move whitelist/blacklist to allow/deny

370 files changed, 1564 insertions, 1564 deletions

diff --git a/etc/profile-a-l/0ad.profile b/etc/profile-a-l/0ad.profile
index 4009853d3..6f493fff1 100644
--- a/etc/profile-a-l/0ad.profile
+++ b/etc/profile-a-l/0ad.profile
@@ -6,11 +6,11 @@ include 0ad.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/0ad
-noblacklist ${HOME}/.config/0ad
-noblacklist ${HOME}/.local/share/0ad
+nodeny  ${HOME}/.cache/0ad
+nodeny  ${HOME}/.config/0ad
+nodeny  ${HOME}/.local/share/0ad
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,11 +23,11 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/0ad
 mkdir ${HOME}/.config/0ad
 mkdir ${HOME}/.local/share/0ad
-whitelist ${HOME}/.cache/0ad
-whitelist ${HOME}/.config/0ad
-whitelist ${HOME}/.local/share/0ad
-whitelist /usr/share/0ad
-whitelist /usr/share/games
+allow  ${HOME}/.cache/0ad
+allow  ${HOME}/.config/0ad
+allow  ${HOME}/.local/share/0ad
+allow  /usr/share/0ad
+allow  /usr/share/games
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/2048-qt.profile b/etc/profile-a-l/2048-qt.profile
index 1d787cba7..3a7b331a7 100644
--- a/etc/profile-a-l/2048-qt.profile
+++ b/etc/profile-a-l/2048-qt.profile
@@ -6,8 +6,8 @@ include 2048-qt.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/2048-qt
-noblacklist ${HOME}/.config/xiaoyong
+nodeny  ${HOME}/.config/2048-qt
+nodeny  ${HOME}/.config/xiaoyong
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.config/2048-qt
 mkdir ${HOME}/.config/xiaoyong
-whitelist ${HOME}/.config/2048-qt
-whitelist ${HOME}/.config/xiaoyong
+allow  ${HOME}/.config/2048-qt
+allow  ${HOME}/.config/xiaoyong
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/Cryptocat.profile b/etc/profile-a-l/Cryptocat.profile
index 1d86b0fbf..def0ec111 100644
--- a/etc/profile-a-l/Cryptocat.profile
+++ b/etc/profile-a-l/Cryptocat.profile
@@ -5,7 +5,7 @@ include Cryptocat.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Cryptocat
+nodeny  ${HOME}/.config/Cryptocat
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/Discord.profile b/etc/profile-a-l/Discord.profile
index 3f274b21c..1d3ae49ca 100644
--- a/etc/profile-a-l/Discord.profile
+++ b/etc/profile-a-l/Discord.profile
@@ -5,10 +5,10 @@ include Discord.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/discord
+nodeny  ${HOME}/.config/discord
 
 mkdir ${HOME}/.config/discord
-whitelist ${HOME}/.config/discord
+allow  ${HOME}/.config/discord
 
 private-bin Discord
 private-opt Discord
diff --git a/etc/profile-a-l/DiscordCanary.profile b/etc/profile-a-l/DiscordCanary.profile
index d24e73ed8..3c85f187b 100644
--- a/etc/profile-a-l/DiscordCanary.profile
+++ b/etc/profile-a-l/DiscordCanary.profile
@@ -5,10 +5,10 @@ include DiscordCanary.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/discordcanary
+nodeny  ${HOME}/.config/discordcanary
 
 mkdir ${HOME}/.config/discordcanary
-whitelist ${HOME}/.config/discordcanary
+allow  ${HOME}/.config/discordcanary
 
 private-bin DiscordCanary
 private-opt DiscordCanary
diff --git a/etc/profile-a-l/Fritzing.profile b/etc/profile-a-l/Fritzing.profile
index 7dc6b5ff0..8f746581f 100644
--- a/etc/profile-a-l/Fritzing.profile
+++ b/etc/profile-a-l/Fritzing.profile
@@ -6,8 +6,8 @@ include Fritzing.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Fritzing
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.config/Fritzing
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/JDownloader.profile b/etc/profile-a-l/JDownloader.profile
index d10b70796..9a00c3230 100644
--- a/etc/profile-a-l/JDownloader.profile
+++ b/etc/profile-a-l/JDownloader.profile
@@ -5,7 +5,7 @@ include JDownloader.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.jd
+nodeny  ${HOME}/.jd
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -19,8 +19,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.jd
-whitelist ${HOME}/.jd
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.jd
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/abiword.profile b/etc/profile-a-l/abiword.profile
index 75da9a956..2a92c7db4 100644
--- a/etc/profile-a-l/abiword.profile
+++ b/etc/profile-a-l/abiword.profile
@@ -6,7 +6,7 @@ include abiword.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/abiword
+nodeny  ${HOME}/.config/abiword
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
 
-whitelist /usr/share/abiword-3.0
+allow  /usr/share/abiword-3.0
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/abrowser.profile b/etc/profile-a-l/abrowser.profile
index 2e6e8f1af..70ddcec20 100644
--- a/etc/profile-a-l/abrowser.profile
+++ b/etc/profile-a-l/abrowser.profile
@@ -5,13 +5,13 @@ include abrowser.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/mozilla
-noblacklist ${HOME}/.mozilla
+nodeny  ${HOME}/.cache/mozilla
+nodeny  ${HOME}/.mozilla
 
 mkdir ${HOME}/.cache/mozilla/abrowser
 mkdir ${HOME}/.mozilla
-whitelist ${HOME}/.cache/mozilla/abrowser
-whitelist ${HOME}/.mozilla
+allow  ${HOME}/.cache/mozilla/abrowser
+allow  ${HOME}/.mozilla
 
 # private-etc must first be enabled in firefox-common.profile
 #private-etc abrowser
diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile
index 34f59769e..d32586c5b 100644
--- a/etc/profile-a-l/agetpkg.profile
+++ b/etc/profile-a-l/agetpkg.profile
@@ -7,8 +7,8 @@ include agetpkg.local
 # Persistent global definitions
 include globals.local
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -23,7 +23,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist ${DOWNLOADS}
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/akonadi_control.profile b/etc/profile-a-l/akonadi_control.profile
index 37fdb38b5..7b1d1445f 100644
--- a/etc/profile-a-l/akonadi_control.profile
+++ b/etc/profile-a-l/akonadi_control.profile
@@ -4,22 +4,22 @@ include akonadi_control.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/akonadi*
-noblacklist ${HOME}/.config/akonadi*
-noblacklist ${HOME}/.config/baloorc
-noblacklist ${HOME}/.config/emaildefaults
-noblacklist ${HOME}/.config/emailidentities
-noblacklist ${HOME}/.config/kmail2rc
-noblacklist ${HOME}/.config/mailtransports
-noblacklist ${HOME}/.config/specialmailcollectionsrc
-noblacklist ${HOME}/.local/share/akonadi*
-noblacklist ${HOME}/.local/share/apps/korganizer
-noblacklist ${HOME}/.local/share/contacts
-noblacklist ${HOME}/.local/share/local-mail
-noblacklist ${HOME}/.local/share/notes
-noblacklist /sbin
-noblacklist /tmp/akonadi-*
-noblacklist /usr/sbin
+nodeny  ${HOME}/.cache/akonadi*
+nodeny  ${HOME}/.config/akonadi*
+nodeny  ${HOME}/.config/baloorc
+nodeny  ${HOME}/.config/emaildefaults
+nodeny  ${HOME}/.config/emailidentities
+nodeny  ${HOME}/.config/kmail2rc
+nodeny  ${HOME}/.config/mailtransports
+nodeny  ${HOME}/.config/specialmailcollectionsrc
+nodeny  ${HOME}/.local/share/akonadi*
+nodeny  ${HOME}/.local/share/apps/korganizer
+nodeny  ${HOME}/.local/share/contacts
+nodeny  ${HOME}/.local/share/local-mail
+nodeny  ${HOME}/.local/share/notes
+nodeny  /sbin
+nodeny  /tmp/akonadi-*
+nodeny  /usr/sbin
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/akregator.profile b/etc/profile-a-l/akregator.profile
index 38fcd2dc1..b2323547c 100644
--- a/etc/profile-a-l/akregator.profile
+++ b/etc/profile-a-l/akregator.profile
@@ -6,9 +6,9 @@ include akregator.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/akregatorrc
-noblacklist ${HOME}/.local/share/akregator
-noblacklist ${HOME}/.local/share/kxmlgui5/akregator
+nodeny  ${HOME}/.config/akregatorrc
+nodeny  ${HOME}/.local/share/akregator
+nodeny  ${HOME}/.local/share/kxmlgui5/akregator
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,10 +21,10 @@ include disable-shell.inc
 mkfile ${HOME}/.config/akregatorrc
 mkdir ${HOME}/.local/share/akregator
 mkdir ${HOME}/.local/share/kxmlgui5/akregator
-whitelist ${HOME}/.config/akregatorrc
-whitelist ${HOME}/.local/share/akregator
-whitelist ${HOME}/.local/share/kssl
-whitelist ${HOME}/.local/share/kxmlgui5/akregator
+allow  ${HOME}/.config/akregatorrc
+allow  ${HOME}/.local/share/akregator
+allow  ${HOME}/.local/share/kssl
+allow  ${HOME}/.local/share/kxmlgui5/akregator
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/alacarte.profile b/etc/profile-a-l/alacarte.profile
index 4c6d68020..ca6c8d887 100644
--- a/etc/profile-a-l/alacarte.profile
+++ b/etc/profile-a-l/alacarte.profile
@@ -19,13 +19,13 @@ include disable-passwdmgr.inc
 include disable-xdg.inc
 
 # Whitelist your system icon directory,varies by distro
-whitelist /usr/share/alacarte
-whitelist /usr/share/app-info
-whitelist /usr/share/desktop-directories
-whitelist /usr/share/icons
-whitelist /var/lib/app-info/icons
-whitelist /var/lib/flatpak/exports/share/applications
-whitelist /var/lib/flatpak/exports/share/icons
+allow  /usr/share/alacarte
+allow  /usr/share/app-info
+allow  /usr/share/desktop-directories
+allow  /usr/share/icons
+allow  /var/lib/app-info/icons
+allow  /var/lib/flatpak/exports/share/applications
+allow  /var/lib/flatpak/exports/share/icons
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/alienarena.profile b/etc/profile-a-l/alienarena.profile
index 81ee6bd46..220c3345d 100644
--- a/etc/profile-a-l/alienarena.profile
+++ b/etc/profile-a-l/alienarena.profile
@@ -6,7 +6,7 @@ include alienarena.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/cor-games
+nodeny  ${HOME}/.local/share/cor-games
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/cor-games
-whitelist ${HOME}/.local/share/cor-games
-whitelist /usr/share/alienarena
+allow  ${HOME}/.local/share/cor-games
+allow  /usr/share/alienarena
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile
index 0b5cf0df0..6fa3edfa1 100644
--- a/etc/profile-a-l/alpine.profile
+++ b/etc/profile-a-l/alpine.profile
@@ -10,28 +10,28 @@ include globals.local
 # Workaround for bug https://github.com/netblue30/firejail/issues/2747
 # firejail --private-bin=sh --include='${CFG}/allow-bin-sh.inc' --profile=alpine sh -c '(alpine)'
 
-noblacklist /var/mail
-noblacklist /var/spool/mail
-noblacklist ${DOCUMENTS}
-noblacklist ${HOME}/.addressbook
-noblacklist ${HOME}/.alpine-smime
-noblacklist ${HOME}/.mailcap
-noblacklist ${HOME}/.mh_profile
-noblacklist ${HOME}/.mime.types
-noblacklist ${HOME}/.newsrc
-noblacklist ${HOME}/.pine-crash
-noblacklist ${HOME}/.pine-debug1
-noblacklist ${HOME}/.pine-debug2
-noblacklist ${HOME}/.pine-debug3
-noblacklist ${HOME}/.pine-debug4
-noblacklist ${HOME}/.pine-interrupted-mail
-noblacklist ${HOME}/.pinerc
-noblacklist ${HOME}/.pinercex
-noblacklist ${HOME}/.signature
-noblacklist ${HOME}/mail
+nodeny  /var/mail
+nodeny  /var/spool/mail
+nodeny  ${DOCUMENTS}
+nodeny  ${HOME}/.addressbook
+nodeny  ${HOME}/.alpine-smime
+nodeny  ${HOME}/.mailcap
+nodeny  ${HOME}/.mh_profile
+nodeny  ${HOME}/.mime.types
+nodeny  ${HOME}/.newsrc
+nodeny  ${HOME}/.pine-crash
+nodeny  ${HOME}/.pine-debug1
+nodeny  ${HOME}/.pine-debug2
+nodeny  ${HOME}/.pine-debug3
+nodeny  ${HOME}/.pine-debug4
+nodeny  ${HOME}/.pine-interrupted-mail
+nodeny  ${HOME}/.pinerc
+nodeny  ${HOME}/.pinercex
+nodeny  ${HOME}/.signature
+nodeny  ${HOME}/mail
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -60,8 +60,8 @@ include disable-xdg.inc
 #whitelist ${HOME}/.pine-debug4
 #whitelist ${HOME}/.signature
 #whitelist ${HOME}/mail
-whitelist /var/mail
-whitelist /var/spool/mail
+allow  /var/mail
+allow  /var/spool/mail
 #include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/amarok.profile b/etc/profile-a-l/amarok.profile
index a7caddc4c..03aba36e4 100644
--- a/etc/profile-a-l/amarok.profile
+++ b/etc/profile-a-l/amarok.profile
@@ -6,7 +6,7 @@ include amarok.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${MUSIC}
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/amule.profile b/etc/profile-a-l/amule.profile
index e3c4164ee..00039a7e9 100644
--- a/etc/profile-a-l/amule.profile
+++ b/etc/profile-a-l/amule.profile
@@ -6,7 +6,7 @@ include amule.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.aMule
+nodeny  ${HOME}/.aMule
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.aMule
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.aMule
+allow  ${DOWNLOADS}
+allow  ${HOME}/.aMule
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/android-studio.profile b/etc/profile-a-l/android-studio.profile
index 5a21744cf..5bf6ed773 100644
--- a/etc/profile-a-l/android-studio.profile
+++ b/etc/profile-a-l/android-studio.profile
@@ -5,13 +5,13 @@ include android-studio.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Google
-noblacklist ${HOME}/.AndroidStudio*
-noblacklist ${HOME}/.android
-noblacklist ${HOME}/.jack-server
-noblacklist ${HOME}/.jack-settings
-noblacklist ${HOME}/.local/share/JetBrains
-noblacklist ${HOME}/.tooling
+nodeny  ${HOME}/.config/Google
+nodeny  ${HOME}/.AndroidStudio*
+nodeny  ${HOME}/.android
+nodeny  ${HOME}/.jack-server
+nodeny  ${HOME}/.jack-settings
+nodeny  ${HOME}/.local/share/JetBrains
+nodeny  ${HOME}/.tooling
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/anki.profile b/etc/profile-a-l/anki.profile
index ef60e91c2..ec99fe6c2 100644
--- a/etc/profile-a-l/anki.profile
+++ b/etc/profile-a-l/anki.profile
@@ -6,8 +6,8 @@ include anki.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${DOCUMENTS}
-noblacklist ${HOME}/.local/share/Anki2
+nodeny  ${DOCUMENTS}
+nodeny  ${HOME}/.local/share/Anki2
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -23,8 +23,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/Anki2
-whitelist ${DOCUMENTS}
-whitelist ${HOME}/.local/share/Anki2
+allow  ${DOCUMENTS}
+allow  ${HOME}/.local/share/Anki2
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/anydesk.profile b/etc/profile-a-l/anydesk.profile
index fdaf10259..cb30ed8da 100644
--- a/etc/profile-a-l/anydesk.profile
+++ b/etc/profile-a-l/anydesk.profile
@@ -5,7 +5,7 @@ include anydesk.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.anydesk
+nodeny  ${HOME}/.anydesk
 
 include disable-common.inc
 include disable-devel.inc
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.anydesk
-whitelist ${HOME}/.anydesk
+allow  ${HOME}/.anydesk
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/aosp.profile b/etc/profile-a-l/aosp.profile
index e7b09283e..d647a4657 100644
--- a/etc/profile-a-l/aosp.profile
+++ b/etc/profile-a-l/aosp.profile
@@ -5,13 +5,13 @@ include aosp.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.android
-noblacklist ${HOME}/.bash_history
-noblacklist ${HOME}/.jack-server
-noblacklist ${HOME}/.jack-settings
-noblacklist ${HOME}/.repo_.gitconfig.json
-noblacklist ${HOME}/.repoconfig
-noblacklist ${HOME}/.tooling
+nodeny  ${HOME}/.android
+nodeny  ${HOME}/.bash_history
+nodeny  ${HOME}/.jack-server
+nodeny  ${HOME}/.jack-settings
+nodeny  ${HOME}/.repo_.gitconfig.json
+nodeny  ${HOME}/.repoconfig
+nodeny  ${HOME}/.tooling
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile
index 01566314f..020ae2812 100644
--- a/etc/profile-a-l/apostrophe.profile
+++ b/etc/profile-a-l/apostrophe.profile
@@ -6,9 +6,9 @@ include apostrophe.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.texlive20*
-noblacklist ${DOCUMENTS}
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.texlive20*
+nodeny  ${DOCUMENTS}
+nodeny  ${PICTURES}
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -31,12 +31,12 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/libexec/webkit2gtk-4.0
-whitelist /usr/share/apostrophe
-whitelist /usr/share/texlive
-whitelist /usr/share/texmf
-whitelist /usr/share/pandoc-*
-whitelist /usr/share/perl5
+allow  /usr/libexec/webkit2gtk-4.0
+allow  /usr/share/apostrophe
+allow  /usr/share/texlive
+allow  /usr/share/texmf
+allow  /usr/share/pandoc-*
+allow  /usr/share/perl5
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/arch-audit.profile b/etc/profile-a-l/arch-audit.profile
index accabb6f5..8c71dd574 100644
--- a/etc/profile-a-l/arch-audit.profile
+++ b/etc/profile-a-l/arch-audit.profile
@@ -7,7 +7,7 @@ include arch-audit.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /var/lib/pacman
+nodeny  /var/lib/pacman
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/arch-audit
+allow  /usr/share/arch-audit
 include whitelist-usr-share-common.inc
 
 apparmor
diff --git a/etc/profile-a-l/archaudit-report.profile b/etc/profile-a-l/archaudit-report.profile
index 19c37f90e..0915ede33 100644
--- a/etc/profile-a-l/archaudit-report.profile
+++ b/etc/profile-a-l/archaudit-report.profile
@@ -6,7 +6,7 @@ include archaudit-report.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /var/lib/pacman
+nodeny  /var/lib/pacman
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/archiver-common.profile b/etc/profile-a-l/archiver-common.profile
index 1fab4606b..5b859ceb1 100644
--- a/etc/profile-a-l/archiver-common.profile
+++ b/etc/profile-a-l/archiver-common.profile
@@ -4,7 +4,7 @@ include archiver-common.local
 
 # common profile for archiver/compression tools
 
-blacklist ${RUNUSER}
+deny  ${RUNUSER}
 
 # Comment/uncomment the relevant include file(s) in your archiver-common.local
 # to (un)restrict file access for **all** archivers. Another option is to do this **per archiver**
diff --git a/etc/profile-a-l/ardour5.profile b/etc/profile-a-l/ardour5.profile
index 84b1d6c18..960948afc 100644
--- a/etc/profile-a-l/ardour5.profile
+++ b/etc/profile-a-l/ardour5.profile
@@ -5,12 +5,12 @@ include ardour5.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/ardour4
-noblacklist ${HOME}/.config/ardour5
-noblacklist ${HOME}/.lv2
-noblacklist ${HOME}/.vst
-noblacklist ${DOCUMENTS}
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.config/ardour4
+nodeny  ${HOME}/.config/ardour5
+nodeny  ${HOME}/.lv2
+nodeny  ${HOME}/.vst
+nodeny  ${DOCUMENTS}
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/arduino.profile b/etc/profile-a-l/arduino.profile
index fd1ca9a09..88f14fbfe 100644
--- a/etc/profile-a-l/arduino.profile
+++ b/etc/profile-a-l/arduino.profile
@@ -6,9 +6,9 @@ include arduino.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.arduino15
-noblacklist ${HOME}/Arduino
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.arduino15
+nodeny  ${HOME}/Arduino
+nodeny  ${DOCUMENTS}
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/aria2c.profile b/etc/profile-a-l/aria2c.profile
index 22b8ecd65..be56011f0 100644
--- a/etc/profile-a-l/aria2c.profile
+++ b/etc/profile-a-l/aria2c.profile
@@ -6,12 +6,12 @@ include aria2c.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.aria2
-noblacklist ${HOME}/.config/aria2
-noblacklist ${HOME}/.netrc
+nodeny  ${HOME}/.aria2
+nodeny  ${HOME}/.config/aria2
+nodeny  ${HOME}/.netrc
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/ark.profile b/etc/profile-a-l/ark.profile
index a63dd8f5f..031c57080 100644
--- a/etc/profile-a-l/ark.profile
+++ b/etc/profile-a-l/ark.profile
@@ -6,8 +6,8 @@ include ark.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/arkrc
-noblacklist ${HOME}/.local/share/kxmlgui5/ark
+nodeny  ${HOME}/.config/arkrc
+nodeny  ${HOME}/.local/share/kxmlgui5/ark
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-whitelist /usr/share/ark
+allow  /usr/share/ark
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/arm.profile b/etc/profile-a-l/arm.profile
index 2c8b630ce..9ed8076be 100644
--- a/etc/profile-a-l/arm.profile
+++ b/etc/profile-a-l/arm.profile
@@ -6,7 +6,7 @@ include arm.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.arm
+nodeny  ${HOME}/.arm
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -20,7 +20,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.arm
-whitelist ${HOME}/.arm
+allow  ${HOME}/.arm
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile
index fab72b7d3..7cfac4915 100644
--- a/etc/profile-a-l/artha.profile
+++ b/etc/profile-a-l/artha.profile
@@ -6,12 +6,12 @@ include artha.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/artha.conf
-noblacklist ${HOME}/.config/artha.log
-noblacklist ${HOME}/.config/enchant
+nodeny  ${HOME}/.config/artha.conf
+nodeny  ${HOME}/.config/artha.log
+nodeny  ${HOME}/.config/enchant
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -28,8 +28,8 @@ include disable-xdg.inc
 #whitelist ${HOME}/.config/artha.conf
 #whitelist ${HOME}/.config/artha.log
 #whitelist ${HOME}/.config/enchant
-whitelist /usr/share/artha
-whitelist /usr/share/wordnet
+allow  /usr/share/artha
+allow  /usr/share/wordnet
 #include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/assogiate.profile b/etc/profile-a-l/assogiate.profile
index 977fe30a4..f2251c210 100644
--- a/etc/profile-a-l/assogiate.profile
+++ b/etc/profile-a-l/assogiate.profile
@@ -6,7 +6,7 @@ include assogiate.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${PICTURES}
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist ${PICTURES}
+allow  ${PICTURES}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/asunder.profile b/etc/profile-a-l/asunder.profile
index c97fd691a..e65072266 100644
--- a/etc/profile-a-l/asunder.profile
+++ b/etc/profile-a-l/asunder.profile
@@ -6,11 +6,11 @@ include asunder.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/asunder
-noblacklist ${HOME}/.asunder_album_genre
-noblacklist ${HOME}/.asunder_album_title
-noblacklist ${HOME}/.asunder_album_artist
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.config/asunder
+nodeny  ${HOME}/.asunder_album_genre
+nodeny  ${HOME}/.asunder_album_title
+nodeny  ${HOME}/.asunder_album_artist
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/atom.profile b/etc/profile-a-l/atom.profile
index 5f237ac59..ea3038537 100644
--- a/etc/profile-a-l/atom.profile
+++ b/etc/profile-a-l/atom.profile
@@ -18,8 +18,8 @@ ignore include whitelist-var-common.inc
 ignore apparmor
 ignore disable-mnt
 
-noblacklist ${HOME}/.atom
-noblacklist ${HOME}/.config/Atom
+nodeny  ${HOME}/.atom
+nodeny  ${HOME}/.config/Atom
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/atril.profile b/etc/profile-a-l/atril.profile
index 1c3ed66ff..8ae8617cf 100644
--- a/etc/profile-a-l/atril.profile
+++ b/etc/profile-a-l/atril.profile
@@ -6,9 +6,9 @@ include atril.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/atril
-noblacklist ${HOME}/.config/atril
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.cache/atril
+nodeny  ${HOME}/.config/atril
+nodeny  ${DOCUMENTS}
 
 #noblacklist ${HOME}/.local/share
 # it seems to use only ${HOME}/.local/share/webkitgtk
diff --git a/etc/profile-a-l/audacious.profile b/etc/profile-a-l/audacious.profile
index f9f209786..53baf0a2a 100644
--- a/etc/profile-a-l/audacious.profile
+++ b/etc/profile-a-l/audacious.profile
@@ -6,9 +6,9 @@ include audacious.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Audaciousrc
-noblacklist ${HOME}/.config/audacious
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.config/Audaciousrc
+nodeny  ${HOME}/.config/audacious
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile
index a2de8436a..c244846e1 100644
--- a/etc/profile-a-l/audacity.profile
+++ b/etc/profile-a-l/audacity.profile
@@ -6,9 +6,9 @@ include audacity.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.audacity-data
-noblacklist ${DOCUMENTS}
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.audacity-data
+nodeny  ${DOCUMENTS}
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/audio-recorder.profile b/etc/profile-a-l/audio-recorder.profile
index 2c7fdc812..534792cc6 100644
--- a/etc/profile-a-l/audio-recorder.profile
+++ b/etc/profile-a-l/audio-recorder.profile
@@ -7,7 +7,7 @@ include audio-recorder.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${MUSIC}
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,10 +17,10 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist ${MUSIC}
-whitelist ${DOWNLOADS}
-whitelist /usr/share/audio-recorder
-whitelist /usr/share/gstreamer-1.0
+allow  ${MUSIC}
+allow  ${DOWNLOADS}
+allow  /usr/share/audio-recorder
+allow  /usr/share/gstreamer-1.0
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/authenticator-rs.profile b/etc/profile-a-l/authenticator-rs.profile
index 2ebe35dd5..0d6eb6a21 100644
--- a/etc/profile-a-l/authenticator-rs.profile
+++ b/etc/profile-a-l/authenticator-rs.profile
@@ -6,7 +6,7 @@ include authenticator-rs.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/authenticator-rs
+nodeny  ${HOME}/.local/share/authenticator-rs
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/authenticator-rs
-whitelist ${HOME}/.local/share/authenticator-rs
-whitelist ${DOWNLOADS}
-whitelist /usr/share/uk.co.grumlimited.authenticator-rs
+allow  ${HOME}/.local/share/authenticator-rs
+allow  ${DOWNLOADS}
+allow  /usr/share/uk.co.grumlimited.authenticator-rs
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/authenticator.profile b/etc/profile-a-l/authenticator.profile
index 42d9cd56a..55d967e3e 100644
--- a/etc/profile-a-l/authenticator.profile
+++ b/etc/profile-a-l/authenticator.profile
@@ -6,8 +6,8 @@ include authenticator.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/Authenticator
-noblacklist ${HOME}/.config/Authenticator
+nodeny  ${HOME}/.cache/Authenticator
+nodeny  ${HOME}/.config/Authenticator
 
