${HOME}/.local/share/RogueLegacy
106allow ${HOME}/.local/share/RogueLegacyStorageContainer 106whitelist ${HOME}/.local/share/RogueLegacyStorageContainer
107allow ${HOME}/.local/share/Steam 107whitelist ${HOME}/.local/share/Steam
108allow ${HOME}/.local/share/SteamWorldDig 108whitelist ${HOME}/.local/share/SteamWorldDig
109allow ${HOME}/.local/share/SteamWorld Dig 2 109whitelist ${HOME}/.local/share/SteamWorld Dig 2
110allow ${HOME}/.local/share/SuperHexagon 110whitelist ${HOME}/.local/share/SuperHexagon
111allow ${HOME}/.local/share/Terraria 111whitelist ${HOME}/.local/share/Terraria
112allow ${HOME}/.local/share/vpltd 112whitelist ${HOME}/.local/share/vpltd
113allow ${HOME}/.local/share/vulkan 113whitelist ${HOME}/.local/share/vulkan
114allow ${HOME}/.mbwarband 114whitelist ${HOME}/.mbwarband
115allow ${HOME}/.paradoxinteractive 115whitelist ${HOME}/.paradoxinteractive
116allow ${HOME}/.steam 116whitelist ${HOME}/.steam
117allow ${HOME}/.steampath 117whitelist ${HOME}/.steampath
118allow ${HOME}/.steampid 118whitelist ${HOME}/.steampid
119include whitelist-common.inc 119include whitelist-common.inc
120include whitelist-var-common.inc 120include whitelist-var-common.inc
121 121
diff --git a/etc/profile-m-z/stellarium.profile b/etc/profile-m-z/stellarium.profile
index 003d3a079..a752ab53c 100644
--- a/etc/profile-m-z/stellarium.profile
+++ b/etc/profile-m-z/stellarium.profile
@@ -6,8 +6,8 @@ include stellarium.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/stellarium 9noblacklist ${HOME}/.config/stellarium
10nodeny ${HOME}/.stellarium 10noblacklist ${HOME}/.stellarium
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-shell.inc
19 19
20mkdir ${HOME}/.config/stellarium 20mkdir ${HOME}/.config/stellarium
21mkdir ${HOME}/.stellarium 21mkdir ${HOME}/.stellarium
22allow ${HOME}/.config/stellarium 22whitelist ${HOME}/.config/stellarium
23allow ${HOME}/.stellarium 23whitelist ${HOME}/.stellarium
24include whitelist-common.inc 24include whitelist-common.inc
25include whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
diff --git a/etc/profile-m-z/straw-viewer.profile b/etc/profile-m-z/straw-viewer.profile
index dd643bc20..d73927f2a 100644
--- a/etc/profile-m-z/straw-viewer.profile
+++ b/etc/profile-m-z/straw-viewer.profile
@@ -7,13 +7,13 @@ include straw-viewer.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${HOME}/.cache/straw-viewer 10noblacklist ${HOME}/.cache/straw-viewer
11nodeny ${HOME}/.config/straw-viewer 11noblacklist ${HOME}/.config/straw-viewer
12 12
13mkdir ${HOME}/.config/straw-viewer 13mkdir ${HOME}/.config/straw-viewer
14mkdir ${HOME}/.cache/straw-viewer 14mkdir ${HOME}/.cache/straw-viewer
15allow ${HOME}/.cache/straw-viewer 15whitelist ${HOME}/.cache/straw-viewer
16allow ${HOME}/.config/straw-viewer 16whitelist ${HOME}/.config/straw-viewer
17 17
18private-bin gtk-straw-viewer,straw-viewer 18private-bin gtk-straw-viewer,straw-viewer
19 19
diff --git a/etc/profile-m-z/strawberry.profile b/etc/profile-m-z/strawberry.profile
index aed0b7910..b87906f55 100644
--- a/etc/profile-m-z/strawberry.profile
+++ b/etc/profile-m-z/strawberry.profile
@@ -6,10 +6,10 @@ include strawberry.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/strawberry 9noblacklist ${HOME}/.cache/strawberry
10nodeny ${HOME}/.config/strawberry 10noblacklist ${HOME}/.config/strawberry
11nodeny ${HOME}/.local/share/strawberry 11noblacklist ${HOME}/.local/share/strawberry
12nodeny ${MUSIC} 12noblacklist ${MUSIC}
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
diff --git a/etc/profile-m-z/strings.profile b/etc/profile-m-z/strings.profile
index 5c820ef81..1ebcded7f 100644
--- a/etc/profile-m-z/strings.profile
+++ b/etc/profile-m-z/strings.profile
@@ -7,7 +7,7 @@ include strings.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny ${RUNUSER} 10blacklist ${RUNUSER}
11 11
12#include disable-common.inc 12#include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-m-z/subdownloader.profile b/etc/profile-m-z/subdownloader.profile
index 0d07b5ea7..bbe92fd38 100644
--- a/etc/profile-m-z/subdownloader.profile
+++ b/etc/profile-m-z/subdownloader.profile
@@ -6,8 +6,8 @@ include subdownloader.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/SubDownloader 9noblacklist ${HOME}/.config/SubDownloader
10nodeny ${VIDEOS} 10noblacklist ${VIDEOS}
11 11
12# Allow python (blacklisted by disable-interpreters.inc) 12# Allow python (blacklisted by disable-interpreters.inc)
13include allow-python2.inc 13include allow-python2.inc
diff --git a/etc/profile-m-z/supertux2.profile b/etc/profile-m-z/supertux2.profile
index 8cc547805..cfd7a63ea 100644
--- a/etc/profile-m-z/supertux2.profile
+++ b/etc/profile-m-z/supertux2.profile
@@ -6,7 +6,7 @@ include supertux2.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.local/share/supertux2 9noblacklist ${HOME}/.local/share/supertux2
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.local/share/supertux2 20mkdir ${HOME}/.local/share/supertux2
21allow ${HOME}/.local/share/supertux2 21whitelist ${HOME}/.local/share/supertux2
22allow /usr/share/supertux2 22whitelist /usr/share/supertux2
23allow /usr/share/games/supertux2 # Debian version 23whitelist /usr/share/games/supertux2 # Debian version
24include whitelist-common.inc 24include whitelist-common.inc
25include whitelist-runuser-common.inc 25include whitelist-runuser-common.inc
26include whitelist-usr-share-common.inc 26include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/supertuxkart.profile b/etc/profile-m-z/supertuxkart.profile
index 44dc1524f..4eb8f921c 100644
--- a/etc/profile-m-z/supertuxkart.profile
+++ b/etc/profile-m-z/supertuxkart.profile
@@ -6,11 +6,11 @@ include supertuxkart.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/supertuxkart 9noblacklist ${HOME}/.config/supertuxkart
10nodeny ${HOME}/.cache/supertuxkart 10noblacklist ${HOME}/.cache/supertuxkart
11nodeny ${HOME}/.local/share/supertuxkart 11noblacklist ${HOME}/.local/share/supertuxkart
12 12
13deny /usr/libexec 13blacklist /usr/libexec
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
@@ -24,11 +24,11 @@ include disable-xdg.inc
24mkdir ${HOME}/.config/supertuxkart 24mkdir ${HOME}/.config/supertuxkart
25mkdir ${HOME}/.cache/supertuxkart 25mkdir ${HOME}/.cache/supertuxkart
26mkdir ${HOME}/.local/share/supertuxkart 26mkdir ${HOME}/.local/share/supertuxkart
27allow ${HOME}/.config/supertuxkart 27whitelist ${HOME}/.config/supertuxkart
28allow ${HOME}/.cache/supertuxkart 28whitelist ${HOME}/.cache/supertuxkart
29allow ${HOME}/.local/share/supertuxkart 29whitelist ${HOME}/.local/share/supertuxkart
30allow /usr/share/supertuxkart 30whitelist /usr/share/supertuxkart
31allow /usr/share/games/supertuxkart # Debian version 31whitelist /usr/share/games/supertuxkart # Debian version
32include whitelist-common.inc 32include whitelist-common.inc
33include whitelist-runuser-common.inc 33include whitelist-runuser-common.inc
34include whitelist-usr-share-common.inc 34include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/surf.profile b/etc/profile-m-z/surf.profile
index fd1e7f9e9..8db7d2433 100644
--- a/etc/profile-m-z/surf.profile
+++ b/etc/profile-m-z/surf.profile
@@ -6,7 +6,7 @@ include surf.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.surf 9noblacklist ${HOME}/.surf
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -15,8 +15,8 @@ include disable-passwdmgr.inc
15include disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.surf 17mkdir ${HOME}/.surf
18allow ${HOME}/.surf 18whitelist ${HOME}/.surf
19allow ${DOWNLOADS} 19whitelist ${DOWNLOADS}
20include whitelist-common.inc 20include whitelist-common.inc
21 21
22caps.drop all 22caps.drop all
diff --git a/etc/profile-m-z/swell-foop.profile b/etc/profile-m-z/swell-foop.profile
index 55cd0965a..9efae815d 100644
--- a/etc/profile-m-z/swell-foop.profile
+++ b/etc/profile-m-z/swell-foop.profile
@@ -6,12 +6,12 @@ include swell-foop.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.local/share/swell-foop 9noblacklist ${HOME}/.local/share/swell-foop
10 10
11mkdir ${HOME}/.local/share/swell-foop 11mkdir ${HOME}/.local/share/swell-foop
12allow ${HOME}/.local/share/swell-foop 12whitelist ${HOME}/.local/share/swell-foop
13 13
14allow /usr/share/swell-foop 14whitelist /usr/share/swell-foop
15 15
16private-bin swell-foop 16private-bin swell-foop
17 17
diff --git a/etc/profile-m-z/sylpheed.profile b/etc/profile-m-z/sylpheed.profile
index 447cdc99e..328812b04 100644
--- a/etc/profile-m-z/sylpheed.profile
+++ b/etc/profile-m-z/sylpheed.profile
@@ -6,12 +6,12 @@ include sylpheed.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.sylpheed-2.0 9noblacklist ${HOME}/.sylpheed-2.0
10 10
11mkdir ${HOME}/.sylpheed-2.0 11mkdir ${HOME}/.sylpheed-2.0
12allow ${HOME}/.sylpheed-2.0 12whitelist ${HOME}/.sylpheed-2.0
13 13
14allow /usr/share/sylpheed 14whitelist /usr/share/sylpheed
15 15
16# private-bin curl,gpg,gpg2,gpg-agent,gpgsm,pinentry,pinentry-gtk-2,sylpheed 16# private-bin curl,gpg,gpg2,gpg-agent,gpgsm,pinentry,pinentry-gtk-2,sylpheed
17 17
diff --git a/etc/profile-m-z/synfigstudio.profile b/etc/profile-m-z/synfigstudio.profile
index 7cbbafd54..c60186c42 100644
--- a/etc/profile-m-z/synfigstudio.profile
+++ b/etc/profile-m-z/synfigstudio.profile
@@ -6,8 +6,8 @@ include synfigstudio.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/synfig 9noblacklist ${HOME}/.config/synfig
10nodeny ${HOME}/.synfig 10noblacklist ${HOME}/.synfig
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-m-z/sysprof.profile b/etc/profile-m-z/sysprof.profile
index f20f88791..b52b25b96 100644
--- a/etc/profile-m-z/sysprof.profile
+++ b/etc/profile-m-z/sysprof.profile
@@ -6,7 +6,7 @@ include sysprof.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10include disable-common.inc 10include disable-common.inc
11include disable-devel.inc 11include disable-devel.inc
12include disable-exec.inc 12include disable-exec.inc
@@ -24,15 +24,15 @@ include disable-xdg.inc
24#nowhitelist /usr/share/yelp-tools 24#nowhitelist /usr/share/yelp-tools
25#nowhitelist /usr/share/yelp-xsl 25#nowhitelist /usr/share/yelp-xsl
26 26
27nodeny ${HOME}/.config/yelp 27noblacklist ${HOME}/.config/yelp
28mkdir ${HOME}/.config/yelp 28mkdir ${HOME}/.config/yelp
29allow ${HOME}/.config/yelp 29whitelist ${HOME}/.config/yelp
30allow /usr/share/help/C/sysprof 30whitelist /usr/share/help/C/sysprof
31allow /usr/share/yelp 31whitelist /usr/share/yelp
32allow /usr/share/yelp-tools 32whitelist /usr/share/yelp-tools
33allow /usr/share/yelp-xsl 33whitelist /usr/share/yelp-xsl
34 34
35allow ${DOCUMENTS} 35whitelist ${DOCUMENTS}
36include whitelist-common.inc 36include whitelist-common.inc
37include whitelist-runuser-common.inc 37include whitelist-runuser-common.inc
38include whitelist-usr-share-common.inc 38include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/tar.profile b/etc/profile-m-z/tar.profile
index 74c8a0849..0d3a900e9 100644
--- a/etc/profile-m-z/tar.profile
+++ b/etc/profile-m-z/tar.profile
@@ -12,7 +12,7 @@ ignore include disable-shell.inc
12 12
13# Arch Linux (based distributions) need access to /var/lib/pacman. As we drop 13# Arch Linux (based distributions) need access to /var/lib/pacman. As we drop
14# all capabilities this is automatically read-only. 14# all capabilities this is automatically read-only.
15nodeny /var/lib/pacman 15noblacklist /var/lib/pacman
16 16
17private-etc alternatives,group,localtime,login.defs,passwd 17private-etc alternatives,group,localtime,login.defs,passwd
18#private-lib libfakeroot,liblzma.so.*,libreadline.so.* 18#private-lib libfakeroot,liblzma.so.*,libreadline.so.*
diff --git a/etc/profile-m-z/tb-starter-wrapper.profile b/etc/profile-m-z/tb-starter-wrapper.profile
index 691c33191..ffe9605b6 100644
--- a/etc/profile-m-z/tb-starter-wrapper.profile
+++ b/etc/profile-m-z/tb-starter-wrapper.profile
@@ -8,10 +8,10 @@ include tb-starter-wrapper.local
8# added by included profile 8# added by included profile
9#include globals.local 9#include globals.local
10 10
11nodeny ${HOME}/.tb 11noblacklist ${HOME}/.tb
12 12
13mkdir ${HOME}/.tb 13mkdir ${HOME}/.tb
14allow ${HOME}/.tb 14whitelist ${HOME}/.tb
15 15
16private-bin tb-starter-wrapper 16private-bin tb-starter-wrapper
17 17
diff --git a/etc/profile-m-z/tcpdump.profile b/etc/profile-m-z/tcpdump.profile
index b4c4873b3..e2ba5893c 100644
--- a/etc/profile-m-z/tcpdump.profile
+++ b/etc/profile-m-z/tcpdump.profile
@@ -6,9 +6,9 @@ include tcpdump.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny /sbin 9noblacklist /sbin
10nodeny /usr/sbin 10noblacklist /usr/sbin
11nodeny ${PATH}/tcpdump 11noblacklist ${PATH}/tcpdump
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-m-z/teams-for-linux.profile b/etc/profile-m-z/teams-for-linux.profile
index 24cbb42da..eee083332 100644
--- a/etc/profile-m-z/teams-for-linux.profile
+++ b/etc/profile-m-z/teams-for-linux.profile
@@ -14,10 +14,10 @@ ignore include whitelist-usr-share-common.inc
14ignore dbus-user none 14ignore dbus-user none
15ignore dbus-system none 15ignore dbus-system none
16 16
17nodeny ${HOME}/.config/teams-for-linux 17noblacklist ${HOME}/.config/teams-for-linux
18 18
19mkdir ${HOME}/.config/teams-for-linux 19mkdir ${HOME}/.config/teams-for-linux
20allow ${HOME}/.config/teams-for-linux 20whitelist ${HOME}/.config/teams-for-linux
21 21
22private-bin bash,cut,echo,egrep,grep,head,sed,sh,teams-for-linux,tr,xdg-mime,xdg-open,zsh 22private-bin bash,cut,echo,egrep,grep,head,sed,sh,teams-for-linux,tr,xdg-mime,xdg-open,zsh
23private-etc ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,resolv.conf,ssl 23private-etc ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,resolv.conf,ssl
diff --git a/etc/profile-m-z/teams.profile b/etc/profile-m-z/teams.profile
index 8639edbc8..c8d98cbaa 100644
--- a/etc/profile-m-z/teams.profile
+++ b/etc/profile-m-z/teams.profile
@@ -18,13 +18,13 @@ ignore apparmor
18ignore dbus-user none 18ignore dbus-user none
19ignore dbus-system none 19ignore dbus-system none
20 20
21nodeny ${HOME}/.config/teams 21noblacklist ${HOME}/.config/teams
22nodeny ${HOME}/.config/Microsoft 22noblacklist ${HOME}/.config/Microsoft
23 23
24mkdir ${HOME}/.config/teams 24mkdir ${HOME}/.config/teams
25mkdir ${HOME}/.config/Microsoft 25mkdir ${HOME}/.config/Microsoft
26allow ${HOME}/.config/teams 26whitelist ${HOME}/.config/teams
27allow ${HOME}/.config/Microsoft 27whitelist ${HOME}/.config/Microsoft
28 28
29# Redirect 29# Redirect
30include electron.profile 30include electron.profile
diff --git a/etc/profile-m-z/teamspeak3.profile b/etc/profile-m-z/teamspeak3.profile
index 781a5f4eb..02a2c8ae4 100644
--- a/etc/profile-m-z/teamspeak3.profile
+++ b/etc/profile-m-z/teamspeak3.profile
@@ -6,8 +6,8 @@ include teamspeak3.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.ts3client 9noblacklist ${HOME}/.ts3client
10nodeny ${PATH}/openssl 10noblacklist ${PATH}/openssl
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-passwdmgr.inc
17include disable-programs.inc 17include disable-programs.inc
18 18
19mkdir ${HOME}/.ts3client 19mkdir ${HOME}/.ts3client
20allow ${DOWNLOADS} 20whitelist ${DOWNLOADS}
21allow ${HOME}/.ts3client 21whitelist ${HOME}/.ts3client
22include whitelist-common.inc 22include whitelist-common.inc
23 23
24caps.drop all 24caps.drop all
diff --git a/etc/profile-m-z/teeworlds.profile b/etc/profile-m-z/teeworlds.profile
index c9c444ffc..be01aee12 100644
--- a/etc/profile-m-z/teeworlds.profile
+++ b/etc/profile-m-z/teeworlds.profile
@@ -6,7 +6,7 @@ include teeworlds.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.teeworlds 9noblacklist ${HOME}/.teeworlds
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.teeworlds 20mkdir ${HOME}/.teeworlds
21allow ${HOME}/.teeworlds 21whitelist ${HOME}/.teeworlds
22include whitelist-common.inc 22include whitelist-common.inc
23include whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
diff --git a/etc/profile-m-z/telegram.profile b/etc/profile-m-z/telegram.profile
index 92689a461..e7580938d 100644
--- a/etc/profile-m-z/telegram.profile
+++ b/etc/profile-m-z/telegram.profile
@@ -5,8 +5,8 @@ include telegram.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.TelegramDesktop 8noblacklist ${HOME}/.TelegramDesktop
9nodeny ${HOME}/.local/share/TelegramDesktop 9noblacklist ${HOME}/.local/share/TelegramDesktop
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-xdg.inc
19 19
20mkdir ${HOME}/.TelegramDesktop 20mkdir ${HOME}/.TelegramDesktop
21mkdir ${HOME}/.local/share/TelegramDesktop 21mkdir ${HOME}/.local/share/TelegramDesktop
22allow ${HOME}/.TelegramDesktop 22whitelist ${HOME}/.TelegramDesktop
23allow ${HOME}/.local/share/TelegramDesktop 23whitelist ${HOME}/.local/share/TelegramDesktop
24allow ${DOWNLOADS} 24whitelist ${DOWNLOADS}
25include whitelist-common.inc 25include whitelist-common.inc
26include whitelist-runuser-common.inc 26include whitelist-runuser-common.inc
27include whitelist-usr-share-common.inc 27include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/terasology.profile b/etc/profile-m-z/terasology.profile
index b2f98fbac..ce2ca1d17 100644
--- a/etc/profile-m-z/terasology.profile
+++ b/etc/profile-m-z/terasology.profile
@@ -7,7 +7,7 @@ include globals.local
7 7
8ignore noexec /tmp 8ignore noexec /tmp
9 9
10nodeny ${HOME}/.local/share/terasology 10noblacklist ${HOME}/.local/share/terasology
11 11
12# Allow java (blacklisted by disable-devel.inc) 12# Allow java (blacklisted by disable-devel.inc)
13include allow-java.inc 13include allow-java.inc
@@ -21,8 +21,8 @@ include disable-programs.inc
21 21
22mkdir ${HOME}/.java 22mkdir ${HOME}/.java
23mkdir ${HOME}/.local/share/terasology 23mkdir ${HOME}/.local/share/terasology
24allow ${HOME}/.java 24whitelist ${HOME}/.java
25allow ${HOME}/.local/share/terasology 25whitelist ${HOME}/.local/share/terasology
26include whitelist-common.inc 26include whitelist-common.inc
27 27
28caps.drop all 28caps.drop all
diff --git a/etc/profile-m-z/thunderbird.profile b/etc/profile-m-z/thunderbird.profile
index a539cadf8..b478fbe1e 100644
--- a/etc/profile-m-z/thunderbird.profile
+++ b/etc/profile-m-z/thunderbird.profile
@@ -22,14 +22,14 @@ writable-run-user
22#writable-var 22#writable-var
23 23
24# These lines are needed to allow Firefox to load your profile when clicking a link in an email 24# These lines are needed to allow Firefox to load your profile when clicking a link in an email
25nodeny ${HOME}/.mozilla 25noblacklist ${HOME}/.mozilla
26allow ${HOME}/.mozilla/firefox/profiles.ini 26whitelist ${HOME}/.mozilla/firefox/profiles.ini
27read-only ${HOME}/.mozilla/firefox/profiles.ini 27read-only ${HOME}/.mozilla/firefox/profiles.ini
28 28
29nodeny ${HOME}/.cache/thunderbird 29noblacklist ${HOME}/.cache/thunderbird
30nodeny ${HOME}/.gnupg 30noblacklist ${HOME}/.gnupg
31# noblacklist ${HOME}/.icedove 31# noblacklist ${HOME}/.icedove
32nodeny ${HOME}/.thunderbird 32noblacklist ${HOME}/.thunderbird
33 33
34include disable-passwdmgr.inc 34include disable-passwdmgr.inc
35include disable-xdg.inc 35include disable-xdg.inc
@@ -42,15 +42,15 @@ mkdir ${HOME}/.cache/thunderbird
42mkdir ${HOME}/.gnupg 42mkdir ${HOME}/.gnupg
43# mkdir ${HOME}/.icedove 43# mkdir ${HOME}/.icedove
44mkdir ${HOME}/.thunderbird 44mkdir ${HOME}/.thunderbird
45allow ${HOME}/.cache/thunderbird 45whitelist ${HOME}/.cache/thunderbird
46allow ${HOME}/.gnupg 46whitelist ${HOME}/.gnupg
47# whitelist ${HOME}/.icedove 47# whitelist ${HOME}/.icedove
48allow ${HOME}/.thunderbird 48whitelist ${HOME}/.thunderbird
49 49
50allow /usr/share/gnupg 50whitelist /usr/share/gnupg
51allow /usr/share/mozilla 51whitelist /usr/share/mozilla
52allow /usr/share/thunderbird 52whitelist /usr/share/thunderbird
53allow /usr/share/webext 53whitelist /usr/share/webext
54include whitelist-usr-share-common.inc 54include whitelist-usr-share-common.inc
55 55
56# machine-id breaks audio in browsers; enable or put it in your thunderbird.local when sound is not required 56# machine-id breaks audio in browsers; enable or put it in your thunderbird.local when sound is not required
diff --git a/etc/profile-m-z/tilp.profile b/etc/profile-m-z/tilp.profile
index b0fa54f08..dd4a372c4 100644
--- a/etc/profile-m-z/tilp.profile
+++ b/etc/profile-m-z/tilp.profile
@@ -5,7 +5,7 @@ include tilp.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.tilp 8noblacklist ${HOME}/.tilp
9 9
10include disable-common.inc 10include disable-common.inc
11include disable-devel.inc 11include disable-devel.inc
diff --git a/etc/profile-m-z/tin.profile b/etc/profile-m-z/tin.profile
index 3ee696b8b..e0ed3090a 100644
--- a/etc/profile-m-z/tin.profile
+++ b/etc/profile-m-z/tin.profile
@@ -6,12 +6,12 @@ include tin.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.newsrc 9noblacklist ${HOME}/.newsrc
10nodeny ${HOME}/.tin 10noblacklist ${HOME}/.tin
11 11
12deny /tmp/.X11-unix 12blacklist /tmp/.X11-unix
13deny ${RUNUSER} 13blacklist ${RUNUSER}
14deny /usr/libexec 14blacklist /usr/libexec
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
diff --git a/etc/profile-m-z/tmux.profile b/etc/profile-m-z/tmux.profile
index d2e90e356..0139d7515 100644
--- a/etc/profile-m-z/tmux.profile
+++ b/etc/profile-m-z/tmux.profile
@@ -7,10 +7,10 @@ include tmux.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11deny ${RUNUSER} 11blacklist ${RUNUSER}
12 12
13nodeny /tmp/tmux-* 13noblacklist /tmp/tmux-*
14 14
15# include disable-common.inc 15# include disable-common.inc
16# include disable-devel.inc 16# include disable-devel.inc
diff --git a/etc/profile-m-z/tor-browser-ar.profile b/etc/profile-m-z/tor-browser-ar.profile
index 49158b93e..59f1bc3b1 100644
--- a/etc/profile-m-z/tor-browser-ar.profile
+++ b/etc/profile-m-z/tor-browser-ar.profile
@@ -6,10 +6,10 @@ include tor-browser-ar.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-ar 9noblacklist ${HOME}/.tor-browser-ar
10 10
11mkdir ${HOME}/.tor-browser-ar 11mkdir ${HOME}/.tor-browser-ar
12allow ${HOME}/.tor-browser-ar 12whitelist ${HOME}/.tor-browser-ar
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ca.profile b/etc/profile-m-z/tor-browser-ca.profile
index 612f8bd7c..68577e352 100644
--- a/etc/profile-m-z/tor-browser-ca.profile
+++ b/etc/profile-m-z/tor-browser-ca.profile
@@ -6,10 +6,10 @@ include tor-browser-ca.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-ca 9noblacklist ${HOME}/.tor-browser-ca
10 10
11mkdir ${HOME}/.tor-browser-ca 11mkdir ${HOME}/.tor-browser-ca
12allow ${HOME}/.tor-browser-ca 12whitelist ${HOME}/.tor-browser-ca
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-cs.profile b/etc/profile-m-z/tor-browser-cs.profile
index a400fde05..33e51fcd0 100644
--- a/etc/profile-m-z/tor-browser-cs.profile
+++ b/etc/profile-m-z/tor-browser-cs.profile
@@ -6,10 +6,10 @@ include tor-browser-cs.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-cs 9noblacklist ${HOME}/.tor-browser-cs
10 10
11mkdir ${HOME}/.tor-browser-cs 11mkdir ${HOME}/.tor-browser-cs
12allow ${HOME}/.tor-browser-cs 12whitelist ${HOME}/.tor-browser-cs
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-da.profile b/etc/profile-m-z/tor-browser-da.profile
index 9010025e3..440bb7fc3 100644
--- a/etc/profile-m-z/tor-browser-da.profile
+++ b/etc/profile-m-z/tor-browser-da.profile
@@ -6,10 +6,10 @@ include tor-browser-da.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-da 9noblacklist ${HOME}/.tor-browser-da
10 10
11mkdir ${HOME}/.tor-browser-da 11mkdir ${HOME}/.tor-browser-da
12allow ${HOME}/.tor-browser-da 12whitelist ${HOME}/.tor-browser-da
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-de.profile b/etc/profile-m-z/tor-browser-de.profile
index cd556c32b..b2b98cf82 100644
--- a/etc/profile-m-z/tor-browser-de.profile
+++ b/etc/profile-m-z/tor-browser-de.profile
@@ -6,10 +6,10 @@ include tor-browser-de.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-de 9noblacklist ${HOME}/.tor-browser-de
10 10
11mkdir ${HOME}/.tor-browser-de 11mkdir ${HOME}/.tor-browser-de
12allow ${HOME}/.tor-browser-de 12whitelist ${HOME}/.tor-browser-de
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-el.profile b/etc/profile-m-z/tor-browser-el.profile
index ee2b0fea7..626757dd5 100644
--- a/etc/profile-m-z/tor-browser-el.profile
+++ b/etc/profile-m-z/tor-browser-el.profile
@@ -6,10 +6,10 @@ include tor-browser-el.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-el 9noblacklist ${HOME}/.tor-browser-el
10 10
11mkdir ${HOME}/.tor-browser-el 11mkdir ${HOME}/.tor-browser-el
12allow ${HOME}/.tor-browser-el 12whitelist ${HOME}/.tor-browser-el
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-en-us.profile b/etc/profile-m-z/tor-browser-en-us.profile
index 2be71a5aa..15e690748 100644
--- a/etc/profile-m-z/tor-browser-en-us.profile
+++ b/etc/profile-m-z/tor-browser-en-us.profile
@@ -6,10 +6,10 @@ include tor-browser-en-us.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-en-us 9noblacklist ${HOME}/.tor-browser-en-us
10 10
11mkdir ${HOME}/.tor-browser-en-us 11mkdir ${HOME}/.tor-browser-en-us
12allow ${HOME}/.tor-browser-en-us 12whitelist ${HOME}/.tor-browser-en-us
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-en.profile b/etc/profile-m-z/tor-browser-en.profile
index 633c2f4f9..ef8c1eb8b 100644
--- a/etc/profile-m-z/tor-browser-en.profile
+++ b/etc/profile-m-z/tor-browser-en.profile
@@ -6,10 +6,10 @@ include tor-browser-en.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-en 9noblacklist ${HOME}/.tor-browser-en
10 10
11mkdir ${HOME}/.tor-browser-en 11mkdir ${HOME}/.tor-browser-en
12allow ${HOME}/.tor-browser-en 12whitelist ${HOME}/.tor-browser-en
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-es-es.profile b/etc/profile-m-z/tor-browser-es-es.profile
index f7c2302a7..ad734662e 100644
--- a/etc/profile-m-z/tor-browser-es-es.profile
+++ b/etc/profile-m-z/tor-browser-es-es.profile
@@ -6,10 +6,10 @@ include tor-browser-es-es.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-es-es 9noblacklist ${HOME}/.tor-browser-es-es
10 10
11mkdir ${HOME}/.tor-browser-es-es 11mkdir ${HOME}/.tor-browser-es-es
12allow ${HOME}/.tor-browser-es-es 12whitelist ${HOME}/.tor-browser-es-es
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-es.profile b/etc/profile-m-z/tor-browser-es.profile
index d88dcdec1..97d8d8577 100644
--- a/etc/profile-m-z/tor-browser-es.profile
+++ b/etc/profile-m-z/tor-browser-es.profile
@@ -6,10 +6,10 @@ include tor-browser-es.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-es 9noblacklist ${HOME}/.tor-browser-es
10 10
11mkdir ${HOME}/.tor-browser-es 11mkdir ${HOME}/.tor-browser-es
12allow ${HOME}/.tor-browser-es 12whitelist ${HOME}/.tor-browser-es
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-fa.profile b/etc/profile-m-z/tor-browser-fa.profile
index 3f7074fdb..095be69e4 100644
--- a/etc/profile-m-z/tor-browser-fa.profile
+++ b/etc/profile-m-z/tor-browser-fa.profile
@@ -6,10 +6,10 @@ include tor-browser-fa.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-fa 9noblacklist ${HOME}/.tor-browser-fa
10 10
11mkdir ${HOME}/.tor-browser-fa 11mkdir ${HOME}/.tor-browser-fa
12allow ${HOME}/.tor-browser-fa 12whitelist ${HOME}/.tor-browser-fa
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-fr.profile b/etc/profile-m-z/tor-browser-fr.profile
index ef14f44a2..37f61fc3a 100644
--- a/etc/profile-m-z/tor-browser-fr.profile
+++ b/etc/profile-m-z/tor-browser-fr.profile
@@ -6,10 +6,10 @@ include tor-browser-fr.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-fr 9noblacklist ${HOME}/.tor-browser-fr
10 10
11mkdir ${HOME}/.tor-browser-fr 11mkdir ${HOME}/.tor-browser-fr
12allow ${HOME}/.tor-browser-fr 12whitelist ${HOME}/.tor-browser-fr
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ga-ie.profile b/etc/profile-m-z/tor-browser-ga-ie.profile
index 06baaf34f..ab7141fc4 100644
--- a/etc/profile-m-z/tor-browser-ga-ie.profile
+++ b/etc/profile-m-z/tor-browser-ga-ie.profile
@@ -6,10 +6,10 @@ include tor-browser-ga-ie.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-ga-ie 9noblacklist ${HOME}/.tor-browser-ga-ie
10 10
11mkdir ${HOME}/.tor-browser-ga-ie 11mkdir ${HOME}/.tor-browser-ga-ie
12allow ${HOME}/.tor-browser-ga-ie 12whitelist ${HOME}/.tor-browser-ga-ie
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-he.profile b/etc/profile-m-z/tor-browser-he.profile
index 57588ffc7..ae56f3b7f 100644
--- a/etc/profile-m-z/tor-browser-he.profile
+++ b/etc/profile-m-z/tor-browser-he.profile
@@ -6,10 +6,10 @@ include tor-browser-he.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-he 9noblacklist ${HOME}/.tor-browser-he
10 10
11mkdir ${HOME}/.tor-browser-he 11mkdir ${HOME}/.tor-browser-he
12allow ${HOME}/.tor-browser-he 12whitelist ${HOME}/.tor-browser-he
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-hu.profile b/etc/profile-m-z/tor-browser-hu.profile
index a10b66a24..65cd18ac8 100644
--- a/etc/profile-m-z/tor-browser-hu.profile
+++ b/etc/profile-m-z/tor-browser-hu.profile
@@ -6,10 +6,10 @@ include tor-browser-hu.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-hu 9noblacklist ${HOME}/.tor-browser-hu
10 10
11mkdir ${HOME}/.tor-browser-hu 11mkdir ${HOME}/.tor-browser-hu
12allow ${HOME}/.tor-browser-hu 12whitelist ${HOME}/.tor-browser-hu
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-id.profile b/etc/profile-m-z/tor-browser-id.profile
index fcdb822cd..57fe09f47 100644
--- a/etc/profile-m-z/tor-browser-id.profile
+++ b/etc/profile-m-z/tor-browser-id.profile
@@ -6,10 +6,10 @@ include tor-browser-id.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-id 9noblacklist ${HOME}/.tor-browser-id
10 10
11mkdir ${HOME}/.tor-browser-id 11mkdir ${HOME}/.tor-browser-id
12allow ${HOME}/.tor-browser-id 12whitelist ${HOME}/.tor-browser-id
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-is.profile b/etc/profile-m-z/tor-browser-is.profile
index 45b47c108..54f1df42d 100644
--- a/etc/profile-m-z/tor-browser-is.profile
+++ b/etc/profile-m-z/tor-browser-is.profile
@@ -6,10 +6,10 @@ include tor-browser-is.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-is 9noblacklist ${HOME}/.tor-browser-is
10 10
11mkdir ${HOME}/.tor-browser-is 11mkdir ${HOME}/.tor-browser-is
12allow ${HOME}/.tor-browser-is 12whitelist ${HOME}/.tor-browser-is
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-it.profile b/etc/profile-m-z/tor-browser-it.profile
index b5a2f7c13..a7d46e875 100644
--- a/etc/profile-m-z/tor-browser-it.profile
+++ b/etc/profile-m-z/tor-browser-it.profile
@@ -6,10 +6,10 @@ include tor-browser-it.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-it 9noblacklist ${HOME}/.tor-browser-it
10 10
11mkdir ${HOME}/.tor-browser-it 11mkdir ${HOME}/.tor-browser-it
12allow ${HOME}/.tor-browser-it 12whitelist ${HOME}/.tor-browser-it
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ja.profile b/etc/profile-m-z/tor-browser-ja.profile
index e1f023bd4..b89016141 100644
--- a/etc/profile-m-z/tor-browser-ja.profile
+++ b/etc/profile-m-z/tor-browser-ja.profile
@@ -6,10 +6,10 @@ include tor-browser-ja.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-ja 9noblacklist ${HOME}/.tor-browser-ja
10 10
11mkdir ${HOME}/.tor-browser-ja 11mkdir ${HOME}/.tor-browser-ja
12allow ${HOME}/.tor-browser-ja 12whitelist ${HOME}/.tor-browser-ja
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ka.profile b/etc/profile-m-z/tor-browser-ka.profile
index 17930b58e..b57cf10de 100644
--- a/etc/profile-m-z/tor-browser-ka.profile
+++ b/etc/profile-m-z/tor-browser-ka.profile
@@ -6,10 +6,10 @@ include tor-browser-ka.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-ka 9noblacklist ${HOME}/.tor-browser-ka
10 10
11mkdir ${HOME}/.tor-browser-ka 11mkdir ${HOME}/.tor-browser-ka
12allow ${HOME}/.tor-browser-ka 12whitelist ${HOME}/.tor-browser-ka
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ko.profile b/etc/profile-m-z/tor-browser-ko.profile
index b33d1edb4..a9bedb6fd 100644
--- a/etc/profile-m-z/tor-browser-ko.profile
+++ b/etc/profile-m-z/tor-browser-ko.profile
@@ -6,10 +6,10 @@ include tor-browser-ko.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-ko 9noblacklist ${HOME}/.tor-browser-ko
10 10
11mkdir ${HOME}/.tor-browser-ko 11mkdir ${HOME}/.tor-browser-ko
12allow ${HOME}/.tor-browser-ko 12whitelist ${HOME}/.tor-browser-ko
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-nb.profile b/etc/profile-m-z/tor-browser-nb.profile
index b462eb9ac..fbe9f92bd 100644
--- a/etc/profile-m-z/tor-browser-nb.profile
+++ b/etc/profile-m-z/tor-browser-nb.profile
@@ -6,10 +6,10 @@ include tor-browser-nb.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-nb 9noblacklist ${HOME}/.tor-browser-nb
10 10
11mkdir ${HOME}/.tor-browser-nb 11mkdir ${HOME}/.tor-browser-nb
12allow ${HOME}/.tor-browser-nb 12whitelist ${HOME}/.tor-browser-nb
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-nl.profile b/etc/profile-m-z/tor-browser-nl.profile
index 0225eb6fd..678ac1713 100644
--- a/etc/profile-m-z/tor-browser-nl.profile
+++ b/etc/profile-m-z/tor-browser-nl.profile
@@ -6,10 +6,10 @@ include tor-browser-nl.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-nl 9noblacklist ${HOME}/.tor-browser-nl
10 10
11mkdir ${HOME}/.tor-browser-nl 11mkdir ${HOME}/.tor-browser-nl
12allow ${HOME}/.tor-browser-nl 12whitelist ${HOME}/.tor-browser-nl
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-pl.profile b/etc/profile-m-z/tor-browser-pl.profile
index 75604b458..25d473b1a 100644
--- a/etc/profile-m-z/tor-browser-pl.profile
+++ b/etc/profile-m-z/tor-browser-pl.profile
@@ -6,10 +6,10 @@ include tor-browser-pl.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-pl 9noblacklist ${HOME}/.tor-browser-pl
10 10
11mkdir ${HOME}/.tor-browser-pl 11mkdir ${HOME}/.tor-browser-pl
12allow ${HOME}/.tor-browser-pl 12whitelist ${HOME}/.tor-browser-pl