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
diff --git a/etc/profile-a-l/autokey-common.profile b/etc/profile-a-l/autokey-common.profile
index 891928e5a..a5b3b22f6 100644
--- a/etc/profile-a-l/autokey-common.profile
+++ b/etc/profile-a-l/autokey-common.profile
@@ -7,8 +7,8 @@ include autokey-common.local
 # added by caller profile
 #include globals.local
 
-noblacklist ${HOME}/.config/autokey
-noblacklist ${HOME}/.local/share/autokey
+nodeny  ${HOME}/.config/autokey
+nodeny  ${HOME}/.local/share/autokey
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/avidemux.profile b/etc/profile-a-l/avidemux.profile
index 1ecc03da1..0feb05d75 100644
--- a/etc/profile-a-l/avidemux.profile
+++ b/etc/profile-a-l/avidemux.profile
@@ -5,9 +5,9 @@ include avidemux.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.avidemux6
-noblacklist ${HOME}/.config/avidemux3_qt5rc
-noblacklist ${VIDEOS}
+nodeny  ${HOME}/.avidemux6
+nodeny  ${HOME}/.config/avidemux3_qt5rc
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.avidemux6
 mkdir ${HOME}/.config/avidemux3_qt5rc
-whitelist ${HOME}/.avidemux6
-whitelist ${HOME}/.config/avidemux3_qt5rc
-whitelist ${VIDEOS}
+allow  ${HOME}/.avidemux6
+allow  ${HOME}/.config/avidemux3_qt5rc
+allow  ${VIDEOS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/aweather.profile b/etc/profile-a-l/aweather.profile
index a57ad4014..abe9fdb24 100644
--- a/etc/profile-a-l/aweather.profile
+++ b/etc/profile-a-l/aweather.profile
@@ -6,7 +6,7 @@ include aweather.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/aweather
+nodeny  ${HOME}/.config/aweather
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.config/aweather
-whitelist ${HOME}/.config/aweather
+allow  ${HOME}/.config/aweather
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/awesome.profile b/etc/profile-a-l/awesome.profile
index 5d1bf5071..58f4f5e96 100644
--- a/etc/profile-a-l/awesome.profile
+++ b/etc/profile-a-l/awesome.profile
@@ -7,7 +7,7 @@ include awesome.local
 include globals.local
 
 # all applications started in awesome will run in this profile
-noblacklist ${HOME}/.config/awesome
+nodeny  ${HOME}/.config/awesome
 include disable-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/ballbuster.profile b/etc/profile-a-l/ballbuster.profile
index 3952921a3..46bb0b44e 100644
--- a/etc/profile-a-l/ballbuster.profile
+++ b/etc/profile-a-l/ballbuster.profile
@@ -6,7 +6,7 @@ include ballbuster.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.ballbuster.hs
+nodeny  ${HOME}/.ballbuster.hs
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/.ballbuster.hs
-whitelist ${HOME}/.ballbuster.hs
-whitelist /usr/share/ballbuster
+allow  ${HOME}/.ballbuster.hs
+allow  /usr/share/ballbuster
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/baloo_file.profile b/etc/profile-a-l/baloo_file.profile
index fe86d9b80..2b10883f7 100644
--- a/etc/profile-a-l/baloo_file.profile
+++ b/etc/profile-a-l/baloo_file.profile
@@ -12,12 +12,12 @@ include globals.local
 # read-write ${HOME}/.local/share/baloo
 # ignore read-write
 
-noblacklist ${HOME}/.config/baloofilerc
-noblacklist ${HOME}/.kde/share/config/baloofilerc
-noblacklist ${HOME}/.kde/share/config/baloorc
-noblacklist ${HOME}/.kde4/share/config/baloofilerc
-noblacklist ${HOME}/.kde4/share/config/baloorc
-noblacklist ${HOME}/.local/share/baloo
+nodeny  ${HOME}/.config/baloofilerc
+nodeny  ${HOME}/.kde/share/config/baloofilerc
+nodeny  ${HOME}/.kde/share/config/baloorc
+nodeny  ${HOME}/.kde4/share/config/baloofilerc
+nodeny  ${HOME}/.kde4/share/config/baloorc
+nodeny  ${HOME}/.local/share/baloo
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/balsa.profile b/etc/profile-a-l/balsa.profile
index 8c69652c5..1e74443aa 100644
--- a/etc/profile-a-l/balsa.profile
+++ b/etc/profile-a-l/balsa.profile
@@ -6,13 +6,13 @@ include balsa.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.balsa
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.mozilla
-noblacklist ${HOME}/.signature
-noblacklist ${HOME}/mail
-noblacklist /var/mail
-noblacklist /var/spool/mail
+nodeny  ${HOME}/.balsa
+nodeny  ${HOME}/.gnupg
+nodeny  ${HOME}/.mozilla
+nodeny  ${HOME}/.signature
+nodeny  ${HOME}/mail
+nodeny  /var/mail
+nodeny  /var/spool/mail
 
 include disable-common.inc
 include disable-devel.inc
@@ -27,17 +27,17 @@ mkdir ${HOME}/.balsa
 mkdir ${HOME}/.gnupg
 mkfile ${HOME}/.signature
 mkdir ${HOME}/mail
-whitelist ${HOME}/.balsa
-whitelist ${HOME}/.gnupg
-whitelist ${HOME}/.mozilla/firefox/profiles.ini
-whitelist ${HOME}/.signature
-whitelist ${HOME}/mail
-whitelist ${RUNUSER}/gnupg
-whitelist /usr/share/balsa
-whitelist /usr/share/gnupg
-whitelist /usr/share/gnupg2
-whitelist /var/mail
-whitelist /var/spool/mail
+allow  ${HOME}/.balsa
+allow  ${HOME}/.gnupg
+allow  ${HOME}/.mozilla/firefox/profiles.ini
+allow  ${HOME}/.signature
+allow  ${HOME}/mail
+allow  ${RUNUSER}/gnupg
+allow  /usr/share/balsa
+allow  /usr/share/gnupg
+allow  /usr/share/gnupg2
+allow  /var/mail
+allow  /var/spool/mail
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/barrier.profile b/etc/profile-a-l/barrier.profile
index 7b50e9199..fcea9b3ba 100644
--- a/etc/profile-a-l/barrier.profile
+++ b/etc/profile-a-l/barrier.profile
@@ -6,9 +6,9 @@ include barrier.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Debauchee/Barrier.conf
-noblacklist ${HOME}/.local/share/barrier
-noblacklist ${PATH}/openssl
+nodeny  ${HOME}/.config/Debauchee/Barrier.conf
+nodeny  ${HOME}/.local/share/barrier
+nodeny  ${PATH}/openssl
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/basilisk.profile b/etc/profile-a-l/basilisk.profile
index 8dc3847a0..547c67fc8 100644
--- a/etc/profile-a-l/basilisk.profile
+++ b/etc/profile-a-l/basilisk.profile
@@ -5,13 +5,13 @@ include basilisk.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/moonchild productions/basilisk
-noblacklist ${HOME}/.moonchild productions/basilisk
+nodeny  ${HOME}/.cache/moonchild productions/basilisk
+nodeny  ${HOME}/.moonchild productions/basilisk
 
 mkdir ${HOME}/.cache/moonchild productions/basilisk
 mkdir ${HOME}/.moonchild productions
-whitelist ${HOME}/.cache/moonchild productions/basilisk
-whitelist ${HOME}/.moonchild productions
+allow  ${HOME}/.cache/moonchild productions/basilisk
+allow  ${HOME}/.moonchild productions
 
 # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60)
 seccomp
diff --git a/etc/profile-a-l/bcompare.profile b/etc/profile-a-l/bcompare.profile
index 3ecaea7fe..a1d2b1e73 100644
--- a/etc/profile-a-l/bcompare.profile
+++ b/etc/profile-a-l/bcompare.profile
@@ -7,10 +7,10 @@ include bcompare.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/bcompare
+nodeny  ${HOME}/.config/bcompare
 # In case the user decides to include disable-programs.inc, still allow
 # KDE's Gwenview to view images via right click -> Open With -> Associated Application
-noblacklist ${HOME}/.config/gwenviewrc
+nodeny  ${HOME}/.config/gwenviewrc
 
 # Add the next line to your bcompare.local if you don't need to compare files in disable-common.inc.
 #include disable-common.inc
diff --git a/etc/profile-a-l/beaker.profile b/etc/profile-a-l/beaker.profile
index f3a9568bd..588f460a8 100644
--- a/etc/profile-a-l/beaker.profile
+++ b/etc/profile-a-l/beaker.profile
@@ -19,10 +19,10 @@ ignore private-cache
 ignore private-dev
 ignore private-tmp
 
-noblacklist ${HOME}/.config/Beaker Browser
+nodeny  ${HOME}/.config/Beaker Browser
 
 mkdir ${HOME}/.config/Beaker Browser
-whitelist ${HOME}/.config/Beaker Browser
+allow  ${HOME}/.config/Beaker Browser
 
 # Redirect
 include electron.profile
diff --git a/etc/profile-a-l/bibletime.profile b/etc/profile-a-l/bibletime.profile
index c7a82afbd..717d7258d 100644
--- a/etc/profile-a-l/bibletime.profile
+++ b/etc/profile-a-l/bibletime.profile
@@ -6,11 +6,11 @@ include bibletime.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.bibletime
-noblacklist ${HOME}/.sword
-noblacklist ${HOME}/.local/share/bibletime
+nodeny  ${HOME}/.bibletime
+nodeny  ${HOME}/.sword
+nodeny  ${HOME}/.local/share/bibletime
 
-blacklist ${HOME}/.bashrc
+deny  ${HOME}/.bashrc
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,12 +22,12 @@ include disable-programs.inc
 mkdir ${HOME}/.bibletime
 mkdir ${HOME}/.sword
 mkdir ${HOME}/.local/share/bibletime
-whitelist ${HOME}/.bibletime
-whitelist ${HOME}/.sword
-whitelist ${HOME}/.local/share/bibletime
-whitelist /usr/share/bibletime
-whitelist /usr/share/doc/bibletime
-whitelist /usr/share/sword
+allow  ${HOME}/.bibletime
+allow  ${HOME}/.sword
+allow  ${HOME}/.local/share/bibletime
+allow  /usr/share/bibletime
+allow  /usr/share/doc/bibletime
+allow  /usr/share/sword
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/bijiben.profile b/etc/profile-a-l/bijiben.profile
index 854fe5cb9..b02fcc3e0 100644
--- a/etc/profile-a-l/bijiben.profile
+++ b/etc/profile-a-l/bijiben.profile
@@ -6,7 +6,7 @@ include bijiben.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/bijiben
+nodeny  ${HOME}/.local/share/bijiben
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,12 +18,12 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/bijiben
-whitelist ${HOME}/.local/share/bijiben
-whitelist ${HOME}/.cache/tracker
-whitelist /usr/libexec/webkit2gtk-4.0
-whitelist /usr/share/bijiben
-whitelist /usr/share/tracker
-whitelist /usr/share/tracker3
+allow  ${HOME}/.local/share/bijiben
+allow  ${HOME}/.cache/tracker
+allow  /usr/libexec/webkit2gtk-4.0
+allow  /usr/share/bijiben
+allow  /usr/share/tracker
+allow  /usr/share/tracker3
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/bitcoin-qt.profile b/etc/profile-a-l/bitcoin-qt.profile
index 932db9b73..c4ec0f820 100644
--- a/etc/profile-a-l/bitcoin-qt.profile
+++ b/etc/profile-a-l/bitcoin-qt.profile
@@ -6,8 +6,8 @@ include bitcoin-qt.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.bitcoin
-noblacklist ${HOME}/.config/Bitcoin
+nodeny  ${HOME}/.bitcoin
+nodeny  ${HOME}/.config/Bitcoin
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-shell.inc
 
 mkdir ${HOME}/.bitcoin
 mkdir ${HOME}/.config/Bitcoin
-whitelist ${HOME}/.bitcoin
-whitelist ${HOME}/.config/Bitcoin
+allow  ${HOME}/.bitcoin
+allow  ${HOME}/.config/Bitcoin
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/bitlbee.profile b/etc/profile-a-l/bitlbee.profile
index dd7651979..0f000b26b 100644
--- a/etc/profile-a-l/bitlbee.profile
+++ b/etc/profile-a-l/bitlbee.profile
@@ -8,8 +8,8 @@ include globals.local
 
 ignore noexec ${HOME}
 
-noblacklist /sbin
-noblacklist /usr/sbin
+nodeny  /sbin
+nodeny  /usr/sbin
 # noblacklist /var/log
 
 include disable-common.inc
diff --git a/etc/profile-a-l/bitwarden.profile b/etc/profile-a-l/bitwarden.profile
index ba2eb2ea7..4b292d72a 100644
--- a/etc/profile-a-l/bitwarden.profile
+++ b/etc/profile-a-l/bitwarden.profile
@@ -11,12 +11,12 @@ ignore include whitelist-usr-share-common.inc
 
 ignore noexec /tmp
 
-noblacklist ${HOME}/.config/Bitwarden
+nodeny  ${HOME}/.config/Bitwarden
 
 include disable-shell.inc
 
 mkdir ${HOME}/.config/Bitwarden
-whitelist ${HOME}/.config/Bitwarden
+allow  ${HOME}/.config/Bitwarden
 
 machine-id
 no3d
diff --git a/etc/profile-a-l/blackbox.profile b/etc/profile-a-l/blackbox.profile
index 233f9a96f..616ad6801 100644
--- a/etc/profile-a-l/blackbox.profile
+++ b/etc/profile-a-l/blackbox.profile
@@ -7,7 +7,7 @@ include blackbox.local
 include globals.local
 
 # all applications started in blackbox will run in this profile
-noblacklist ${HOME}/.blackbox
+nodeny  ${HOME}/.blackbox
 include disable-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/blender.profile b/etc/profile-a-l/blender.profile
index 701ae431e..8d0b5616f 100644
--- a/etc/profile-a-l/blender.profile
+++ b/etc/profile-a-l/blender.profile
@@ -6,7 +6,7 @@ include blender.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/blender
+nodeny  ${HOME}/.config/blender
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 # Allow usage of AMD GPU by OpenCL
-noblacklist /sys/module
-whitelist /sys/module/amdgpu
+nodeny  /sys/module
+allow  /sys/module/amdgpu
 read-only /sys/module/amdgpu
 
 caps.drop all
diff --git a/etc/profile-a-l/bless.profile b/etc/profile-a-l/bless.profile
index 80dc750f7..ca5f96eee 100644
--- a/etc/profile-a-l/bless.profile
+++ b/etc/profile-a-l/bless.profile
@@ -6,7 +6,7 @@ include bless.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/bless
+nodeny  ${HOME}/.config/bless
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile
index 229c20293..ee2a73b54 100644
--- a/etc/profile-a-l/blobby.profile
+++ b/etc/profile-a-l/blobby.profile
@@ -4,7 +4,7 @@ include blobby.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.blobby
+nodeny  ${HOME}/.blobby
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.blobby
-whitelist ${HOME}/.blobby
+allow  ${HOME}/.blobby
 include whitelist-common.inc
-whitelist /usr/share/blobby
+allow  /usr/share/blobby
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/blobwars.profile b/etc/profile-a-l/blobwars.profile
index 904710cb5..e0be5261e 100644
--- a/etc/profile-a-l/blobwars.profile
+++ b/etc/profile-a-l/blobwars.profile
@@ -6,7 +6,7 @@ include blobwars.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.parallelrealities/blobwars
+nodeny  ${HOME}/.parallelrealities/blobwars
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.parallelrealities/blobwars
-whitelist ${HOME}/.parallelrealities/blobwars
-whitelist /usr/share/blobwars
+allow  ${HOME}/.parallelrealities/blobwars
+allow  /usr/share/blobwars
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/bnox.profile b/etc/profile-a-l/bnox.profile
index 6e8f0d7d1..dcfd5d8d2 100644
--- a/etc/profile-a-l/bnox.profile
+++ b/etc/profile-a-l/bnox.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-noblacklist ${HOME}/.cache/bnox
-noblacklist ${HOME}/.config/bnox
+nodeny  ${HOME}/.cache/bnox
+nodeny  ${HOME}/.config/bnox
 
 mkdir ${HOME}/.cache/bnox
 mkdir ${HOME}/.config/bnox
-whitelist ${HOME}/.cache/bnox
-whitelist ${HOME}/.config/bnox
+allow  ${HOME}/.cache/bnox
+allow  ${HOME}/.config/bnox
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/brackets.profile b/etc/profile-a-l/brackets.profile
index 0cbac049a..a14bb8fef 100644
--- a/etc/profile-a-l/brackets.profile
+++ b/etc/profile-a-l/brackets.profile
@@ -5,7 +5,7 @@ include brackets.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Brackets
+nodeny  ${HOME}/.config/Brackets
 #noblacklist /opt/brackets
 #noblacklist /opt/google
 
diff --git a/etc/profile-a-l/brasero.profile b/etc/profile-a-l/brasero.profile
index 417a6b3e0..a78882409 100644
--- a/etc/profile-a-l/brasero.profile
+++ b/etc/profile-a-l/brasero.profile
@@ -6,7 +6,7 @@ include brasero.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/brasero
+nodeny  ${HOME}/.config/brasero
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/brave.profile b/etc/profile-a-l/brave.profile
index 09548c761..bc2d7a6a1 100644
--- a/etc/profile-a-l/brave.profile
+++ b/etc/profile-a-l/brave.profile
@@ -14,24 +14,24 @@ ignore noexec /tmp
 # Alternatively you can add 'ignore apparmor' to your brave.local.
 ignore noexec ${HOME}
 
-noblacklist ${HOME}/.cache/BraveSoftware
-noblacklist ${HOME}/.config/BraveSoftware
-noblacklist ${HOME}/.config/brave
-noblacklist ${HOME}/.config/brave-flags.conf
+nodeny  ${HOME}/.cache/BraveSoftware
+nodeny  ${HOME}/.config/BraveSoftware
+nodeny  ${HOME}/.config/brave
+nodeny  ${HOME}/.config/brave-flags.conf
 # brave uses gpg for built-in password manager
-noblacklist ${HOME}/.gnupg
+nodeny  ${HOME}/.gnupg
 
 mkdir ${HOME}/.cache/BraveSoftware
 mkdir ${HOME}/.config/BraveSoftware
 mkdir ${HOME}/.config/brave
-whitelist ${HOME}/.cache/BraveSoftware
-whitelist ${HOME}/.config/BraveSoftware
-whitelist ${HOME}/.config/brave
-whitelist ${HOME}/.config/brave-flags.conf
-whitelist ${HOME}/.gnupg
+allow  ${HOME}/.cache/BraveSoftware
+allow  ${HOME}/.config/BraveSoftware
+allow  ${HOME}/.config/brave
+allow  ${HOME}/.config/brave-flags.conf
+allow  ${HOME}/.gnupg
 
 # Brave sandbox needs read access to /proc/config.gz
-noblacklist /proc/config.gz
+nodeny  /proc/config.gz
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/bzflag.profile b/etc/profile-a-l/bzflag.profile
index bda96bbb3..62ca041c2 100644
--- a/etc/profile-a-l/bzflag.profile
+++ b/etc/profile-a-l/bzflag.profile
@@ -6,7 +6,7 @@ include bzflag.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.bzf
+nodeny  ${HOME}/.bzf
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.bzf
-whitelist ${HOME}/.bzf
+allow  ${HOME}/.bzf
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/calibre.profile b/etc/profile-a-l/calibre.profile
index 83571397b..99706620c 100644
--- a/etc/profile-a-l/calibre.profile
+++ b/etc/profile-a-l/calibre.profile
@@ -6,9 +6,9 @@ include calibre.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/calibre
-noblacklist ${HOME}/.config/calibre
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.cache/calibre
+nodeny  ${HOME}/.config/calibre
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/calligra.profile b/etc/profile-a-l/calligra.profile
index fcff47662..36ecc06a0 100644
--- a/etc/profile-a-l/calligra.profile
+++ b/etc/profile-a-l/calligra.profile
@@ -6,7 +6,7 @@ include calligra.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/kxmlgui5/calligra
+nodeny  ${HOME}/.local/share/kxmlgui5/calligra
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/calligragemini.profile b/etc/profile-a-l/calligragemini.profile
index 006c307ab..76123c96a 100644
--- a/etc/profile-a-l/calligragemini.profile
+++ b/etc/profile-a-l/calligragemini.profile
@@ -6,7 +6,7 @@ include calligragemini.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.local/share/calligragemini
+nodeny  ${HOME}/.local/share/calligragemini
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligraplan.profile b/etc/profile-a-l/calligraplan.profile
index 81dbd4dcd..5fb1e16da 100644
--- a/etc/profile-a-l/calligraplan.profile
+++ b/etc/profile-a-l/calligraplan.profile
@@ -6,7 +6,7 @@ include calligraplan.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.local/share/kxmlgui5/calligraplan
+nodeny  ${HOME}/.local/share/kxmlgui5/calligraplan
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligraplanwork.profile b/etc/profile-a-l/calligraplanwork.profile
index bba91b66b..c176bfea1 100644
--- a/etc/profile-a-l/calligraplanwork.profile
+++ b/etc/profile-a-l/calligraplanwork.profile
@@ -6,7 +6,7 @@ include calligraplanwork.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.local/share/kxmlgui5/calligraplanwork
+nodeny  ${HOME}/.local/share/kxmlgui5/calligraplanwork
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligrasheets.profile b/etc/profile-a-l/calligrasheets.profile
index 7bc296047..b7ac68945 100644
--- a/etc/profile-a-l/calligrasheets.profile
+++ b/etc/profile-a-l/calligrasheets.profile
@@ -6,7 +6,7 @@ include calligrasheets.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.local/share/kxmlgui5/calligrasheets
+nodeny  ${HOME}/.local/share/kxmlgui5/calligrasheets
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligrastage.profile b/etc/profile-a-l/calligrastage.profile
index 7694abbe4..1258fec56 100644
--- a/etc/profile-a-l/calligrastage.profile
+++ b/etc/profile-a-l/calligrastage.profile
@@ -6,7 +6,7 @@ include calligrastage.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.local/share/kxmlgui5/calligrastage
+nodeny  ${HOME}/.local/share/kxmlgui5/calligrastage
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligrawords.profile b/etc/profile-a-l/calligrawords.profile
index d69d56a95..c2b6c8041 100644
--- a/etc/profile-a-l/calligrawords.profile
+++ b/etc/profile-a-l/calligrawords.profile
@@ -6,7 +6,7 @@ include calligrawords.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.local/share/kxmlgui5/calligrawords
+nodeny  ${HOME}/.local/share/kxmlgui5/calligrawords
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/cameramonitor.profile b/etc/profile-a-l/cameramonitor.profile
index 74c7cc34b..390ae383c 100644
--- a/etc/profile-a-l/cameramonitor.profile
+++ b/etc/profile-a-l/cameramonitor.profile
@@ -20,7 +20,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/cameramonitor
+allow  /usr/share/cameramonitor
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/cantata.profile b/etc/profile-a-l/cantata.profile
index 96f88a7c4..77bdc09e0 100644
--- a/etc/profile-a-l/cantata.profile
+++ b/etc/profile-a-l/cantata.profile
@@ -6,10 +6,10 @@ include cantata.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/cantata
-noblacklist ${HOME}/.config/cantata
-noblacklist ${HOME}/.local/share/cantata
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.cache/cantata
+nodeny  ${HOME}/.config/cantata
+nodeny  ${HOME}/.local/share/cantata
+nodeny  ${MUSIC}
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
diff --git a/etc/profile-a-l/cargo.profile b/etc/profile-a-l/cargo.profile
index 7cf04c550..9c53af84f 100644
--- a/etc/profile-a-l/cargo.profile
+++ b/etc/profile-a-l/cargo.profile
@@ -10,11 +10,11 @@ include globals.local
 ignore noexec ${HOME}
 ignore noexec /tmp
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}
 
-noblacklist ${HOME}/.cargo/credentials
-noblacklist ${HOME}/.cargo/credentials.toml
+nodeny  ${HOME}/.cargo/credentials
+nodeny  ${HOME}/.cargo/credentials.toml
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
@@ -34,7 +34,7 @@ include disable-xdg.inc
 #whitelist ${HOME}/.cargo
 #whitelist ${HOME}/.rustup
 #include whitelist-common.inc
-whitelist /usr/share/pkgconfig
+allow  /usr/share/pkgconfig
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/catfish.profile b/etc/profile-a-l/catfish.profile
index 009d3a049..4ea53ea6b 100644
--- a/etc/profile-a-l/catfish.profile
+++ b/etc/profile-a-l/catfish.profile
@@ -9,7 +9,7 @@ include globals.local
 # We can't blacklist much since catfish
 # is for finding files/content
 
-noblacklist ${HOME}/.config/catfish
+nodeny  ${HOME}/.config/catfish
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -21,7 +21,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 # include disable-programs.inc
 
-whitelist /var/lib/mlocate
+allow  /var/lib/mlocate
 include whitelist-var-common.inc
 
 apparmor
diff --git a/etc/profile-a-l/cawbird.profile b/etc/profile-a-l/cawbird.profile
index 6e137010c..d7aee1902 100644
--- a/etc/profile-a-l/cawbird.profile
+++ b/etc/profile-a-l/cawbird.profile
@@ -6,7 +6,7 @@ include cawbird.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/cawbird
+nodeny  ${HOME}/.config/cawbird
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile
index 1c539cc93..d6f4306ba 100644
--- a/etc/profile-a-l/celluloid.profile
+++ b/etc/profile-a-l/celluloid.profile
@@ -6,9 +6,9 @@ include celluloid.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/celluloid
-noblacklist ${HOME}/.config/gnome-mpv
-noblacklist ${HOME}/.config/youtube-dl
+nodeny  ${HOME}/.config/celluloid
+nodeny  ${HOME}/.config/gnome-mpv
+nodeny  ${HOME}/.config/youtube-dl
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -17,7 +17,7 @@ include allow-lua.inc
 include allow-python2.inc
 include allow-python3.inc
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -30,9 +30,9 @@ read-only ${DESKTOP}
 mkdir ${HOME}/.config/celluloid
 mkdir ${HOME}/.config/gnome-mpv
 mkdir ${HOME}/.config/youtube-dl
-whitelist ${HOME}/.config/celluloid
-whitelist ${HOME}/.config/gnome-mpv
-whitelist ${HOME}/.config/youtube-dl
+allow  ${HOME}/.config/celluloid
+allow  ${HOME}/.config/gnome-mpv
+allow  ${HOME}/.config/youtube-dl
 include whitelist-common.inc
 include whitelist-player-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/checkbashisms.profile b/etc/profile-a-l/checkbashisms.profile
index 24939fc70..0f61084e0 100644
--- a/etc/profile-a-l/checkbashisms.profile
+++ b/etc/profile-a-l/checkbashisms.profile
@@ -7,9 +7,9 @@ include checkbashisms.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
-noblacklist ${DOCUMENTS}
+nodeny  ${DOCUMENTS}
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
diff --git a/etc/profile-a-l/cheese.profile b/etc/profile-a-l/cheese.profile
index aca1f5876..bde3e1311 100644
--- a/etc/profile-a-l/cheese.profile
+++ b/etc/profile-a-l/cheese.profile
@@ -6,8 +6,8 @@ include cheese.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${VIDEOS}
-noblacklist ${PICTURES}
+nodeny  ${VIDEOS}
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist ${VIDEOS}
-whitelist ${PICTURES}
-whitelist /usr/share/gnome-video-effects
+allow  ${VIDEOS}
+allow  ${PICTURES}
+allow  /usr/share/gnome-video-effects
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/cherrytree.profile b/etc/profile-a-l/cherrytree.profile
index 7621b3c8c..d5dedd81d 100644
--- a/etc/profile-a-l/cherrytree.profile
+++ b/etc/profile-a-l/cherrytree.profile
@@ -6,8 +6,8 @@ include cherrytree.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/cherrytree
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.config/cherrytree
+nodeny  ${DOCUMENTS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/chromium-browser-privacy.profile b/etc/profile-a-l/chromium-browser-privacy.profile
index 8803a4d9d..64c45772a 100644
--- a/etc/profile-a-l/chromium-browser-privacy.profile
+++ b/etc/profile-a-l/chromium-browser-privacy.profile
@@ -3,15 +3,15 @@
 # Persistent local customizations
 include chromium-browser-privacy.local
 