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-pt-br.profile b/etc/profile-m-z/tor-browser-pt-br.profile
index 4d50d8034..55adbd5ea 100644
--- a/etc/profile-m-z/tor-browser-pt-br.profile
+++ b/etc/profile-m-z/tor-browser-pt-br.profile
@@ -6,10 +6,10 @@ include tor-browser-pt-br.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-pt-br 9noblacklist ${HOME}/.tor-browser-pt-br
10 10
11mkdir ${HOME}/.tor-browser-pt-br 11mkdir ${HOME}/.tor-browser-pt-br
12allow ${HOME}/.tor-browser-pt-br 12whitelist ${HOME}/.tor-browser-pt-br
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ru.profile b/etc/profile-m-z/tor-browser-ru.profile
index 4bca3c46f..aea13be9d 100644
--- a/etc/profile-m-z/tor-browser-ru.profile
+++ b/etc/profile-m-z/tor-browser-ru.profile
@@ -6,10 +6,10 @@ include tor-browser-ru.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-ru 9noblacklist ${HOME}/.tor-browser-ru
10 10
11mkdir ${HOME}/.tor-browser-ru 11mkdir ${HOME}/.tor-browser-ru
12allow ${HOME}/.tor-browser-ru 12whitelist ${HOME}/.tor-browser-ru
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-sv-se.profile b/etc/profile-m-z/tor-browser-sv-se.profile
index 1b319dc43..b7882bd04 100644
--- a/etc/profile-m-z/tor-browser-sv-se.profile
+++ b/etc/profile-m-z/tor-browser-sv-se.profile
@@ -6,10 +6,10 @@ include tor-browser-sv-se.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-sv-se 9noblacklist ${HOME}/.tor-browser-sv-se
10 10
11mkdir ${HOME}/.tor-browser-sv-se 11mkdir ${HOME}/.tor-browser-sv-se
12allow ${HOME}/.tor-browser-sv-se 12whitelist ${HOME}/.tor-browser-sv-se
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-tr.profile b/etc/profile-m-z/tor-browser-tr.profile
index 0775a0c08..c52e8c4c4 100644
--- a/etc/profile-m-z/tor-browser-tr.profile
+++ b/etc/profile-m-z/tor-browser-tr.profile
@@ -6,10 +6,10 @@ include tor-browser-tr.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-tr 9noblacklist ${HOME}/.tor-browser-tr
10 10
11mkdir ${HOME}/.tor-browser-tr 11mkdir ${HOME}/.tor-browser-tr
12allow ${HOME}/.tor-browser-tr 12whitelist ${HOME}/.tor-browser-tr
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-vi.profile b/etc/profile-m-z/tor-browser-vi.profile
index c4d5a7a76..d5bf76655 100644
--- a/etc/profile-m-z/tor-browser-vi.profile
+++ b/etc/profile-m-z/tor-browser-vi.profile
@@ -6,10 +6,10 @@ include tor-browser-vi.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-vi 9noblacklist ${HOME}/.tor-browser-vi
10 10
11mkdir ${HOME}/.tor-browser-vi 11mkdir ${HOME}/.tor-browser-vi
12allow ${HOME}/.tor-browser-vi 12whitelist ${HOME}/.tor-browser-vi
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-zh-cn.profile b/etc/profile-m-z/tor-browser-zh-cn.profile
index 4cd287e5d..6c8925a4a 100644
--- a/etc/profile-m-z/tor-browser-zh-cn.profile
+++ b/etc/profile-m-z/tor-browser-zh-cn.profile
@@ -6,10 +6,10 @@ include tor-browser-zh-cn.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-zh-cn 9noblacklist ${HOME}/.tor-browser-zh-cn
10 10
11mkdir ${HOME}/.tor-browser-zh-cn 11mkdir ${HOME}/.tor-browser-zh-cn
12allow ${HOME}/.tor-browser-zh-cn 12whitelist ${HOME}/.tor-browser-zh-cn
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-zh-tw.profile b/etc/profile-m-z/tor-browser-zh-tw.profile
index c75baf522..141a6701e 100644
--- a/etc/profile-m-z/tor-browser-zh-tw.profile
+++ b/etc/profile-m-z/tor-browser-zh-tw.profile
@@ -6,10 +6,10 @@ include tor-browser-zh-tw.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser-zh-tw 9noblacklist ${HOME}/.tor-browser-zh-tw
10 10
11mkdir ${HOME}/.tor-browser-zh-tw 11mkdir ${HOME}/.tor-browser-zh-tw
12allow ${HOME}/.tor-browser-zh-tw 12whitelist ${HOME}/.tor-browser-zh-tw
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser.profile b/etc/profile-m-z/tor-browser.profile
index 8a2dbda53..76a0e1fa5 100644
--- a/etc/profile-m-z/tor-browser.profile
+++ b/etc/profile-m-z/tor-browser.profile
@@ -6,10 +6,10 @@ include tor-browser.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser 9noblacklist ${HOME}/.tor-browser
10 10
11mkdir ${HOME}/.tor-browser 11mkdir ${HOME}/.tor-browser
12allow ${HOME}/.tor-browser 12whitelist ${HOME}/.tor-browser
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ar.profile b/etc/profile-m-z/tor-browser_ar.profile
index 90b5a0960..d811b7549 100644
--- a/etc/profile-m-z/tor-browser_ar.profile
+++ b/etc/profile-m-z/tor-browser_ar.profile
@@ -6,10 +6,10 @@ include tor-browser_ar.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_ar 9noblacklist ${HOME}/.tor-browser_ar
10 10
11mkdir ${HOME}/.tor-browser_ar 11mkdir ${HOME}/.tor-browser_ar
12allow ${HOME}/.tor-browser_ar 12whitelist ${HOME}/.tor-browser_ar
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ca.profile b/etc/profile-m-z/tor-browser_ca.profile
index a04207ccd..8bf1f7cd4 100644
--- a/etc/profile-m-z/tor-browser_ca.profile
+++ b/etc/profile-m-z/tor-browser_ca.profile
@@ -6,10 +6,10 @@ include tor-browser_ca.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_ca 9noblacklist ${HOME}/.tor-browser_ca
10 10
11mkdir ${HOME}/.tor-browser_ca 11mkdir ${HOME}/.tor-browser_ca
12allow ${HOME}/.tor-browser_ca 12whitelist ${HOME}/.tor-browser_ca
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_cs.profile b/etc/profile-m-z/tor-browser_cs.profile
index b99ad14a8..b41107bf1 100644
--- a/etc/profile-m-z/tor-browser_cs.profile
+++ b/etc/profile-m-z/tor-browser_cs.profile
@@ -6,10 +6,10 @@ include tor-browser_cs.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_cs 9noblacklist ${HOME}/.tor-browser_cs
10 10
11mkdir ${HOME}/.tor-browser_cs 11mkdir ${HOME}/.tor-browser_cs
12allow ${HOME}/.tor-browser_cs 12whitelist ${HOME}/.tor-browser_cs
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_da.profile b/etc/profile-m-z/tor-browser_da.profile
index 545e53b7e..cbec4ee2e 100644
--- a/etc/profile-m-z/tor-browser_da.profile
+++ b/etc/profile-m-z/tor-browser_da.profile
@@ -6,10 +6,10 @@ include tor-browser_da.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_da 9noblacklist ${HOME}/.tor-browser_da
10 10
11mkdir ${HOME}/.tor-browser_da 11mkdir ${HOME}/.tor-browser_da
12allow ${HOME}/.tor-browser_da 12whitelist ${HOME}/.tor-browser_da
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_de.profile b/etc/profile-m-z/tor-browser_de.profile
index 545f82f72..ea26765d3 100644
--- a/etc/profile-m-z/tor-browser_de.profile
+++ b/etc/profile-m-z/tor-browser_de.profile
@@ -6,10 +6,10 @@ include tor-browser_de.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_de 9noblacklist ${HOME}/.tor-browser_de
10 10
11mkdir ${HOME}/.tor-browser_de 11mkdir ${HOME}/.tor-browser_de
12allow ${HOME}/.tor-browser_de 12whitelist ${HOME}/.tor-browser_de
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_el.profile b/etc/profile-m-z/tor-browser_el.profile
index 3120b1701..ff57a8722 100644
--- a/etc/profile-m-z/tor-browser_el.profile
+++ b/etc/profile-m-z/tor-browser_el.profile
@@ -6,10 +6,10 @@ include tor-browser_el.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_el 9noblacklist ${HOME}/.tor-browser_el
10 10
11mkdir ${HOME}/.tor-browser_el 11mkdir ${HOME}/.tor-browser_el
12allow ${HOME}/.tor-browser_el 12whitelist ${HOME}/.tor-browser_el
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_en-US.profile b/etc/profile-m-z/tor-browser_en-US.profile
index 6719ac057..18c92b638 100644
--- a/etc/profile-m-z/tor-browser_en-US.profile
+++ b/etc/profile-m-z/tor-browser_en-US.profile
@@ -6,10 +6,10 @@ include tor-browser_en-US.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_en-US 9noblacklist ${HOME}/.tor-browser_en-US
10 10
11mkdir ${HOME}/.tor-browser_en-US 11mkdir ${HOME}/.tor-browser_en-US
12allow ${HOME}/.tor-browser_en-US 12whitelist ${HOME}/.tor-browser_en-US
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_en.profile b/etc/profile-m-z/tor-browser_en.profile
index 4cbd37109..ebba83cc4 100644
--- a/etc/profile-m-z/tor-browser_en.profile
+++ b/etc/profile-m-z/tor-browser_en.profile
@@ -6,10 +6,10 @@ include tor-browser_en.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_en 9noblacklist ${HOME}/.tor-browser_en
10 10
11mkdir ${HOME}/.tor-browser_en 11mkdir ${HOME}/.tor-browser_en
12allow ${HOME}/.tor-browser_en 12whitelist ${HOME}/.tor-browser_en
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_es-ES.profile b/etc/profile-m-z/tor-browser_es-ES.profile
index 6c8a5987c..aecab38d5 100644
--- a/etc/profile-m-z/tor-browser_es-ES.profile
+++ b/etc/profile-m-z/tor-browser_es-ES.profile
@@ -6,10 +6,10 @@ include tor-browser_es-ES.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_es-ES 9noblacklist ${HOME}/.tor-browser_es-ES
10 10
11mkdir ${HOME}/.tor-browser_es-ES 11mkdir ${HOME}/.tor-browser_es-ES
12allow ${HOME}/.tor-browser_es-ES 12whitelist ${HOME}/.tor-browser_es-ES
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_es.profile b/etc/profile-m-z/tor-browser_es.profile
index 7d358b7ca..e19e9b5e6 100644
--- a/etc/profile-m-z/tor-browser_es.profile
+++ b/etc/profile-m-z/tor-browser_es.profile
@@ -6,10 +6,10 @@ include tor-browser_es.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_es 9noblacklist ${HOME}/.tor-browser_es
10 10
11mkdir ${HOME}/.tor-browser_es 11mkdir ${HOME}/.tor-browser_es
12allow ${HOME}/.tor-browser_es 12whitelist ${HOME}/.tor-browser_es
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_fa.profile b/etc/profile-m-z/tor-browser_fa.profile
index fc4285c5d..68414c277 100644
--- a/etc/profile-m-z/tor-browser_fa.profile
+++ b/etc/profile-m-z/tor-browser_fa.profile
@@ -6,10 +6,10 @@ include tor-browser_fa.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_fa 9noblacklist ${HOME}/.tor-browser_fa
10 10
11mkdir ${HOME}/.tor-browser_fa 11mkdir ${HOME}/.tor-browser_fa
12allow ${HOME}/.tor-browser_fa 12whitelist ${HOME}/.tor-browser_fa
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_fr.profile b/etc/profile-m-z/tor-browser_fr.profile
index 2d0c0ff1f..0a8bb30b7 100644
--- a/etc/profile-m-z/tor-browser_fr.profile
+++ b/etc/profile-m-z/tor-browser_fr.profile
@@ -6,10 +6,10 @@ include tor-browser_fr.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_fr 9noblacklist ${HOME}/.tor-browser_fr
10 10
11mkdir ${HOME}/.tor-browser_fr 11mkdir ${HOME}/.tor-browser_fr
12allow ${HOME}/.tor-browser_fr 12whitelist ${HOME}/.tor-browser_fr
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ga-IE.profile b/etc/profile-m-z/tor-browser_ga-IE.profile
index 2880e1e2a..12354b900 100644
--- a/etc/profile-m-z/tor-browser_ga-IE.profile
+++ b/etc/profile-m-z/tor-browser_ga-IE.profile
@@ -6,10 +6,10 @@ include tor-browser_ga-IE.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_ga-IE 9noblacklist ${HOME}/.tor-browser_ga-IE
10 10
11mkdir ${HOME}/.tor-browser_ga-IE 11mkdir ${HOME}/.tor-browser_ga-IE
12allow ${HOME}/.tor-browser_ga-IE 12whitelist ${HOME}/.tor-browser_ga-IE
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_he.profile b/etc/profile-m-z/tor-browser_he.profile
index ac6993019..19cbb0809 100644
--- a/etc/profile-m-z/tor-browser_he.profile
+++ b/etc/profile-m-z/tor-browser_he.profile
@@ -6,10 +6,10 @@ include tor-browser_he.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_he 9noblacklist ${HOME}/.tor-browser_he
10 10
11mkdir ${HOME}/.tor-browser_he 11mkdir ${HOME}/.tor-browser_he
12allow ${HOME}/.tor-browser_he 12whitelist ${HOME}/.tor-browser_he
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_hu.profile b/etc/profile-m-z/tor-browser_hu.profile
index 6877a6be4..62b55e170 100644
--- a/etc/profile-m-z/tor-browser_hu.profile
+++ b/etc/profile-m-z/tor-browser_hu.profile
@@ -6,10 +6,10 @@ include tor-browser_hu.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_hu 9noblacklist ${HOME}/.tor-browser_hu
10 10
11mkdir ${HOME}/.tor-browser_hu 11mkdir ${HOME}/.tor-browser_hu
12allow ${HOME}/.tor-browser_hu 12whitelist ${HOME}/.tor-browser_hu
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_id.profile b/etc/profile-m-z/tor-browser_id.profile
index 5f5601f74..2970a7747 100644
--- a/etc/profile-m-z/tor-browser_id.profile
+++ b/etc/profile-m-z/tor-browser_id.profile
@@ -6,10 +6,10 @@ include tor-browser_id.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_id 9noblacklist ${HOME}/.tor-browser_id
10 10
11mkdir ${HOME}/.tor-browser_id 11mkdir ${HOME}/.tor-browser_id
12allow ${HOME}/.tor-browser_id 12whitelist ${HOME}/.tor-browser_id
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_is.profile b/etc/profile-m-z/tor-browser_is.profile
index f0814d16e..f922c7644 100644
--- a/etc/profile-m-z/tor-browser_is.profile
+++ b/etc/profile-m-z/tor-browser_is.profile
@@ -6,10 +6,10 @@ include tor-browser_is.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_is 9noblacklist ${HOME}/.tor-browser_is
10 10
11mkdir ${HOME}/.tor-browser_is 11mkdir ${HOME}/.tor-browser_is
12allow ${HOME}/.tor-browser_is 12whitelist ${HOME}/.tor-browser_is
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_it.profile b/etc/profile-m-z/tor-browser_it.profile
index fa01f6bca..406901759 100644
--- a/etc/profile-m-z/tor-browser_it.profile
+++ b/etc/profile-m-z/tor-browser_it.profile
@@ -6,10 +6,10 @@ include tor-browser_it.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_it 9noblacklist ${HOME}/.tor-browser_it
10 10
11mkdir ${HOME}/.tor-browser_it 11mkdir ${HOME}/.tor-browser_it
12allow ${HOME}/.tor-browser_it 12whitelist ${HOME}/.tor-browser_it
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ja.profile b/etc/profile-m-z/tor-browser_ja.profile
index dde107dd3..8f9d8d751 100644
--- a/etc/profile-m-z/tor-browser_ja.profile
+++ b/etc/profile-m-z/tor-browser_ja.profile
@@ -6,10 +6,10 @@ include tor-browser_ja.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_ja 9noblacklist ${HOME}/.tor-browser_ja
10 10
11mkdir ${HOME}/.tor-browser_ja 11mkdir ${HOME}/.tor-browser_ja
12allow ${HOME}/.tor-browser_ja 12whitelist ${HOME}/.tor-browser_ja
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ka.profile b/etc/profile-m-z/tor-browser_ka.profile
index 7de4dff65..4de4135e1 100644
--- a/etc/profile-m-z/tor-browser_ka.profile
+++ b/etc/profile-m-z/tor-browser_ka.profile
@@ -6,10 +6,10 @@ include tor-browser_ka.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_ka 9noblacklist ${HOME}/.tor-browser_ka
10 10
11mkdir ${HOME}/.tor-browser_ka 11mkdir ${HOME}/.tor-browser_ka
12allow ${HOME}/.tor-browser_ka 12whitelist ${HOME}/.tor-browser_ka
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ko.profile b/etc/profile-m-z/tor-browser_ko.profile
index 7e3ceb4d9..125c733ce 100644
--- a/etc/profile-m-z/tor-browser_ko.profile
+++ b/etc/profile-m-z/tor-browser_ko.profile
@@ -6,10 +6,10 @@ include tor-browser_ko.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_ko 9noblacklist ${HOME}/.tor-browser_ko
10 10
11mkdir ${HOME}/.tor-browser_ko 11mkdir ${HOME}/.tor-browser_ko
12allow ${HOME}/.tor-browser_ko 12whitelist ${HOME}/.tor-browser_ko
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_nb.profile b/etc/profile-m-z/tor-browser_nb.profile
index c11001960..dc6ac876b 100644
--- a/etc/profile-m-z/tor-browser_nb.profile
+++ b/etc/profile-m-z/tor-browser_nb.profile
@@ -6,10 +6,10 @@ include tor-browser_nb.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_nb 9noblacklist ${HOME}/.tor-browser_nb
10 10
11mkdir ${HOME}/.tor-browser_nb 11mkdir ${HOME}/.tor-browser_nb
12allow ${HOME}/.tor-browser_nb 12whitelist ${HOME}/.tor-browser_nb
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_nl.profile b/etc/profile-m-z/tor-browser_nl.profile
index 2d1044f9d..2a3a5b519 100644
--- a/etc/profile-m-z/tor-browser_nl.profile
+++ b/etc/profile-m-z/tor-browser_nl.profile
@@ -6,10 +6,10 @@ include tor-browser_nl.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_nl 9noblacklist ${HOME}/.tor-browser_nl
10 10
11mkdir ${HOME}/.tor-browser_nl 11mkdir ${HOME}/.tor-browser_nl
12allow ${HOME}/.tor-browser_nl 12whitelist ${HOME}/.tor-browser_nl
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_pl.profile b/etc/profile-m-z/tor-browser_pl.profile
index 2818320a0..b7dec32db 100644
--- a/etc/profile-m-z/tor-browser_pl.profile
+++ b/etc/profile-m-z/tor-browser_pl.profile
@@ -6,10 +6,10 @@ include tor-browser_pl.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_pl 9noblacklist ${HOME}/.tor-browser_pl
10 10
11mkdir ${HOME}/.tor-browser_pl 11mkdir ${HOME}/.tor-browser_pl
12allow ${HOME}/.tor-browser_pl 12whitelist ${HOME}/.tor-browser_pl
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_pt-BR.profile b/etc/profile-m-z/tor-browser_pt-BR.profile
index 8c33e2545..7a7d4726c 100644
--- a/etc/profile-m-z/tor-browser_pt-BR.profile
+++ b/etc/profile-m-z/tor-browser_pt-BR.profile
@@ -6,10 +6,10 @@ include tor-browser_pt-BR.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_pt-BR 9noblacklist ${HOME}/.tor-browser_pt-BR
10 10