-noblacklist ${HOME}/.cache/ungoogled-chromium
-noblacklist ${HOME}/.config/ungoogled-chromium
+nodeny  ${HOME}/.cache/ungoogled-chromium
+nodeny  ${HOME}/.config/ungoogled-chromium
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 mkdir ${HOME}/.cache/ungoogled-chromium
 mkdir ${HOME}/.config/ungoogled-chromium
-whitelist ${HOME}/.cache/ungoogled-chromium
-whitelist ${HOME}/.config/ungoogled-chromium
+allow  ${HOME}/.cache/ungoogled-chromium
+allow  ${HOME}/.config/ungoogled-chromium
 
 # private-bin basename,bash,cat,chromium-browser-privacy,dirname,mkdir,readlink,sed,touch,which,xdg-settings
 
diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile
index b0e0254d4..dbeb715d4 100644
--- a/etc/profile-a-l/chromium-common.profile
+++ b/etc/profile-a-l/chromium-common.profile
@@ -9,8 +9,8 @@ include chromium-common.local
 # noexec ${HOME} breaks DRM binaries.
 ?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
 
-noblacklist ${HOME}/.pki
-noblacklist ${HOME}/.local/share/pki
+nodeny  ${HOME}/.pki
+nodeny  ${HOME}/.local/share/pki
 
 # Add the next line to your chromium-common.local if you want Google Chrome/Chromium browser
 # to have access to Gnome extensions (extensions.gnome.org) via browser connector
@@ -26,9 +26,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.pki
-whitelist ${HOME}/.local/share/pki
+allow  ${DOWNLOADS}
+allow  ${HOME}/.pki
+allow  ${HOME}/.local/share/pki
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/chromium.profile b/etc/profile-a-l/chromium.profile
index 9ac33aa1c..ea92e90a8 100644
--- a/etc/profile-a-l/chromium.profile
+++ b/etc/profile-a-l/chromium.profile
@@ -6,17 +6,17 @@ include chromium.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/chromium
-noblacklist ${HOME}/.config/chromium
-noblacklist ${HOME}/.config/chromium-flags.conf
+nodeny  ${HOME}/.cache/chromium
+nodeny  ${HOME}/.config/chromium
+nodeny  ${HOME}/.config/chromium-flags.conf
 
 mkdir ${HOME}/.cache/chromium
 mkdir ${HOME}/.config/chromium
-whitelist ${HOME}/.cache/chromium
-whitelist ${HOME}/.config/chromium
-whitelist ${HOME}/.config/chromium-flags.conf
-whitelist /usr/share/chromium
-whitelist /usr/share/mozilla/extensions
+allow  ${HOME}/.cache/chromium
+allow  ${HOME}/.config/chromium
+allow  ${HOME}/.config/chromium-flags.conf
+allow  /usr/share/chromium
+allow  /usr/share/mozilla/extensions
 
 # private-bin chromium,chromium-browser,chromedriver
 
diff --git a/etc/profile-a-l/cin.profile b/etc/profile-a-l/cin.profile
index e1f9523c4..c967e1c96 100644
--- a/etc/profile-a-l/cin.profile
+++ b/etc/profile-a-l/cin.profile
@@ -5,7 +5,7 @@ include cin.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.bcast5
+nodeny  ${HOME}/.bcast5
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/clamav.profile b/etc/profile-a-l/clamav.profile
index e403c2c41..0efbcd4f2 100644
--- a/etc/profile-a-l/clamav.profile
+++ b/etc/profile-a-l/clamav.profile
@@ -7,7 +7,7 @@ include clamav.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
 include disable-exec.inc
 
diff --git a/etc/profile-a-l/claws-mail.profile b/etc/profile-a-l/claws-mail.profile
index 691657fa0..3e4e1f2a1 100644
--- a/etc/profile-a-l/claws-mail.profile
+++ b/etc/profile-a-l/claws-mail.profile
@@ -6,17 +6,17 @@ include claws-mail.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.claws-mail
+nodeny  ${HOME}/.claws-mail
 
 mkdir ${HOME}/.claws-mail
-whitelist ${HOME}/.claws-mail
+allow  ${HOME}/.claws-mail
 
 # Add the below lines to your claws-mail.local if you use python-based plugins.
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
 #include allow-python3.inc
 
-whitelist /usr/share/doc/claws-mail
+allow  /usr/share/doc/claws-mail
 
 # private-bin claws-mail,curl,gpg,gpg2,gpg-agent,gpgsm,gpgme-config,pinentry,pinentry-gtk-2
 
diff --git a/etc/profile-a-l/clawsker.profile b/etc/profile-a-l/clawsker.profile
index 9b62a1f73..ee64391d9 100644
--- a/etc/profile-a-l/clawsker.profile
+++ b/etc/profile-a-l/clawsker.profile
@@ -6,7 +6,7 @@ include clawsker.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.claws-mail
+nodeny  ${HOME}/.claws-mail
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -19,7 +19,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.claws-mail
-whitelist ${HOME}/.claws-mail
+allow  ${HOME}/.claws-mail
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/clementine.profile b/etc/profile-a-l/clementine.profile
index fa33795c1..f9c0006f9 100644
--- a/etc/profile-a-l/clementine.profile
+++ b/etc/profile-a-l/clementine.profile
@@ -6,9 +6,9 @@ include clementine.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/Clementine
-noblacklist ${HOME}/.config/Clementine
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.cache/Clementine
+nodeny  ${HOME}/.config/Clementine
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/clion.profile b/etc/profile-a-l/clion.profile
index 22cecff09..42903777a 100644
--- a/etc/profile-a-l/clion.profile
+++ b/etc/profile-a-l/clion.profile
@@ -5,13 +5,13 @@ include clion.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.CLion*
-noblacklist ${HOME}/.config/git
-noblacklist ${HOME}/.gitconfig
-noblacklist ${HOME}/.git-credentials
-noblacklist ${HOME}/.java
-noblacklist ${HOME}/.local/share/JetBrains
-noblacklist ${HOME}/.tooling
+nodeny  ${HOME}/.CLion*
+nodeny  ${HOME}/.config/git
+nodeny  ${HOME}/.gitconfig
+nodeny  ${HOME}/.git-credentials
+nodeny  ${HOME}/.java
+nodeny  ${HOME}/.local/share/JetBrains
+nodeny  ${HOME}/.tooling
 
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
diff --git a/etc/profile-a-l/clipgrab.profile b/etc/profile-a-l/clipgrab.profile
index c8258da07..89f8d96f0 100644
--- a/etc/profile-a-l/clipgrab.profile
+++ b/etc/profile-a-l/clipgrab.profile
@@ -6,9 +6,9 @@ include clipgrab.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Philipp Schmieder
-noblacklist ${HOME}/.pki
-noblacklist ${VIDEOS}
+nodeny  ${HOME}/.config/Philipp Schmieder
+nodeny  ${HOME}/.pki
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/clipit.profile b/etc/profile-a-l/clipit.profile
index d421903a3..4a2a5171b 100644
--- a/etc/profile-a-l/clipit.profile
+++ b/etc/profile-a-l/clipit.profile
@@ -6,8 +6,8 @@ include clipit.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/clipit
-noblacklist ${HOME}/.local/share/clipit
+nodeny  ${HOME}/.config/clipit
+nodeny  ${HOME}/.local/share/clipit
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/clipit
 mkdir ${HOME}/.local/share/clipit
-whitelist ${HOME}/.config/clipit
-whitelist ${HOME}/.local/share/clipit
+allow  ${HOME}/.config/clipit
+allow  ${HOME}/.local/share/clipit
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/cliqz.profile b/etc/profile-a-l/cliqz.profile
index d0b8cc0ef..22c6ef882 100644
--- a/etc/profile-a-l/cliqz.profile
+++ b/etc/profile-a-l/cliqz.profile
@@ -5,16 +5,16 @@ include cliqz.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/cliqz
-noblacklist ${HOME}/.cliqz
-noblacklist ${HOME}/.config/cliqz
+nodeny  ${HOME}/.cache/cliqz
+nodeny  ${HOME}/.cliqz
+nodeny  ${HOME}/.config/cliqz
 
 mkdir ${HOME}/.cache/cliqz
 mkdir ${HOME}/.cliqz
 mkdir ${HOME}/.config/cliqz
-whitelist ${HOME}/.cache/cliqz
-whitelist ${HOME}/.cliqz
-whitelist ${HOME}/.config/cliqz
+allow  ${HOME}/.cache/cliqz
+allow  ${HOME}/.cliqz
+allow  ${HOME}/.config/cliqz
 
 # private-etc must first be enabled in firefox-common.profile
 #private-etc cliqz
diff --git a/etc/profile-a-l/cmus.profile b/etc/profile-a-l/cmus.profile
index bcd557787..51e53209f 100644
--- a/etc/profile-a-l/cmus.profile
+++ b/etc/profile-a-l/cmus.profile
@@ -6,8 +6,8 @@ include cmus.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/cmus
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.config/cmus
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/code.profile b/etc/profile-a-l/code.profile
index e19b78908..1933c66fa 100644
--- a/etc/profile-a-l/code.profile
+++ b/etc/profile-a-l/code.profile
@@ -5,10 +5,10 @@ include code.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Code
-noblacklist ${HOME}/.config/Code - OSS
-noblacklist ${HOME}/.vscode
-noblacklist ${HOME}/.vscode-oss
+nodeny  ${HOME}/.config/Code
+nodeny  ${HOME}/.config/Code - OSS
+nodeny  ${HOME}/.vscode
+nodeny  ${HOME}/.vscode-oss
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/colorful.profile b/etc/profile-a-l/colorful.profile
index bd6d8f5b0..efa7f516c 100644
--- a/etc/profile-a-l/colorful.profile
+++ b/etc/profile-a-l/colorful.profile
@@ -6,7 +6,7 @@ include colorful.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.suve/colorful
+nodeny  ${HOME}/.suve/colorful
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.suve/colorful
-whitelist ${HOME}/.suve/colorful
-whitelist /usr/share/suve
+allow  ${HOME}/.suve/colorful
+allow  /usr/share/suve
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/com.github.bleakgrey.tootle.profile b/etc/profile-a-l/com.github.bleakgrey.tootle.profile
index c8bdfec23..34b662959 100644
--- a/etc/profile-a-l/com.github.bleakgrey.tootle.profile
+++ b/etc/profile-a-l/com.github.bleakgrey.tootle.profile
@@ -6,7 +6,7 @@ include com.github.bleakgrey.tootle.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/com.github.bleakgrey.tootle
+nodeny  ${HOME}/.config/com.github.bleakgrey.tootle
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/com.github.bleakgrey.tootle
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.config/com.github.bleakgrey.tootle
+allow  ${DOWNLOADS}
+allow  ${HOME}/.config/com.github.bleakgrey.tootle
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/com.github.dahenson.agenda.profile b/etc/profile-a-l/com.github.dahenson.agenda.profile
index b467a0f7a..4e26e4925 100644
--- a/etc/profile-a-l/com.github.dahenson.agenda.profile
+++ b/etc/profile-a-l/com.github.dahenson.agenda.profile
@@ -6,9 +6,9 @@ include com.github.dahenson.agenda.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/agenda
-noblacklist ${HOME}/.config/agenda
-noblacklist ${HOME}/.local/share/agenda
+nodeny  ${HOME}/.cache/agenda
+nodeny  ${HOME}/.config/agenda
+nodeny  ${HOME}/.local/share/agenda
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,9 +22,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/agenda
 mkdir ${HOME}/.config/agenda
 mkdir ${HOME}/.local/share/agenda
-whitelist ${HOME}/.cache/agenda
-whitelist ${HOME}/.config/agenda
-whitelist ${HOME}/.local/share/agenda
+allow  ${HOME}/.cache/agenda
+allow  ${HOME}/.config/agenda
+allow  ${HOME}/.local/share/agenda
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
index c13f9618b..bbfc1fe41 100644
--- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
+++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
@@ -6,9 +6,9 @@ include foliate.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${DOCUMENTS}
-noblacklist ${HOME}/.cache/com.github.johnfactotum.Foliate
-noblacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate
+nodeny  ${DOCUMENTS}
+nodeny  ${HOME}/.cache/com.github.johnfactotum.Foliate
+nodeny  ${HOME}/.local/share/com.github.johnfactotum.Foliate
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
@@ -24,12 +24,12 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate
 mkdir ${HOME}/.local/share/com.github.johnfactotum.Foliate
-whitelist ${HOME}/.cache/com.github.johnfactotum.Foliate
-whitelist ${HOME}/.local/share/com.github.johnfactotum.Foliate
-whitelist ${DOCUMENTS}
-whitelist ${DOWNLOADS}
-whitelist /usr/share/com.github.johnfactotum.Foliate
-whitelist /usr/share/hyphen
+allow  ${HOME}/.cache/com.github.johnfactotum.Foliate
+allow  ${HOME}/.local/share/com.github.johnfactotum.Foliate
+allow  ${DOCUMENTS}
+allow  ${DOWNLOADS}
+allow  /usr/share/com.github.johnfactotum.Foliate
+allow  /usr/share/hyphen
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/com.github.phase1geo.minder.profile b/etc/profile-a-l/com.github.phase1geo.minder.profile
index d0402d188..3e9acc6c8 100644
--- a/etc/profile-a-l/com.github.phase1geo.minder.profile
+++ b/etc/profile-a-l/com.github.phase1geo.minder.profile
@@ -6,9 +6,9 @@ include com.github.phase1geo.minder.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/minder
-noblacklist ${DOCUMENTS}
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.local/share/minder
+nodeny  ${DOCUMENTS}
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,10 +20,10 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/minder
-whitelist ${HOME}/.local/share/minder
-whitelist ${DOCUMENTS}
-whitelist ${DOWNLOADS}
-whitelist ${PICTURES}
+allow  ${HOME}/.local/share/minder
+allow  ${DOCUMENTS}
+allow  ${DOWNLOADS}
+allow  ${PICTURES}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/conkeror.profile b/etc/profile-a-l/conkeror.profile
index 38edf0d21..6cc9ec551 100644
--- a/etc/profile-a-l/conkeror.profile
+++ b/etc/profile-a-l/conkeror.profile
@@ -5,23 +5,23 @@ include conkeror.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.conkeror.mozdev.org
+nodeny  ${HOME}/.conkeror.mozdev.org
 
 include disable-common.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.conkeror.mozdev.org
 mkfile ${HOME}/.conkerorrc
-whitelist ${HOME}/.conkeror.mozdev.org
-whitelist ${HOME}/.conkerorrc
-whitelist ${HOME}/.lastpass
-whitelist ${HOME}/.pentadactyl
-whitelist ${HOME}/.pentadactylrc
-whitelist ${HOME}/.vimperator
-whitelist ${HOME}/.vimperatorrc
-whitelist ${HOME}/.zotero
-whitelist ${HOME}/dwhelper
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.conkeror.mozdev.org
+allow  ${HOME}/.conkerorrc
+allow  ${HOME}/.lastpass
+allow  ${HOME}/.pentadactyl
+allow  ${HOME}/.pentadactylrc
+allow  ${HOME}/.vimperator
+allow  ${HOME}/.vimperatorrc
+allow  ${HOME}/.zotero
+allow  ${HOME}/dwhelper
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/conky.profile b/etc/profile-a-l/conky.profile
index eaa18739d..1b3fe6651 100644
--- a/etc/profile-a-l/conky.profile
+++ b/etc/profile-a-l/conky.profile
@@ -6,7 +6,7 @@ include conky.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${PICTURES}
+nodeny  ${PICTURES}
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
diff --git a/etc/profile-a-l/corebird.profile b/etc/profile-a-l/corebird.profile
index 2fb446e2a..266c404ee 100644
--- a/etc/profile-a-l/corebird.profile
+++ b/etc/profile-a-l/corebird.profile
@@ -6,7 +6,7 @@ include corebird.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/corebird
+nodeny  ${HOME}/.config/corebird
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/cower.profile b/etc/profile-a-l/cower.profile
index 1635995dc..0a1353e40 100644
--- a/etc/profile-a-l/cower.profile
+++ b/etc/profile-a-l/cower.profile
@@ -7,8 +7,8 @@ include cower.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/cower
-noblacklist /var/lib/pacman
+nodeny  ${HOME}/.config/cower
+nodeny  /var/lib/pacman
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/coyim.profile b/etc/profile-a-l/coyim.profile
index 7ece35c2b..5e48c8022 100644
--- a/etc/profile-a-l/coyim.profile
+++ b/etc/profile-a-l/coyim.profile
@@ -6,7 +6,7 @@ include coyim.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/coyim
+nodeny  ${HOME}/.config/coyim
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/coyim
-whitelist ${HOME}/.config/coyim
+allow  ${HOME}/.config/coyim
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/cpio.profile b/etc/profile-a-l/cpio.profile
index bdc4f21a6..dec8c086b 100644
--- a/etc/profile-a-l/cpio.profile
+++ b/etc/profile-a-l/cpio.profile
@@ -7,8 +7,8 @@ include cpio.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /sbin
-noblacklist /usr/sbin
+nodeny  /sbin
+nodeny  /usr/sbin
 
 # Redirect
 include archiver-common.profile
diff --git a/etc/profile-a-l/crawl.profile b/etc/profile-a-l/crawl.profile
index b10216895..81292c01c 100644
--- a/etc/profile-a-l/crawl.profile
+++ b/etc/profile-a-l/crawl.profile
@@ -6,7 +6,7 @@ include crawl-tiles.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.crawl
+nodeny  ${HOME}/.crawl
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.crawl
-whitelist ${HOME}/.crawl
+allow  ${HOME}/.crawl
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/crow.profile b/etc/profile-a-l/crow.profile
index 02b15ecc2..36bd93778 100644
--- a/etc/profile-a-l/crow.profile
+++ b/etc/profile-a-l/crow.profile
@@ -8,8 +8,8 @@ include globals.local
 
 mkdir ${HOME}/.config/crow
 mkdir ${HOME}/.cache/gstreamer-1.0
-whitelist ${HOME}/.config/crow
-whitelist ${HOME}/.cache/gstreamer-1.0
+allow  ${HOME}/.config/crow
+allow  ${HOME}/.cache/gstreamer-1.0
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile
index c9867c5d7..4950b7a4c 100644
--- a/etc/profile-a-l/curl.profile
+++ b/etc/profile-a-l/curl.profile
@@ -12,11 +12,11 @@ include globals.local
 # Technically this file can be anywhere but let's assume users have it in ${HOME}/.curl-hsts.
 # If your setup diverts, add 'blacklist /path/to/curl/hsts/file' to your disable-programs.local
 # and 'noblacklist /path/to/curl/hsts/file' to curl.local to keep the sandbox logic intact.
-noblacklist ${HOME}/.curl-hsts
-noblacklist ${HOME}/.curlrc
+nodeny  ${HOME}/.curl-hsts
+nodeny  ${HOME}/.curlrc
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}
 
 include disable-common.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/cyberfox.profile b/etc/profile-a-l/cyberfox.profile
index d1fff0004..49f972e4a 100644
--- a/etc/profile-a-l/cyberfox.profile
+++ b/etc/profile-a-l/cyberfox.profile
@@ -5,13 +5,13 @@ include cyberfox.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.8pecxstudios
-noblacklist ${HOME}/.cache/8pecxstudios
+nodeny  ${HOME}/.8pecxstudios
+nodeny  ${HOME}/.cache/8pecxstudios
 
 mkdir ${HOME}/.8pecxstudios
 mkdir ${HOME}/.cache/8pecxstudios
-whitelist ${HOME}/.8pecxstudios
-whitelist ${HOME}/.cache/8pecxstudios
+allow  ${HOME}/.8pecxstudios
+allow  ${HOME}/.cache/8pecxstudios
 
 # private-bin cyberfox,dbus-launch,dbus-send,env,sh,which
 # private-etc must first be enabled in firefox-common.profile
diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile
index ba1e7adad..c7ce1730a 100644
--- a/etc/profile-a-l/d-feet.profile
+++ b/etc/profile-a-l/d-feet.profile
@@ -6,7 +6,7 @@ include d-feet.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/d-feet
+nodeny  ${HOME}/.config/d-feet
 
 # Allow python (disabled by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,8 +22,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/d-feet
-whitelist ${HOME}/.config/d-feet
-whitelist /usr/share/d-feet
+allow  ${HOME}/.config/d-feet
+allow  /usr/share/d-feet
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/darktable.profile b/etc/profile-a-l/darktable.profile
index 61fa52928..4d51c255e 100644
--- a/etc/profile-a-l/darktable.profile
+++ b/etc/profile-a-l/darktable.profile
@@ -6,9 +6,9 @@ include darktable.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/darktable
-noblacklist ${HOME}/.config/darktable
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.cache/darktable
+nodeny  ${HOME}/.config/darktable
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile
index 67a61bb60..745042d6f 100644
--- a/etc/profile-a-l/dbus-send.profile
+++ b/etc/profile-a-l/dbus-send.profile
@@ -7,8 +7,8 @@ include dbus-send.local
 # Persistent global definitions
 include globals.local
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dconf-editor.profile b/etc/profile-a-l/dconf-editor.profile
index 0c221850a..c1231c6cf 100644
--- a/etc/profile-a-l/dconf-editor.profile
+++ b/etc/profile-a-l/dconf-editor.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist ${HOME}/.local/share/glib-2.0
+allow  ${HOME}/.local/share/glib-2.0
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/dconf.profile b/etc/profile-a-l/dconf.profile
index be7514cbf..b9d385adf 100644
--- a/etc/profile-a-l/dconf.profile
+++ b/etc/profile-a-l/dconf.profile
@@ -6,7 +6,7 @@ include dconf.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist ${HOME}/.local/share/glib-2.0
+allow  ${HOME}/.local/share/glib-2.0
 # dconf paths are whitelisted by the following
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/ddgtk.profile b/etc/profile-a-l/ddgtk.profile
index 5b95b74be..09fa7a07a 100644
--- a/etc/profile-a-l/ddgtk.profile
+++ b/etc/profile-a-l/ddgtk.profile
@@ -18,8 +18,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist ${DOWNLOADS}
-whitelist /usr/share/ddgtk
+allow  ${DOWNLOADS}
+allow  /usr/share/ddgtk
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/deadbeef.profile b/etc/profile-a-l/deadbeef.profile
index a221ebbd7..25fa944a1 100644
--- a/etc/profile-a-l/deadbeef.profile
+++ b/etc/profile-a-l/deadbeef.profile
@@ -6,8 +6,8 @@ include deadbeef.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/deadbeef
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.config/deadbeef
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/deluge.profile b/etc/profile-a-l/deluge.profile
index ad7aa6ed5..d41a4a023 100644
--- a/etc/profile-a-l/deluge.profile
+++ b/etc/profile-a-l/deluge.profile
@@ -6,7 +6,7 @@ include deluge.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/deluge
+nodeny  ${HOME}/.config/deluge
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.config/deluge
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.config/deluge
+allow  ${DOWNLOADS}
+allow  ${HOME}/.config/deluge
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/desktopeditors.profile b/etc/profile-a-l/desktopeditors.profile
index 212cdab60..aed4355d5 100644
--- a/etc/profile-a-l/desktopeditors.profile
+++ b/etc/profile-a-l/desktopeditors.profile
@@ -6,9 +6,9 @@ include desktopeditors.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/onlyoffice
-noblacklist ${HOME}/.local/share/onlyoffice
-noblacklist ${HOME}/.pki
+nodeny  ${HOME}/.config/onlyoffice
+nodeny  ${HOME}/.local/share/onlyoffice
+nodeny  ${HOME}/.pki
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/devhelp.profile b/etc/profile-a-l/devhelp.profile
index 5007f8e74..dc0f290fb 100644
--- a/etc/profile-a-l/devhelp.profile
+++ b/etc/profile-a-l/devhelp.profile
@@ -16,9 +16,9 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/devhelp
-whitelist /usr/share/doc
-whitelist /usr/share/gtk-doc/html
+allow  /usr/share/devhelp
+allow  /usr/share/doc
+allow  /usr/share/gtk-doc/html
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 
diff --git a/etc/profile-a-l/devilspie.profile b/etc/profile-a-l/devilspie.profile
index 6267b5709..631f15f93 100644
--- a/etc/profile-a-l/devilspie.profile
+++ b/etc/profile-a-l/devilspie.profile
@@ -6,9 +6,9 @@ include devilspie.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
-noblacklist ${HOME}/.devilspie
+nodeny  ${HOME}/.devilspie
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.devilspie
-whitelist ${HOME}/.devilspie
+allow  ${HOME}/.devilspie
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/devilspie2.profile b/etc/profile-a-l/devilspie2.profile
index 9eab3f536..140c9da0f 100644
--- a/etc/profile-a-l/devilspie2.profile
+++ b/etc/profile-a-l/devilspie2.profile
@@ -6,17 +6,17 @@ include devilspie2.local
 # Persistent global definitions
 #include globals.local
 
-blacklist ${HOME}/.devilspie
+deny  ${HOME}/.devilspie
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
-noblacklist ${HOME}/.config/devilspie2
+nodeny  ${HOME}/.config/devilspie2
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
 
 mkdir ${HOME}/.config/devilspie2
-whitelist ${HOME}/.config/devilspie2
+allow  ${HOME}/.config/devilspie2
 
 private-bin devilspie2
 
diff --git a/etc/profile-a-l/dia.profile b/etc/profile-a-l/dia.profile
index 531734b7d..2a808238b 100644
--- a/etc/profile-a-l/dia.profile
+++ b/etc/profile-a-l/dia.profile
@@ -6,8 +6,8 @@ include dia.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.dia
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.dia
+nodeny  ${DOCUMENTS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -25,7 +25,7 @@ include disable-xdg.inc
 #whitelist ${HOME}/.dia
 #whitelist ${DOCUMENTS}
 #include whitelist-common.inc
-whitelist /usr/share/dia
+allow  /usr/share/dia
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/dig.profile b/etc/profile-a-l/dig.profile
index 247159a8a..2d683b811 100644
--- a/etc/profile-a-l/dig.profile
+++ b/etc/profile-a-l/dig.profile
@@ -7,11 +7,11 @@ include dig.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.digrc
-noblacklist ${PATH}/dig
+nodeny  ${HOME}/.digrc
+nodeny  ${PATH}/dig
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}
 
 include disable-common.inc
 # include disable-devel.inc
@@ -22,7 +22,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 #mkfile ${HOME}/.digrc - see #903
-whitelist ${HOME}/.digrc
+allow  ${HOME}/.digrc
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/digikam.profile b/etc/profile-a-l/digikam.profile
index 2ca7bd400..124b50952 100644
--- a/etc/profile-a-l/digikam.profile
+++ b/etc/profile-a-l/digikam.profile
@@ -6,12 +6,12 @@ include digikam.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/digikam
-noblacklist ${HOME}/.config/digikamrc
-noblacklist ${HOME}/.kde/share/apps/digikam
-noblacklist ${HOME}/.kde4/share/apps/digikam
-noblacklist ${HOME}/.local/share/kxmlgui5/digikam
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.config/digikam
+nodeny  ${HOME}/.config/digikamrc
+nodeny  ${HOME}/.kde/share/apps/digikam
+nodeny  ${HOME}/.kde4/share/apps/digikam
+nodeny  ${HOME}/.local/share/kxmlgui5/digikam
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dillo.profile b/etc/profile-a-l/dillo.profile
index 9871a6095..883466f4d 100644
--- a/etc/profile-a-l/dillo.profile
+++ b/etc/profile-a-l/dillo.profile
@@ -6,7 +6,7 @@ include dillo.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.dillo
+nodeny  ${HOME}/.dillo
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-programs.inc
 
 mkdir ${HOME}/.dillo
 mkdir ${HOME}/.fltk
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.dillo
-whitelist ${HOME}/.fltk
+allow  ${DOWNLOADS}
+allow  ${HOME}/.dillo
+allow  ${HOME}/.fltk
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/dino.profile b/etc/profile-a-l/dino.profile
index c3174b35f..3078bef71 100644
--- a/etc/profile-a-l/dino.profile
+++ b/etc/profile-a-l/dino.profile
@@ -6,7 +6,7 @@ include dino.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/dino
+nodeny  ${HOME}/.local/share/dino
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.local/share/dino
-whitelist ${HOME}/.local/share/dino
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.local/share/dino
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/discord-canary.profile b/etc/profile-a-l/discord-canary.profile
index 43db95b8a..1c53cd211 100644
--- a/etc/profile-a-l/discord-canary.profile
+++ b/etc/profile-a-l/discord-canary.profile
@@ -5,10 +5,10 @@ include discord-canary.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/discordcanary
+nodeny  ${HOME}/.config/discordcanary
 
 mkdir ${HOME}/.config/discordcanary
-whitelist ${HOME}/.config/discordcanary
+allow  ${HOME}/.config/discordcanary
 
 private-bin discord-canary,electron,electron[0-9],electron[0-9][0-9]
 private-opt discord-canary
diff --git a/etc/profile-a-l/discord-common.profile b/etc/profile-a-l/discord-common.profile
index 19e7bd9ab..6bee1901c 100644
--- a/etc/profile-a-l/discord-common.profile
+++ b/etc/profile-a-l/discord-common.profile
@@ -20,8 +20,8 @@ ignore dbus-system none
 ignore noexec ${HOME}
 ignore novideo
 
-whitelist ${HOME}/.config/BetterDiscord
-whitelist ${HOME}/.local/share/betterdiscordctl
+allow  ${HOME}/.config/BetterDiscord
+allow  ${HOME}/.local/share/betterdiscordctl
 
 private-bin bash,cut,echo,egrep,fish,grep,head,sed,sh,tclsh,tr,xdg-mime,xdg-open,zsh
 private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl
diff --git a/etc/profile-a-l/discord.profile b/etc/profile-a-l/discord.profile
index 8ef02a30f..658d3fc83 100644
--- a/etc/profile-a-l/discord.profile
+++ b/etc/profile-a-l/discord.profile
@@ -5,10 +5,10 @@ include discord.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/discord
+nodeny  ${HOME}/.config/discord
 
 mkdir ${HOME}/.config/discord
-whitelist ${HOME}/.config/discord
+allow  ${HOME}/.config/discord
 
 private-bin discord
 private-opt discord
diff --git a/etc/profile-a-l/display.profile b/etc/profile-a-l/display.profile
index 11f3fd36e..4474b97d2 100644
--- a/etc/profile-a-l/display.profile
+++ b/etc/profile-a-l/display.profile
@@ -5,7 +5,7 @@ include display.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${PICTURES}
+nodeny  ${PICTURES}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/dnox.profile b/etc/profile-a-l/dnox.profile
index 51ba6f8b7..8c3d6211b 100644
--- a/etc/profile-a-l/dnox.profile
+++ b/etc/profile-a-l/dnox.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-noblacklist ${HOME}/.cache/dnox
-noblacklist ${HOME}/.config/dnox
+nodeny  ${HOME}/.cache/dnox
+nodeny  ${HOME}/.config/dnox
 
 mkdir ${HOME}/.cache/dnox
 mkdir ${HOME}/.config/dnox
-whitelist ${HOME}/.cache/dnox
-whitelist ${HOME}/.config/dnox
+allow  ${HOME}/.cache/dnox
+allow  ${HOME}/.config/dnox
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/dnscrypt-proxy.profile b/etc/profile-a-l/dnscrypt-proxy.profile
index f8fb1a331..dbcef36f8 100644
--- a/etc/profile-a-l/dnscrypt-proxy.profile
+++ b/etc/profile-a-l/dnscrypt-proxy.profile
@@ -7,11 +7,11 @@ include dnscrypt-proxy.local
 # Persistent global definitions
 include globals.local
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
-noblacklist /sbin
-noblacklist /usr/sbin
+nodeny  /sbin
+nodeny  /usr/sbin
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,7 +21,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist /usr/share/dnscrypt-proxy
+allow  /usr/share/dnscrypt-proxy
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile
index 01398c2b2..b1acbf392 100644
--- a/etc/profile-a-l/dnsmasq.profile
+++ b/etc/profile-a-l/dnsmasq.profile
@@ -7,11 +7,11 @@ include dnsmasq.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /sbin
-noblacklist /usr/sbin
+nodeny  /sbin
+nodeny  /usr/sbin
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dolphin-emu.profile b/etc/profile-a-l/dolphin-emu.profile
index 49feec32e..15b312ecb 100644
--- a/etc/profile-a-l/dolphin-emu.profile
+++ b/etc/profile-a-l/dolphin-emu.profile
@@ -8,9 +8,9 @@ include globals.local
 
 # Note: you must whitelist your games folder in your dolphin-emu.local.
 
-noblacklist ${HOME}/.cache/dolphin-emu
-noblacklist ${HOME}/.config/dolphin-emu
-noblacklist ${HOME}/.local/share/dolphin-emu
+nodeny  ${HOME}/.cache/dolphin-emu
+nodeny  ${HOME}/.config/dolphin-emu
+nodeny  ${HOME}/.local/share/dolphin-emu
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,10 +24,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/dolphin-emu
 mkdir ${HOME}/.config/dolphin-emu
 mkdir ${HOME}/.local/share/dolphin-emu
-whitelist ${HOME}/.cache/dolphin-emu
-whitelist ${HOME}/.config/dolphin-emu
-whitelist ${HOME}/.local/share/dolphin-emu
-whitelist /usr/share/dolphin-emu
+allow  ${HOME}/.cache/dolphin-emu
+allow  ${HOME}/.config/dolphin-emu
+allow  ${HOME}/.local/share/dolphin-emu
+allow  /usr/share/dolphin-emu
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/dooble.profile b/etc/profile-a-l/dooble.profile
index 37a4113cb..3b0adcc36 100644
--- a/etc/profile-a-l/dooble.profile
+++ b/etc/profile-a-l/dooble.profile
@@ -7,7 +7,7 @@ include dooble-qt4.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.dooble
+nodeny  ${HOME}/.dooble
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.dooble
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.dooble
+allow  ${DOWNLOADS}
+allow  ${HOME}/.dooble
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/dosbox.profile b/etc/profile-a-l/dosbox.profile
index 988f66f28..29e506764 100644
--- a/etc/profile-a-l/dosbox.profile
+++ b/etc/profile-a-l/dosbox.profile
@@ -6,8 +6,8 @@ include dosbox.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.dosbox
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.dosbox
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dragon.profile b/etc/profile-a-l/dragon.profile
index 8fa01d504..90ca11774 100644
--- a/etc/profile-a-l/dragon.profile
+++ b/etc/profile-a-l/dragon.profile
@@ -6,9 +6,9 @@ include dragon.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/dragonplayerrc
-noblacklist ${MUSIC}
-noblacklist ${VIDEOS}
+nodeny  ${HOME}/.config/dragonplayerrc
+nodeny  ${MUSIC}
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/dragonplayer
+allow  /usr/share/dragonplayer
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/drawio.profile b/etc/profile-a-l/drawio.profile
index 82d96e405..84a77ce34 100644
--- a/etc/profile-a-l/drawio.profile
+++ b/etc/profile-a-l/drawio.profile
@@ -6,7 +6,7 @@ include drawio.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/draw.io
+nodeny  ${HOME}/.config/draw.io
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/draw.io
-whitelist ${HOME}/.config/draw.io
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.config/draw.io
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/drill.profile b/etc/profile-a-l/drill.profile
index 068bd88d8..e177fd60e 100644
--- a/etc/profile-a-l/drill.profile
+++ b/etc/profile-a-l/drill.profile
@@ -7,10 +7,10 @@ include drill.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${PATH}/drill
+nodeny  ${PATH}/drill
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}
 
 include disable-common.inc
 # include disable-devel.inc
diff --git a/etc/profile-a-l/dropbox.profile b/etc/profile-a-l/dropbox.profile
index b3b2aaf40..274cdd478 100644
--- a/etc/profile-a-l/dropbox.profile
+++ b/etc/profile-a-l/dropbox.profile
@@ -5,9 +5,9 @@ include dropbox.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/autostart
-noblacklist ${HOME}/.dropbox
-noblacklist ${HOME}/.dropbox-dist
+nodeny  ${HOME}/.config/autostart
+nodeny  ${HOME}/.dropbox
+nodeny  ${HOME}/.dropbox-dist
 
 # Allow python3 (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
@@ -22,10 +22,10 @@ mkdir ${HOME}/.dropbox
 mkdir ${HOME}/.dropbox-dist
 mkdir ${HOME}/Dropbox
 mkfile ${HOME}/.config/autostart/dropbox.desktop
-whitelist ${HOME}/.config/autostart/dropbox.desktop
-whitelist ${HOME}/.dropbox
-whitelist ${HOME}/.dropbox-dist
-whitelist ${HOME}/Dropbox
+allow  ${HOME}/.config/autostart/dropbox.desktop
+allow  ${HOME}/.dropbox
+allow  ${HOME}/.dropbox-dist
+allow  ${HOME}/Dropbox
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/easystroke.profile b/etc/profile-a-l/easystroke.profile
index 38e4b16f7..da54fec34 100644
--- a/etc/profile-a-l/easystroke.profile
+++ b/etc/profile-a-l/easystroke.profile
@@ -6,7 +6,7 @@ include easystroke.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.easystroke
+nodeny  ${HOME}/.easystroke
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.easystroke
-whitelist ${HOME}/.easystroke
+allow  ${HOME}/.easystroke
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile
index 278dd6cbd..10e57371e 100644
--- a/etc/profile-a-l/electron-mail.profile
+++ b/etc/profile-a-l/electron-mail.profile
@@ -6,7 +6,7 @@ include electron-mail.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/electron-mail
+nodeny  ${HOME}/.config/electron-mail
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/electron-mail
-whitelist ${HOME}/.config/electron-mail
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.config/electron-mail
+allow  ${DOWNLOADS}
 
 include whitelist-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/electron.profile b/etc/profile-a-l/electron.profile
index 493af79d4..e8d8d35c4 100644
--- a/etc/profile-a-l/electron.profile
+++ b/etc/profile-a-l/electron.profile
@@ -12,7 +12,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist ${DOWNLOADS}
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/electrum.profile b/etc/profile-a-l/electrum.profile
index ad636d71a..f6691017c 100644
--- a/etc/profile-a-l/electrum.profile
+++ b/etc/profile-a-l/electrum.profile
@@ -6,7 +6,7 @@ include electrum.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.electrum
+nodeny  ${HOME}/.electrum
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,7 +22,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.electrum
-whitelist ${HOME}/.electrum
+allow  ${HOME}/.electrum
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/element-desktop.profile b/etc/profile-a-l/element-desktop.profile
index 48a826f2e..ec28866b8 100644
--- a/etc/profile-a-l/element-desktop.profile
+++ b/etc/profile-a-l/element-desktop.profile
@@ -9,11 +9,11 @@ include element-desktop.local
 
 ignore dbus-user none
 
-noblacklist ${HOME}/.config/Element
+nodeny  ${HOME}/.config/Element
 
 mkdir ${HOME}/.config/Element
-whitelist ${HOME}/.config/Element
-whitelist /opt/Element
+allow  ${HOME}/.config/Element
+allow  /opt/Element
 
 private-opt Element
 
diff --git a/etc/profile-a-l/elinks.profile b/etc/profile-a-l/elinks.profile
index 5a29eb24b..30dca05cb 100644
--- a/etc/profile-a-l/elinks.profile
+++ b/etc/profile-a-l/elinks.profile
@@ -7,10 +7,10 @@ include elinks.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.elinks
+nodeny  ${HOME}/.elinks
 
 mkdir ${HOME}/.elinks
-whitelist ${HOME}/.elinks
+allow  ${HOME}/.elinks
 
 private-bin elinks
 
diff --git a/etc/profile-a-l/emacs.profile b/etc/profile-a-l/emacs.profile
index 55bf743ef..f0e0e2830 100644
--- a/etc/profile-a-l/emacs.profile
+++ b/etc/profile-a-l/emacs.profile
@@ -6,8 +6,8 @@ include emacs.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.emacs
-noblacklist ${HOME}/.emacs.d
+nodeny  ${HOME}/.emacs
+nodeny  ${HOME}/.emacs.d
 # Add the next line to your emacs.local if you need gpg support.
 #noblacklist ${HOME}/.gnupg
 
diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile
index 6c9a8a6ea..5fc72d340 100644
--- a/etc/profile-a-l/email-common.profile
+++ b/etc/profile-a-l/email-common.profile
@@ -7,14 +7,14 @@ include email-common.local
 # added by caller profile
 #include globals.local
 
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.mozilla
-noblacklist ${HOME}/.signature
+nodeny  ${HOME}/.gnupg
+nodeny  ${HOME}/.mozilla
+nodeny  ${HOME}/.signature
 # when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local
 # and 'blacklist' it in your disable-common.local too so it is  kept hidden from other applications
-noblacklist ${HOME}/Mail
+nodeny  ${HOME}/Mail
 
-noblacklist ${DOCUMENTS}
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -27,17 +27,17 @@ include disable-xdg.inc
 mkdir ${HOME}/.gnupg
 mkfile ${HOME}/.config/mimeapps.list
 mkfile ${HOME}/.signature
-whitelist ${HOME}/.config/mimeapps.list
-whitelist ${HOME}/.mozilla/firefox/profiles.ini
-whitelist ${HOME}/.gnupg
-whitelist ${HOME}/.signature
-whitelist ${DOCUMENTS}
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.config/mimeapps.list
+allow  ${HOME}/.mozilla/firefox/profiles.ini
+allow  ${HOME}/.gnupg
+allow  ${HOME}/.signature
+allow  ${DOCUMENTS}
+allow  ${DOWNLOADS}
 # when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local
-whitelist ${HOME}/Mail
-whitelist ${RUNUSER}/gnupg
-whitelist /usr/share/gnupg
-whitelist /usr/share/gnupg2
+allow  ${HOME}/Mail
+allow  ${RUNUSER}/gnupg
+allow  /usr/share/gnupg
+allow  /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/enchant.profile b/etc/profile-a-l/enchant.profile
index ac17b1726..36015b702 100644
--- a/etc/profile-a-l/enchant.profile
+++ b/etc/profile-a-l/enchant.profile
@@ -6,9 +6,9 @@ include enchant.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
-noblacklist ${HOME}/.config/enchant
+nodeny  ${HOME}/.config/enchant
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/enchant
-whitelist ${HOME}/.config/enchant
+allow  ${HOME}/.config/enchant
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/enox.profile b/etc/profile-a-l/enox.profile
index d982433e2..9a1d89bba 100644
--- a/etc/profile-a-l/enox.profile
+++ b/etc/profile-a-l/enox.profile
@@ -10,15 +10,15 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-noblacklist ${HOME}/.cache/Enox
-noblacklist ${HOME}/.config/Enox
+nodeny  ${HOME}/.cache/Enox
+nodeny  ${HOME}/.config/Enox
 
 #mkdir ${HOME}/.cache/dnox
 #mkdir ${HOME}/.config/dnox
 mkdir ${HOME}/.cache/Enox
 mkdir ${HOME}/.config/Enox
-whitelist ${HOME}/.cache/Enox
-whitelist ${HOME}/.config/Enox
+allow  ${HOME}/.cache/Enox
+allow  ${HOME}/.config/Enox
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/enpass.profile b/etc/profile-a-l/enpass.profile
index c4123b4c2..5d8f8a0b9 100644
--- a/etc/profile-a-l/enpass.profile
+++ b/etc/profile-a-l/enpass.profile
@@ -6,11 +6,11 @@ include enpass.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/Enpass
-noblacklist ${HOME}/.config/sinew.in
-noblacklist ${HOME}/.config/Sinew Software Systems
-noblacklist ${HOME}/.local/share/Enpass
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.cache/Enpass
+nodeny  ${HOME}/.config/sinew.in
+nodeny  ${HOME}/.config/Sinew Software Systems
+nodeny  ${HOME}/.local/share/Enpass
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,11 +24,11 @@ mkdir ${HOME}/.cache/Enpass
 mkfile ${HOME}/.config/sinew.in
 mkdir ${HOME}/.config/Sinew Software Systems
 mkdir ${HOME}/.local/share/Enpass
-whitelist ${HOME}/.cache/Enpass
-whitelist ${HOME}/.config/sinew.in
-whitelist ${HOME}/.config/Sinew Software Systems
-whitelist ${HOME}/.local/share/Enpass
-whitelist ${DOCUMENTS}
+allow  ${HOME}/.cache/Enpass
+allow  ${HOME}/.config/sinew.in
+allow  ${HOME}/.config/Sinew Software Systems
+allow  ${HOME}/.local/share/Enpass
+allow  ${DOCUMENTS}
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/eo-common.profile b/etc/profile-a-l/eo-common.profile
index fe7913e77..ff7040e5c 100644
--- a/etc/profile-a-l/eo-common.profile
+++ b/etc/profile-a-l/eo-common.profile
@@ -7,11 +7,11 @@ include eo-common.local
 # added by caller profile
 #include globals.local
 
-noblacklist ${HOME}/.local/share/Trash
-noblacklist ${HOME}/.Steam
-noblacklist ${HOME}/.steam
+nodeny  ${HOME}/.local/share/Trash
+nodeny  ${HOME}/.Steam
+nodeny  ${HOME}/.steam
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/eog.profile b/etc/profile-a-l/eog.profile
index 5892374bd..e8592c7df 100644
--- a/etc/profile-a-l/eog.profile
+++ b/etc/profile-a-l/eog.profile
@@ -6,9 +6,9 @@ include eog.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/eog
+nodeny  ${HOME}/.config/eog
 
-whitelist /usr/share/eog
+allow  /usr/share/eog
 
 # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'.
 # Add the next lines to your eog.local if you need that functionality.
diff --git a/etc/profile-a-l/eom.profile b/etc/profile-a-l/eom.profile
index 7143a8e03..323f5ade2 100644
--- a/etc/profile-a-l/eom.profile
+++ b/etc/profile-a-l/eom.profile
@@ -6,9 +6,9 @@ include eom.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/mate/eom
+nodeny  ${HOME}/.config/mate/eom
 
-whitelist /usr/share/eom
+allow  /usr/share/eom
 
 # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'.
 # Add the next lines to your eom.local if you need that functionality.
diff --git a/etc/profile-a-l/ephemeral.profile b/etc/profile-a-l/ephemeral.profile
index 131d68951..3657742b9 100644
--- a/etc/profile-a-l/ephemeral.profile
+++ b/etc/profile-a-l/ephemeral.profile
@@ -9,8 +9,8 @@ include globals.local
 # enforce private-cache
 #noblacklist ${HOME}/.cache/ephemeral
 
-noblacklist ${HOME}/.pki
-noblacklist ${HOME}/.local/share/pki
+nodeny  ${HOME}/.pki
+nodeny  ${HOME}/.local/share/pki
 
 # noexec ${HOME} breaks DRM binaries.
 ?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
@@ -27,9 +27,9 @@ mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
 # enforce private-cache
 #whitelist ${HOME}/.cache/ephemeral
-whitelist ${HOME}/.pki
-whitelist ${HOME}/.local/share/pki
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.pki
+allow  ${HOME}/.local/share/pki
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/epiphany.profile b/etc/profile-a-l/epiphany.profile
index 225811226..daedb2193 100644
--- a/etc/profile-a-l/epiphany.profile
+++ b/etc/profile-a-l/epiphany.profile
@@ -9,9 +9,9 @@ include globals.local
 # Note: Epiphany use bwrap since 3.34 and can not be firejailed any more.
 # See https://github.com/netblue30/firejail/issues/2995
 
-noblacklist ${HOME}/.cache/epiphany
-noblacklist ${HOME}/.config/epiphany
-noblacklist ${HOME}/.local/share/epiphany
+nodeny  ${HOME}/.cache/epiphany
+nodeny  ${HOME}/.config/epiphany
+nodeny  ${HOME}/.local/share/epiphany
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,10 +21,10 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/epiphany
 mkdir ${HOME}/.config/epiphany
 mkdir ${HOME}/.local/share/epiphany
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/epiphany
-whitelist ${HOME}/.config/epiphany
-whitelist ${HOME}/.local/share/epiphany
+allow  ${DOWNLOADS}
+allow  ${HOME}/.cache/epiphany
+allow  ${HOME}/.config/epiphany
+allow  ${HOME}/.local/share/epiphany
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/equalx.profile b/etc/profile-a-l/equalx.profile
index 964d3b7ca..ac957870c 100644
--- a/etc/profile-a-l/equalx.profile
+++ b/etc/profile-a-l/equalx.profile
@@ -6,8 +6,8 @@ include equalx.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/equalx
-noblacklist ${HOME}/.equalx
+nodeny  ${HOME}/.config/equalx
+nodeny  ${HOME}/.equalx
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,13 +20,13 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/equalx
 mkdir ${HOME}/.equalx
-whitelist ${HOME}/.config/equalx
-whitelist ${HOME}/.equalx
-whitelist /usr/share/poppler
-whitelist /usr/share/ghostscript
-whitelist /usr/share/texlive
-whitelist /usr/share/equalx
-whitelist /var/lib/texmf
+allow  ${HOME}/.config/equalx
+allow  ${HOME}/.equalx
+allow  /usr/share/poppler
+allow  /usr/share/ghostscript
+allow  /usr/share/texlive
+allow  /usr/share/equalx
+allow  /var/lib/texmf
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile
index fdff1e4b5..a2f46b757 100644
--- a/etc/profile-a-l/etr.profile
+++ b/etc/profile-a-l/etr.profile
@@ -6,9 +6,9 @@ include etr.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.etr
+nodeny  ${HOME}/.etr
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,10 +20,10 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.etr
-whitelist ${HOME}/.etr
-whitelist /usr/share/etr
+allow  ${HOME}/.etr
+allow  /usr/share/etr
 # Debian version
-whitelist /usr/share/games/etr
+allow  /usr/share/games/etr
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile
index a9e39b15c..ce2617ad6 100644
--- a/etc/profile-a-l/evince.profile
+++ b/etc/profile-a-l/evince.profile
@@ -10,10 +10,10 @@ include globals.local
 # Add the next line to your evince.local if you need bookmarks support. This also needs additional dbus-user filtering (see below).
 #noblacklist ${HOME}/.local/share/gvfs-metadata
 