11mkdir ${HOME}/.tor-browser_pt-BR 11mkdir ${HOME}/.tor-browser_pt-BR
12allow ${HOME}/.tor-browser_pt-BR 12whitelist ${HOME}/.tor-browser_pt-BR
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ru.profile b/etc/profile-m-z/tor-browser_ru.profile
index 2553bb031..7d2e6bc97 100644
--- a/etc/profile-m-z/tor-browser_ru.profile
+++ b/etc/profile-m-z/tor-browser_ru.profile
@@ -6,10 +6,10 @@ include tor-browser_ru.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_ru 9noblacklist ${HOME}/.tor-browser_ru
10 10
11mkdir ${HOME}/.tor-browser_ru 11mkdir ${HOME}/.tor-browser_ru
12allow ${HOME}/.tor-browser_ru 12whitelist ${HOME}/.tor-browser_ru
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_sv-SE.profile b/etc/profile-m-z/tor-browser_sv-SE.profile
index 3152cb658..585925e81 100644
--- a/etc/profile-m-z/tor-browser_sv-SE.profile
+++ b/etc/profile-m-z/tor-browser_sv-SE.profile
@@ -6,10 +6,10 @@ include tor-browser_sv-SE.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_sv-SE 9noblacklist ${HOME}/.tor-browser_sv-SE
10 10
11mkdir ${HOME}/.tor-browser_sv-SE 11mkdir ${HOME}/.tor-browser_sv-SE
12allow ${HOME}/.tor-browser_sv-SE 12whitelist ${HOME}/.tor-browser_sv-SE
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_tr.profile b/etc/profile-m-z/tor-browser_tr.profile
index 9808d4725..4b0cc3821 100644
--- a/etc/profile-m-z/tor-browser_tr.profile
+++ b/etc/profile-m-z/tor-browser_tr.profile
@@ -6,10 +6,10 @@ include tor-browser_tr.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_tr 9noblacklist ${HOME}/.tor-browser_tr
10 10
11mkdir ${HOME}/.tor-browser_tr 11mkdir ${HOME}/.tor-browser_tr
12allow ${HOME}/.tor-browser_tr 12whitelist ${HOME}/.tor-browser_tr
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_vi.profile b/etc/profile-m-z/tor-browser_vi.profile
index 364fca40b..4dcfbf56d 100644
--- a/etc/profile-m-z/tor-browser_vi.profile
+++ b/etc/profile-m-z/tor-browser_vi.profile
@@ -6,10 +6,10 @@ include tor-browser_vi.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_vi 9noblacklist ${HOME}/.tor-browser_vi
10 10
11mkdir ${HOME}/.tor-browser_vi 11mkdir ${HOME}/.tor-browser_vi
12allow ${HOME}/.tor-browser_vi 12whitelist ${HOME}/.tor-browser_vi
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_zh-CN.profile b/etc/profile-m-z/tor-browser_zh-CN.profile
index 193e8a399..1e03b8d6b 100644
--- a/etc/profile-m-z/tor-browser_zh-CN.profile
+++ b/etc/profile-m-z/tor-browser_zh-CN.profile
@@ -6,10 +6,10 @@ include tor-browser_zh-CN.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_zh-CN 9noblacklist ${HOME}/.tor-browser_zh-CN
10 10
11mkdir ${HOME}/.tor-browser_zh-CN 11mkdir ${HOME}/.tor-browser_zh-CN
12allow ${HOME}/.tor-browser_zh-CN 12whitelist ${HOME}/.tor-browser_zh-CN
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_zh-TW.profile b/etc/profile-m-z/tor-browser_zh-TW.profile
index 047be9b8e..a2dcf5cf1 100644
--- a/etc/profile-m-z/tor-browser_zh-TW.profile
+++ b/etc/profile-m-z/tor-browser_zh-TW.profile
@@ -6,10 +6,10 @@ include tor-browser_zh-TW.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.tor-browser_zh-TW 9noblacklist ${HOME}/.tor-browser_zh-TW
10 10
11mkdir ${HOME}/.tor-browser_zh-TW 11mkdir ${HOME}/.tor-browser_zh-TW
12allow ${HOME}/.tor-browser_zh-TW 12whitelist ${HOME}/.tor-browser_zh-TW
13 13
14# Redirect 14# Redirect
15include torbrowser-launcher.profile 15include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/torbrowser-launcher.profile b/etc/profile-m-z/torbrowser-launcher.profile
index 65a37db5f..7659ed1e9 100644
--- a/etc/profile-m-z/torbrowser-launcher.profile
+++ b/etc/profile-m-z/torbrowser-launcher.profile
@@ -8,15 +8,15 @@ include globals.local
8 8
9ignore noexec ${HOME} 9ignore noexec ${HOME}
10 10
11nodeny ${HOME}/.config/torbrowser 11noblacklist ${HOME}/.config/torbrowser
12nodeny ${HOME}/.local/share/torbrowser 12noblacklist ${HOME}/.local/share/torbrowser
13 13
14# Allow python (blacklisted by disable-interpreters.inc) 14# Allow python (blacklisted by disable-interpreters.inc)
15include allow-python2.inc 15include allow-python2.inc
16include allow-python3.inc 16include allow-python3.inc
17 17
18deny /opt 18blacklist /opt
19deny /srv 19blacklist /srv
20 20
21include disable-common.inc 21include disable-common.inc
22include disable-devel.inc 22include disable-devel.inc
@@ -28,10 +28,10 @@ include disable-xdg.inc
28 28
29mkdir ${HOME}/.config/torbrowser 29mkdir ${HOME}/.config/torbrowser
30mkdir ${HOME}/.local/share/torbrowser 30mkdir ${HOME}/.local/share/torbrowser
31allow ${DOWNLOADS} 31whitelist ${DOWNLOADS}
32allow ${HOME}/.config/torbrowser 32whitelist ${HOME}/.config/torbrowser
33allow ${HOME}/.local/share/torbrowser 33whitelist ${HOME}/.local/share/torbrowser
34allow /usr/share/torbrowser-launcher 34whitelist /usr/share/torbrowser-launcher
35include whitelist-common.inc 35include whitelist-common.inc
36include whitelist-var-common.inc 36include whitelist-var-common.inc
37include whitelist-runuser-common.inc 37include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/torcs.profile b/etc/profile-m-z/torcs.profile
index c5d89c3e3..0f98a8f64 100644
--- a/etc/profile-m-z/torcs.profile
+++ b/etc/profile-m-z/torcs.profile
@@ -6,7 +6,7 @@ include torcs.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.torcs 9noblacklist ${HOME}/.torcs
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-programs.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19mkdir ${HOME}/.torcs 19mkdir ${HOME}/.torcs
20allow ${HOME}/.torcs 20whitelist ${HOME}/.torcs
21allow /usr/share/games/torcs 21whitelist /usr/share/games/torcs
22allow /var/games/torcs 22whitelist /var/games/torcs
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-usr-share-common.inc 24include whitelist-usr-share-common.inc
25include whitelist-var-common.inc 25include whitelist-var-common.inc
diff --git a/etc/profile-m-z/totem.profile b/etc/profile-m-z/totem.profile
index 77d3c55f8..70d9e0aee 100644
--- a/etc/profile-m-z/totem.profile
+++ b/etc/profile-m-z/totem.profile
@@ -13,8 +13,8 @@ include allow-lua.inc
13# Allow python (blacklisted by disable-interpreters.inc) 13# Allow python (blacklisted by disable-interpreters.inc)
14include allow-python3.inc 14include allow-python3.inc
15 15
16nodeny ${HOME}/.config/totem 16noblacklist ${HOME}/.config/totem
17nodeny ${HOME}/.local/share/totem 17noblacklist ${HOME}/.local/share/totem
18 18
19include disable-common.inc 19include disable-common.inc
20include disable-devel.inc 20include disable-devel.inc
@@ -27,9 +27,9 @@ include disable-shell.inc
27read-only ${DESKTOP} 27read-only ${DESKTOP}
28mkdir ${HOME}/.config/totem 28mkdir ${HOME}/.config/totem
29mkdir ${HOME}/.local/share/totem 29mkdir ${HOME}/.local/share/totem
30allow ${HOME}/.config/totem 30whitelist ${HOME}/.config/totem
31allow ${HOME}/.local/share/totem 31whitelist ${HOME}/.local/share/totem
32allow /usr/share/totem 32whitelist /usr/share/totem
33include whitelist-common.inc 33include whitelist-common.inc
34include whitelist-player-common.inc 34include whitelist-player-common.inc
35include whitelist-runuser-common.inc 35include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/tracker.profile b/etc/profile-m-z/tracker.profile
index 26f4abd0b..87c5de076 100644
--- a/etc/profile-m-z/tracker.profile
+++ b/etc/profile-m-z/tracker.profile
@@ -8,8 +8,8 @@ include globals.local
8 8
9# Tracker is started by systemd on most systems. Therefore it is not firejailed by default 9# Tracker is started by systemd on most systems. Therefore it is not firejailed by default
10 10
11deny /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12deny ${RUNUSER}/wayland-* 12blacklist ${RUNUSER}/wayland-*
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
diff --git a/etc/profile-m-z/transgui.profile b/etc/profile-m-z/transgui.profile
index d5920e2a2..ea118a9f0 100644
--- a/etc/profile-m-z/transgui.profile
+++ b/etc/profile-m-z/transgui.profile
@@ -6,7 +6,7 @@ include transgui.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/transgui 9noblacklist ${HOME}/.config/transgui
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.config/transgui 20mkdir ${HOME}/.config/transgui
21allow ${HOME}/.config/transgui 21whitelist ${HOME}/.config/transgui
22allow ${DOWNLOADS} 22whitelist ${DOWNLOADS}
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-usr-share-common.inc 24include whitelist-usr-share-common.inc
25include whitelist-var-common.inc 25include whitelist-var-common.inc
diff --git a/etc/profile-m-z/transmission-common.profile b/etc/profile-m-z/transmission-common.profile
index 5c2cf9d9a..82671b709 100644
--- a/etc/profile-m-z/transmission-common.profile
+++ b/etc/profile-m-z/transmission-common.profile
@@ -7,8 +7,8 @@ include transmission-common.local
7# added by caller profile 7# added by caller profile
8#include globals.local 8#include globals.local
9 9
10nodeny ${HOME}/.cache/transmission 10noblacklist ${HOME}/.cache/transmission
11nodeny ${HOME}/.config/transmission 11noblacklist ${HOME}/.config/transmission
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-programs.inc
19 19
20mkdir ${HOME}/.cache/transmission 20mkdir ${HOME}/.cache/transmission
21mkdir ${HOME}/.config/transmission 21mkdir ${HOME}/.config/transmission
22allow ${DOWNLOADS} 22whitelist ${DOWNLOADS}
23allow ${HOME}/.cache/transmission 23whitelist ${HOME}/.cache/transmission
24allow ${HOME}/.config/transmission 24whitelist ${HOME}/.config/transmission
25include whitelist-common.inc 25include whitelist-common.inc
26include whitelist-usr-share-common.inc 26include whitelist-usr-share-common.inc
27include whitelist-var-common.inc 27include whitelist-var-common.inc
diff --git a/etc/profile-m-z/transmission-daemon.profile b/etc/profile-m-z/transmission-daemon.profile
index 9f0c464fc..348d3cb80 100644
--- a/etc/profile-m-z/transmission-daemon.profile
+++ b/etc/profile-m-z/transmission-daemon.profile
@@ -10,8 +10,8 @@ include globals.local
10ignore caps.drop all 10ignore caps.drop all
11 11
12mkdir ${HOME}/.config/transmission-daemon 12mkdir ${HOME}/.config/transmission-daemon
13allow ${HOME}/.config/transmission-daemon 13whitelist ${HOME}/.config/transmission-daemon
14allow /var/lib/transmission 14whitelist /var/lib/transmission
15 15
16caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot 16caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
17protocol packet 17protocol packet
diff --git a/etc/profile-m-z/transmission-remote-gtk.profile b/etc/profile-m-z/transmission-remote-gtk.profile
index 7c8eddcbc..a6400e2c0 100644
--- a/etc/profile-m-z/transmission-remote-gtk.profile
+++ b/etc/profile-m-z/transmission-remote-gtk.profile
@@ -7,10 +7,10 @@ include transmission-remote-gtk.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${HOME}/.config/transmission-remote-gtk 10noblacklist ${HOME}/.config/transmission-remote-gtk
11 11
12mkdir ${HOME}/.config/transmission-remote-gtk 12mkdir ${HOME}/.config/transmission-remote-gtk
13allow ${HOME}/.config/transmission-remote-gtk 13whitelist ${HOME}/.config/transmission-remote-gtk
14 14
15private-etc fonts,hostname,hosts,resolv.conf 15private-etc fonts,hostname,hosts,resolv.conf
16# Problems with private-lib (see issue #2889) 16# Problems with private-lib (see issue #2889)
diff --git a/etc/profile-m-z/tremulous.profile b/etc/profile-m-z/tremulous.profile
index c2797ddaa..aba563fac 100644
--- a/etc/profile-m-z/tremulous.profile
+++ b/etc/profile-m-z/tremulous.profile
@@ -6,7 +6,7 @@ include tremulous.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.tremulous 9noblacklist ${HOME}/.tremulous
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.tremulous 20mkdir ${HOME}/.tremulous
21allow ${HOME}/.tremulous 21whitelist ${HOME}/.tremulous
22allow /usr/share/tremulous 22whitelist /usr/share/tremulous
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-runuser-common.inc 24include whitelist-runuser-common.inc
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/trojita.profile b/etc/profile-m-z/trojita.profile
index 95f39b35d..2d95081f6 100644
--- a/etc/profile-m-z/trojita.profile
+++ b/etc/profile-m-z/trojita.profile
@@ -6,10 +6,10 @@ include trojita.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.abook 9noblacklist ${HOME}/.abook
10nodeny ${HOME}/.mozilla 10noblacklist ${HOME}/.mozilla
11nodeny ${HOME}/.cache/flaska.net/trojita 11noblacklist ${HOME}/.cache/flaska.net/trojita
12nodeny ${HOME}/.config/flaska.net 12noblacklist ${HOME}/.config/flaska.net
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
@@ -23,10 +23,10 @@ include disable-xdg.inc
23mkdir ${HOME}/.abook 23mkdir ${HOME}/.abook
24mkdir ${HOME}/.cache/flaska.net/trojita 24mkdir ${HOME}/.cache/flaska.net/trojita
25mkdir ${HOME}/.config/flaska.net 25mkdir ${HOME}/.config/flaska.net
26allow ${HOME}/.abook 26whitelist ${HOME}/.abook
27allow ${HOME}/.mozilla/firefox/profiles.ini 27whitelist ${HOME}/.mozilla/firefox/profiles.ini
28allow ${HOME}/.cache/flaska.net/trojita 28whitelist ${HOME}/.cache/flaska.net/trojita
29allow ${HOME}/.config/flaska.net 29whitelist ${HOME}/.config/flaska.net
30include whitelist-common.inc 30include whitelist-common.inc
31include whitelist-runuser-common.inc 31include whitelist-runuser-common.inc
32include whitelist-usr-share-common.inc 32include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/truecraft.profile b/etc/profile-m-z/truecraft.profile
index 76f289a27..749626475 100644
--- a/etc/profile-m-z/truecraft.profile
+++ b/etc/profile-m-z/truecraft.profile
@@ -5,8 +5,8 @@ include truecraft.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/mono 8noblacklist ${HOME}/.config/mono
9nodeny ${HOME}/.config/truecraft 9noblacklist ${HOME}/.config/truecraft
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
17 17
18mkdir ${HOME}/.config/mono 18mkdir ${HOME}/.config/mono
19mkdir ${HOME}/.config/truecraft 19mkdir ${HOME}/.config/truecraft
20allow ${HOME}/.config/mono 20whitelist ${HOME}/.config/mono
21allow ${HOME}/.config/truecraft 21whitelist ${HOME}/.config/truecraft
22include whitelist-common.inc 22include whitelist-common.inc
23 23
24caps.drop all 24caps.drop all
diff --git a/etc/profile-m-z/ts3client_runscript.sh.profile b/etc/profile-m-z/ts3client_runscript.sh.profile
index cd6ae96df..8d4675454 100644
--- a/etc/profile-m-z/ts3client_runscript.sh.profile
+++ b/etc/profile-m-z/ts3client_runscript.sh.profile
@@ -9,11 +9,11 @@ include ts3client_runscript.sh.local
9 9
10ignore noexec ${HOME} 10ignore noexec ${HOME}
11 11
12nodeny ${HOME}/TeamSpeak3-Client-linux_x86 12noblacklist ${HOME}/TeamSpeak3-Client-linux_x86
13nodeny ${HOME}/TeamSpeak3-Client-linux_amd64 13noblacklist ${HOME}/TeamSpeak3-Client-linux_amd64
14 14
15allow ${HOME}/TeamSpeak3-Client-linux_x86 15whitelist ${HOME}/TeamSpeak3-Client-linux_x86
16allow ${HOME}/TeamSpeak3-Client-linux_amd64 16whitelist ${HOME}/TeamSpeak3-Client-linux_amd64
17 17
18# Redirect 18# Redirect
19include teamspeak3.profile 19include teamspeak3.profile
diff --git a/etc/profile-m-z/tutanota-desktop.profile b/etc/profile-m-z/tutanota-desktop.profile
index e59a86ce6..d2cb0cc8a 100644
--- a/etc/profile-m-z/tutanota-desktop.profile
+++ b/etc/profile-m-z/tutanota-desktop.profile
@@ -6,8 +6,8 @@ include tutanota-desktop.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/tuta_integration 9noblacklist ${HOME}/.config/tuta_integration
10nodeny ${HOME}/.config/tutanota-desktop 10noblacklist ${HOME}/.config/tutanota-desktop
11 11
12ignore noexec /tmp 12ignore noexec /tmp
13 13
@@ -15,12 +15,12 @@ include disable-shell.inc
15 15
16mkdir ${HOME}/.config/tuta_integration 16mkdir ${HOME}/.config/tuta_integration
17mkdir ${HOME}/.config/tutanota-desktop 17mkdir ${HOME}/.config/tutanota-desktop
18allow ${HOME}/.config/tuta_integration 18whitelist ${HOME}/.config/tuta_integration
19allow ${HOME}/.config/tutanota-desktop 19whitelist ${HOME}/.config/tutanota-desktop
20 20
21# These lines are needed to allow Firefox to open links 21# These lines are needed to allow Firefox to open links
22nodeny ${HOME}/.mozilla 22noblacklist ${HOME}/.mozilla
23allow ${HOME}/.mozilla/firefox/profiles.ini 23whitelist ${HOME}/.mozilla/firefox/profiles.ini
24read-only ${HOME}/.mozilla/firefox/profiles.ini 24read-only ${HOME}/.mozilla/firefox/profiles.ini
25 25
26?HAS_APPIMAGE: ignore private-dev 26?HAS_APPIMAGE: ignore private-dev
diff --git a/etc/profile-m-z/tuxguitar.profile b/etc/profile-m-z/tuxguitar.profile
index 5bb97e161..3cd496412 100644
--- a/etc/profile-m-z/tuxguitar.profile
+++ b/etc/profile-m-z/tuxguitar.profile
@@ -9,9 +9,9 @@ include globals.local
9# tuxguitar fails to launch 9# tuxguitar fails to launch
10ignore noexec ${HOME} 10ignore noexec ${HOME}
11 11
12nodeny ${HOME}/.tuxguitar* 12noblacklist ${HOME}/.tuxguitar*
13nodeny ${DOCUMENTS} 13noblacklist ${DOCUMENTS}
14nodeny ${MUSIC} 14noblacklist ${MUSIC}
15 15