-noblacklist ${HOME}/.config/evince
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.config/evince
+nodeny  ${DOCUMENTS}
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,10 +24,10 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/doc
-whitelist /usr/share/evince
-whitelist /usr/share/poppler
-whitelist /usr/share/tracker
+allow  /usr/share/doc
+allow  /usr/share/evince
+allow  /usr/share/poppler
+allow  /usr/share/tracker
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/evolution.profile b/etc/profile-a-l/evolution.profile
index 7222493ac..142498a28 100644
--- a/etc/profile-a-l/evolution.profile
+++ b/etc/profile-a-l/evolution.profile
@@ -6,15 +6,15 @@ include evolution.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /var/mail
-noblacklist /var/spool/mail
-noblacklist ${HOME}/.bogofilter
-noblacklist ${HOME}/.cache/evolution
-noblacklist ${HOME}/.config/evolution
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.local/share/evolution
-noblacklist ${HOME}/.pki
-noblacklist ${HOME}/.local/share/pki
+nodeny  /var/mail
+nodeny  /var/spool/mail
+nodeny  ${HOME}/.bogofilter
+nodeny  ${HOME}/.cache/evolution
+nodeny  ${HOME}/.config/evolution
+nodeny  ${HOME}/.gnupg
+nodeny  ${HOME}/.local/share/evolution
+nodeny  ${HOME}/.pki
+nodeny  ${HOME}/.local/share/pki
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/exiftool.profile b/etc/profile-a-l/exiftool.profile
index 7b09a2c64..216814989 100644
--- a/etc/profile-a-l/exiftool.profile
+++ b/etc/profile-a-l/exiftool.profile
@@ -6,7 +6,7 @@ include exiftool.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -18,7 +18,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-whitelist /usr/share/perl-image-exiftool
+allow  /usr/share/perl-image-exiftool
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/falkon.profile b/etc/profile-a-l/falkon.profile
index b2061db79..9bb42945b 100644
--- a/etc/profile-a-l/falkon.profile
+++ b/etc/profile-a-l/falkon.profile
@@ -6,8 +6,8 @@ include falkon.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/falkon
-noblacklist ${HOME}/.config/falkon
+nodeny  ${HOME}/.cache/falkon
+nodeny  ${HOME}/.config/falkon
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,10 +19,10 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/falkon
 mkdir ${HOME}/.config/falkon
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/falkon
-whitelist ${HOME}/.config/falkon
-whitelist /usr/share/falkon
+allow  ${DOWNLOADS}
+allow  ${HOME}/.cache/falkon
+allow  ${HOME}/.config/falkon
+allow  /usr/share/falkon
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/fbreader.profile b/etc/profile-a-l/fbreader.profile
index 8e81000fd..d141c6ed5 100644
--- a/etc/profile-a-l/fbreader.profile
+++ b/etc/profile-a-l/fbreader.profile
@@ -6,8 +6,8 @@ include fbreader.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.FBReader
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.FBReader
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile
index 31cb1776c..17a365053 100644
--- a/etc/profile-a-l/fdns.profile
+++ b/etc/profile-a-l/fdns.profile
@@ -5,11 +5,11 @@ include fdns.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /sbin
-noblacklist /usr/sbin
+nodeny  /sbin
+nodeny  /usr/sbin
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/feedreader.profile b/etc/profile-a-l/feedreader.profile
index 664ec2da6..359be083e 100644
--- a/etc/profile-a-l/feedreader.profile
+++ b/etc/profile-a-l/feedreader.profile
@@ -6,8 +6,8 @@ include feedreader.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/feedreader
-noblacklist ${HOME}/.local/share/feedreader
+nodeny  ${HOME}/.cache/feedreader
+nodeny  ${HOME}/.local/share/feedreader
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/feedreader
 mkdir ${HOME}/.local/share/feedreader
-whitelist ${HOME}/.cache/feedreader
-whitelist ${HOME}/.local/share/feedreader
-whitelist /usr/share/feedreader
+allow  ${HOME}/.cache/feedreader
+allow  ${HOME}/.local/share/feedreader
+allow  /usr/share/feedreader
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/ferdi.profile b/etc/profile-a-l/ferdi.profile
index a2372ec8a..f60055f37 100644
--- a/etc/profile-a-l/ferdi.profile
+++ b/etc/profile-a-l/ferdi.profile
@@ -7,10 +7,10 @@ include globals.local
 
 ignore noexec /tmp
 
-noblacklist ${HOME}/.cache/Ferdi
-noblacklist ${HOME}/.config/Ferdi
-noblacklist ${HOME}/.pki
-noblacklist ${HOME}/.local/share/pki
+nodeny  ${HOME}/.cache/Ferdi
+nodeny  ${HOME}/.config/Ferdi
+nodeny  ${HOME}/.pki
+nodeny  ${HOME}/.local/share/pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Ferdi
 mkdir ${HOME}/.config/Ferdi
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/Ferdi
-whitelist ${HOME}/.config/Ferdi
-whitelist ${HOME}/.pki
-whitelist ${HOME}/.local/share/pki
+allow  ${DOWNLOADS}
+allow  ${HOME}/.cache/Ferdi
+allow  ${HOME}/.config/Ferdi
+allow  ${HOME}/.pki
+allow  ${HOME}/.local/share/pki
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/fetchmail.profile b/etc/profile-a-l/fetchmail.profile
index 7358ed5c7..1e06ec29a 100644
--- a/etc/profile-a-l/fetchmail.profile
+++ b/etc/profile-a-l/fetchmail.profile
@@ -6,8 +6,8 @@ include fetchmail.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.fetchmailrc
-noblacklist ${HOME}/.netrc
+nodeny  ${HOME}/.fetchmailrc
+nodeny  ${HOME}/.netrc
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/ffmpeg.profile b/etc/profile-a-l/ffmpeg.profile
index 13ef1beb9..1a64183ab 100644
--- a/etc/profile-a-l/ffmpeg.profile
+++ b/etc/profile-a-l/ffmpeg.profile
@@ -7,8 +7,8 @@ include ffmpeg.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${MUSIC}
-noblacklist ${VIDEOS}
+nodeny  ${MUSIC}
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/devedeng
-whitelist /usr/share/ffmpeg
-whitelist /usr/share/qtchooser
+allow  /usr/share/devedeng
+allow  /usr/share/ffmpeg
+allow  /usr/share/qtchooser
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile
index 4e651ed61..9f140850f 100644
--- a/etc/profile-a-l/file-roller.profile
+++ b/etc/profile-a-l/file-roller.profile
@@ -13,8 +13,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-whitelist /usr/libexec/file-roller
-whitelist /usr/share/file-roller
+allow  /usr/libexec/file-roller
+allow  /usr/share/file-roller
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/file.profile b/etc/profile-a-l/file.profile
index 5c7583605..426d1e72d 100644
--- a/etc/profile-a-l/file.profile
+++ b/etc/profile-a-l/file.profile
@@ -7,7 +7,7 @@ include file.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
+deny  ${RUNUSER}
 
 include disable-common.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/filezilla.profile b/etc/profile-a-l/filezilla.profile
index dc5def54f..d9e0e9da0 100644
--- a/etc/profile-a-l/filezilla.profile
+++ b/etc/profile-a-l/filezilla.profile
@@ -6,8 +6,8 @@ include filezilla.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/filezilla
-noblacklist ${HOME}/.filezilla
+nodeny  ${HOME}/.config/filezilla
+nodeny  ${HOME}/.filezilla
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/firedragon.profile b/etc/profile-a-l/firedragon.profile
index 77487161e..e22424794 100644
--- a/etc/profile-a-l/firedragon.profile
+++ b/etc/profile-a-l/firedragon.profile
@@ -6,13 +6,13 @@ include firedragon.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/firedragon
-noblacklist ${HOME}/.firedragon
+nodeny  ${HOME}/.cache/firedragon
+nodeny  ${HOME}/.firedragon
 
 mkdir ${HOME}/.cache/firedragon
 mkdir ${HOME}/.firedragon
-whitelist ${HOME}/.cache/firedragon
-whitelist ${HOME}/.firedragon
+allow  ${HOME}/.cache/firedragon
+allow  ${HOME}/.firedragon
 
 # Add the next lines to your firedragon.local if you want to use the migration wizard.
 #noblacklist ${HOME}/.mozilla
diff --git a/etc/profile-a-l/firefox-common-addons.profile b/etc/profile-a-l/firefox-common-addons.profile
index d282f9a60..7e2e8760d 100644
--- a/etc/profile-a-l/firefox-common-addons.profile
+++ b/etc/profile-a-l/firefox-common-addons.profile
@@ -5,74 +5,74 @@ include firefox-common-addons.local
 ignore include whitelist-runuser-common.inc
 ignore private-cache
 
-noblacklist ${HOME}/.cache/youtube-dl
-noblacklist ${HOME}/.config/kgetrc
-noblacklist ${HOME}/.config/mpv
-noblacklist ${HOME}/.config/okularpartrc
-noblacklist ${HOME}/.config/okularrc
-noblacklist ${HOME}/.config/qpdfview
-noblacklist ${HOME}/.config/youtube-dl
-noblacklist ${HOME}/.kde/share/apps/kget
-noblacklist ${HOME}/.kde/share/apps/okular
-noblacklist ${HOME}/.kde/share/config/kgetrc
-noblacklist ${HOME}/.kde/share/config/okularpartrc
-noblacklist ${HOME}/.kde/share/config/okularrc
-noblacklist ${HOME}/.kde4/share/apps/kget
-noblacklist ${HOME}/.kde4/share/apps/okular
-noblacklist ${HOME}/.kde4/share/config/kgetrc
-noblacklist ${HOME}/.kde4/share/config/okularpartrc
-noblacklist ${HOME}/.kde4/share/config/okularrc
-noblacklist ${HOME}/.local/share/kget
-noblacklist ${HOME}/.local/share/kxmlgui5/okular
-noblacklist ${HOME}/.local/share/okular
-noblacklist ${HOME}/.local/share/qpdfview
-noblacklist ${HOME}/.netrc
+nodeny  ${HOME}/.cache/youtube-dl
+nodeny  ${HOME}/.config/kgetrc
+nodeny  ${HOME}/.config/mpv
+nodeny  ${HOME}/.config/okularpartrc
+nodeny  ${HOME}/.config/okularrc
+nodeny  ${HOME}/.config/qpdfview
+nodeny  ${HOME}/.config/youtube-dl
+nodeny  ${HOME}/.kde/share/apps/kget
+nodeny  ${HOME}/.kde/share/apps/okular
+nodeny  ${HOME}/.kde/share/config/kgetrc
+nodeny  ${HOME}/.kde/share/config/okularpartrc
+nodeny  ${HOME}/.kde/share/config/okularrc
+nodeny  ${HOME}/.kde4/share/apps/kget
+nodeny  ${HOME}/.kde4/share/apps/okular
+nodeny  ${HOME}/.kde4/share/config/kgetrc
+nodeny  ${HOME}/.kde4/share/config/okularpartrc
+nodeny  ${HOME}/.kde4/share/config/okularrc
+nodeny  ${HOME}/.local/share/kget
+nodeny  ${HOME}/.local/share/kxmlgui5/okular
+nodeny  ${HOME}/.local/share/okular
+nodeny  ${HOME}/.local/share/qpdfview
+nodeny  ${HOME}/.netrc
 
-whitelist ${HOME}/.cache/gnome-mplayer/plugin
-whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs
-whitelist ${HOME}/.config/gnome-mplayer
-whitelist ${HOME}/.config/kgetrc
-whitelist ${HOME}/.config/mpv
-whitelist ${HOME}/.config/okularpartrc
-whitelist ${HOME}/.config/okularrc
-whitelist ${HOME}/.config/pipelight-silverlight5.1
-whitelist ${HOME}/.config/pipelight-widevine
-whitelist ${HOME}/.config/qpdfview
-whitelist ${HOME}/.config/youtube-dl
-whitelist ${HOME}/.kde/share/apps/kget
-whitelist ${HOME}/.kde/share/apps/okular
-whitelist ${HOME}/.kde/share/config/kgetrc
-whitelist ${HOME}/.kde/share/config/okularpartrc
-whitelist ${HOME}/.kde/share/config/okularrc
-whitelist ${HOME}/.kde4/share/apps/kget
-whitelist ${HOME}/.kde4/share/apps/okular
-whitelist ${HOME}/.kde4/share/config/kgetrc
-whitelist ${HOME}/.kde4/share/config/okularpartrc
-whitelist ${HOME}/.kde4/share/config/okularrc
-whitelist ${HOME}/.keysnail.js
-whitelist ${HOME}/.lastpass
-whitelist ${HOME}/.local/share/kget
-whitelist ${HOME}/.local/share/kxmlgui5/okular
-whitelist ${HOME}/.local/share/okular
-whitelist ${HOME}/.local/share/qpdfview
-whitelist ${HOME}/.local/share/tridactyl
-whitelist ${HOME}/.netrc
-whitelist ${HOME}/.pentadactyl
-whitelist ${HOME}/.pentadactylrc
-whitelist ${HOME}/.tridactylrc
-whitelist ${HOME}/.vimperator
-whitelist ${HOME}/.vimperatorrc
-whitelist ${HOME}/.wine-pipelight
-whitelist ${HOME}/.wine-pipelight64
-whitelist ${HOME}/.zotero
-whitelist ${HOME}/dwhelper
-whitelist /usr/share/lua
-whitelist /usr/share/lua*
-whitelist /usr/share/vulkan
+allow  ${HOME}/.cache/gnome-mplayer/plugin
+allow  ${HOME}/.cache/youtube-dl/youtube-sigfuncs
+allow  ${HOME}/.config/gnome-mplayer
+allow  ${HOME}/.config/kgetrc
+allow  ${HOME}/.config/mpv
+allow  ${HOME}/.config/okularpartrc
+allow  ${HOME}/.config/okularrc
+allow  ${HOME}/.config/pipelight-silverlight5.1
+allow  ${HOME}/.config/pipelight-widevine
+allow  ${HOME}/.config/qpdfview
+allow  ${HOME}/.config/youtube-dl
+allow  ${HOME}/.kde/share/apps/kget
+allow  ${HOME}/.kde/share/apps/okular
+allow  ${HOME}/.kde/share/config/kgetrc
+allow  ${HOME}/.kde/share/config/okularpartrc
+allow  ${HOME}/.kde/share/config/okularrc
+allow  ${HOME}/.kde4/share/apps/kget
+allow  ${HOME}/.kde4/share/apps/okular
+allow  ${HOME}/.kde4/share/config/kgetrc
+allow  ${HOME}/.kde4/share/config/okularpartrc
+allow  ${HOME}/.kde4/share/config/okularrc
+allow  ${HOME}/.keysnail.js
+allow  ${HOME}/.lastpass
+allow  ${HOME}/.local/share/kget
+allow  ${HOME}/.local/share/kxmlgui5/okular
+allow  ${HOME}/.local/share/okular
+allow  ${HOME}/.local/share/qpdfview
+allow  ${HOME}/.local/share/tridactyl
+allow  ${HOME}/.netrc
+allow  ${HOME}/.pentadactyl
+allow  ${HOME}/.pentadactylrc
+allow  ${HOME}/.tridactylrc
+allow  ${HOME}/.vimperator
+allow  ${HOME}/.vimperatorrc
+allow  ${HOME}/.wine-pipelight
+allow  ${HOME}/.wine-pipelight64
+allow  ${HOME}/.zotero
+allow  ${HOME}/dwhelper
+allow  /usr/share/lua
+allow  /usr/share/lua*
+allow  /usr/share/vulkan
 
 # GNOME Shell integration (chrome-gnome-shell) needs dbus and python
-noblacklist ${HOME}/.local/share/gnome-shell
-whitelist ${HOME}/.local/share/gnome-shell
+nodeny  ${HOME}/.local/share/gnome-shell
+allow  ${HOME}/.local/share/gnome-shell
 dbus-user.talk ca.desrt.dconf
 dbus-user.talk org.gnome.ChromeGnomeShell
 dbus-user.talk org.gnome.Shell
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile
index 8b74ed979..cb0fae5dc 100644
--- a/etc/profile-a-l/firefox-common.profile
+++ b/etc/profile-a-l/firefox-common.profile
@@ -12,8 +12,8 @@ include firefox-common.local
 # Add the next line to your firefox-common.local to allow access to common programs/addons/plugins.
 #include firefox-common-addons.profile
 
-noblacklist ${HOME}/.pki
-noblacklist ${HOME}/.local/share/pki
+nodeny  ${HOME}/.pki
+nodeny  ${HOME}/.local/share/pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,9 +23,9 @@ include disable-programs.inc
 
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.pki
-whitelist ${HOME}/.local/share/pki
+allow  ${DOWNLOADS}
+allow  ${HOME}/.pki
+allow  ${HOME}/.local/share/pki
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/firefox-esr.profile b/etc/profile-a-l/firefox-esr.profile
index 5e69fdb51..4fd315fdf 100644
--- a/etc/profile-a-l/firefox-esr.profile
+++ b/etc/profile-a-l/firefox-esr.profile
@@ -6,7 +6,7 @@ include firefox-esr.local
 # added by included profile
 #include globals.local
 
-whitelist /usr/share/firefox-esr
+allow  /usr/share/firefox-esr
 
 # Redirect
 include firefox.profile
diff --git a/etc/profile-a-l/firefox.profile b/etc/profile-a-l/firefox.profile
index 3ad67734d..8acfe7c2a 100644
--- a/etc/profile-a-l/firefox.profile
+++ b/etc/profile-a-l/firefox.profile
@@ -14,27 +14,27 @@ include globals.local
 # https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-run-two-instances-of-firefox
 # https://github.com/netblue30/firejail/issues/4206#issuecomment-824806968
 
-noblacklist ${HOME}/.cache/mozilla
-noblacklist ${HOME}/.mozilla
+nodeny  ${HOME}/.cache/mozilla
+nodeny  ${HOME}/.mozilla
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 mkdir ${HOME}/.cache/mozilla/firefox
 mkdir ${HOME}/.mozilla
-whitelist ${HOME}/.cache/mozilla/firefox
-whitelist ${HOME}/.mozilla
+allow  ${HOME}/.cache/mozilla/firefox
+allow  ${HOME}/.mozilla
 
 # Add one of the following whitelist options to your firefox.local to enable KeePassXC Plugin support.
 # NOTE: start KeePassXC before Firefox and keep it open to allow communication between them.
 #whitelist ${RUNUSER}/kpxc_server
 #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
 
-whitelist /usr/share/doc
-whitelist /usr/share/firefox
-whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
-whitelist /usr/share/gtk-doc/html
-whitelist /usr/share/mozilla
-whitelist /usr/share/webext
+allow  /usr/share/doc
+allow  /usr/share/firefox
+allow  /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
+allow  /usr/share/gtk-doc/html
+allow  /usr/share/mozilla
+allow  /usr/share/webext
 include whitelist-usr-share-common.inc
 
 # firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin.
diff --git a/etc/profile-a-l/five-or-more.profile b/etc/profile-a-l/five-or-more.profile
index 2c86d3ac7..bd1becaf0 100644
--- a/etc/profile-a-l/five-or-more.profile
+++ b/etc/profile-a-l/five-or-more.profile
@@ -6,12 +6,12 @@ include five-or-more.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/five-or-more
+nodeny  ${HOME}/.local/share/five-or-more
 
 mkdir ${HOME}/.local/share/five-or-more
-whitelist ${HOME}/.local/share/five-or-more
+allow  ${HOME}/.local/share/five-or-more
 
-whitelist /usr/share/five-or-more
+allow  /usr/share/five-or-more
 
 private-bin five-or-more
 
diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile
index 55af96c84..f16a65536 100644
--- a/etc/profile-a-l/flameshot.profile
+++ b/etc/profile-a-l/flameshot.profile
@@ -7,9 +7,9 @@ include flameshot.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${PICTURES}
-noblacklist ${HOME}/.config/Dharkael
-noblacklist ${HOME}/.config/flameshot
+nodeny  ${PICTURES}
+nodeny  ${HOME}/.config/Dharkael
+nodeny  ${HOME}/.config/flameshot
 
 include disable-common.inc
 include disable-devel.inc
@@ -25,7 +25,7 @@ include disable-xdg.inc
 #whitelist ${PICTURES}
 #whitelist ${HOME}/.config/Dharkael
 #whitelist ${HOME}/.config/flameshot
-whitelist /usr/share/flameshot
+allow  /usr/share/flameshot
 #include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/flashpeak-slimjet.profile b/etc/profile-a-l/flashpeak-slimjet.profile
index 310fb378f..af114e129 100644
--- a/etc/profile-a-l/flashpeak-slimjet.profile
+++ b/etc/profile-a-l/flashpeak-slimjet.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-noblacklist ${HOME}/.cache/slimjet
-noblacklist ${HOME}/.config/slimjet
+nodeny  ${HOME}/.cache/slimjet
+nodeny  ${HOME}/.config/slimjet
 
 mkdir ${HOME}/.cache/slimjet
 mkdir ${HOME}/.config/slimjet
-whitelist ${HOME}/.cache/slimjet
-whitelist ${HOME}/.config/slimjet
+allow  ${HOME}/.cache/slimjet
+allow  ${HOME}/.config/slimjet
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/flowblade.profile b/etc/profile-a-l/flowblade.profile
index a4421e3ce..505763fb9 100644
--- a/etc/profile-a-l/flowblade.profile
+++ b/etc/profile-a-l/flowblade.profile
@@ -6,8 +6,8 @@ include flowblade.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/flowblade
-noblacklist ${HOME}/.flowblade
+nodeny  ${HOME}/.config/flowblade
+nodeny  ${HOME}/.flowblade
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/fluxbox.profile b/etc/profile-a-l/fluxbox.profile
index 1210f365c..a22c0e103 100644
--- a/etc/profile-a-l/fluxbox.profile
+++ b/etc/profile-a-l/fluxbox.profile
@@ -7,7 +7,7 @@ include fluxbox.local
 include globals.local
 
 # all applications started in fluxbox will run in this profile
-noblacklist ${HOME}/.fluxbox
+nodeny  ${HOME}/.fluxbox
 include disable-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/font-manager.profile b/etc/profile-a-l/font-manager.profile
index cd0129436..ff9167c1a 100644
--- a/etc/profile-a-l/font-manager.profile
+++ b/etc/profile-a-l/font-manager.profile
@@ -6,8 +6,8 @@ include font-manager.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/font-manager
-noblacklist ${HOME}/.config/font-manager
+nodeny  ${HOME}/.cache/font-manager
+nodeny  ${HOME}/.config/font-manager
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -24,9 +24,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/font-manager
 mkdir ${HOME}/.config/font-manager
-whitelist ${HOME}/.cache/font-manager
-whitelist ${HOME}/.config/font-manager
-whitelist /usr/share/font-manager
+allow  ${HOME}/.cache/font-manager
+allow  ${HOME}/.config/font-manager
+allow  /usr/share/font-manager
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/fontforge.profile b/etc/profile-a-l/fontforge.profile
index bd1495877..64c7655e2 100644
--- a/etc/profile-a-l/fontforge.profile
+++ b/etc/profile-a-l/fontforge.profile
@@ -6,8 +6,8 @@ include fontforge.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.FontForge
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.FontForge
+nodeny  ${DOCUMENTS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/fossamail.profile b/etc/profile-a-l/fossamail.profile
index 2d700d336..5e5a12794 100644
--- a/etc/profile-a-l/fossamail.profile
+++ b/etc/profile-a-l/fossamail.profile
@@ -6,16 +6,16 @@ include fossamail.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.cache/fossamail
-noblacklist ${HOME}/.fossamail
-noblacklist ${HOME}/.gnupg
+nodeny  ${HOME}/.cache/fossamail
+nodeny  ${HOME}/.fossamail
+nodeny  ${HOME}/.gnupg
 
 mkdir ${HOME}/.cache/fossamail
 mkdir ${HOME}/.fossamail
 mkdir ${HOME}/.gnupg
-whitelist ${HOME}/.cache/fossamail
-whitelist ${HOME}/.fossamail
-whitelist ${HOME}/.gnupg
+allow  ${HOME}/.cache/fossamail
+allow  ${HOME}/.fossamail
+allow  ${HOME}/.gnupg
 include whitelist-common.inc
 
 # allow browsers
diff --git a/etc/profile-a-l/four-in-a-row.profile b/etc/profile-a-l/four-in-a-row.profile
index eb0c43ca5..97fd4a626 100644
--- a/etc/profile-a-l/four-in-a-row.profile
+++ b/etc/profile-a-l/four-in-a-row.profile
@@ -9,7 +9,7 @@ include globals.local
 ignore machine-id
 ignore nosound
 
-whitelist /usr/share/four-in-a-row
+allow  /usr/share/four-in-a-row
 
 private-bin four-in-a-row
 
diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile
index 1b1d031b4..8edc9b02d 100644
--- a/etc/profile-a-l/fractal.profile
+++ b/etc/profile-a-l/fractal.profile
@@ -6,7 +6,7 @@ include fractal.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/fractal
+nodeny  ${HOME}/.cache/fractal
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,8 +22,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.cache/fractal
-whitelist ${HOME}/.cache/fractal
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.cache/fractal
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/franz.profile b/etc/profile-a-l/franz.profile
index 9b780a572..1a8ec8f99 100644
--- a/etc/profile-a-l/franz.profile
+++ b/etc/profile-a-l/franz.profile
@@ -7,10 +7,10 @@ include globals.local
 
 ignore noexec /tmp
 
-noblacklist ${HOME}/.cache/Franz
-noblacklist ${HOME}/.config/Franz
-noblacklist ${HOME}/.pki
-noblacklist ${HOME}/.local/share/pki
+nodeny  ${HOME}/.cache/Franz
+nodeny  ${HOME}/.config/Franz
+nodeny  ${HOME}/.pki
+nodeny  ${HOME}/.local/share/pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Franz
 mkdir ${HOME}/.config/Franz
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/Franz
-whitelist ${HOME}/.config/Franz
-whitelist ${HOME}/.pki
-whitelist ${HOME}/.local/share/pki
+allow  ${DOWNLOADS}
+allow  ${HOME}/.cache/Franz
+allow  ${HOME}/.config/Franz
+allow  ${HOME}/.pki
+allow  ${HOME}/.local/share/pki
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/freecad.profile b/etc/profile-a-l/freecad.profile
index 8043d0530..a45ad4c7a 100644
--- a/etc/profile-a-l/freecad.profile
+++ b/etc/profile-a-l/freecad.profile
@@ -6,8 +6,8 @@ include freecad.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/FreeCAD
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.config/FreeCAD
+nodeny  ${DOCUMENTS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/freeciv.profile b/etc/profile-a-l/freeciv.profile
index 23c19682c..20abd4056 100644
--- a/etc/profile-a-l/freeciv.profile
+++ b/etc/profile-a-l/freeciv.profile
@@ -6,7 +6,7 @@ include freeciv.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.freeciv
+nodeny  ${HOME}/.freeciv
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.freeciv
-whitelist ${HOME}/.freeciv
+allow  ${HOME}/.freeciv
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/freecol.profile b/etc/profile-a-l/freecol.profile
index 93fa7da03..79ccf4101 100644
--- a/etc/profile-a-l/freecol.profile
+++ b/etc/profile-a-l/freecol.profile
@@ -6,10 +6,10 @@ include freecol.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.freecol
-noblacklist ${HOME}/.cache/freecol
-noblacklist ${HOME}/.config/freecol
-noblacklist ${HOME}/.local/share/freecol
+nodeny  ${HOME}/.freecol
+nodeny  ${HOME}/.cache/freecol
+nodeny  ${HOME}/.config/freecol
+nodeny  ${HOME}/.local/share/freecol
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -26,11 +26,11 @@ mkdir ${HOME}/.java
 mkdir ${HOME}/.cache/freecol
 mkdir ${HOME}/.config/freecol
 mkdir ${HOME}/.local/share/freecol
-whitelist ${HOME}/.freecol
-whitelist ${HOME}/.java
-whitelist ${HOME}/.cache/freecol
-whitelist ${HOME}/.config/freecol
-whitelist ${HOME}/.local/share/freecol
+allow  ${HOME}/.freecol
+allow  ${HOME}/.java
+allow  ${HOME}/.cache/freecol
+allow  ${HOME}/.config/freecol
+allow  ${HOME}/.local/share/freecol
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/freemind.profile b/etc/profile-a-l/freemind.profile
index 699177039..ba52dd208 100644
--- a/etc/profile-a-l/freemind.profile
+++ b/etc/profile-a-l/freemind.profile
@@ -6,8 +6,8 @@ include freemind.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${DOCUMENTS}
-noblacklist ${HOME}/.freemind
+nodeny  ${DOCUMENTS}
+nodeny  ${HOME}/.freemind
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/freetube.profile b/etc/profile-a-l/freetube.profile
index e6aff533d..4c321322c 100644
--- a/etc/profile-a-l/freetube.profile
+++ b/etc/profile-a-l/freetube.profile
@@ -6,12 +6,12 @@ include freetube.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/FreeTube
+nodeny  ${HOME}/.config/FreeTube
 
 include disable-shell.inc
 
 mkdir ${HOME}/.config/FreeTube
-whitelist ${HOME}/.config/FreeTube
+allow  ${HOME}/.config/FreeTube
 
 private-bin freetube
 private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg
diff --git a/etc/profile-a-l/frogatto.profile b/etc/profile-a-l/frogatto.profile
index b4ad81046..3a6dfcfd6 100644
--- a/etc/profile-a-l/frogatto.profile
+++ b/etc/profile-a-l/frogatto.profile
@@ -6,7 +6,7 @@ include frogatto.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.frogatto
+nodeny  ${HOME}/.frogatto
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.frogatto
-whitelist ${HOME}/.frogatto
-whitelist /usr/libexec/frogatto
-whitelist /usr/share/frogatto
+allow  ${HOME}/.frogatto
+allow  /usr/libexec/frogatto
+allow  /usr/share/frogatto
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/frozen-bubble.profile b/etc/profile-a-l/frozen-bubble.profile
index 76352e41e..12eca8eb0 100644
--- a/etc/profile-a-l/frozen-bubble.profile
+++ b/etc/profile-a-l/frozen-bubble.profile
@@ -6,7 +6,7 @@ include frozen-bubble.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.frozen-bubble
+nodeny  ${HOME}/.frozen-bubble
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -20,7 +20,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.frozen-bubble
-whitelist ${HOME}/.frozen-bubble
+allow  ${HOME}/.frozen-bubble
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/funnyboat.profile b/etc/profile-a-l/funnyboat.profile
index 8852925b1..07030df4b 100644
--- a/etc/profile-a-l/funnyboat.profile
+++ b/etc/profile-a-l/funnyboat.profile
@@ -5,7 +5,7 @@ include funnyboat.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.funnyboat
+nodeny  ${HOME}/.funnyboat
 
 ignore noexec /dev/shm
 include allow-python2.inc
@@ -21,12 +21,12 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.funnyboat
-whitelist ${HOME}/.funnyboat
+allow  ${HOME}/.funnyboat
 include whitelist-common.inc
 include whitelist-runuser-common.inc
-whitelist /usr/share/funnyboat
+allow  /usr/share/funnyboat
 # Debian:
-whitelist /usr/share/games/funnyboat
+allow  /usr/share/games/funnyboat
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gajim.profile b/etc/profile-a-l/gajim.profile
index ed3f0357d..4cd2cb1e6 100644
--- a/etc/profile-a-l/gajim.profile
+++ b/etc/profile-a-l/gajim.profile
@@ -6,10 +6,10 @@ include gajim.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.cache/gajim
-noblacklist ${HOME}/.config/gajim
-noblacklist ${HOME}/.local/share/gajim
+nodeny  ${HOME}/.gnupg
+nodeny  ${HOME}/.cache/gajim
+nodeny  ${HOME}/.config/gajim
+nodeny  ${HOME}/.local/share/gajim
 