16# Allow java (blacklisted by disable-devel.inc) 16# Allow java (blacklisted by disable-devel.inc)
17include allow-java.inc 17include allow-java.inc
diff --git a/etc/profile-m-z/tvbrowser.profile b/etc/profile-m-z/tvbrowser.profile
index 8febcd337..dae7d86da 100644
--- a/etc/profile-m-z/tvbrowser.profile
+++ b/etc/profile-m-z/tvbrowser.profile
@@ -6,8 +6,8 @@ include tvbrowser.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/tvbrowser 9noblacklist ${HOME}/.config/tvbrowser
10nodeny ${HOME}/.tvbrowser 10noblacklist ${HOME}/.tvbrowser
11 11
12# Allow java (blacklisted by disable-devel.inc) 12# Allow java (blacklisted by disable-devel.inc)
13include allow-java.inc 13include allow-java.inc
@@ -22,9 +22,9 @@ include disable-xdg.inc
22 22
23mkdir ${HOME}/.config/tvbrowser 23mkdir ${HOME}/.config/tvbrowser
24mkdir ${HOME}/.tvbrowser 24mkdir ${HOME}/.tvbrowser
25allow ${HOME}/.config/tvbrowser 25whitelist ${HOME}/.config/tvbrowser
26allow ${HOME}/.tvbrowser 26whitelist ${HOME}/.tvbrowser
27allow /usr/share/tvbrowser 27whitelist /usr/share/tvbrowser
28include whitelist-common.inc 28include whitelist-common.inc
29include whitelist-usr-share-common.inc 29include whitelist-usr-share-common.inc
30include whitelist-var-common.inc 30include whitelist-var-common.inc
diff --git a/etc/profile-m-z/twitch.profile b/etc/profile-m-z/twitch.profile
index abcc885e6..2f573c872 100644
--- a/etc/profile-m-z/twitch.profile
+++ b/etc/profile-m-z/twitch.profile
@@ -10,12 +10,12 @@ include globals.local
10ignore nou2f 10ignore nou2f
11ignore novideo 11ignore novideo
12 12
13nodeny ${HOME}/.config/Twitch 13noblacklist ${HOME}/.config/Twitch
14 14
15include disable-shell.inc 15include disable-shell.inc
16 16
17mkdir ${HOME}/.config/Twitch 17mkdir ${HOME}/.config/Twitch
18allow ${HOME}/.config/Twitch 18whitelist ${HOME}/.config/Twitch
19 19
20private-bin twitch 20private-bin twitch
21private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg 21private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
diff --git a/etc/profile-m-z/uefitool.profile b/etc/profile-m-z/uefitool.profile
index 8c705c95f..3e4fdbb03 100644
--- a/etc/profile-m-z/uefitool.profile
+++ b/etc/profile-m-z/uefitool.profile
@@ -5,7 +5,7 @@ include uefitool.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${DOCUMENTS} 8noblacklist ${DOCUMENTS}
9 9
10include disable-common.inc 10include disable-common.inc
11include disable-devel.inc 11include disable-devel.inc
diff --git a/etc/profile-m-z/uget-gtk.profile b/etc/profile-m-z/uget-gtk.profile
index eed2db541..4420099ff 100644
--- a/etc/profile-m-z/uget-gtk.profile
+++ b/etc/profile-m-z/uget-gtk.profile
@@ -5,7 +5,7 @@ include uget-gtk.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/uGet 8noblacklist ${HOME}/.config/uGet
9 9
10include disable-common.inc 10include disable-common.inc
11include disable-devel.inc 11include disable-devel.inc
@@ -14,8 +14,8 @@ include disable-programs.inc
14include disable-shell.inc 14include disable-shell.inc
15 15
16mkdir ${HOME}/.config/uGet 16mkdir ${HOME}/.config/uGet
17allow ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18allow ${HOME}/.config/uGet 18whitelist ${HOME}/.config/uGet
19include whitelist-common.inc 19include whitelist-common.inc
20include whitelist-usr-share-common.inc 20include whitelist-usr-share-common.inc
21include whitelist-var-common.inc 21include whitelist-var-common.inc
diff --git a/etc/profile-m-z/unbound.profile b/etc/profile-m-z/unbound.profile
index 7e7b3fbec..0c077babf 100644
--- a/etc/profile-m-z/unbound.profile
+++ b/etc/profile-m-z/unbound.profile
@@ -6,11 +6,11 @@ include unbound.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny /sbin 9noblacklist /sbin
10nodeny /usr/sbin 10noblacklist /usr/sbin
11 11
12deny /tmp/.X11-unix 12blacklist /tmp/.X11-unix
13deny ${RUNUSER}/wayland-* 13blacklist ${RUNUSER}/wayland-*
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
@@ -22,8 +22,8 @@ include disable-xdg.inc
22 22
23include whitelist-usr-share-common.inc 23include whitelist-usr-share-common.inc
24 24
25allow /var/lib/unbound 25whitelist /var/lib/unbound
26allow /var/run 26whitelist /var/run
27 27
28caps.keep net_admin,net_bind_service,setgid,setuid,sys_chroot,sys_resource 28caps.keep net_admin,net_bind_service,setgid,setuid,sys_chroot,sys_resource
29ipc-namespace 29ipc-namespace
diff --git a/etc/profile-m-z/unf.profile b/etc/profile-m-z/unf.profile
index 846271971..6db7ba362 100644
--- a/etc/profile-m-z/unf.profile
+++ b/etc/profile-m-z/unf.profile
@@ -7,7 +7,7 @@ include unf.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny ${RUNUSER}/wayland-* 10blacklist ${RUNUSER}/wayland-*
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-programs.inc
18include disable-shell.inc 18include disable-shell.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21allow ${DOWNLOADS} 21whitelist ${DOWNLOADS}
22include whitelist-common.inc 22include whitelist-common.inc
23include whitelist-usr-share-common.inc 23include whitelist-usr-share-common.inc
24include whitelist-var-common.inc 24include whitelist-var-common.inc
diff --git a/etc/profile-m-z/unknown-horizons.profile b/etc/profile-m-z/unknown-horizons.profile
index 3e1c6264d..956492f52 100644
--- a/etc/profile-m-z/unknown-horizons.profile
+++ b/etc/profile-m-z/unknown-horizons.profile
@@ -6,7 +6,7 @@ include unknown-horizons.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.unknown-horizons 9noblacklist ${HOME}/.unknown-horizons
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-exec.inc 12include disable-exec.inc
@@ -14,10 +14,10 @@ include disable-passwdmgr.inc
14include disable-programs.inc 14include disable-programs.inc
15 15
16mkdir ${HOME}/.unknown-horizons 16mkdir ${HOME}/.unknown-horizons
17allow ${HOME}/.unknown-horizons 17whitelist ${HOME}/.unknown-horizons
18include whitelist-common.inc 18include whitelist-common.inc
19include whitelist-runuser-common.inc 19include whitelist-runuser-common.inc
20allow /usr/share/unknown-horizons 20whitelist /usr/share/unknown-horizons
21include whitelist-usr-share-common.inc 21include whitelist-usr-share-common.inc
22include whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
diff --git a/etc/profile-m-z/unzip.profile b/etc/profile-m-z/unzip.profile
index 99d2415ca..0231e3dba 100644
--- a/etc/profile-m-z/unzip.profile
+++ b/etc/profile-m-z/unzip.profile
@@ -8,7 +8,7 @@ include unzip.local
8include globals.local 8include globals.local
9 9
10# GNOME Shell integration (chrome-gnome-shell) 10# GNOME Shell integration (chrome-gnome-shell)
11nodeny ${HOME}/.local/share/gnome-shell 11noblacklist ${HOME}/.local/share/gnome-shell
12 12
13private-etc alternatives,group,localtime,passwd 13private-etc alternatives,group,localtime,passwd
14 14
diff --git a/etc/profile-m-z/utox.profile b/etc/profile-m-z/utox.profile
index 3b0f7c646..dd881f091 100644
--- a/etc/profile-m-z/utox.profile
+++ b/etc/profile-m-z/utox.profile
@@ -6,8 +6,8 @@ include utox.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/Tox 9noblacklist ${HOME}/.cache/Tox
10nodeny ${HOME}/.config/tox 10noblacklist ${HOME}/.config/tox
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-shell.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21mkdir ${HOME}/.config/tox 21mkdir ${HOME}/.config/tox
22allow ${DOWNLOADS} 22whitelist ${DOWNLOADS}
23allow ${HOME}/.config/tox 23whitelist ${HOME}/.config/tox
24include whitelist-common.inc 24include whitelist-common.inc
25include whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
diff --git a/etc/profile-m-z/uudeview.profile b/etc/profile-m-z/uudeview.profile
index 3bda71666..2adc044e5 100644
--- a/etc/profile-m-z/uudeview.profile
+++ b/etc/profile-m-z/uudeview.profile
@@ -7,7 +7,7 @@ include uudeview.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny ${RUNUSER}/wayland-* 10blacklist ${RUNUSER}/wayland-*
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-m-z/uzbl-browser.profile b/etc/profile-m-z/uzbl-browser.profile
index 6899f4bf7..41487a8f2 100644
--- a/etc/profile-m-z/uzbl-browser.profile
+++ b/etc/profile-m-z/uzbl-browser.profile
@@ -5,9 +5,9 @@ include uzbl-browser.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/uzbl 8noblacklist ${HOME}/.config/uzbl
9nodeny ${HOME}/.gnupg 9noblacklist ${HOME}/.gnupg
10nodeny ${HOME}/.local/share/uzbl 10noblacklist ${HOME}/.local/share/uzbl
11 11
12# Allow python (blacklisted by disable-interpreters.inc) 12# Allow python (blacklisted by disable-interpreters.inc)
13include allow-python2.inc 13include allow-python2.inc
@@ -22,11 +22,11 @@ mkdir ${HOME}/.config/uzbl
22mkdir ${HOME}/.gnupg 22mkdir ${HOME}/.gnupg
23mkdir ${HOME}/.local/share/uzbl 23mkdir ${HOME}/.local/share/uzbl
24mkdir ${HOME}/.password-store 24mkdir ${HOME}/.password-store
25allow ${DOWNLOADS} 25whitelist ${DOWNLOADS}
26allow ${HOME}/.config/uzbl 26whitelist ${HOME}/.config/uzbl
27allow ${HOME}/.gnupg 27whitelist ${HOME}/.gnupg
28allow ${HOME}/.local/share/uzbl 28whitelist ${HOME}/.local/share/uzbl
29allow ${HOME}/.password-store 29whitelist ${HOME}/.password-store
30include whitelist-common.inc 30include whitelist-common.inc
31 31
32caps.drop all 32caps.drop all
diff --git a/etc/profile-m-z/viewnior.profile b/etc/profile-m-z/viewnior.profile
index e0bf02706..a9ba344dd 100644
--- a/etc/profile-m-z/viewnior.profile
+++ b/etc/profile-m-z/viewnior.profile
@@ -6,11 +6,11 @@ include viewnior.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.Steam 9noblacklist ${HOME}/.Steam
10nodeny ${HOME}/.config/viewnior 10noblacklist ${HOME}/.config/viewnior
11nodeny ${HOME}/.steam 11noblacklist ${HOME}/.steam
12 12
13deny ${HOME}/.bashrc 13blacklist ${HOME}/.bashrc
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
diff --git a/etc/profile-m-z/viking.profile b/etc/profile-m-z/viking.profile
index b16f691d6..8f8ef5939 100644
--- a/etc/profile-m-z/viking.profile
+++ b/etc/profile-m-z/viking.profile
@@ -6,9 +6,9 @@ include viking.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.viking 9noblacklist ${HOME}/.viking
10nodeny ${HOME}/.viking-maps 10noblacklist ${HOME}/.viking-maps
11nodeny ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-m-z/vim.profile b/etc/profile-m-z/vim.profile
index b535225dd..c3cfe5980 100644
--- a/etc/profile-m-z/vim.profile
+++ b/etc/profile-m-z/vim.profile
@@ -6,9 +6,9 @@ include vim.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.vim 9noblacklist ${HOME}/.vim
10nodeny ${HOME}/.viminfo 10noblacklist ${HOME}/.viminfo
11nodeny ${HOME}/.vimrc 11noblacklist ${HOME}/.vimrc
12 12
13# Allows files commonly used by IDEs 13# Allows files commonly used by IDEs
14include allow-common-devel.inc 14include allow-common-devel.inc
diff --git a/etc/profile-m-z/virtualbox.profile b/etc/profile-m-z/virtualbox.profile
index f28828338..c22fb0ff9 100644
--- a/etc/profile-m-z/virtualbox.profile
+++ b/etc/profile-m-z/virtualbox.profile
@@ -6,12 +6,12 @@ include virtualbox.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.VirtualBox 9noblacklist ${HOME}/.VirtualBox
10nodeny ${HOME}/.config/VirtualBox 10noblacklist ${HOME}/.config/VirtualBox
11nodeny ${HOME}/VirtualBox VMs 11noblacklist ${HOME}/VirtualBox VMs
12# noblacklist /usr/bin/virtualbox 12# noblacklist /usr/bin/virtualbox
13nodeny /usr/lib/virtualbox 13noblacklist /usr/lib/virtualbox
14nodeny /usr/lib64/virtualbox 14noblacklist /usr/lib64/virtualbox
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
@@ -23,10 +23,10 @@ include disable-xdg.inc
23 23
24mkdir ${HOME}/.config/VirtualBox 24mkdir ${HOME}/.config/VirtualBox
25mkdir ${HOME}/VirtualBox VMs 25mkdir ${HOME}/VirtualBox VMs
26allow ${HOME}/.config/VirtualBox 26whitelist ${HOME}/.config/VirtualBox
27allow ${HOME}/VirtualBox VMs 27whitelist ${HOME}/VirtualBox VMs
28allow ${DOWNLOADS} 28whitelist ${DOWNLOADS}
29allow /usr/share/virtualbox 29whitelist /usr/share/virtualbox
30include whitelist-common.inc 30include whitelist-common.inc
31include whitelist-runuser-common.inc 31include whitelist-runuser-common.inc
32include whitelist-usr-share-common.inc 32include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/vivaldi.profile b/etc/profile-m-z/vivaldi.profile
index 3858405db..fdeb0307f 100644
--- a/etc/profile-m-z/vivaldi.profile
+++ b/etc/profile-m-z/vivaldi.profile
@@ -8,26 +8,26 @@ include globals.local
8# Allow HTML5 Proprietary Media & DRM/EME (Widevine) 8# Allow HTML5 Proprietary Media & DRM/EME (Widevine)
9ignore apparmor 9ignore apparmor
10ignore noexec /var 10ignore noexec /var
11nodeny /var/opt 11noblacklist /var/opt
12allow /var/opt/vivaldi 12whitelist /var/opt/vivaldi
13writable-var 13writable-var
14 14
15nodeny ${HOME}/.cache/vivaldi 15noblacklist ${HOME}/.cache/vivaldi
16nodeny ${HOME}/.cache/vivaldi-snapshot 16noblacklist ${HOME}/.cache/vivaldi-snapshot
17nodeny ${HOME}/.config/vivaldi 17noblacklist ${HOME}/.config/vivaldi
18nodeny ${HOME}/.config/vivaldi-snapshot 18noblacklist ${HOME}/.config/vivaldi-snapshot
19nodeny ${HOME}/.local/lib/vivaldi 19noblacklist ${HOME}/.local/lib/vivaldi
20 20
21mkdir ${HOME}/.cache/vivaldi 21mkdir ${HOME}/.cache/vivaldi
22mkdir ${HOME}/.cache/vivaldi-snapshot 22mkdir ${HOME}/.cache/vivaldi-snapshot
23mkdir ${HOME}/.config/vivaldi 23mkdir ${HOME}/.config/vivaldi
24mkdir ${HOME}/.config/vivaldi-snapshot 24mkdir ${HOME}/.config/vivaldi-snapshot
25mkdir ${HOME}/.local/lib/vivaldi 25mkdir ${HOME}/.local/lib/vivaldi
26allow ${HOME}/.cache/vivaldi 26whitelist ${HOME}/.cache/vivaldi
27allow ${HOME}/.cache/vivaldi-snapshot 27whitelist ${HOME}/.cache/vivaldi-snapshot
28allow ${HOME}/.config/vivaldi 28whitelist ${HOME}/.config/vivaldi
29allow ${HOME}/.config/vivaldi-snapshot 29whitelist ${HOME}/.config/vivaldi-snapshot
30allow ${HOME}/.local/lib/vivaldi 30whitelist ${HOME}/.local/lib/vivaldi
31 31
32#private-bin bash,cat,dirname,readlink,rm,vivaldi,vivaldi-stable,vivaldi-snapshot 32#private-bin bash,cat,dirname,readlink,rm,vivaldi,vivaldi-stable,vivaldi-snapshot
33 33
diff --git a/etc/profile-m-z/vlc.profile b/etc/profile-m-z/vlc.profile
index ede2d4525..cd7dccd8a 100644
--- a/etc/profile-m-z/vlc.profile
+++ b/etc/profile-m-z/vlc.profile
@@ -6,10 +6,10 @@ include vlc.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/vlc 9noblacklist ${HOME}/.cache/vlc
10nodeny ${HOME}/.config/vlc 10noblacklist ${HOME}/.config/vlc
11nodeny ${HOME}/.config/aacs 11noblacklist ${HOME}/.config/aacs
12nodeny ${HOME}/.local/share/vlc 12noblacklist ${HOME}/.local/share/vlc
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
@@ -22,10 +22,10 @@ read-only ${DESKTOP}
22mkdir ${HOME}/.cache/vlc 22mkdir ${HOME}/.cache/vlc
23mkdir ${HOME}/.config/vlc 23mkdir ${HOME}/.config/vlc
24mkdir ${HOME}/.local/share/vlc 24mkdir ${HOME}/.local/share/vlc
25allow ${HOME}/.cache/vlc 25whitelist ${HOME}/.cache/vlc
26allow ${HOME}/.config/vlc 26whitelist ${HOME}/.config/vlc
27allow ${HOME}/.config/aacs 27whitelist ${HOME}/.config/aacs
28allow ${HOME}/.local/share/vlc 28whitelist ${HOME}/.local/share/vlc
29include whitelist-common.inc 29include whitelist-common.inc
30include whitelist-player-common.inc 30include whitelist-player-common.inc
31include whitelist-var-common.inc 31include whitelist-var-common.inc
diff --git a/etc/profile-m-z/vmware-view.profile b/etc/profile-m-z/vmware-view.profile
index f23e90e84..f07c31b68 100644
--- a/etc/profile-m-z/vmware-view.profile
+++ b/etc/profile-m-z/vmware-view.profile
@@ -6,10 +6,10 @@ include vmware-view.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.vmware 9noblacklist ${HOME}/.vmware
10 10
11nodeny /sbin 11noblacklist /sbin
12nodeny /usr/sbin 12noblacklist /usr/sbin
13 13
14include allow-bin-sh.inc 14include allow-bin-sh.inc
15 15
@@ -23,7 +23,7 @@ include disable-shell.inc
23include disable-xdg.inc 23include disable-xdg.inc
24 24
25mkdir ${HOME}/.vmware 25mkdir ${HOME}/.vmware
26allow ${HOME}/.vmware 26whitelist ${HOME}/.vmware
27include whitelist-common.inc 27include whitelist-common.inc
28include whitelist-runuser-common.inc 28include whitelist-runuser-common.inc
29include whitelist-usr-share-common.inc 29include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/vmware.profile b/etc/profile-m-z/vmware.profile
index 3a535588f..5241e27b3 100644
--- a/etc/profile-m-z/vmware.profile
+++ b/etc/profile-m-z/vmware.profile
@@ -6,8 +6,8 @@ include vmware.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/vmware 9noblacklist ${HOME}/.cache/vmware
10nodeny ${HOME}/.vmware 10noblacklist ${HOME}/.vmware
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
19 19
20mkdir ${HOME}/.cache/vmware 20mkdir ${HOME}/.cache/vmware
21mkdir ${HOME}/.vmware 21mkdir ${HOME}/.vmware
22allow ${HOME}/.cache/vmware 22whitelist ${HOME}/.cache/vmware
23allow ${HOME}/.vmware 23whitelist ${HOME}/.vmware
24# Add the next lines to your vmware.local if you need to use "shared VM". 24# Add the next lines to your vmware.local if you need to use "shared VM".
25#whitelist /var/lib/vmware 25#whitelist /var/lib/vmware
26#writable-var 26#writable-var
diff --git a/etc/profile-m-z/vscodium.profile b/etc/profile-m-z/vscodium.profile
index 7996113f5..a4a4fb7d8 100644
--- a/etc/profile-m-z/vscodium.profile
+++ b/etc/profile-m-z/vscodium.profile
@@ -6,7 +6,7 @@ include vscodium.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny ${HOME}/.VSCodium 9noblacklist ${HOME}/.VSCodium
10 10
11# Redirect 11# Redirect
12include code.profile 12include code.profile
diff --git a/etc/profile-m-z/vulturesclaw.profile b/etc/profile-m-z/vulturesclaw.profile
index a6c38c1f1..fa6ddf1fb 100644
--- a/etc/profile-m-z/vulturesclaw.profile
+++ b/etc/profile-m-z/vulturesclaw.profile
@@ -6,8 +6,8 @@ include vulturesclaw.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny /var/games/vulturesclaw 9noblacklist /var/games/vulturesclaw
10allow /var/games/vulturesclaw 10whitelist /var/games/vulturesclaw
11 11
12# Redirect 12# Redirect
13include nethack-vultures.profile 13include nethack-vultures.profile
diff --git a/etc/profile-m-z/vultureseye.profile b/etc/profile-m-z/vultureseye.profile
index 763c50bf6..49d3fa94f 100644
--- a/etc/profile-m-z/vultureseye.profile
+++ b/etc/profile-m-z/vultureseye.profile
@@ -6,8 +6,8 @@ include vultureseye.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9nodeny /var/games/vultureseye 9noblacklist /var/games/vultureseye
10allow /var/games/vultureseye 10whitelist /var/games/vultureseye
11 11
12# Redirect 12# Redirect
13include nethack-vultures.profile 13include nethack-vultures.profile
diff --git a/etc/profile-m-z/vym.profile b/etc/profile-m-z/vym.profile
index 1f2462c32..5421c4e4b 100644
--- a/etc/profile-m-z/vym.profile
+++ b/etc/profile-m-z/vym.profile
@@ -6,7 +6,7 @@ include vym.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/InSilmaril 9noblacklist ${HOME}/.config/InSilmaril
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-m-z/w3m.profile b/etc/profile-m-z/w3m.profile
index 6b38bbf13..69b2c6c59 100644
--- a/etc/profile-m-z/w3m.profile
+++ b/etc/profile-m-z/w3m.profile
@@ -12,10 +12,10 @@ include globals.local
12#ignore private-dev 12#ignore private-dev
13#ignore private-etc 13#ignore private-etc
14 14
15nodeny ${HOME}/.w3m 15noblacklist ${HOME}/.w3m
16 16
17deny /tmp/.X11-unix 17blacklist /tmp/.X11-unix
18deny ${RUNUSER}/wayland-* 18blacklist ${RUNUSER}/wayland-*
19 19
20# Allow /bin/sh (blacklisted by disable-shell.inc) 20# Allow /bin/sh (blacklisted by disable-shell.inc)
21include allow-bin-sh.inc 21include allow-bin-sh.inc
@@ -33,9 +33,9 @@ include disable-shell.inc
33include disable-xdg.inc 33include disable-xdg.inc
34 34
35mkdir ${HOME}/.w3m 35mkdir ${HOME}/.w3m
36allow /usr/share/w3m 36whitelist /usr/share/w3m
37allow ${DOWNLOADS} 37whitelist ${DOWNLOADS}
38allow ${HOME}/.w3m 38whitelist ${HOME}/.w3m
39include whitelist-runuser-common.inc 39include whitelist-runuser-common.inc
40include whitelist-usr-share-common.inc 40include whitelist-usr-share-common.inc
41include whitelist-var-common.inc 41include whitelist-var-common.inc
diff --git a/etc/profile-m-z/warmux.profile b/etc/profile-m-z/warmux.profile
index 6658ac5db..1227a202c 100644
--- a/etc/profile-m-z/warmux.profile
+++ b/etc/profile-m-z/warmux.profile
@@ -6,9 +6,9 @@ include warmux.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/wormux 9noblacklist ${HOME}/.config/wormux
10nodeny ${HOME}/.local/share/wormux 10noblacklist ${HOME}/.local/share/wormux
11nodeny ${HOME}/.wormux 11noblacklist ${HOME}/.wormux
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -22,10 +22,10 @@ include disable-xdg.inc
22mkdir ${HOME}/.config/wormux 22mkdir ${HOME}/.config/wormux
23mkdir ${HOME}/.local/share/wormux 23mkdir ${HOME}/.local/share/wormux
24mkdir ${HOME}/.wormux 24mkdir ${HOME}/.wormux
25allow ${HOME}/.config/wormux 25whitelist ${HOME}/.config/wormux
26allow ${HOME}/.local/share/wormux 26whitelist ${HOME}/.local/share/wormux
27allow ${HOME}/.wormux 27whitelist ${HOME}/.wormux
28allow /usr/share/warmux 28whitelist /usr/share/warmux
29include whitelist-common.inc 29include whitelist-common.inc
30include whitelist-usr-share-common.inc 30include whitelist-usr-share-common.inc
31include whitelist-var-common.inc 31include whitelist-var-common.inc
diff --git a/etc/profile-m-z/warsow.profile b/etc/profile-m-z/warsow.profile
index fac4d0555..e0cd3daad 100644
--- a/etc/profile-m-z/warsow.profile
+++ b/etc/profile-m-z/warsow.profile
@@ -8,8 +8,8 @@ include globals.local
8 8
9ignore noexec ${HOME} 9ignore noexec ${HOME}
10 10
11nodeny ${HOME}/.cache/warsow-2.1 11noblacklist ${HOME}/.cache/warsow-2.1
12nodeny ${HOME}/.local/share/warsow-2.1 12noblacklist ${HOME}/.local/share/warsow-2.1
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
@@ -22,9 +22,9 @@ include disable-xdg.inc
22 22
23mkdir ${HOME}/.cache/warsow-2.1 23mkdir ${HOME}/.cache/warsow-2.1
24mkdir ${HOME}/.local/share/warsow-2.1 24mkdir ${HOME}/.local/share/warsow-2.1
25allow ${HOME}/.cache/warsow-2.1 25whitelist ${HOME}/.cache/warsow-2.1
26allow ${HOME}/.local/share/warsow-2.1 26whitelist ${HOME}/.local/share/warsow-2.1
27allow /usr/share/warsow 27whitelist /usr/share/warsow
28include whitelist-common.inc 28include whitelist-common.inc
29include whitelist-runuser-common.inc 29include whitelist-runuser-common.inc
30include whitelist-usr-share-common.inc 30include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/warzone2100.profile b/etc/profile-m-z/warzone2100.profile
index 081ae349b..420e8927e 100644
--- a/etc/profile-m-z/warzone2100.profile
+++ b/etc/profile-m-z/warzone2100.profile
@@ -6,7 +6,7 @@ include warzone2100.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.warzone2100-3.* 9noblacklist ${HOME}/.warzone2100-3.*
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
18 18
19mkdir ${HOME}/.warzone2100-3.1 19mkdir ${HOME}/.warzone2100-3.1
20mkdir ${HOME}/.warzone2100-3.2 20mkdir ${HOME}/.warzone2100-3.2
21allow ${HOME}/.warzone2100-3.1 21whitelist ${HOME}/.warzone2100-3.1
22allow ${HOME}/.warzone2100-3.2 22whitelist ${HOME}/.warzone2100-3.2
23allow /usr/share/games 23whitelist /usr/share/games
24include whitelist-common.inc 24include whitelist-common.inc
25include whitelist-runuser-common.inc 25include whitelist-runuser-common.inc
26include whitelist-usr-share-common.inc 26include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/waterfox.profile b/etc/profile-m-z/waterfox.profile
index 4081b29b9..18f1ca79a 100644
--- a/etc/profile-m-z/waterfox.profile
+++ b/etc/profile-m-z/waterfox.profile
@@ -5,13 +5,13 @@ include waterfox.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.cache/waterfox 8noblacklist ${HOME}/.cache/waterfox
9nodeny ${HOME}/.waterfox 9noblacklist ${HOME}/.waterfox
10 10
11mkdir ${HOME}/.cache/waterfox 11mkdir ${HOME}/.cache/waterfox
12mkdir ${HOME}/.waterfox 12mkdir ${HOME}/.waterfox
13allow ${HOME}/.cache/waterfox 13whitelist ${HOME}/.cache/waterfox
14allow ${HOME}/.waterfox 14whitelist ${HOME}/.waterfox
15 15
16# Add the next lines to your watefox.local if you want to use the migration wizard. 16# Add the next lines to your watefox.local if you want to use the migration wizard.
17#noblacklist ${HOME}/.mozilla 17#noblacklist ${HOME}/.mozilla
diff --git a/etc/profile-m-z/webstorm.profile b/etc/profile-m-z/webstorm.profile
index 1f42dae2c..69e96d0cd 100644
--- a/etc/profile-m-z/webstorm.profile
+++ b/etc/profile-m-z/webstorm.profile
@@ -5,12 +5,12 @@ include webstorm.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.WebStorm* 8noblacklist ${HOME}/.WebStorm*
9nodeny ${HOME}/.android 9noblacklist ${HOME}/.android
10nodeny ${HOME}/.local/share/JetBrains 10noblacklist ${HOME}/.local/share/JetBrains
11nodeny ${HOME}/.tooling 11noblacklist ${HOME}/.tooling
12# Allow KDE file manager to open with log directories (blacklisted by disable-programs.inc) 12# Allow KDE file manager to open with log directories (blacklisted by disable-programs.inc)
13nodeny ${HOME}/.config/dolphinrc 13noblacklist ${HOME}/.config/dolphinrc
14 14
15# Allows files commonly used by IDEs 15# Allows files commonly used by IDEs
16include allow-common-devel.inc 16include allow-common-devel.inc
@@ -18,8 +18,8 @@ include allow-common-devel.inc
18# Allow ssh (blacklisted by disable-common.inc) 18# Allow ssh (blacklisted by disable-common.inc)
19include allow-ssh.inc 19include allow-ssh.inc
20 20
21nodeny ${PATH}/node 21noblacklist ${PATH}/node
22nodeny ${HOME}/.nvm 22noblacklist ${HOME}/.nvm
23 23
24include disable-common.inc 24include disable-common.inc
25include disable-devel.inc 25include disable-devel.inc
diff --git a/etc/profile-m-z/webui-aria2.profile b/etc/profile-m-z/webui-aria2.profile
index d1bbcfb67..d5a998f35 100644
--- a/etc/profile-m-z/webui-aria2.profile
+++ b/etc/profile-m-z/webui-aria2.profile
@@ -6,7 +6,7 @@ include webui-aria2.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${PATH}/node 9noblacklist ${PATH}/node
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-m-z/weechat.profile b/etc/profile-m-z/weechat.profile
index 99941a590..76935212f 100644
--- a/etc/profile-m-z/weechat.profile
+++ b/etc/profile-m-z/weechat.profile
@@ -6,12 +6,12 @@ include weechat.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.weechat 9noblacklist ${HOME}/.weechat
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-programs.inc 12include disable-programs.inc
13 13
14allow /usr/share/weechat 14whitelist /usr/share/weechat
15include whitelist-usr-share-common.inc 15include whitelist-usr-share-common.inc
16include whitelist-var-common.inc 16include whitelist-var-common.inc
17 17
diff --git a/etc/profile-m-z/wesnoth.profile b/etc/profile-m-z/wesnoth.profile
index 47b923e6a..199b3c6f0 100644
--- a/etc/profile-m-z/wesnoth.profile
+++ b/etc/profile-m-z/wesnoth.profile
@@ -6,9 +6,9 @@ include wesnoth.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/wesnoth 9noblacklist ${HOME}/.cache/wesnoth
10nodeny ${HOME}/.config/wesnoth 10noblacklist ${HOME}/.config/wesnoth
11nodeny ${HOME}/.local/share/wesnoth 11noblacklist ${HOME}/.local/share/wesnoth
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-programs.inc
19mkdir ${HOME}/.cache/wesnoth 19mkdir ${HOME}/.cache/wesnoth
20mkdir ${HOME}/.config/wesnoth 20mkdir ${HOME}/.config/wesnoth
21mkdir ${HOME}/.local/share/wesnoth 21mkdir ${HOME}/.local/share/wesnoth
22allow ${HOME}/.cache/wesnoth 22whitelist ${HOME}/.cache/wesnoth
23allow ${HOME}/.config/wesnoth 23whitelist ${HOME}/.config/wesnoth
24allow ${HOME}/.local/share/wesnoth 24whitelist ${HOME}/.local/share/wesnoth
25include whitelist-common.inc 25include whitelist-common.inc
26 26
27caps.drop all 27caps.drop all
diff --git a/etc/profile-m-z/wget.profile b/etc/profile-m-z/wget.profile
index 3c4a4eb63..53c4711bd 100644
--- a/etc/profile-m-z/wget.profile
+++ b/etc/profile-m-z/wget.profile
@@ -7,12 +7,12 @@ include wget.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${HOME}/.netrc 10noblacklist ${HOME}/.netrc
11nodeny ${HOME}/.wget-hsts 11noblacklist ${HOME}/.wget-hsts
12nodeny ${HOME}/.wgetrc 12noblacklist ${HOME}/.wgetrc
13 13
14deny /tmp/.X11-unix 14blacklist /tmp/.X11-unix
15deny ${RUNUSER} 15blacklist ${RUNUSER}
16 16
17include disable-common.inc 17include disable-common.inc
18include disable-devel.inc 18include disable-devel.inc
diff --git a/etc/profile-m-z/whalebird.profile b/etc/profile-m-z/whalebird.profile
index fdbd406c2..22a84274d 100644
--- a/etc/profile-m-z/whalebird.profile
+++ b/etc/profile-m-z/whalebird.profile
@@ -13,10 +13,10 @@ ignore include whitelist-usr-share-common.inc
13ignore dbus-user none 13ignore dbus-user none
14ignore dbus-system none 14ignore dbus-system none
15 15
16nodeny ${HOME}/.config/Whalebird 16noblacklist ${HOME}/.config/Whalebird
17 17
18mkdir ${HOME}/.config/Whalebird 18mkdir ${HOME}/.config/Whalebird
19allow ${HOME}/.config/Whalebird 19whitelist ${HOME}/.config/Whalebird
20 20
21no3d 21no3d
22 22
diff --git a/etc/profile-m-z/whois.profile b/etc/profile-m-z/whois.profile
index 35d7fe9cb..93871a5a4 100644
--- a/etc/profile-m-z/whois.profile
+++ b/etc/profile-m-z/whois.profile
@@ -7,8 +7,8 @@ include whois.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10deny /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11deny ${RUNUSER} 11blacklist ${RUNUSER}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-m-z/widelands.profile b/etc/profile-m-z/widelands.profile
index 8f5adb0fc..0dc26b11d 100644
--- a/etc/profile-m-z/widelands.profile
+++ b/etc/profile-m-z/widelands.profile
@@ -6,7 +6,7 @@ include widelands.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.widelands 9noblacklist ${HOME}/.widelands
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.widelands 20mkdir ${HOME}/.widelands
21allow ${HOME}/.widelands 21whitelist ${HOME}/.widelands
22include whitelist-common.inc 22include whitelist-common.inc
23include whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
diff --git a/etc/profile-m-z/wine.profile b/etc/profile-m-z/wine.profile
index 6bc68c829..0ea24aafd 100644
--- a/etc/profile-m-z/wine.profile
+++ b/etc/profile-m-z/wine.profile
@@ -6,13 +6,13 @@ include wine.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/winetricks 9noblacklist ${HOME}/.cache/winetricks
10nodeny ${HOME}/.Steam 10noblacklist ${HOME}/.Steam
11nodeny ${HOME}/.local/share/Steam 11noblacklist ${HOME}/.local/share/Steam
12nodeny ${HOME}/.local/share/steam 12noblacklist ${HOME}/.local/share/steam
13nodeny ${HOME}/.steam 13noblacklist ${HOME}/.steam
14nodeny ${HOME}/.wine 14noblacklist ${HOME}/.wine
15nodeny /tmp/.wine-* 15noblacklist /tmp/.wine-*
16 16
17include disable-common.inc 17include disable-common.inc
18include disable-devel.inc 18include disable-devel.inc
diff --git a/etc/profile-m-z/wire-desktop.profile b/etc/profile-m-z/wire-desktop.profile
index 5f40bbd48..151cd2adb 100644
--- a/etc/profile-m-z/wire-desktop.profile
+++ b/etc/profile-m-z/wire-desktop.profile
@@ -20,10 +20,10 @@ ignore private-cache
20ignore dbus-user none 20ignore dbus-user none
21ignore dbus-system none 21ignore dbus-system none
22 22
23nodeny ${HOME}/.config/Wire 23noblacklist ${HOME}/.config/Wire
24 24
25mkdir ${HOME}/.config/Wire 25mkdir ${HOME}/.config/Wire
26allow ${HOME}/.config/Wire 26whitelist ${HOME}/.config/Wire
27 27
28private-bin bash,electron,electron[0-9],electron[0-9][0-9],env,sh,wire-desktop 28private-bin bash,electron,electron[0-9],electron[0-9][0-9],env,sh,wire-desktop
29private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl 29private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl
diff --git a/etc/profile-m-z/wireshark.profile b/etc/profile-m-z/wireshark.profile
index f3f347283..1824026a8 100644
--- a/etc/profile-m-z/wireshark.profile
+++ b/etc/profile-m-z/wireshark.profile
@@ -6,9 +6,9 @@ include wireshark.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/wireshark 9noblacklist ${HOME}/.config/wireshark
10nodeny ${HOME}/.wireshark 10noblacklist ${HOME}/.wireshark
11nodeny ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13# Allow lua (blacklisted by disable-interpreters.inc) 13# Allow lua (blacklisted by disable-interpreters.inc)
14include allow-lua.inc 14include allow-lua.inc
@@ -21,7 +21,7 @@ include disable-passwdmgr.inc
21include disable-programs.inc 21include disable-programs.inc
22include disable-xdg.inc 22include disable-xdg.inc
23 23