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -28,14 +28,14 @@ mkdir ${HOME}/.gnupg
 mkdir ${HOME}/.cache/gajim
 mkdir ${HOME}/.config/gajim
 mkdir ${HOME}/.local/share/gajim
-whitelist ${HOME}/.gnupg
-whitelist ${HOME}/.cache/gajim
-whitelist ${HOME}/.config/gajim
-whitelist ${HOME}/.local/share/gajim
-whitelist ${DOWNLOADS}
-whitelist ${RUNUSER}/gnupg
-whitelist /usr/share/gnupg
-whitelist /usr/share/gnupg2
+allow  ${HOME}/.gnupg
+allow  ${HOME}/.cache/gajim
+allow  ${HOME}/.config/gajim
+allow  ${HOME}/.local/share/gajim
+allow  ${DOWNLOADS}
+allow  ${RUNUSER}/gnupg
+allow  /usr/share/gnupg
+allow  /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/galculator.profile b/etc/profile-a-l/galculator.profile
index 550b3808b..0b1b595a6 100644
--- a/etc/profile-a-l/galculator.profile
+++ b/etc/profile-a-l/galculator.profile
@@ -6,7 +6,7 @@ include galculator.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/galculator
+nodeny  ${HOME}/.config/galculator
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/galculator
-whitelist ${HOME}/.config/galculator
+allow  ${HOME}/.config/galculator
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile
index 3a8c055f2..00b830234 100644
--- a/etc/profile-a-l/gapplication.profile
+++ b/etc/profile-a-l/gapplication.profile
@@ -6,8 +6,8 @@ include gapplication.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
-blacklist /usr/libexec
+deny  ${RUNUSER}/wayland-*
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gcloud.profile b/etc/profile-a-l/gcloud.profile
index 388f4c0df..896a100fc 100644
--- a/etc/profile-a-l/gcloud.profile
+++ b/etc/profile-a-l/gcloud.profile
@@ -8,9 +8,9 @@ include globals.local
 # noexec ${HOME} will break user-local installs of gcloud tooling
 ignore noexec ${HOME}
 
-noblacklist ${HOME}/.boto
-noblacklist ${HOME}/.config/gcloud
-noblacklist /var/run/docker.sock
+nodeny  ${HOME}/.boto
+nodeny  ${HOME}/.config/gcloud
+nodeny  /var/run/docker.sock
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gconf-editor.profile b/etc/profile-a-l/gconf-editor.profile
index cb39174e5..8f72f0b34 100644
--- a/etc/profile-a-l/gconf-editor.profile
+++ b/etc/profile-a-l/gconf-editor.profile
@@ -7,9 +7,9 @@ include gconf-editor.local
 # added by included profile
 #include globals.local
 
-blacklist /tmp/.X11-unix
+deny  /tmp/.X11-unix
 
-whitelist /usr/share/gconf-editor
+allow  /usr/share/gconf-editor
 
 ignore x11 none
 
diff --git a/etc/profile-a-l/gconf.profile b/etc/profile-a-l/gconf.profile
index fec1a555a..8c7013574 100644
--- a/etc/profile-a-l/gconf.profile
+++ b/etc/profile-a-l/gconf.profile
@@ -6,9 +6,9 @@ include gconf.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
-noblacklist ${HOME}/.config/gconf
+nodeny  ${HOME}/.config/gconf
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -23,9 +23,9 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/gconf
-whitelist ${HOME}/.config/gconf
-whitelist /usr/share/GConf
-whitelist /usr/share/gconf
+allow  ${HOME}/.config/gconf
+allow  /usr/share/GConf
+allow  /usr/share/gconf
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/geany.profile b/etc/profile-a-l/geany.profile
index 6fdb9b37a..706a85c75 100644
--- a/etc/profile-a-l/geany.profile
+++ b/etc/profile-a-l/geany.profile
@@ -6,7 +6,7 @@ include geany.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/geany
+nodeny  ${HOME}/.config/geany
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile
index 74e135a7c..512fc1e59 100644
--- a/etc/profile-a-l/geary.profile
+++ b/etc/profile-a-l/geary.profile
@@ -6,14 +6,14 @@ include geary.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/evolution
-noblacklist ${HOME}/.cache/folks
-noblacklist ${HOME}/.cache/geary
-noblacklist ${HOME}/.config/evolution
-noblacklist ${HOME}/.config/geary
-noblacklist ${HOME}/.local/share/evolution
-noblacklist ${HOME}/.local/share/geary
-noblacklist ${HOME}/.mozilla
+nodeny  ${HOME}/.cache/evolution
+nodeny  ${HOME}/.cache/folks
+nodeny  ${HOME}/.cache/geary
+nodeny  ${HOME}/.config/evolution
+nodeny  ${HOME}/.config/geary
+nodeny  ${HOME}/.local/share/evolution
+nodeny  ${HOME}/.local/share/geary
+nodeny  ${HOME}/.mozilla
 
 include disable-common.inc
 include disable-devel.inc
@@ -31,16 +31,16 @@ mkdir ${HOME}/.config/evolution
 mkdir ${HOME}/.config/geary
 mkdir ${HOME}/.local/share/evolution
 mkdir ${HOME}/.local/share/geary
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/evolution
-whitelist ${HOME}/.cache/folks
-whitelist ${HOME}/.cache/geary
-whitelist ${HOME}/.config/evolution
-whitelist ${HOME}/.config/geary
-whitelist ${HOME}/.local/share/evolution
-whitelist ${HOME}/.local/share/geary
-whitelist ${HOME}/.mozilla/firefox/profiles.ini
-whitelist /usr/share/geary
+allow  ${DOWNLOADS}
+allow  ${HOME}/.cache/evolution
+allow  ${HOME}/.cache/folks
+allow  ${HOME}/.cache/geary
+allow  ${HOME}/.config/evolution
+allow  ${HOME}/.config/geary
+allow  ${HOME}/.local/share/evolution
+allow  ${HOME}/.local/share/geary
+allow  ${HOME}/.mozilla/firefox/profiles.ini
+allow  /usr/share/geary
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gedit.profile b/etc/profile-a-l/gedit.profile
index 108b7041d..f11540374 100644
--- a/etc/profile-a-l/gedit.profile
+++ b/etc/profile-a-l/gedit.profile
@@ -6,8 +6,8 @@ include gedit.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/enchant
-noblacklist ${HOME}/.config/gedit
+nodeny  ${HOME}/.config/enchant
+nodeny  ${HOME}/.config/gedit
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/geeqie.profile b/etc/profile-a-l/geeqie.profile
index dd33b3fb5..8ec3bbaf9 100644
--- a/etc/profile-a-l/geeqie.profile
+++ b/etc/profile-a-l/geeqie.profile
@@ -6,9 +6,9 @@ include geeqie.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/geeqie
-noblacklist ${HOME}/.config/geeqie
-noblacklist ${HOME}/.local/share/geeqie
+nodeny  ${HOME}/.cache/geeqie
+nodeny  ${HOME}/.config/geeqie
+nodeny  ${HOME}/.local/share/geeqie
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile
index f894a42ca..1661da639 100644
--- a/etc/profile-a-l/gfeeds.profile
+++ b/etc/profile-a-l/gfeeds.profile
@@ -6,10 +6,10 @@ include gfeeds.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/gfeeds
-noblacklist ${HOME}/.cache/org.gabmus.gfeeds
-noblacklist ${HOME}/.config/org.gabmus.gfeeds.json
-noblacklist ${HOME}/.config/org.gabmus.gfeeds.saved_articles
+nodeny  ${HOME}/.cache/gfeeds
+nodeny  ${HOME}/.cache/org.gabmus.gfeeds
+nodeny  ${HOME}/.config/org.gabmus.gfeeds.json
+nodeny  ${HOME}/.config/org.gabmus.gfeeds.saved_articles
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
@@ -27,12 +27,12 @@ mkdir ${HOME}/.cache/gfeeds
 mkdir ${HOME}/.cache/org.gabmus.gfeeds
 mkfile ${HOME}/.config/org.gabmus.gfeeds.json
 mkdir ${HOME}/.config/org.gabmus.gfeeds.saved_articles
-whitelist ${HOME}/.cache/gfeeds
-whitelist ${HOME}/.cache/org.gabmus.gfeeds
-whitelist ${HOME}/.config/org.gabmus.gfeeds.json
-whitelist ${HOME}/.config/org.gabmus.gfeeds.saved_articles
-whitelist /usr/libexec/webkit2gtk-4.0
-whitelist /usr/share/gfeeds
+allow  ${HOME}/.cache/gfeeds
+allow  ${HOME}/.cache/org.gabmus.gfeeds
+allow  ${HOME}/.config/org.gabmus.gfeeds.json
+allow  ${HOME}/.config/org.gabmus.gfeeds.saved_articles
+allow  /usr/libexec/webkit2gtk-4.0
+allow  /usr/share/gfeeds
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile
index d9c5a0d9a..06929dbe3 100644
--- a/etc/profile-a-l/gget.profile
+++ b/etc/profile-a-l/gget.profile
@@ -7,8 +7,8 @@ include gget.local
 # Persistent global definitions
 include globals.local
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist ${DOWNLOADS}
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/ghostwriter.profile b/etc/profile-a-l/ghostwriter.profile
index 276ab76df..0577fe24f 100644
--- a/etc/profile-a-l/ghostwriter.profile
+++ b/etc/profile-a-l/ghostwriter.profile
@@ -6,10 +6,10 @@ include ghostwriter.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/ghostwriter
-noblacklist ${HOME}/.local/share/ghostwriter
-noblacklist ${DOCUMENTS}
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.config/ghostwriter
+nodeny  ${HOME}/.local/share/ghostwriter
+nodeny  ${DOCUMENTS}
+nodeny  ${PICTURES}
 
 include allow-lua.inc
 
@@ -22,10 +22,10 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/ghostwriter
-whitelist /usr/share/mozilla-dicts
-whitelist /usr/share/texlive
-whitelist /usr/share/pandoc*
+allow  /usr/share/ghostwriter
+allow  /usr/share/mozilla-dicts
+allow  /usr/share/texlive
+allow  /usr/share/pandoc*
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile
index dfc1304d1..de9db8d0f 100644
--- a/etc/profile-a-l/gimp.profile
+++ b/etc/profile-a-l/gimp.profile
@@ -18,13 +18,13 @@ include globals.local
 # If you are not using external plugins, you can add 'noexec ${HOME}' to your gimp.local.
 ignore noexec ${HOME}
 
-noblacklist ${HOME}/.cache/babl
-noblacklist ${HOME}/.cache/gegl-0.4
-noblacklist ${HOME}/.cache/gimp
-noblacklist ${HOME}/.config/GIMP
-noblacklist ${HOME}/.gimp*
-noblacklist ${DOCUMENTS}
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.cache/babl
+nodeny  ${HOME}/.cache/gegl-0.4
+nodeny  ${HOME}/.cache/gimp
+nodeny  ${HOME}/.config/GIMP
+nodeny  ${HOME}/.gimp*
+nodeny  ${DOCUMENTS}
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-exec.inc
@@ -33,10 +33,10 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist /usr/share/gegl-0.4
-whitelist /usr/share/gimp
-whitelist /usr/share/mypaint-data
-whitelist /usr/share/lensfun
+allow  /usr/share/gegl-0.4
+allow  /usr/share/gimp
+allow  /usr/share/mypaint-data
+allow  /usr/share/lensfun
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile
index 661c3a375..e601d3ab0 100644
--- a/etc/profile-a-l/gist.profile
+++ b/etc/profile-a-l/gist.profile
@@ -7,10 +7,10 @@ include gist.local
 # Persistent global definitions
 include globals.local
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
-noblacklist ${HOME}/.gist
+nodeny  ${HOME}/.gist
 
 # Allow ruby (blacklisted by disable-interpreters.inc)
 include allow-ruby.inc
@@ -24,8 +24,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.gist
-whitelist ${HOME}/.gist
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.gist
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile
index 5e4249376..74b7506cf 100644
--- a/etc/profile-a-l/git-cola.profile
+++ b/etc/profile-a-l/git-cola.profile
@@ -8,12 +8,12 @@ include globals.local
 
 ignore noexec ${HOME}
 
-noblacklist ${HOME}/.gitconfig
-noblacklist ${HOME}/.git-credentials
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.subversion
-noblacklist ${HOME}/.config/git
-noblacklist ${HOME}/.config/git-cola
+nodeny  ${HOME}/.gitconfig
+nodeny  ${HOME}/.git-credentials
+nodeny  ${HOME}/.gnupg
+nodeny  ${HOME}/.subversion
+nodeny  ${HOME}/.config/git
+nodeny  ${HOME}/.config/git-cola
 # Add your editor/diff viewer config paths and the next line to your git-cola.local to load settings.
 #noblacklist ${HOME}/
 
@@ -32,17 +32,17 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist ${RUNUSER}/gnupg
-whitelist ${RUNUSER}/keyring
+allow  ${RUNUSER}/gnupg
+allow  ${RUNUSER}/keyring
 # Add additional whitelist paths below /usr/share to your git-cola.local to support your editor/diff viewer.
-whitelist /usr/share/git
-whitelist /usr/share/git-cola
-whitelist /usr/share/git-core
-whitelist /usr/share/git-gui
-whitelist /usr/share/gitk
-whitelist /usr/share/gitweb
-whitelist /usr/share/gnupg
-whitelist /usr/share/gnupg2
+allow  /usr/share/git
+allow  /usr/share/git-cola
+allow  /usr/share/git-core
+allow  /usr/share/git-gui
+allow  /usr/share/gitk
+allow  /usr/share/gitweb
+allow  /usr/share/gnupg
+allow  /usr/share/gnupg2
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/git.profile b/etc/profile-a-l/git.profile
index bfa0081c6..680e91085 100644
--- a/etc/profile-a-l/git.profile
+++ b/etc/profile-a-l/git.profile
@@ -7,33 +7,33 @@ include git.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/git
-noblacklist ${HOME}/.config/nano
-noblacklist ${HOME}/.emacs
-noblacklist ${HOME}/.emacs.d
-noblacklist ${HOME}/.gitconfig
-noblacklist ${HOME}/.git-credentials
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.nanorc
-noblacklist ${HOME}/.vim
-noblacklist ${HOME}/.viminfo
+nodeny  ${HOME}/.config/git
+nodeny  ${HOME}/.config/nano
+nodeny  ${HOME}/.emacs
+nodeny  ${HOME}/.emacs.d
+nodeny  ${HOME}/.gitconfig
+nodeny  ${HOME}/.git-credentials
+nodeny  ${HOME}/.gnupg
+nodeny  ${HOME}/.nanorc
+nodeny  ${HOME}/.vim
+nodeny  ${HOME}/.viminfo
 
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-exec.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-whitelist /usr/share/git
-whitelist /usr/share/git-core
-whitelist /usr/share/gitgui
-whitelist /usr/share/gitweb
-whitelist /usr/share/nano
+allow  /usr/share/git
+allow  /usr/share/git-core
+allow  /usr/share/gitgui
+allow  /usr/share/gitweb
+allow  /usr/share/nano
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gitg.profile b/etc/profile-a-l/gitg.profile
index 05d7dffa9..d313b5022 100644
--- a/etc/profile-a-l/gitg.profile
+++ b/etc/profile-a-l/gitg.profile
@@ -6,10 +6,10 @@ include gitg.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/git
-noblacklist ${HOME}/.gitconfig
-noblacklist ${HOME}/.git-credentials
-noblacklist ${HOME}/.local/share/gitg
+nodeny  ${HOME}/.config/git
+nodeny  ${HOME}/.gitconfig
+nodeny  ${HOME}/.git-credentials
+nodeny  ${HOME}/.local/share/gitg
 
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
@@ -29,7 +29,7 @@ include disable-programs.inc
 #whitelist ${HOME}/.ssh
 #include whitelist-common.inc
 
-whitelist /usr/share/gitg
+allow  /usr/share/gitg
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/github-desktop.profile b/etc/profile-a-l/github-desktop.profile
index 325c54ced..81b534a74 100644
--- a/etc/profile-a-l/github-desktop.profile
+++ b/etc/profile-a-l/github-desktop.profile
@@ -22,10 +22,10 @@ ignore apparmor
 ignore dbus-user none
 ignore dbus-system none
 
-noblacklist ${HOME}/.config/GitHub Desktop
-noblacklist ${HOME}/.config/git
-noblacklist ${HOME}/.gitconfig
-noblacklist ${HOME}/.git-credentials
+nodeny  ${HOME}/.config/GitHub Desktop
+nodeny  ${HOME}/.config/git
+nodeny  ${HOME}/.gitconfig
+nodeny  ${HOME}/.git-credentials
 
 # no3d
 nosound
diff --git a/etc/profile-a-l/gitter.profile b/etc/profile-a-l/gitter.profile
index 460e2b990..2d1694ef7 100644
--- a/etc/profile-a-l/gitter.profile
+++ b/etc/profile-a-l/gitter.profile
@@ -5,8 +5,8 @@ include gitter.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/autostart
-noblacklist ${HOME}/.config/Gitter
+nodeny  ${HOME}/.config/autostart
+nodeny  ${HOME}/.config/Gitter
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.config/Gitter
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.config/autostart
-whitelist ${HOME}/.config/Gitter
+allow  ${DOWNLOADS}
+allow  ${HOME}/.config/autostart
+allow  ${HOME}/.config/Gitter
 include whitelist-var-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/gjs.profile b/etc/profile-a-l/gjs.profile
index ed68b3c2d..e00bb1dbf 100644
--- a/etc/profile-a-l/gjs.profile
+++ b/etc/profile-a-l/gjs.profile
@@ -8,10 +8,10 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-noblacklist ${HOME}/.cache/libgweather
-noblacklist ${HOME}/.cache/org.gnome.Books
-noblacklist ${HOME}/.config/libreoffice
-noblacklist ${HOME}/.local/share/gnome-photos
+nodeny  ${HOME}/.cache/libgweather
+nodeny  ${HOME}/.cache/org.gnome.Books
+nodeny  ${HOME}/.config/libreoffice
+nodeny  ${HOME}/.local/share/gnome-photos
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gl-117.profile b/etc/profile-a-l/gl-117.profile
index c8cefc67e..a3236c2be 100644
--- a/etc/profile-a-l/gl-117.profile
+++ b/etc/profile-a-l/gl-117.profile
@@ -6,7 +6,7 @@ include gl-117.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.gl-117
+nodeny  ${HOME}/.gl-117
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.gl-117
-whitelist ${HOME}/.gl-117
-whitelist /usr/share/gl-117
+allow  ${HOME}/.gl-117
+allow  /usr/share/gl-117
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/glaxium.profile b/etc/profile-a-l/glaxium.profile
index ee7af0546..ec894a5f3 100644
--- a/etc/profile-a-l/glaxium.profile
+++ b/etc/profile-a-l/glaxium.profile
@@ -6,7 +6,7 @@ include glaxium.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.glaxiumrc
+nodeny  ${HOME}/.glaxiumrc
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/.glaxiumrc
-whitelist ${HOME}/.glaxiumrc
-whitelist /usr/share/glaxium
+allow  ${HOME}/.glaxiumrc
+allow  /usr/share/glaxium
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/globaltime.profile b/etc/profile-a-l/globaltime.profile
index 14b3ef811..e091b811f 100644
--- a/etc/profile-a-l/globaltime.profile
+++ b/etc/profile-a-l/globaltime.profile
@@ -5,7 +5,7 @@ include globaltime.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/globaltime
+nodeny  ${HOME}/.config/globaltime
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gmpc.profile b/etc/profile-a-l/gmpc.profile
index b3aad8b2c..79397d28f 100644
--- a/etc/profile-a-l/gmpc.profile
+++ b/etc/profile-a-l/gmpc.profile
@@ -6,8 +6,8 @@ include gmpc.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/gmpc
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.config/gmpc
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/gmpc
-whitelist ${HOME}/.config/gmpc
-whitelist ${MUSIC}
-whitelist /usr/share/gmpc
+allow  ${HOME}/.config/gmpc
+allow  ${MUSIC}
+allow  /usr/share/gmpc
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-2048.profile b/etc/profile-a-l/gnome-2048.profile
index 777c81dbe..c723f6e46 100644
--- a/etc/profile-a-l/gnome-2048.profile
+++ b/etc/profile-a-l/gnome-2048.profile
@@ -6,10 +6,10 @@ include gnome-2048.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/gnome-2048
+nodeny  ${HOME}/.local/share/gnome-2048
 
 mkdir ${HOME}/.local/share/gnome-2048
-whitelist ${HOME}/.local/share/gnome-2048
+allow  ${HOME}/.local/share/gnome-2048
 
 private-bin gnome-2048
 
diff --git a/etc/profile-a-l/gnome-books.profile b/etc/profile-a-l/gnome-books.profile
index 34a7f557c..2ed5fa76b 100644
--- a/etc/profile-a-l/gnome-books.profile
+++ b/etc/profile-a-l/gnome-books.profile
@@ -7,8 +7,8 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-noblacklist ${HOME}/.cache/org.gnome.Books
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.cache/org.gnome.Books
+nodeny  ${DOCUMENTS}
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnome-builder.profile b/etc/profile-a-l/gnome-builder.profile
index 37ca5aeff..7dd1c6e22 100644
--- a/etc/profile-a-l/gnome-builder.profile
+++ b/etc/profile-a-l/gnome-builder.profile
@@ -6,11 +6,11 @@ include gnome-builder.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.bash_history
+nodeny  ${HOME}/.bash_history
 
-noblacklist ${HOME}/.cache/gnome-builder
-noblacklist ${HOME}/.config/gnome-builder
-noblacklist ${HOME}/.local/share/gnome-builder
+nodeny  ${HOME}/.cache/gnome-builder
+nodeny  ${HOME}/.config/gnome-builder
+nodeny  ${HOME}/.local/share/gnome-builder
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/gnome-calendar.profile b/etc/profile-a-l/gnome-calendar.profile
index 03acd66aa..d91fbaa4b 100644
--- a/etc/profile-a-l/gnome-calendar.profile
+++ b/etc/profile-a-l/gnome-calendar.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/libgweather
+allow  /usr/share/libgweather
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-characters.profile b/etc/profile-a-l/gnome-characters.profile
index 741fe9bf7..806d7e571 100644
--- a/etc/profile-a-l/gnome-characters.profile
+++ b/etc/profile-a-l/gnome-characters.profile
@@ -18,7 +18,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/org.gnome.Characters
+allow  /usr/share/org.gnome.Characters
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-chess.profile b/etc/profile-a-l/gnome-chess.profile
index bd39f625c..095210565 100644
--- a/etc/profile-a-l/gnome-chess.profile
+++ b/etc/profile-a-l/gnome-chess.profile
@@ -6,8 +6,8 @@ include gnome-chess.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/gnome-chess
-noblacklist ${HOME}/.local/share/gnome-chess
+nodeny  ${HOME}/.config/gnome-chess
+nodeny  ${HOME}/.local/share/gnome-chess
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,8 +22,8 @@ include disable-xdg.inc
 #whitelist ${HOME}/.local/share/gnome-chess
 #include whitelist-common.inc
 
-whitelist /usr/share/gnuchess
-whitelist /usr/share/gnome-chess
+allow  /usr/share/gnuchess
+allow  /usr/share/gnome-chess
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-clocks.profile b/etc/profile-a-l/gnome-clocks.profile
index 1e7c70b84..7e2d458fd 100644
--- a/etc/profile-a-l/gnome-clocks.profile
+++ b/etc/profile-a-l/gnome-clocks.profile
@@ -15,8 +15,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/gnome-clocks
-whitelist /usr/share/libgweather
+allow  /usr/share/gnome-clocks
+allow  /usr/share/libgweather
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-contacts.profile b/etc/profile-a-l/gnome-contacts.profile
index dcc6163b6..7902fa169 100644
--- a/etc/profile-a-l/gnome-contacts.profile
+++ b/etc/profile-a-l/gnome-contacts.profile
@@ -6,7 +6,7 @@ include gnome-contacts.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${DOCUMENTS}
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-documents.profile b/etc/profile-a-l/gnome-documents.profile
index 29ad67af8..0f601149f 100644
--- a/etc/profile-a-l/gnome-documents.profile
+++ b/etc/profile-a-l/gnome-documents.profile
@@ -8,8 +8,8 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-noblacklist ${HOME}/.config/libreoffice
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.config/libreoffice
+nodeny  ${DOCUMENTS}
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnome-hexgl.profile b/etc/profile-a-l/gnome-hexgl.profile
index 2db956faf..50c3e2c6f 100644
--- a/etc/profile-a-l/gnome-hexgl.profile
+++ b/etc/profile-a-l/gnome-hexgl.profile
@@ -16,7 +16,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.cache/mesa_shader_cache
-whitelist /usr/share/gnome-hexgl
+allow  /usr/share/gnome-hexgl
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-keyring.profile b/etc/profile-a-l/gnome-keyring.profile
index 25b4c47de..62a5a34ea 100644
--- a/etc/profile-a-l/gnome-keyring.profile
+++ b/etc/profile-a-l/gnome-keyring.profile
@@ -7,7 +7,7 @@ include gnome-keyring.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.gnupg
+nodeny  ${HOME}/.gnupg
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,12 +18,12 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.gnupg
-whitelist ${HOME}/.gnupg
-whitelist ${DOWNLOADS}
-whitelist ${RUNUSER}/gnupg
-whitelist ${RUNUSER}/keyring
-whitelist /usr/share/gnupg
-whitelist /usr/share/gnupg2
+allow  ${HOME}/.gnupg
+allow  ${DOWNLOADS}
+allow  ${RUNUSER}/gnupg
+allow  ${RUNUSER}/keyring
+allow  /usr/share/gnupg
+allow  /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-klotski.profile b/etc/profile-a-l/gnome-klotski.profile
index c67a5c0da..ed074f944 100644
--- a/etc/profile-a-l/gnome-klotski.profile
+++ b/etc/profile-a-l/gnome-klotski.profile
@@ -6,10 +6,10 @@ include gnome-klotski.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/gnome-klotski
+nodeny  ${HOME}/.local/share/gnome-klotski
 
 mkdir ${HOME}/.local/share/gnome-klotski
-whitelist ${HOME}/.local/share/gnome-klotski
+allow  ${HOME}/.local/share/gnome-klotski
 
 private-bin gnome-klotski
 
diff --git a/etc/profile-a-l/gnome-latex.profile b/etc/profile-a-l/gnome-latex.profile
index 1a7eafeca..4a03a7ff5 100644
--- a/etc/profile-a-l/gnome-latex.profile
+++ b/etc/profile-a-l/gnome-latex.profile
@@ -6,8 +6,8 @@ include gnome-latex.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/gnome-latex
-noblacklist ${HOME}/.local/share/gnome-latex
+nodeny  ${HOME}/.config/gnome-latex
+nodeny  ${HOME}/.local/share/gnome-latex
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -19,8 +19,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-whitelist /usr/share/gnome-latex
-whitelist /usr/share/texlive
+allow  /usr/share/gnome-latex
+allow  /usr/share/texlive
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 # May cause issues.
diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile
index 9d2ea7b7b..fcc02dc76 100644
--- a/etc/profile-a-l/gnome-logs.profile
+++ b/etc/profile-a-l/gnome-logs.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /var/log/journal
+allow  /var/log/journal
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-mahjongg.profile b/etc/profile-a-l/gnome-mahjongg.profile
index 42409dce8..e21f03efe 100644
--- a/etc/profile-a-l/gnome-mahjongg.profile
+++ b/etc/profile-a-l/gnome-mahjongg.profile
@@ -6,7 +6,7 @@ include gnome-mahjongg.local
 # Persistent global definitions
 include globals.local
 