24allow /usr/share/wireshark 24whitelist /usr/share/wireshark
25include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
26include whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
diff --git a/etc/profile-m-z/wordwarvi.profile b/etc/profile-m-z/wordwarvi.profile
index 1f1541a20..9c724a5d2 100644
--- a/etc/profile-m-z/wordwarvi.profile
+++ b/etc/profile-m-z/wordwarvi.profile
@@ -6,7 +6,7 @@ include wordwarvi.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.wordwarvi 9noblacklist ${HOME}/.wordwarvi
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.wordwarvi 20mkdir ${HOME}/.wordwarvi
21allow ${HOME}/.wordwarvi 21whitelist ${HOME}/.wordwarvi
22allow /usr/share/wordwarvi 22whitelist /usr/share/wordwarvi
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-usr-share-common.inc 24include whitelist-usr-share-common.inc
25include whitelist-var-common.inc 25include whitelist-var-common.inc
diff --git a/etc/profile-m-z/wps.profile b/etc/profile-m-z/wps.profile
index 6d16dfb04..a44b6490e 100644
--- a/etc/profile-m-z/wps.profile
+++ b/etc/profile-m-z/wps.profile
@@ -6,9 +6,9 @@ include wps.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.kingsoft 9noblacklist ${HOME}/.kingsoft
10nodeny ${HOME}/.config/Kingsoft 10noblacklist ${HOME}/.config/Kingsoft
11nodeny ${HOME}/.local/share/Kingsoft 11noblacklist ${HOME}/.local/share/Kingsoft
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-m-z/x2goclient.profile b/etc/profile-m-z/x2goclient.profile
index 311746cd9..557f07cd9 100644
--- a/etc/profile-m-z/x2goclient.profile
+++ b/etc/profile-m-z/x2goclient.profile
@@ -6,8 +6,8 @@ include x2goclient.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.x2go 9noblacklist ${HOME}/.x2go
10nodeny ${HOME}/.x2goclient 10noblacklist ${HOME}/.x2goclient
11 11
12# Allow ssh (blacklisted by disable-common.inc) 12# Allow ssh (blacklisted by disable-common.inc)
13include allow-ssh.inc 13include allow-ssh.inc
diff --git a/etc/profile-m-z/xbill.profile b/etc/profile-m-z/xbill.profile
index e545aa3a0..384f76acc 100644
--- a/etc/profile-m-z/xbill.profile
+++ b/etc/profile-m-z/xbill.profile
@@ -15,8 +15,8 @@ include disable-programs.inc
15include disable-shell.inc 15include disable-shell.inc
16include disable-xdg.inc 16include disable-xdg.inc
17 17
18allow /usr/share/xbill 18whitelist /usr/share/xbill
19allow /var/games/xbill/scores 19whitelist /var/games/xbill/scores
20include whitelist-common.inc 20include whitelist-common.inc
21include whitelist-usr-share-common.inc 21include whitelist-usr-share-common.inc
22include whitelist-var-common.inc 22include whitelist-var-common.inc
diff --git a/etc/profile-m-z/xchat.profile b/etc/profile-m-z/xchat.profile
index 7d0adbcc2..a94444aab 100644
--- a/etc/profile-m-z/xchat.profile
+++ b/etc/profile-m-z/xchat.profile
@@ -6,7 +6,7 @@ include xchat.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/xchat 9noblacklist ${HOME}/.config/xchat
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-m-z/xed.profile b/etc/profile-m-z/xed.profile
index 5db709bd1..4a3022e83 100644
--- a/etc/profile-m-z/xed.profile
+++ b/etc/profile-m-z/xed.profile
@@ -5,10 +5,10 @@ include xed.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/xed 8noblacklist ${HOME}/.config/xed
9nodeny ${HOME}/.python-history 9noblacklist ${HOME}/.python-history
10nodeny ${HOME}/.python_history 10noblacklist ${HOME}/.python_history
11nodeny ${HOME}/.pythonhist 11noblacklist ${HOME}/.pythonhist
12 12
13# Allow python (blacklisted by disable-interpreters.inc) 13# Allow python (blacklisted by disable-interpreters.inc)
14include allow-python2.inc 14include allow-python2.inc
diff --git a/etc/profile-m-z/xfburn.profile b/etc/profile-m-z/xfburn.profile
index 297ff6164..cd9561e74 100644
--- a/etc/profile-m-z/xfburn.profile
+++ b/etc/profile-m-z/xfburn.profile
@@ -6,7 +6,7 @@ include xfburn.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/xfburn 9noblacklist ${HOME}/.config/xfburn
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-m-z/xfce4-dict.profile b/etc/profile-m-z/xfce4-dict.profile
index 8ecd84116..ecd321c7e 100644
--- a/etc/profile-m-z/xfce4-dict.profile
+++ b/etc/profile-m-z/xfce4-dict.profile
@@ -6,7 +6,7 @@ include xfce4-dict.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/xfce4-dict 9noblacklist ${HOME}/.config/xfce4-dict
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-m-z/xfce4-mixer.profile b/etc/profile-m-z/xfce4-mixer.profile
index 8a6f9e921..bb38dbebd 100644
--- a/etc/profile-m-z/xfce4-mixer.profile
+++ b/etc/profile-m-z/xfce4-mixer.profile
@@ -6,7 +6,7 @@ include xfce4-mixer.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml 9noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,10 +18,10 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkfile ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml 20mkfile ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
21allow ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml 21whitelist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
22allow /usr/share/gstreamer-* 22whitelist /usr/share/gstreamer-*
23allow /usr/share/xfce4 23whitelist /usr/share/xfce4
24allow /usr/share/xfce4-mixer 24whitelist /usr/share/xfce4-mixer
25include whitelist-common.inc 25include whitelist-common.inc
26include whitelist-usr-share-common.inc 26include whitelist-usr-share-common.inc
27include whitelist-var-common.inc 27include whitelist-var-common.inc
diff --git a/etc/profile-m-z/xfce4-notes.profile b/etc/profile-m-z/xfce4-notes.profile
index fe88f9b27..ebfb4333c 100644
--- a/etc/profile-m-z/xfce4-notes.profile
+++ b/etc/profile-m-z/xfce4-notes.profile
@@ -6,9 +6,9 @@ include xfce4-notes.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/xfce4/xfce4-notes.gtkrc 9noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc
10nodeny ${HOME}/.config/xfce4/xfce4-notes.rc 10noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc
11nodeny ${HOME}/.local/share/notes 11noblacklist ${HOME}/.local/share/notes
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-m-z/xfce4-screenshooter.profile b/etc/profile-m-z/xfce4-screenshooter.profile
index baf222354..b1e5bafbf 100644
--- a/etc/profile-m-z/xfce4-screenshooter.profile
+++ b/etc/profile-m-z/xfce4-screenshooter.profile
@@ -6,7 +6,7 @@ include xfce4-screenshooter.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${PICTURES} 9noblacklist ${PICTURES}
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
17include disable-shell.inc 17include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20allow /usr/share/xfce4 20whitelist /usr/share/xfce4
21include whitelist-runuser-common.inc 21include whitelist-runuser-common.inc
22include whitelist-usr-share-common.inc 22include whitelist-usr-share-common.inc
23include whitelist-var-common.inc 23include whitelist-var-common.inc
diff --git a/etc/profile-m-z/xiphos.profile b/etc/profile-m-z/xiphos.profile
index 5c11cbd66..81d98db7a 100644
--- a/etc/profile-m-z/xiphos.profile
+++ b/etc/profile-m-z/xiphos.profile
@@ -6,10 +6,10 @@ include xiphos.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.sword 9noblacklist ${HOME}/.sword
10nodeny ${HOME}/.xiphos 10noblacklist ${HOME}/.xiphos
11 11
12deny ${HOME}/.bashrc 12blacklist ${HOME}/.bashrc
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
@@ -21,8 +21,8 @@ include disable-shell.inc
21 21
22mkdir ${HOME}/.sword 22mkdir ${HOME}/.sword
23mkdir ${HOME}/.xiphos 23mkdir ${HOME}/.xiphos
24allow ${HOME}/.sword 24whitelist ${HOME}/.sword
25allow ${HOME}/.xiphos 25whitelist ${HOME}/.xiphos
26include whitelist-common.inc 26include whitelist-common.inc
27include whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
diff --git a/etc/profile-m-z/xlinks.profile b/etc/profile-m-z/xlinks.profile
index da4801101..d5e25cfe7 100644
--- a/etc/profile-m-z/xlinks.profile
+++ b/etc/profile-m-z/xlinks.profile
@@ -7,7 +7,7 @@ include xlinks.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10nodeny /tmp/.X11-unix 10noblacklist /tmp/.X11-unix
11 11
12include whitelist-common.inc 12include whitelist-common.inc
13 13
diff --git a/etc/profile-m-z/xlinks2 b/etc/profile-m-z/xlinks2
index a7612cb2a..1ae6a60ca 100644
--- a/etc/profile-m-z/xlinks2
+++ b/etc/profile-m-z/xlinks2
@@ -7,7 +7,7 @@ include xlinks2.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10nodeny /tmp/.X11-unix 10noblacklist /tmp/.X11-unix
11 11
12include whitelist-common.inc 12include whitelist-common.inc
13 13
diff --git a/etc/profile-m-z/xmms.profile b/etc/profile-m-z/xmms.profile
index 1ed35f29a..25261d925 100644
--- a/etc/profile-m-z/xmms.profile
+++ b/etc/profile-m-z/xmms.profile
@@ -5,8 +5,8 @@ include xmms.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.xmms 8noblacklist ${HOME}/.xmms
9nodeny ${MUSIC} 9noblacklist ${MUSIC}
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
diff --git a/etc/profile-m-z/xmr-stak.profile b/etc/profile-m-z/xmr-stak.profile
index c97c12f56..e7020f36b 100644
--- a/etc/profile-m-z/xmr-stak.profile
+++ b/etc/profile-m-z/xmr-stak.profile
@@ -5,7 +5,7 @@ include xmr-stak.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.xmr-stak 8noblacklist ${HOME}/.xmr-stak
9 9
10include disable-common.inc 10include disable-common.inc
11include disable-devel.inc 11include disable-devel.inc
diff --git a/etc/profile-m-z/xonotic.profile b/etc/profile-m-z/xonotic.profile
index 94a09198c..53c9a0a08 100644
--- a/etc/profile-m-z/xonotic.profile
+++ b/etc/profile-m-z/xonotic.profile
@@ -6,7 +6,7 @@ include xonotic.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.xonotic 9noblacklist ${HOME}/.xonotic
10 10
11include allow-bin-sh.inc 11include allow-bin-sh.inc
12include allow-opengl-game.inc 12include allow-opengl-game.inc
@@ -21,8 +21,8 @@ include disable-shell.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23mkdir ${HOME}/.xonotic 23mkdir ${HOME}/.xonotic
24allow ${HOME}/.xonotic 24whitelist ${HOME}/.xonotic
25allow /usr/share/xonotic 25whitelist /usr/share/xonotic
26include whitelist-common.inc 26include whitelist-common.inc
27include whitelist-runuser-common.inc 27include whitelist-runuser-common.inc
28include whitelist-usr-share-common.inc 28include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/xournal.profile b/etc/profile-m-z/xournal.profile
index 34a188a4e..c4f092d50 100644
--- a/etc/profile-m-z/xournal.profile
+++ b/etc/profile-m-z/xournal.profile
@@ -6,7 +6,7 @@ include xournal.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
17include disable-shell.inc 17include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20allow /usr/share/xournal 20whitelist /usr/share/xournal
21allow /usr/share/poppler 21whitelist /usr/share/poppler
22include whitelist-usr-share-common.inc 22include whitelist-usr-share-common.inc
23include whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
diff --git a/etc/profile-m-z/xournalpp.profile b/etc/profile-m-z/xournalpp.profile
index f82d2a5d3..988b878b9 100644
--- a/etc/profile-m-z/xournalpp.profile
+++ b/etc/profile-m-z/xournalpp.profile
@@ -7,13 +7,13 @@ include xournalpp.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10nodeny ${HOME}/.xournalpp 10noblacklist ${HOME}/.xournalpp
11 11
12include allow-lua.inc 12include allow-lua.inc
13 13
14allow /usr/share/texlive 14whitelist /usr/share/texlive
15allow /usr/share/xournalpp 15whitelist /usr/share/xournalpp
16allow /var/lib/texmf 16whitelist /var/lib/texmf
17include whitelist-runuser-common.inc 17include whitelist-runuser-common.inc
18 18
19#mkdir ${HOME}/.xournalpp 19#mkdir ${HOME}/.xournalpp
diff --git a/etc/profile-m-z/xpdf.profile b/etc/profile-m-z/xpdf.profile
index 9da63b52a..1447ec9a7 100644
--- a/etc/profile-m-z/xpdf.profile
+++ b/etc/profile-m-z/xpdf.profile
@@ -6,8 +6,8 @@ include xpdf.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.xpdfrc 9noblacklist ${HOME}/.xpdfrc
10nodeny ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-m-z/xplayer.profile b/etc/profile-m-z/xplayer.profile
index 4af4586e3..c3bb3292c 100644
--- a/etc/profile-m-z/xplayer.profile
+++ b/etc/profile-m-z/xplayer.profile
@@ -5,8 +5,8 @@ include xplayer.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.config/xplayer 8noblacklist ${HOME}/.config/xplayer
9nodeny ${HOME}/.local/share/xplayer 9noblacklist ${HOME}/.local/share/xplayer
10 10
11# Allow python (blacklisted by disable-interpreters.inc) 11# Allow python (blacklisted by disable-interpreters.inc)
12include allow-python2.inc 12include allow-python2.inc
@@ -22,8 +22,8 @@ include disable-programs.inc
22read-only ${DESKTOP} 22read-only ${DESKTOP}
23mkdir ${HOME}/.config/xplayer 23mkdir ${HOME}/.config/xplayer
24mkdir ${HOME}/.local/share/xplayer 24mkdir ${HOME}/.local/share/xplayer
25allow ${HOME}/.config/xplayer 25whitelist ${HOME}/.config/xplayer
26allow ${HOME}/.local/share/xplayer 26whitelist ${HOME}/.local/share/xplayer
27include whitelist-common.inc 27include whitelist-common.inc
28include whitelist-player-common.inc 28include whitelist-player-common.inc
29include whitelist-var-common.inc 29include whitelist-var-common.inc
diff --git a/etc/profile-m-z/xpra.profile b/etc/profile-m-z/xpra.profile
index 28fbc94dd..6e409e1aa 100644
--- a/etc/profile-m-z/xpra.profile
+++ b/etc/profile-m-z/xpra.profile
@@ -25,7 +25,7 @@ include disable-interpreters.inc
25include disable-passwdmgr.inc 25include disable-passwdmgr.inc
26include disable-programs.inc 26include disable-programs.inc
27 27
28allow /var/lib/xkb 28whitelist /var/lib/xkb
29# whitelisting home directory, or including whitelist-common.inc 29# whitelisting home directory, or including whitelist-common.inc
30# will crash xpra on some platforms 30# will crash xpra on some platforms
31 31
diff --git a/etc/profile-m-z/xreader.profile b/etc/profile-m-z/xreader.profile
index 440f26af2..3ab35edfc 100644
--- a/etc/profile-m-z/xreader.profile
+++ b/etc/profile-m-z/xreader.profile
@@ -6,9 +6,9 @@ include xreader.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.cache/xreader 9noblacklist ${HOME}/.cache/xreader
10nodeny ${HOME}/.config/xreader 10noblacklist ${HOME}/.config/xreader
11nodeny ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-m-z/xviewer.profile b/etc/profile-m-z/xviewer.profile
index 671e0cf5b..4d454f81c 100644
--- a/etc/profile-m-z/xviewer.profile
+++ b/etc/profile-m-z/xviewer.profile
@@ -5,10 +5,10 @@ include xviewer.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8nodeny ${HOME}/.Steam 8noblacklist ${HOME}/.Steam
9nodeny ${HOME}/.config/xviewer 9noblacklist ${HOME}/.config/xviewer
10nodeny ${HOME}/.local/share/Trash 10noblacklist ${HOME}/.local/share/Trash
11nodeny ${HOME}/.steam 11noblacklist ${HOME}/.steam
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/profile-m-z/yandex-browser.profile b/etc/profile-m-z/yandex-browser.profile
index 27d0eb411..81cd021f7 100644
--- a/etc/profile-m-z/yandex-browser.profile
+++ b/etc/profile-m-z/yandex-browser.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
10ignore include whitelist-runuser-common.inc 10ignore include whitelist-runuser-common.inc
11ignore include whitelist-usr-share-common.inc 11ignore include whitelist-usr-share-common.inc
12 12
13nodeny ${HOME}/.cache/yandex-browser 13noblacklist ${HOME}/.cache/yandex-browser
14nodeny ${HOME}/.cache/yandex-browser-beta 14noblacklist ${HOME}/.cache/yandex-browser-beta
15nodeny ${HOME}/.config/yandex-browser 15noblacklist ${HOME}/.config/yandex-browser