-whitelist /usr/share/gnome-mahjongg
+allow  /usr/share/gnome-mahjongg
 
 private-bin gnome-mahjongg
 
diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile
index 23aab343f..cf4eceee3 100644
--- a/etc/profile-a-l/gnome-maps.profile
+++ b/etc/profile-a-l/gnome-maps.profile
@@ -11,14 +11,14 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-noblacklist ${HOME}/.cache/champlain
-noblacklist ${HOME}/.cache/org.gnome.Maps
-noblacklist ${HOME}/.local/share/maps-places.json
+nodeny  ${HOME}/.cache/champlain
+nodeny  ${HOME}/.cache/org.gnome.Maps
+nodeny  ${HOME}/.local/share/maps-places.json
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -31,12 +31,12 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/champlain
 mkfile ${HOME}/.local/share/maps-places.json
-whitelist ${HOME}/.cache/champlain
-whitelist ${HOME}/.local/share/maps-places.json
-whitelist ${DOWNLOADS}
-whitelist ${PICTURES}
-whitelist /usr/share/gnome-maps
-whitelist /usr/share/libgweather
+allow  ${HOME}/.cache/champlain
+allow  ${HOME}/.local/share/maps-places.json
+allow  ${DOWNLOADS}
+allow  ${PICTURES}
+allow  /usr/share/gnome-maps
+allow  /usr/share/libgweather
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-mines.profile b/etc/profile-a-l/gnome-mines.profile
index 4fe8986c2..1b2949bc5 100644
--- a/etc/profile-a-l/gnome-mines.profile
+++ b/etc/profile-a-l/gnome-mines.profile
@@ -6,11 +6,11 @@ include gnome-mines.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/gnome-mines
+nodeny  ${HOME}/.local/share/gnome-mines
 
 mkdir ${HOME}/.local/share/gnome-mines
-whitelist ${HOME}/.local/share/gnome-mines
-whitelist /usr/share/gnome-mines
+allow  ${HOME}/.local/share/gnome-mines
+allow  /usr/share/gnome-mines
 
 private-bin gnome-mines
 
diff --git a/etc/profile-a-l/gnome-mplayer.profile b/etc/profile-a-l/gnome-mplayer.profile
index 43fe71f5e..c1cbc796a 100644
--- a/etc/profile-a-l/gnome-mplayer.profile
+++ b/etc/profile-a-l/gnome-mplayer.profile
@@ -6,9 +6,9 @@ include gnome-mplayer.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/gnome-mplayer
-noblacklist ${MUSIC}
-noblacklist ${VIDEOS}
+nodeny  ${HOME}/.config/gnome-mplayer
+nodeny  ${MUSIC}
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-music.profile b/etc/profile-a-l/gnome-music.profile
index 2fcbe9910..8fd0826c4 100644
--- a/etc/profile-a-l/gnome-music.profile
+++ b/etc/profile-a-l/gnome-music.profile
@@ -6,8 +6,8 @@ include gnome-music.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/gnome-music
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.local/share/gnome-music
+nodeny  ${MUSIC}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/gnome-nettool.profile b/etc/profile-a-l/gnome-nettool.profile
index 814751db3..a929582f8 100644
--- a/etc/profile-a-l/gnome-nettool.profile
+++ b/etc/profile-a-l/gnome-nettool.profile
@@ -14,7 +14,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist /usr/share/gnome-nettool
+allow  /usr/share/gnome-nettool
 #include whitelist-common.inc -- see #903
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-nibbles.profile b/etc/profile-a-l/gnome-nibbles.profile
index b22810d34..d4c037a41 100644
--- a/etc/profile-a-l/gnome-nibbles.profile
+++ b/etc/profile-a-l/gnome-nibbles.profile
@@ -9,11 +9,11 @@ include globals.local
 ignore machine-id
 ignore nosound
 
-noblacklist ${HOME}/.local/share/gnome-nibbles
+nodeny  ${HOME}/.local/share/gnome-nibbles
 
 mkdir ${HOME}/.local/share/gnome-nibbles
-whitelist ${HOME}/.local/share/gnome-nibbles
-whitelist /usr/share/gnome-nibbles
+allow  ${HOME}/.local/share/gnome-nibbles
+allow  /usr/share/gnome-nibbles
 
 private-bin gnome-nibbles
 
diff --git a/etc/profile-a-l/gnome-passwordsafe.profile b/etc/profile-a-l/gnome-passwordsafe.profile
index fee5f88b9..d2cf828cc 100644
--- a/etc/profile-a-l/gnome-passwordsafe.profile
+++ b/etc/profile-a-l/gnome-passwordsafe.profile
@@ -6,14 +6,14 @@ include gnome-passwordsafe.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${DOCUMENTS}
-noblacklist ${HOME}/*.kdb
-noblacklist ${HOME}/*.kdbx
+nodeny  ${DOCUMENTS}
+nodeny  ${HOME}/*.kdb
+nodeny  ${HOME}/*.kdbx
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,8 +24,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/cracklib
-whitelist /usr/share/passwordsafe
+allow  /usr/share/cracklib
+allow  /usr/share/passwordsafe
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-photos.profile b/etc/profile-a-l/gnome-photos.profile
index 58bf3f349..3702da2c7 100644
--- a/etc/profile-a-l/gnome-photos.profile
+++ b/etc/profile-a-l/gnome-photos.profile
@@ -8,7 +8,7 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-noblacklist ${HOME}/.local/share/gnome-photos
+nodeny  ${HOME}/.local/share/gnome-photos
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-pie.profile b/etc/profile-a-l/gnome-pie.profile
index 41903b136..e9ae2bcb0 100644
--- a/etc/profile-a-l/gnome-pie.profile
+++ b/etc/profile-a-l/gnome-pie.profile
@@ -6,7 +6,7 @@ include gnome-pie.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/gnome-pie
+nodeny  ${HOME}/.config/gnome-pie
 
 #include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-pomodoro.profile b/etc/profile-a-l/gnome-pomodoro.profile
index c2ba7556d..bec23910c 100644
--- a/etc/profile-a-l/gnome-pomodoro.profile
+++ b/etc/profile-a-l/gnome-pomodoro.profile
@@ -6,7 +6,7 @@ include gnome-pomodoro.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/gnome-pomodoro
+nodeny  ${HOME}/.local/share/gnome-pomodoro
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/gnome-pomodoro
-whitelist ${HOME}/.local/share/gnome-pomodoro
-whitelist /usr/share/gnome-pomodoro
+allow  ${HOME}/.local/share/gnome-pomodoro
+allow  /usr/share/gnome-pomodoro
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/gnome-recipes.profile b/etc/profile-a-l/gnome-recipes.profile
index 48c98ebe0..5ef33fdd8 100644
--- a/etc/profile-a-l/gnome-recipes.profile
+++ b/etc/profile-a-l/gnome-recipes.profile
@@ -7,8 +7,8 @@ include gnome-recipes.local
 include globals.local
 
 
-noblacklist ${HOME}/.cache/gnome-recipes
-noblacklist ${HOME}/.local/share/gnome-recipes
+nodeny  ${HOME}/.cache/gnome-recipes
+nodeny  ${HOME}/.local/share/gnome-recipes
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-shell.inc
 
 mkdir ${HOME}/.cache/gnome-recipes
 mkdir ${HOME}/.local/share/gnome-recipes
-whitelist ${HOME}/.cache/gnome-recipes
-whitelist ${HOME}/.local/share/gnome-recipes
-whitelist /usr/share/gnome-recipes
+allow  ${HOME}/.cache/gnome-recipes
+allow  ${HOME}/.local/share/gnome-recipes
+allow  /usr/share/gnome-recipes
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-ring.profile b/etc/profile-a-l/gnome-ring.profile
index 78ceb9c4f..b34d264f4 100644
--- a/etc/profile-a-l/gnome-ring.profile
+++ b/etc/profile-a-l/gnome-ring.profile
@@ -5,7 +5,7 @@ include gnome-ring.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/gnome-ring
+nodeny  ${HOME}/.local/share/gnome-ring
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-robots.profile b/etc/profile-a-l/gnome-robots.profile
index 8835f2b93..836d4e2b2 100644
--- a/etc/profile-a-l/gnome-robots.profile
+++ b/etc/profile-a-l/gnome-robots.profile
@@ -9,7 +9,7 @@ include globals.local
 ignore machine-id
 ignore nosound
 
-whitelist /usr/share/gnome-robots
+allow  /usr/share/gnome-robots
 
 private-bin gnome-robots
 
diff --git a/etc/profile-a-l/gnome-schedule.profile b/etc/profile-a-l/gnome-schedule.profile
index 69c90b33d..146f8bc4e 100644
--- a/etc/profile-a-l/gnome-schedule.profile
+++ b/etc/profile-a-l/gnome-schedule.profile
@@ -6,17 +6,17 @@ include gnome-schedule.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.gnome/gnome-schedule
+nodeny  ${HOME}/.gnome/gnome-schedule
 
 # Needs at and crontab to read/write user cron
-noblacklist ${PATH}/at
-noblacklist ${PATH}/crontab
+nodeny  ${PATH}/at
+nodeny  ${PATH}/crontab
 
 # Needs access to these files/dirs
-noblacklist /etc/cron.allow
-noblacklist /etc/cron.deny
-noblacklist /etc/shadow
-noblacklist /var/spool/cron
+nodeny  /etc/cron.allow
+nodeny  /etc/cron.deny
+nodeny  /etc/shadow
+nodeny  /var/spool/cron
 
 # cron job testing needs a terminal, resulting in sandbox escape (see disable-common.inc)
 # add 'noblacklist ${PATH}/your-terminal' to gnome-schedule.local if you need that functionality
@@ -34,10 +34,10 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/.gnome/gnome-schedule
-whitelist ${HOME}/.gnome/gnome-schedule
-whitelist /usr/share/gnome-schedule
-whitelist /var/spool/atd
-whitelist /var/spool/cron
+allow  ${HOME}/.gnome/gnome-schedule
+allow  /usr/share/gnome-schedule
+allow  /var/spool/atd
+allow  /var/spool/cron
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-screenshot.profile b/etc/profile-a-l/gnome-screenshot.profile
index b683b6f6c..175549e99 100644
--- a/etc/profile-a-l/gnome-screenshot.profile
+++ b/etc/profile-a-l/gnome-screenshot.profile
@@ -6,8 +6,8 @@ include gnome-screenshot.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${PICTURES}
-noblacklist ${HOME}/.cache/gnome-screenshot
+nodeny  ${PICTURES}
+nodeny  ${HOME}/.cache/gnome-screenshot
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-sound-recorder.profile b/etc/profile-a-l/gnome-sound-recorder.profile
index 34f5fdeff..c2fb14fa4 100644
--- a/etc/profile-a-l/gnome-sound-recorder.profile
+++ b/etc/profile-a-l/gnome-sound-recorder.profile
@@ -6,8 +6,8 @@ include gnome-sound-recorder.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${MUSIC}
-noblacklist ${HOME}/.local/share/Trash
+nodeny  ${MUSIC}
+nodeny  ${HOME}/.local/share/Trash
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnome-sudoku.profile b/etc/profile-a-l/gnome-sudoku.profile
index 12fd48a86..3b7835e52 100644
--- a/etc/profile-a-l/gnome-sudoku.profile
+++ b/etc/profile-a-l/gnome-sudoku.profile
@@ -6,10 +6,10 @@ include gnome-sudoku.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/gnome-sudoku
+nodeny  ${HOME}/.local/share/gnome-sudoku
 
 mkdir ${HOME}/.local/share/gnome-sudoku
-whitelist ${HOME}/.local/share/gnome-sudoku
+allow  ${HOME}/.local/share/gnome-sudoku
 
 private-bin gnome-sudoku
 
diff --git a/etc/profile-a-l/gnome-system-log.profile b/etc/profile-a-l/gnome-system-log.profile
index 8a818695d..6978f7cab 100644
--- a/etc/profile-a-l/gnome-system-log.profile
+++ b/etc/profile-a-l/gnome-system-log.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /var/log
+allow  /var/log
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-taquin.profile b/etc/profile-a-l/gnome-taquin.profile
index 2341334f7..ac87cf70f 100644
--- a/etc/profile-a-l/gnome-taquin.profile
+++ b/etc/profile-a-l/gnome-taquin.profile
@@ -9,7 +9,7 @@ include globals.local
 ignore machine-id
 ignore nosound
 
-whitelist /usr/share/gnome-taquin
+allow  /usr/share/gnome-taquin
 
 private-bin gnome-taquin
 
diff --git a/etc/profile-a-l/gnome-todo.profile b/etc/profile-a-l/gnome-todo.profile
index 3b147cd48..092fd58a3 100644
--- a/etc/profile-a-l/gnome-todo.profile
+++ b/etc/profile-a-l/gnome-todo.profile
@@ -18,7 +18,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/gnome-todo
+allow  /usr/share/gnome-todo
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/gnome-twitch.profile b/etc/profile-a-l/gnome-twitch.profile
index b8ec195d3..d76872ea6 100644
--- a/etc/profile-a-l/gnome-twitch.profile
+++ b/etc/profile-a-l/gnome-twitch.profile
@@ -6,8 +6,8 @@ include gnome-twitch.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/gnome-twitch
-noblacklist ${HOME}/.local/share/gnome-twitch
+nodeny  ${HOME}/.cache/gnome-twitch
+nodeny  ${HOME}/.local/share/gnome-twitch
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.cache/gnome-twitch
 mkdir ${HOME}/.local/share/gnome-twitch
-whitelist ${HOME}/.cache/gnome-twitch
-whitelist ${HOME}/.local/share/gnome-twitch
+allow  ${HOME}/.cache/gnome-twitch
+allow  ${HOME}/.local/share/gnome-twitch
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/gnome-weather.profile b/etc/profile-a-l/gnome-weather.profile
index 2e08fa41d..6f557ff8d 100644
--- a/etc/profile-a-l/gnome-weather.profile
+++ b/etc/profile-a-l/gnome-weather.profile
@@ -8,7 +8,7 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-noblacklist ${HOME}/.cache/libgweather
+nodeny  ${HOME}/.cache/libgweather
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnote.profile b/etc/profile-a-l/gnote.profile
index c3014a288..261efefac 100644
--- a/etc/profile-a-l/gnote.profile
+++ b/etc/profile-a-l/gnote.profile
@@ -6,8 +6,8 @@ include gnote.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/gnote
-noblacklist ${HOME}/.local/share/gnote
+nodeny  ${HOME}/.config/gnote
+nodeny  ${HOME}/.local/share/gnote
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/gnote
 mkdir ${HOME}/.local/share/gnote
-whitelist ${HOME}/.config/gnote
-whitelist ${HOME}/.local/share/gnote
-whitelist /usr/share/gnote
+allow  ${HOME}/.config/gnote
+allow  ${HOME}/.local/share/gnote
+allow  /usr/share/gnote
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnubik.profile b/etc/profile-a-l/gnubik.profile
index 22851ce9f..e6fbca26f 100644
--- a/etc/profile-a-l/gnubik.profile
+++ b/etc/profile-a-l/gnubik.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/gnubik
+allow  /usr/share/gnubik
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/godot.profile b/etc/profile-a-l/godot.profile
index 09ca17caa..f35a53ca4 100644
--- a/etc/profile-a-l/godot.profile
+++ b/etc/profile-a-l/godot.profile
@@ -6,9 +6,9 @@ include godot.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/godot
-noblacklist ${HOME}/.config/godot
-noblacklist ${HOME}/.local/share/godot
+nodeny  ${HOME}/.cache/godot
+nodeny  ${HOME}/.config/godot
+nodeny  ${HOME}/.local/share/godot
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/goobox.profile b/etc/profile-a-l/goobox.profile
index 8399d77c4..95dd41c2a 100644
--- a/etc/profile-a-l/goobox.profile
+++ b/etc/profile-a-l/goobox.profile
@@ -6,7 +6,7 @@ include goobox.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${MUSIC}
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/google-chrome-beta.profile b/etc/profile-a-l/google-chrome-beta.profile
index ebe5e870b..07f0e587d 100644
--- a/etc/profile-a-l/google-chrome-beta.profile
+++ b/etc/profile-a-l/google-chrome-beta.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-noblacklist ${HOME}/.cache/google-chrome-beta
-noblacklist ${HOME}/.config/google-chrome-beta
+nodeny  ${HOME}/.cache/google-chrome-beta
+nodeny  ${HOME}/.config/google-chrome-beta
 
-noblacklist ${HOME}/.config/chrome-beta-flags.conf
-noblacklist ${HOME}/.config/chrome-beta-flags.config
+nodeny  ${HOME}/.config/chrome-beta-flags.conf
+nodeny  ${HOME}/.config/chrome-beta-flags.config
 
 mkdir ${HOME}/.cache/google-chrome-beta
 mkdir ${HOME}/.config/google-chrome-beta
-whitelist ${HOME}/.cache/google-chrome-beta
-whitelist ${HOME}/.config/google-chrome-beta
+allow  ${HOME}/.cache/google-chrome-beta
+allow  ${HOME}/.config/google-chrome-beta
 
-whitelist ${HOME}/.config/chrome-beta-flags.conf
-whitelist ${HOME}/.config/chrome-beta-flags.config
+allow  ${HOME}/.config/chrome-beta-flags.conf
+allow  ${HOME}/.config/chrome-beta-flags.config
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/google-chrome-unstable.profile b/etc/profile-a-l/google-chrome-unstable.profile
index 4d303f71b..229904411 100644
--- a/etc/profile-a-l/google-chrome-unstable.profile
+++ b/etc/profile-a-l/google-chrome-unstable.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-noblacklist ${HOME}/.cache/google-chrome-unstable
-noblacklist ${HOME}/.config/google-chrome-unstable
+nodeny  ${HOME}/.cache/google-chrome-unstable
+nodeny  ${HOME}/.config/google-chrome-unstable
 
-noblacklist ${HOME}/.config/chrome-unstable-flags.conf
-noblacklist ${HOME}/.config/chrome-unstable-flags.config
+nodeny  ${HOME}/.config/chrome-unstable-flags.conf
+nodeny  ${HOME}/.config/chrome-unstable-flags.config
 
 mkdir ${HOME}/.cache/google-chrome-unstable
 mkdir ${HOME}/.config/google-chrome-unstable
-whitelist ${HOME}/.cache/google-chrome-unstable
-whitelist ${HOME}/.config/google-chrome-unstable
+allow  ${HOME}/.cache/google-chrome-unstable
+allow  ${HOME}/.config/google-chrome-unstable
 
-whitelist ${HOME}/.config/chrome-unstable-flags.conf
-whitelist ${HOME}/.config/chrome-unstable-flags.config
+allow  ${HOME}/.config/chrome-unstable-flags.conf
+allow  ${HOME}/.config/chrome-unstable-flags.config
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/google-chrome.profile b/etc/profile-a-l/google-chrome.profile
index ed2595f72..f61642f17 100644
--- a/etc/profile-a-l/google-chrome.profile
+++ b/etc/profile-a-l/google-chrome.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-noblacklist ${HOME}/.cache/google-chrome
-noblacklist ${HOME}/.config/google-chrome
+nodeny  ${HOME}/.cache/google-chrome
+nodeny  ${HOME}/.config/google-chrome
 
-noblacklist ${HOME}/.config/chrome-flags.conf
-noblacklist ${HOME}/.config/chrome-flags.config
+nodeny  ${HOME}/.config/chrome-flags.conf
+nodeny  ${HOME}/.config/chrome-flags.config
 
 mkdir ${HOME}/.cache/google-chrome
 mkdir ${HOME}/.config/google-chrome
-whitelist ${HOME}/.cache/google-chrome
-whitelist ${HOME}/.config/google-chrome
+allow  ${HOME}/.cache/google-chrome
+allow  ${HOME}/.config/google-chrome
 
-whitelist ${HOME}/.config/chrome-flags.conf
-whitelist ${HOME}/.config/chrome-flags.config
+allow  ${HOME}/.config/chrome-flags.conf
+allow  ${HOME}/.config/chrome-flags.config
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/google-earth.profile b/etc/profile-a-l/google-earth.profile
index 65ac04771..6039f7cbd 100644
--- a/etc/profile-a-l/google-earth.profile
+++ b/etc/profile-a-l/google-earth.profile
@@ -5,8 +5,8 @@ include google-earth.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Google
-noblacklist ${HOME}/.googleearth
+nodeny  ${HOME}/.config/Google
+nodeny  ${HOME}/.googleearth
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.config/Google
 mkdir ${HOME}/.googleearth
-whitelist ${HOME}/.config/Google
-whitelist ${HOME}/.googleearth
+allow  ${HOME}/.config/Google
+allow  ${HOME}/.googleearth
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/google-play-music-desktop-player.profile b/etc/profile-a-l/google-play-music-desktop-player.profile
index a7aabe105..fdb65b93c 100644
--- a/etc/profile-a-l/google-play-music-desktop-player.profile
+++ b/etc/profile-a-l/google-play-music-desktop-player.profile
@@ -8,7 +8,7 @@ include globals.local
 # noexec /tmp breaks mpris support
 ignore noexec /tmp
 
-noblacklist ${HOME}/.config/Google Play Music Desktop Player
+nodeny  ${HOME}/.config/Google Play Music Desktop Player
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,7 +20,7 @@ include disable-programs.inc
 mkdir ${HOME}/.config/Google Play Music Desktop Player
 # whitelist ${HOME}/.config/pulse
 # whitelist ${HOME}/.pulse
-whitelist ${HOME}/.config/Google Play Music Desktop Player
+allow  ${HOME}/.config/Google Play Music Desktop Player
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile
index 2d0bce52b..952c9c1d4 100644
--- a/etc/profile-a-l/googler-common.profile
+++ b/etc/profile-a-l/googler-common.profile
@@ -7,10 +7,10 @@ include googler-common.local
 # added by caller profile
 #include globals.local
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}
 
-noblacklist ${HOME}/.w3m
+nodeny  ${HOME}/.w3m
 
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -26,7 +26,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist ${HOME}/.w3m
+allow  ${HOME}/.w3m
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gpa.profile b/etc/profile-a-l/gpa.profile
index 37b4f0b1c..9b8da361b 100644
--- a/etc/profile-a-l/gpa.profile
+++ b/etc/profile-a-l/gpa.profile
@@ -6,7 +6,7 @@ include gpa.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.gnupg
+nodeny  ${HOME}/.gnupg
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gpg-agent.profile b/etc/profile-a-l/gpg-agent.profile
index 7f0b614b1..5fa66bb55 100644
--- a/etc/profile-a-l/gpg-agent.profile
+++ b/etc/profile-a-l/gpg-agent.profile
@@ -7,10 +7,10 @@ include gpg-agent.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.gnupg
+nodeny  ${HOME}/.gnupg
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,11 +20,11 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.gnupg
-whitelist ${HOME}/.gnupg
-whitelist ${RUNUSER}/gnupg
-whitelist ${RUNUSER}/keyring
-whitelist /usr/share/gnupg
-whitelist /usr/share/gnupg2
+allow  ${HOME}/.gnupg
+allow  ${RUNUSER}/gnupg
+allow  ${RUNUSER}/keyring
+allow  /usr/share/gnupg
+allow  /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gpg.profile b/etc/profile-a-l/gpg.profile
index 4a4d6527c..2ad896abe 100644
--- a/etc/profile-a-l/gpg.profile
+++ b/etc/profile-a-l/gpg.profile
@@ -7,10 +7,10 @@ include gpg.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.gnupg
+nodeny  ${HOME}/.gnupg
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,11 +18,11 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-whitelist ${RUNUSER}/gnupg
-whitelist ${RUNUSER}/keyring
-whitelist /usr/share/gnupg
-whitelist /usr/share/gnupg2
-whitelist /usr/share/pacman/keyrings
+allow  ${RUNUSER}/gnupg
+allow  ${RUNUSER}/keyring
+allow  /usr/share/gnupg
+allow  /usr/share/gnupg2
+allow  /usr/share/pacman/keyrings
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gpicview.profile b/etc/profile-a-l/gpicview.profile
index fa53c26c8..0552dc3d7 100644
--- a/etc/profile-a-l/gpicview.profile
+++ b/etc/profile-a-l/gpicview.profile
@@ -6,7 +6,7 @@ include gpicview.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/gpicview
+nodeny  ${HOME}/.config/gpicview
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
 
-whitelist /usr/share/gpicview
+allow  /usr/share/gpicview
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gpredict.profile b/etc/profile-a-l/gpredict.profile
index 253d644f1..c9e62a73f 100644
--- a/etc/profile-a-l/gpredict.profile
+++ b/etc/profile-a-l/gpredict.profile
@@ -6,7 +6,7 @@ include gpredict.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Gpredict
+nodeny  ${HOME}/.config/Gpredict
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.config/Gpredict
-whitelist ${HOME}/.config/Gpredict
+allow  ${HOME}/.config/Gpredict
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/gradio.profile b/etc/profile-a-l/gradio.profile
index 2b4c536d2..2aebe2338 100644
--- a/etc/profile-a-l/gradio.profile
+++ b/etc/profile-a-l/gradio.profile
@@ -5,8 +5,8 @@ include gradio.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/gradio
-noblacklist ${HOME}/.local/share/gradio
+nodeny  ${HOME}/.cache/gradio
+nodeny  ${HOME}/.local/share/gradio
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/gradio
 mkdir ${HOME}/.local/share/gradio
-whitelist ${HOME}/.cache/gradio
-whitelist ${HOME}/.local/share/gradio
+allow  ${HOME}/.cache/gradio
+allow  ${HOME}/.local/share/gradio
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gramps.profile b/etc/profile-a-l/gramps.profile
index c7e0c2977..53f0baccb 100644
--- a/etc/profile-a-l/gramps.profile
+++ b/etc/profile-a-l/gramps.profile
@@ -6,7 +6,7 @@ include gramps.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.gramps
+nodeny  ${HOME}/.gramps
 