16nodeny ${HOME}/.config/yandex-browser-beta 16noblacklist ${HOME}/.config/yandex-browser-beta
17 17
18mkdir ${HOME}/.cache/yandex-browser 18mkdir ${HOME}/.cache/yandex-browser
19mkdir ${HOME}/.cache/yandex-browser-beta 19mkdir ${HOME}/.cache/yandex-browser-beta
20mkdir ${HOME}/.config/yandex-browser 20mkdir ${HOME}/.config/yandex-browser
21mkdir ${HOME}/.config/yandex-browser-beta 21mkdir ${HOME}/.config/yandex-browser-beta
22allow ${HOME}/.cache/yandex-browser 22whitelist ${HOME}/.cache/yandex-browser
23allow ${HOME}/.cache/yandex-browser-beta 23whitelist ${HOME}/.cache/yandex-browser-beta
24allow ${HOME}/.config/yandex-browser 24whitelist ${HOME}/.config/yandex-browser
25allow ${HOME}/.config/yandex-browser-beta 25whitelist ${HOME}/.config/yandex-browser-beta
26 26
27# Redirect 27# Redirect
28include chromium-common.profile 28include chromium-common.profile
diff --git a/etc/profile-m-z/yelp.profile b/etc/profile-m-z/yelp.profile
index b288993f2..dee154409 100644
--- a/etc/profile-m-z/yelp.profile
+++ b/etc/profile-m-z/yelp.profile
@@ -6,7 +6,7 @@ include yelp.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/yelp 9noblacklist ${HOME}/.config/yelp
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
@@ -18,15 +18,15 @@ include disable-shell.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.config/yelp 20mkdir ${HOME}/.config/yelp
21allow ${HOME}/.config/yelp 21whitelist ${HOME}/.config/yelp
22allow /usr/libexec/webkit2gtk-4.0 22whitelist /usr/libexec/webkit2gtk-4.0
23allow /usr/share/doc 23whitelist /usr/share/doc
24allow /usr/share/groff 24whitelist /usr/share/groff
25allow /usr/share/help 25whitelist /usr/share/help
26allow /usr/share/man 26whitelist /usr/share/man
27allow /usr/share/yelp 27whitelist /usr/share/yelp
28allow /usr/share/yelp-tools 28whitelist /usr/share/yelp-tools
29allow /usr/share/yelp-xsl 29whitelist /usr/share/yelp-xsl
30include whitelist-common.inc 30include whitelist-common.inc
31include whitelist-runuser-common.inc 31include whitelist-runuser-common.inc
32include whitelist-usr-share-common.inc 32include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/youtube-dl-gui.profile b/etc/profile-m-z/youtube-dl-gui.profile
index 26ea3acaa..b52271a2c 100644
--- a/etc/profile-m-z/youtube-dl-gui.profile
+++ b/etc/profile-m-z/youtube-dl-gui.profile
@@ -8,7 +8,7 @@ include globals.local
8include allow-python2.inc 8include allow-python2.inc
9include allow-python3.inc 9include allow-python3.inc
10 10
11nodeny ${HOME}/.config/youtube-dlg 11noblacklist ${HOME}/.config/youtube-dlg
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -20,8 +20,8 @@ include disable-shell.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22mkdir ${HOME}/.config/youtube-dlg 22mkdir ${HOME}/.config/youtube-dlg
23allow ${HOME}/.config/youtube-dlg 23whitelist ${HOME}/.config/youtube-dlg
24allow ${DOWNLOADS} 24whitelist ${DOWNLOADS}
25include whitelist-common.inc 25include whitelist-common.inc
26include whitelist-runuser-common.inc 26include whitelist-runuser-common.inc
27include whitelist-usr-share-common.inc 27include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/youtube-dl.profile b/etc/profile-m-z/youtube-dl.profile
index 37f87d0b5..24c4d6db3 100644
--- a/etc/profile-m-z/youtube-dl.profile
+++ b/etc/profile-m-z/youtube-dl.profile
@@ -10,18 +10,18 @@ include globals.local
10# breaks when installed under ${HOME} via `pip install --user` (see #2833) 10# breaks when installed under ${HOME} via `pip install --user` (see #2833)
11ignore noexec ${HOME} 11ignore noexec ${HOME}
12 12
13nodeny ${HOME}/.cache/youtube-dl 13noblacklist ${HOME}/.cache/youtube-dl
14nodeny ${HOME}/.config/youtube-dl 14noblacklist ${HOME}/.config/youtube-dl
15nodeny ${HOME}/.netrc 15noblacklist ${HOME}/.netrc
16nodeny ${MUSIC} 16noblacklist ${MUSIC}
17nodeny ${VIDEOS} 17noblacklist ${VIDEOS}
18 18
19# Allow python (blacklisted by disable-interpreters.inc) 19# Allow python (blacklisted by disable-interpreters.inc)
20include allow-python2.inc 20include allow-python2.inc
21include allow-python3.inc 21include allow-python3.inc
22 22
23deny /tmp/.X11-unix 23blacklist /tmp/.X11-unix
24deny ${RUNUSER} 24blacklist ${RUNUSER}
25 25
26include disable-common.inc 26include disable-common.inc
27include disable-devel.inc 27include disable-devel.inc
diff --git a/etc/profile-m-z/youtube-viewer.profile b/etc/profile-m-z/youtube-viewer.profile
index 84b8bbc6a..b54dd37ad 100644
--- a/etc/profile-m-z/youtube-viewer.profile
+++ b/etc/profile-m-z/youtube-viewer.profile
@@ -7,13 +7,13 @@ include youtube-viewer.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10nodeny ${HOME}/.cache/youtube-viewer 10noblacklist ${HOME}/.cache/youtube-viewer
11nodeny ${HOME}/.config/youtube-viewer 11noblacklist ${HOME}/.config/youtube-viewer
12 12
13mkdir ${HOME}/.cache/youtube-viewer 13mkdir ${HOME}/.cache/youtube-viewer
14mkdir ${HOME}/.config/youtube-viewer 14mkdir ${HOME}/.config/youtube-viewer
15allow ${HOME}/.cache/youtube-viewer 15whitelist ${HOME}/.cache/youtube-viewer
16allow ${HOME}/.config/youtube-viewer 16whitelist ${HOME}/.config/youtube-viewer
17 17
18private-bin gtk-youtube-viewer,gtk2-youtube-viewer,gtk3-youtube-viewer,youtube-viewer 18private-bin gtk-youtube-viewer,gtk2-youtube-viewer,gtk3-youtube-viewer,youtube-viewer
19 19
diff --git a/etc/profile-m-z/youtube-viewers-common.profile b/etc/profile-m-z/youtube-viewers-common.profile
index f531f815e..25a073d4a 100644
--- a/etc/profile-m-z/youtube-viewers-common.profile
+++ b/etc/profile-m-z/youtube-viewers-common.profile
@@ -7,7 +7,7 @@ include youtube-viewers-common.local
7# added by caller profile 7# added by caller profile
8#include globals.local 8#include globals.local
9 9
10nodeny ${HOME}/.cache/youtube-dl 10noblacklist ${HOME}/.cache/youtube-dl
11 11
12# Allow lua (blacklisted by disable-interpreters.inc) 12# Allow lua (blacklisted by disable-interpreters.inc)
13include allow-lua.inc 13include allow-lua.inc
@@ -27,8 +27,8 @@ include disable-passwdmgr.inc
27include disable-programs.inc 27include disable-programs.inc
28include disable-xdg.inc 28include disable-xdg.inc
29 29
30allow ${DOWNLOADS} 30whitelist ${DOWNLOADS}
31allow ${HOME}/.cache/youtube-dl/youtube-sigfuncs 31whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs
32include whitelist-common.inc 32include whitelist-common.inc
33include whitelist-runuser-common.inc 33include whitelist-runuser-common.inc
34include whitelist-usr-share-common.inc 34include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/youtube.profile b/etc/profile-m-z/youtube.profile
index b015fb013..ad7ceaee4 100644
--- a/etc/profile-m-z/youtube.profile
+++ b/etc/profile-m-z/youtube.profile
@@ -9,12 +9,12 @@ include globals.local
9# Disabled until someone reported positive feedback 9# Disabled until someone reported positive feedback
10ignore nou2f 10ignore nou2f
11 11
12nodeny ${HOME}/.config/Youtube 12noblacklist ${HOME}/.config/Youtube
13 13
14include disable-shell.inc 14include disable-shell.inc
15 15
16mkdir ${HOME}/.config/Youtube 16mkdir ${HOME}/.config/Youtube
17allow ${HOME}/.config/Youtube 17whitelist ${HOME}/.config/Youtube
18 18
19private-bin youtube 19private-bin youtube
20private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg 20private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
diff --git a/etc/profile-m-z/youtubemusic-nativefier.profile b/etc/profile-m-z/youtubemusic-nativefier.profile
index d594a3d0f..74b0e38b9 100644
--- a/etc/profile-m-z/youtubemusic-nativefier.profile
+++ b/etc/profile-m-z/youtubemusic-nativefier.profile
@@ -6,12 +6,12 @@ include youtube.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/youtubemusic-nativefier-040164 9noblacklist ${HOME}/.config/youtubemusic-nativefier-040164
10 10
11include disable-shell.inc 11include disable-shell.inc
12 12
13mkdir ${HOME}/.config/youtubemusic-nativefier-040164 13mkdir ${HOME}/.config/youtubemusic-nativefier-040164
14allow ${HOME}/.config/youtubemusic-nativefier-040164 14whitelist ${HOME}/.config/youtubemusic-nativefier-040164
15 15
16private-bin youtubemusic-nativefier 16private-bin youtubemusic-nativefier
17private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg 17private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
diff --git a/etc/profile-m-z/ytmdesktop.profile b/etc/profile-m-z/ytmdesktop.profile
index 9987c953e..ab46fccc2 100644
--- a/etc/profile-m-z/ytmdesktop.profile
+++ b/etc/profile-m-z/ytmdesktop.profile
@@ -8,10 +8,10 @@ include globals.local
8 8
9ignore dbus-user none 9ignore dbus-user none
10 10
11nodeny ${HOME}/.config/youtube-music-desktop-app 11noblacklist ${HOME}/.config/youtube-music-desktop-app
12 12
13mkdir ${HOME}/.config/youtube-music-desktop-app 13mkdir ${HOME}/.config/youtube-music-desktop-app
14allow ${HOME}/.config/youtube-music-desktop-app 14whitelist ${HOME}/.config/youtube-music-desktop-app
15 15
16# private-bin env,ytmdesktop 16# private-bin env,ytmdesktop
17private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg 17private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
diff --git a/etc/profile-m-z/zaproxy.profile b/etc/profile-m-z/zaproxy.profile
index 2f18a8c45..5a168feb6 100644
--- a/etc/profile-m-z/zaproxy.profile
+++ b/etc/profile-m-z/zaproxy.profile
@@ -6,7 +6,7 @@ include zaproxy.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.ZAP 9noblacklist ${HOME}/.ZAP
10 10
11# Allow java (blacklisted by disable-devel.inc) 11# Allow java (blacklisted by disable-devel.inc)
12include allow-java.inc 12include allow-java.inc
@@ -20,8 +20,8 @@ include disable-programs.inc
20 20
21mkdir ${HOME}/.java 21mkdir ${HOME}/.java
22mkdir ${HOME}/.ZAP 22mkdir ${HOME}/.ZAP
23allow ${HOME}/.java 23whitelist ${HOME}/.java
24allow ${HOME}/.ZAP 24whitelist ${HOME}/.ZAP
25include whitelist-common.inc 25include whitelist-common.inc
26include whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
diff --git a/etc/profile-m-z/zart.profile b/etc/profile-m-z/zart.profile
index 32ff4f8ed..10f83aa30 100644
--- a/etc/profile-m-z/zart.profile
+++ b/etc/profile-m-z/zart.profile
@@ -6,8 +6,8 @@ include zart.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10nodeny ${PICTURES} 10noblacklist ${PICTURES}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/profile-m-z/zathura.profile b/etc/profile-m-z/zathura.profile
index 4bc841f63..d0e68c980 100644
--- a/etc/profile-m-z/zathura.profile
+++ b/etc/profile-m-z/zathura.profile
@@ -6,9 +6,9 @@ include zathura.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/zathura 9noblacklist ${HOME}/.config/zathura
10nodeny ${HOME}/.local/share/zathura 10noblacklist ${HOME}/.local/share/zathura
11nodeny ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -22,8 +22,8 @@ include disable-xdg.inc
22 22
23mkdir ${HOME}/.config/zathura 23mkdir ${HOME}/.config/zathura
24mkdir ${HOME}/.local/share/zathura 24mkdir ${HOME}/.local/share/zathura
25allow /usr/share/doc 25whitelist /usr/share/doc
26allow /usr/share/zathura 26whitelist /usr/share/zathura
27include whitelist-runuser-common.inc 27include whitelist-runuser-common.inc
28include whitelist-usr-share-common.inc 28include whitelist-usr-share-common.inc
29include whitelist-var-common.inc 29include whitelist-var-common.inc
diff --git a/etc/profile-m-z/zcat.profile b/etc/profile-m-z/zcat.profile
index 904ea9f05..5de13ab90 100644
--- a/etc/profile-m-z/zcat.profile
+++ b/etc/profile-m-z/zcat.profile
@@ -9,7 +9,7 @@ include zcat.local
9 9
10# Allow running kernel config check 10# Allow running kernel config check
11ignore include disable-shell.inc 11ignore include disable-shell.inc
12nodeny /proc/config.gz 12noblacklist /proc/config.gz
13 13
14# Redirect 14# Redirect
15include gzip.profile 15include gzip.profile
diff --git a/etc/profile-m-z/zeal.profile b/etc/profile-m-z/zeal.profile
index 458df2a46..2c6f6910f 100644
--- a/etc/profile-m-z/zeal.profile
+++ b/etc/profile-m-z/zeal.profile
@@ -6,9 +6,9 @@ include zeal.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9nodeny ${HOME}/.config/Zeal 9noblacklist ${HOME}/.config/Zeal
10nodeny ${HOME}/.cache/Zeal 10noblacklist ${HOME}/.cache/Zeal
11nodeny ${HOME}/.local/share/Zeal 11noblacklist ${HOME}/.local/share/Zeal
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -23,9 +23,9 @@ mkdir ${HOME}/.cache/Zeal
23mkdir ${HOME}/.config/qt5ct 23mkdir ${HOME}/.config/qt5ct
24mkdir ${HOME}/.config/Zeal 24mkdir ${HOME}/.config/Zeal
25mkdir ${HOME}/.local/share/Zeal 25mkdir ${HOME}/.local/share/Zeal
26allow ${HOME}/.cache/Zeal 26whitelist ${HOME}/.cache/Zeal
27allow ${HOME}/.config/Zeal 27whitelist ${HOME}/.config/Zeal
28allow ${HOME}/.local/share/Zeal 28whitelist ${HOME}/.local/share/Zeal
29include whitelist-common.inc 29include whitelist-common.inc
30include whitelist-var-common.inc 30include whitelist-var-common.inc
31 31
diff --git a/etc/profile-m-z/zgrep.profile b/etc/profile-m-z/zgrep.profile
index e2dfbd105..f63dc871f 100644
--- a/etc/profile-m-z/zgrep.profile
+++ b/etc/profile-m-z/zgrep.profile
@@ -9,7 +9,7 @@ include zgrep.local
9 9
10# Allow running kernel config check 10# Allow running kernel config check
11ignore include disable-shell.inc 11ignore include disable-shell.inc
12nodeny /proc/config.gz 12noblacklist /proc/config.gz
13 13
14# Redirect 14# Redirect
15include gzip.profile 15include gzip.profile
diff --git a/etc/profile-m-z/zoom.profile b/etc/profile-m-z/zoom.profile
index 6b0417b56..ac615d861 100644
--- a/etc/profile-m-z/zoom.profile
+++ b/etc/profile-m-z/zoom.profile
@@ -16,17 +16,17 @@ ignore dbus-system none
16# If you use such a system, add 'ignore nogroups' to your zoom.local. 16# If you use such a system, add 'ignore nogroups' to your zoom.local.
17#ignore nogroups 17#ignore nogroups
18 18
19nodeny ${HOME}/.config/zoomus.conf 19noblacklist ${HOME}/.config/zoomus.conf
20nodeny ${HOME}/.zoom 20noblacklist ${HOME}/.zoom
21 21
22noallow ${DOWNLOADS} 22nowhitelist ${DOWNLOADS}
23 23
24mkdir ${HOME}/.cache/zoom 24mkdir ${HOME}/.cache/zoom
25mkfile ${HOME}/.config/zoomus.conf 25mkfile ${HOME}/.config/zoomus.conf
26mkdir ${HOME}/.zoom 26mkdir ${HOME}/.zoom
27allow ${HOME}/.cache/zoom 27whitelist ${HOME}/.cache/zoom
28allow ${HOME}/.config/zoomus.conf 28whitelist ${HOME}/.config/zoomus.conf
29allow ${HOME}/.zoom 29whitelist ${HOME}/.zoom
30 30
31# Disable for now, see https://github.com/netblue30/firejail/issues/3726 31# Disable for now, see https://github.com/netblue30/firejail/issues/3726
32#private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl 32#private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl
diff --git a/etc/profile-m-z/zulip.profile b/etc/profile-m-z/zulip.profile
index cdbbdccf1..093da5212 100644
--- a/etc/profile-m-z/zulip.profile
+++ b/etc/profile-m-z/zulip.profile
@@ -8,7 +8,7 @@ include globals.local
8 8
9ignore noexec /tmp 9ignore noexec /tmp
10 10
11nodeny ${HOME}/.config/Zulip 11noblacklist ${HOME}/.config/Zulip
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
@@ -20,8 +20,8 @@ include disable-shell.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22mkdir ${HOME}/.config/Zulip 22mkdir ${HOME}/.config/Zulip
23allow ${HOME}/.config/Zulip 23whitelist ${HOME}/.config/Zulip
24allow ${DOWNLOADS} 24whitelist ${DOWNLOADS}
25include whitelist-common.inc 25include whitelist-common.inc
26include whitelist-var-common.inc 26include whitelist-var-common.inc
27 27