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -21,7 +21,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.gramps
-whitelist ${HOME}/.gramps
+allow  ${HOME}/.gramps
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
index 890ba2560..ecc871c2e 100644
--- a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
+++ b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/gravity-beams-and-evaporating-stars
+allow  /usr/share/gravity-beams-and-evaporating-stars
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gthumb.profile b/etc/profile-a-l/gthumb.profile
index 5927e8c4d..9a4f7b4fb 100644
--- a/etc/profile-a-l/gthumb.profile
+++ b/etc/profile-a-l/gthumb.profile
@@ -6,9 +6,9 @@ include gthumb.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/gthumb
-noblacklist ${HOME}/.Steam
-noblacklist ${HOME}/.steam
+nodeny  ${HOME}/.config/gthumb
+nodeny  ${HOME}/.Steam
+nodeny  ${HOME}/.steam
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gtk-update-icon-cache.profile b/etc/profile-a-l/gtk-update-icon-cache.profile
index c8addae75..d6bb9902a 100644
--- a/etc/profile-a-l/gtk-update-icon-cache.profile
+++ b/etc/profile-a-l/gtk-update-icon-cache.profile
@@ -7,7 +7,7 @@ include gtk-update-icon-cache.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gtk2-youtube-viewer.profile b/etc/profile-a-l/gtk2-youtube-viewer.profile
index 787c7bd90..8241de43a 100644
--- a/etc/profile-a-l/gtk2-youtube-viewer.profile
+++ b/etc/profile-a-l/gtk2-youtube-viewer.profile
@@ -8,8 +8,8 @@ include gtk2-youtube-viewer.local
 
 ignore quiet
 
-noblacklist /tmp/.X11-unix
-noblacklist ${RUNUSER}
+nodeny  /tmp/.X11-unix
+nodeny  ${RUNUSER}
 
 include whitelist-runuser-common.inc
 
diff --git a/etc/profile-a-l/gtk3-youtube-viewer.profile b/etc/profile-a-l/gtk3-youtube-viewer.profile
index 988882622..6ea4ebbdc 100644
--- a/etc/profile-a-l/gtk3-youtube-viewer.profile
+++ b/etc/profile-a-l/gtk3-youtube-viewer.profile
@@ -8,8 +8,8 @@ include gtk3-youtube-viewer.local
 
 ignore quiet
 
-noblacklist /tmp/.X11-unix
-noblacklist ${RUNUSER}
+nodeny  /tmp/.X11-unix
+nodeny  ${RUNUSER}
 
 include whitelist-runuser-common.inc
 
diff --git a/etc/profile-a-l/guayadeque.profile b/etc/profile-a-l/guayadeque.profile
index 3d2b71e9d..731bcad1d 100644
--- a/etc/profile-a-l/guayadeque.profile
+++ b/etc/profile-a-l/guayadeque.profile
@@ -5,8 +5,8 @@ include guayadeque.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.guayadeque
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.guayadeque
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gummi.profile b/etc/profile-a-l/gummi.profile
index 2223c37a1..5cdc2cc18 100644
--- a/etc/profile-a-l/gummi.profile
+++ b/etc/profile-a-l/gummi.profile
@@ -5,8 +5,8 @@ include gummi.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/gummi
-noblacklist ${HOME}/.config/gummi
+nodeny  ${HOME}/.cache/gummi
+nodeny  ${HOME}/.config/gummi
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
diff --git a/etc/profile-a-l/guvcview.profile b/etc/profile-a-l/guvcview.profile
index 9221ca31c..3404f5177 100644
--- a/etc/profile-a-l/guvcview.profile
+++ b/etc/profile-a-l/guvcview.profile
@@ -6,10 +6,10 @@ include guvcview.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/guvcview2
+nodeny  ${HOME}/.config/guvcview2
 
-noblacklist ${PICTURES}
-noblacklist ${VIDEOS}
+nodeny  ${PICTURES}
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,9 +21,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/guvcview2
-whitelist ${HOME}/.config/guvcview2
-whitelist ${PICTURES}
-whitelist ${VIDEOS}
+allow  ${HOME}/.config/guvcview2
+allow  ${PICTURES}
+allow  ${VIDEOS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gwenview.profile b/etc/profile-a-l/gwenview.profile
index d33e2a673..132b5a2e2 100644
--- a/etc/profile-a-l/gwenview.profile
+++ b/etc/profile-a-l/gwenview.profile
@@ -6,17 +6,17 @@ include gwenview.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/GIMP
-noblacklist ${HOME}/.config/gwenviewrc
-noblacklist ${HOME}/.config/org.kde.gwenviewrc
-noblacklist ${HOME}/.gimp*
-noblacklist ${HOME}/.kde/share/apps/gwenview
-noblacklist ${HOME}/.kde/share/config/gwenviewrc
-noblacklist ${HOME}/.kde4/share/apps/gwenview
-noblacklist ${HOME}/.kde4/share/config/gwenviewrc
-noblacklist ${HOME}/.local/share/gwenview
-noblacklist ${HOME}/.local/share/kxmlgui5/gwenview
-noblacklist ${HOME}/.local/share/org.kde.gwenview
+nodeny  ${HOME}/.config/GIMP
+nodeny  ${HOME}/.config/gwenviewrc
+nodeny  ${HOME}/.config/org.kde.gwenviewrc
+nodeny  ${HOME}/.gimp*
+nodeny  ${HOME}/.kde/share/apps/gwenview
+nodeny  ${HOME}/.kde/share/config/gwenviewrc
+nodeny  ${HOME}/.kde4/share/apps/gwenview
+nodeny  ${HOME}/.kde4/share/config/gwenviewrc
+nodeny  ${HOME}/.local/share/gwenview
+nodeny  ${HOME}/.local/share/kxmlgui5/gwenview
+nodeny  ${HOME}/.local/share/org.kde.gwenview
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gzip.profile b/etc/profile-a-l/gzip.profile
index b261c16f4..46c98bdc2 100644
--- a/etc/profile-a-l/gzip.profile
+++ b/etc/profile-a-l/gzip.profile
@@ -9,7 +9,7 @@ include globals.local
 
 # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop
 # all capabilities this is automatically read-only.
-noblacklist /var/lib/pacman
+nodeny  /var/lib/pacman
 
 # Redirect
 include archiver-common.profile
diff --git a/etc/profile-a-l/handbrake.profile b/etc/profile-a-l/handbrake.profile
index 847e1ec1e..c102ac4cb 100644
--- a/etc/profile-a-l/handbrake.profile
+++ b/etc/profile-a-l/handbrake.profile
@@ -6,9 +6,9 @@ include handbrake.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/ghb
-noblacklist ${MUSIC}
-noblacklist ${VIDEOS}
+nodeny  ${HOME}/.config/ghb
+nodeny  ${MUSIC}
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hashcat.profile b/etc/profile-a-l/hashcat.profile
index aab4b0c21..d98a1b554 100644
--- a/etc/profile-a-l/hashcat.profile
+++ b/etc/profile-a-l/hashcat.profile
@@ -7,11 +7,11 @@ include hashcat.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
-noblacklist ${HOME}/.hashcat
-noblacklist /usr/include
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.hashcat
+nodeny  /usr/include
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hasher-common.profile b/etc/profile-a-l/hasher-common.profile
index 44584f26b..1c2a44e06 100644
--- a/etc/profile-a-l/hasher-common.profile
+++ b/etc/profile-a-l/hasher-common.profile
@@ -4,7 +4,7 @@ include hasher-common.local
 
 # common profile for hasher/checksum tools
 
-blacklist ${RUNUSER}
+deny  ${RUNUSER}
 
 # Comment/uncomment the relevant include file(s) in your hasher-common.local
 # to (un)restrict file access for **all** hashers. Another option is to do this **per hasher**
diff --git a/etc/profile-a-l/hedgewars.profile b/etc/profile-a-l/hedgewars.profile
index c0675d8ec..90833af91 100644
--- a/etc/profile-a-l/hedgewars.profile
+++ b/etc/profile-a-l/hedgewars.profile
@@ -6,7 +6,7 @@ include hedgewars.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.hedgewars
+nodeny  ${HOME}/.hedgewars
 
 include allow-lua.inc
 
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.hedgewars
-whitelist ${HOME}/.hedgewars
+allow  ${HOME}/.hedgewars
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/hexchat.profile b/etc/profile-a-l/hexchat.profile
index b887de147..993efb591 100644
--- a/etc/profile-a-l/hexchat.profile
+++ b/etc/profile-a-l/hexchat.profile
@@ -6,7 +6,7 @@ include hexchat.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/hexchat
+nodeny  ${HOME}/.config/hexchat
 
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -28,7 +28,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/hexchat
-whitelist ${HOME}/.config/hexchat
+allow  ${HOME}/.config/hexchat
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/highlight.profile b/etc/profile-a-l/highlight.profile
index 643736ac7..53db642dc 100644
--- a/etc/profile-a-l/highlight.profile
+++ b/etc/profile-a-l/highlight.profile
@@ -6,7 +6,7 @@ include highlight.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
+deny  ${RUNUSER}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/homebank.profile b/etc/profile-a-l/homebank.profile
index 199b1a5e5..ef259cc00 100644
--- a/etc/profile-a-l/homebank.profile
+++ b/etc/profile-a-l/homebank.profile
@@ -6,7 +6,7 @@ include homebank.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/homebank
+nodeny  ${HOME}/.config/homebank
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/homebank
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.config/homebank
-whitelist /usr/share/homebank
+allow  ${DOWNLOADS}
+allow  ${HOME}/.config/homebank
+allow  /usr/share/homebank
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/host.profile b/etc/profile-a-l/host.profile
index 00d9f7a76..63e1be259 100644
--- a/etc/profile-a-l/host.profile
+++ b/etc/profile-a-l/host.profile
@@ -7,8 +7,8 @@ include host.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
-noblacklist ${PATH}/host
+deny  ${RUNUSER}
+nodeny  ${PATH}/host
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hugin.profile b/etc/profile-a-l/hugin.profile
index 267712c87..db5cd29cc 100644
--- a/etc/profile-a-l/hugin.profile
+++ b/etc/profile-a-l/hugin.profile
@@ -6,9 +6,9 @@ include hugin.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.hugin
-noblacklist ${DOCUMENTS}
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.hugin
+nodeny  ${DOCUMENTS}
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hyperrogue.profile b/etc/profile-a-l/hyperrogue.profile
index e66ffd7e1..1fb33ceb8 100644
--- a/etc/profile-a-l/hyperrogue.profile
+++ b/etc/profile-a-l/hyperrogue.profile
@@ -6,7 +6,7 @@ include hyperrogue.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/hyperrogue.ini
+nodeny  ${HOME}/hyperrogue.ini
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/hyperrogue.ini
-whitelist ${HOME}/hyperrogue.ini
-whitelist /usr/share/hyperrogue
+allow  ${HOME}/hyperrogue.ini
+allow  /usr/share/hyperrogue
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/i2prouter.profile b/etc/profile-a-l/i2prouter.profile
index 47c984175..c8a2e8a04 100644
--- a/etc/profile-a-l/i2prouter.profile
+++ b/etc/profile-a-l/i2prouter.profile
@@ -14,12 +14,12 @@ include globals.local
 # Only needed when i2prouter binary resides in home directory (official I2P java installer does so).
 ignore noexec ${HOME}
 
-noblacklist ${HOME}/.config/i2p
-noblacklist ${HOME}/.i2p
-noblacklist ${HOME}/.local/share/i2p
-noblacklist ${HOME}/i2p
+nodeny  ${HOME}/.config/i2p
+nodeny  ${HOME}/.i2p
+nodeny  ${HOME}/.local/share/i2p
+nodeny  ${HOME}/i2p
 # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so).
-noblacklist /usr/sbin
+nodeny  /usr/sbin
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -36,12 +36,12 @@ mkdir ${HOME}/.config/i2p
 mkdir ${HOME}/.i2p
 mkdir ${HOME}/.local/share/i2p
 mkdir ${HOME}/i2p
-whitelist ${HOME}/.config/i2p
-whitelist ${HOME}/.i2p
-whitelist ${HOME}/.local/share/i2p
-whitelist ${HOME}/i2p
+allow  ${HOME}/.config/i2p
+allow  ${HOME}/.i2p
+allow  ${HOME}/.local/share/i2p
+allow  ${HOME}/i2p
 # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so).
-whitelist /usr/sbin/wrapper*
+allow  /usr/sbin/wrapper*
 
 include whitelist-common.inc
 
diff --git a/etc/profile-a-l/i3.profile b/etc/profile-a-l/i3.profile
index e96b1843c..95ddad221 100644
--- a/etc/profile-a-l/i3.profile
+++ b/etc/profile-a-l/i3.profile
@@ -7,7 +7,7 @@ include i3.local
 include globals.local
 
 # all applications started in i3 will run in this profile
-noblacklist ${HOME}/.config/i3
+nodeny  ${HOME}/.config/i3
 include disable-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/icecat.profile b/etc/profile-a-l/icecat.profile
index 660343a29..0de2f658b 100644
--- a/etc/profile-a-l/icecat.profile
+++ b/etc/profile-a-l/icecat.profile
@@ -5,13 +5,13 @@ include icecat.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/mozilla
-noblacklist ${HOME}/.mozilla
+nodeny  ${HOME}/.cache/mozilla
+nodeny  ${HOME}/.mozilla
 
 mkdir ${HOME}/.cache/mozilla/icecat
 mkdir ${HOME}/.mozilla
-whitelist ${HOME}/.cache/mozilla/icecat
-whitelist ${HOME}/.mozilla
+allow  ${HOME}/.cache/mozilla/icecat
+allow  ${HOME}/.mozilla
 
 # private-etc must first be enabled in firefox-common.profile
 #private-etc icecat
diff --git a/etc/profile-a-l/icedove.profile b/etc/profile-a-l/icedove.profile
index 19690cd5a..0c22d87d0 100644
--- a/etc/profile-a-l/icedove.profile
+++ b/etc/profile-a-l/icedove.profile
@@ -9,16 +9,16 @@ include icedove.local
 # Users have icedove set to open a browser by clicking a link in an email
 # We are not allowed to blacklist browser-specific directories
 
-noblacklist ${HOME}/.cache/icedove
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.icedove
+nodeny  ${HOME}/.cache/icedove
+nodeny  ${HOME}/.gnupg
+nodeny  ${HOME}/.icedove
 
 mkdir ${HOME}/.cache/icedove
 mkdir ${HOME}/.gnupg
 mkdir ${HOME}/.icedove
-whitelist ${HOME}/.cache/icedove
-whitelist ${HOME}/.gnupg
-whitelist ${HOME}/.icedove
+allow  ${HOME}/.cache/icedove
+allow  ${HOME}/.gnupg
+allow  ${HOME}/.icedove
 include whitelist-common.inc
 
 ignore private-tmp
diff --git a/etc/profile-a-l/idea.sh.profile b/etc/profile-a-l/idea.sh.profile
index 680b8e777..180b62ec2 100644
--- a/etc/profile-a-l/idea.sh.profile
+++ b/etc/profile-a-l/idea.sh.profile
@@ -5,12 +5,12 @@ include idea.sh.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.IdeaIC*
-noblacklist ${HOME}/.android
-noblacklist ${HOME}/.jack-server
-noblacklist ${HOME}/.jack-settings
-noblacklist ${HOME}/.local/share/JetBrains
-noblacklist ${HOME}/.tooling
+nodeny  ${HOME}/.IdeaIC*
+nodeny  ${HOME}/.android
+nodeny  ${HOME}/.jack-server
+nodeny  ${HOME}/.jack-settings
+nodeny  ${HOME}/.local/share/JetBrains
+nodeny  ${HOME}/.tooling
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/imagej.profile b/etc/profile-a-l/imagej.profile
index 12ce7976b..5d28e7aca 100644
--- a/etc/profile-a-l/imagej.profile
+++ b/etc/profile-a-l/imagej.profile
@@ -6,7 +6,7 @@ include imagej.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.imagej
+nodeny  ${HOME}/.imagej
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/img2txt.profile b/etc/profile-a-l/img2txt.profile
index c26958d06..70d56a7dc 100644
--- a/etc/profile-a-l/img2txt.profile
+++ b/etc/profile-a-l/img2txt.profile
@@ -5,10 +5,10 @@ include img2txt.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
-noblacklist ${DOCUMENTS}
-noblacklist ${PICTURES}
+nodeny  ${DOCUMENTS}
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist /usr/share/imlib2
+allow  /usr/share/imlib2
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/impressive.profile b/etc/profile-a-l/impressive.profile
index c152be01c..4914cd9d0 100644
--- a/etc/profile-a-l/impressive.profile
+++ b/etc/profile-a-l/impressive.profile
@@ -6,9 +6,9 @@ include impressive.local
 # Persistent global definitions
 #include globals.local
 
-noblacklist ${DOCUMENTS}
-noblacklist /sbin
-noblacklist /usr/sbin
+nodeny  ${DOCUMENTS}
+nodeny  /sbin
+nodeny  /usr/sbin
 
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -23,8 +23,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.cache/mesa_shader_cache
-whitelist /usr/share/opengl-games-utils
-whitelist /usr/share/zenity
+allow  /usr/share/opengl-games-utils
+allow  /usr/share/zenity
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/inkscape.profile b/etc/profile-a-l/inkscape.profile
index 35dd86b32..1a949b300 100644
--- a/etc/profile-a-l/inkscape.profile
+++ b/etc/profile-a-l/inkscape.profile
@@ -6,14 +6,14 @@ include inkscape.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/inkscape
-noblacklist ${HOME}/.config/inkscape
-noblacklist ${HOME}/.inkscape
-noblacklist ${DOCUMENTS}
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.cache/inkscape
+nodeny  ${HOME}/.config/inkscape
+nodeny  ${HOME}/.inkscape
+nodeny  ${DOCUMENTS}
+nodeny  ${PICTURES}
 # Allow exporting .xcf files
-noblacklist ${HOME}/.config/GIMP
-noblacklist ${HOME}/.gimp*
+nodeny  ${HOME}/.config/GIMP
+nodeny  ${HOME}/.gimp*
 
 
 # Allow python (blacklisted by disable-interpreters.inc)
@@ -28,7 +28,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist /usr/share/inkscape
+allow  /usr/share/inkscape
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/inox.profile b/etc/profile-a-l/inox.profile
index a5cac12f2..1591ed7ea 100644
--- a/etc/profile-a-l/inox.profile
+++ b/etc/profile-a-l/inox.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-noblacklist ${HOME}/.cache/inox
-noblacklist ${HOME}/.config/inox
+nodeny  ${HOME}/.cache/inox
+nodeny  ${HOME}/.config/inox
 
 mkdir ${HOME}/.cache/inox
 mkdir ${HOME}/.config/inox
-whitelist ${HOME}/.cache/inox
-whitelist ${HOME}/.config/inox
+allow  ${HOME}/.cache/inox
+allow  ${HOME}/.config/inox
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/iridium.profile b/etc/profile-a-l/iridium.profile
index 3037d00e9..f361fd663 100644
--- a/etc/profile-a-l/iridium.profile
+++ b/etc/profile-a-l/iridium.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-noblacklist ${HOME}/.cache/iridium
-noblacklist ${HOME}/.config/iridium
+nodeny  ${HOME}/.cache/iridium
+nodeny  ${HOME}/.config/iridium
 
 mkdir ${HOME}/.cache/iridium
 mkdir ${HOME}/.config/iridium
-whitelist ${HOME}/.cache/iridium
-whitelist ${HOME}/.config/iridium
+allow  ${HOME}/.cache/iridium
+allow  ${HOME}/.config/iridium
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/itch.profile b/etc/profile-a-l/itch.profile
index e02dcbdb1..fa0bcf986 100644
--- a/etc/profile-a-l/itch.profile
+++ b/etc/profile-a-l/itch.profile
@@ -8,8 +8,8 @@ include globals.local
 # itch.io has native firejail/sandboxing support bundled in
 # See https://itch.io/docs/itch/using/sandbox/linux.html
 
-noblacklist ${HOME}/.itch
-noblacklist ${HOME}/.config/itch
+nodeny  ${HOME}/.itch
+nodeny  ${HOME}/.config/itch
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.itch
 mkdir ${HOME}/.config/itch
-whitelist ${HOME}/.itch
-whitelist ${HOME}/.config/itch
+allow  ${HOME}/.itch
+allow  ${HOME}/.config/itch
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/jami-gnome.profile b/etc/profile-a-l/jami-gnome.profile
index 3e9abf369..e4be574df 100644
--- a/etc/profile-a-l/jami-gnome.profile
+++ b/etc/profile-a-l/jami-gnome.profile
@@ -6,8 +6,8 @@ include jami-gnome.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/jami
-noblacklist ${HOME}/.local/share/jami
+nodeny  ${HOME}/.config/jami
+nodeny  ${HOME}/.local/share/jami
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.config/jami
 mkdir ${HOME}/.local/share/jami
-whitelist ${HOME}/.config/jami
-whitelist ${HOME}/.local/share/jami
+allow  ${HOME}/.config/jami
+allow  ${HOME}/.local/share/jami
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/jd-gui.profile b/etc/profile-a-l/jd-gui.profile
index 7d29f1068..bfea84c69 100644
--- a/etc/profile-a-l/jd-gui.profile
+++ b/etc/profile-a-l/jd-gui.profile
@@ -5,7 +5,7 @@ include jd-gui.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/jd-gui.cfg
+nodeny  ${HOME}/.config/jd-gui.cfg
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/jerry.profile b/etc/profile-a-l/jerry.profile
index 85b1f2120..c41027618 100644
--- a/etc/profile-a-l/jerry.profile
+++ b/etc/profile-a-l/jerry.profile
@@ -6,7 +6,7 @@ include jerry.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/dkl
+nodeny  ${HOME}/.config/dkl
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/jitsi-meet-desktop.profile b/etc/profile-a-l/jitsi-meet-desktop.profile
index edb7ed840..9ca30c36d 100644
--- a/etc/profile-a-l/jitsi-meet-desktop.profile
+++ b/etc/profile-a-l/jitsi-meet-desktop.profile
@@ -13,12 +13,12 @@ ignore shell none
 
 ignore noexec /tmp
 
-noblacklist ${HOME}/.config/Jitsi Meet
+nodeny  ${HOME}/.config/Jitsi Meet
 
-nowhitelist ${DOWNLOADS}
+noallow  ${DOWNLOADS}
 
 mkdir ${HOME}/.config/Jitsi Meet
-whitelist ${HOME}/.config/Jitsi Meet
+allow  ${HOME}/.config/Jitsi Meet
 
 private-bin bash,electron,electron[0-9],electron[0-9][0-9],jitsi-meet-desktop,sh
 private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg
diff --git a/etc/profile-a-l/jitsi.profile b/etc/profile-a-l/jitsi.profile
index 223c360b8..f53e6ca32 100644
--- a/etc/profile-a-l/jitsi.profile
+++ b/etc/profile-a-l/jitsi.profile
@@ -5,7 +5,7 @@ include jitsi.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.jitsi
+nodeny  ${HOME}/.jitsi
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/jumpnbump.profile b/etc/profile-a-l/jumpnbump.profile
index 9954b8aea..c0a78ecc0 100644
--- a/etc/profile-a-l/jumpnbump.profile
+++ b/etc/profile-a-l/jumpnbump.profile
@@ -6,7 +6,7 @@ include jumpnbump.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.jumpnbump
+nodeny  ${HOME}/.jumpnbump
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.jumpnbump
-whitelist ${HOME}/.jumpnbump
-whitelist /usr/share/jumpnbump
+allow  ${HOME}/.jumpnbump
+allow  /usr/share/jumpnbump
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/k3b.profile b/etc/profile-a-l/k3b.profile
index 5ae90dff6..73ce8670f 100644
--- a/etc/profile-a-l/k3b.profile
+++ b/etc/profile-a-l/k3b.profile
@@ -6,11 +6,11 @@ include k3b.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/k3brc
-noblacklist ${HOME}/.kde/share/config/k3brc
-noblacklist ${HOME}/.kde4/share/config/k3brc
-noblacklist ${HOME}/.local/share/kxmlgui5/k3b
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.config/k3brc
+nodeny  ${HOME}/.kde/share/config/k3brc
+nodeny  ${HOME}/.kde4/share/config/k3brc
+nodeny  ${HOME}/.local/share/kxmlgui5/k3b
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kaffeine.profile b/etc/profile-a-l/kaffeine.profile
index d55fd22cb..e6a00e350 100644
--- a/etc/profile-a-l/kaffeine.profile
+++ b/etc/profile-a-l/kaffeine.profile
@@ -6,14 +6,14 @@ include kaffeine.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/kaffeinerc
-noblacklist ${HOME}/.kde/share/apps/kaffeine
-noblacklist ${HOME}/.kde/share/config/kaffeinerc
-noblacklist ${HOME}/.kde4/share/apps/kaffeine
-noblacklist ${HOME}/.kde4/share/config/kaffeinerc
-noblacklist ${HOME}/.local/share/kaffeine
-noblacklist ${MUSIC}
-noblacklist ${VIDEOS}
+nodeny  ${HOME}/.config/kaffeinerc
+nodeny  ${HOME}/.kde/share/apps/kaffeine
+nodeny  ${HOME}/.kde/share/config/kaffeinerc
+nodeny  ${HOME}/.kde4/share/apps/kaffeine
+nodeny  ${HOME}/.kde4/share/config/kaffeinerc
+nodeny  ${HOME}/.local/share/kaffeine
+nodeny  ${MUSIC}
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kalgebra.profile b/etc/profile-a-l/kalgebra.profile
index 503dac4b6..98b04353e 100644
--- a/etc/profile-a-l/kalgebra.profile
+++ b/etc/profile-a-l/kalgebra.profile
@@ -6,8 +6,8 @@ include kalgebra.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/kalgebrarc
-noblacklist ${HOME}/.local/share/kalgebra
+nodeny  ${HOME}/.config/kalgebrarc
+nodeny  ${HOME}/.local/share/kalgebra
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist /usr/share/kalgebramobile
+allow  /usr/share/kalgebramobile
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/karbon.profile b/etc/profile-a-l/karbon.profile
index 231299a2f..db5394550 100644
--- a/etc/profile-a-l/karbon.profile
+++ b/etc/profile-a-l/karbon.profile
@@ -6,7 +6,7 @@ include karbon.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.local/share/kxmlgui5/karbon
+nodeny  ${HOME}/.local/share/kxmlgui5/karbon
 
 # Redirect
 include krita.profile
diff --git a/etc/profile-a-l/kate.profile b/etc/profile-a-l/kate.profile
index 27b87e7c3..d2b180492 100644
--- a/etc/profile-a-l/kate.profile
+++ b/etc/profile-a-l/kate.profile
@@ -8,20 +8,20 @@ include globals.local
 
 ignore noexec ${HOME}
 
-noblacklist ${HOME}/.config/katemetainfos
-noblacklist ${HOME}/.config/katepartrc
-noblacklist ${HOME}/.config/katerc
-noblacklist ${HOME}/.config/kateschemarc
-noblacklist ${HOME}/.config/katesyntaxhighlightingrc
-noblacklist ${HOME}/.config/katevirc
-noblacklist ${HOME}/.local/share/kate
-noblacklist ${HOME}/.local/share/kxmlgui5/kate
-noblacklist ${HOME}/.local/share/kxmlgui5/katefiletree
-noblacklist ${HOME}/.local/share/kxmlgui5/katekonsole
-noblacklist ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin
-noblacklist ${HOME}/.local/share/kxmlgui5/katepart
-noblacklist ${HOME}/.local/share/kxmlgui5/kateproject
-noblacklist ${HOME}/.local/share/kxmlgui5/katesearch
+nodeny  ${HOME}/.config/katemetainfos
+nodeny  ${HOME}/.config/katepartrc
+nodeny  ${HOME}/.config/katerc
+nodeny  ${HOME}/.config/kateschemarc
+nodeny  ${HOME}/.config/katesyntaxhighlightingrc
+nodeny  ${HOME}/.config/katevirc
+nodeny  ${HOME}/.local/share/kate
+nodeny  ${HOME}/.local/share/kxmlgui5/kate
+nodeny  ${HOME}/.local/share/kxmlgui5/katefiletree
+nodeny  ${HOME}/.local/share/kxmlgui5/katekonsole
+nodeny  ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin
+nodeny  ${HOME}/.local/share/kxmlgui5/katepart
+nodeny  ${HOME}/.local/share/kxmlgui5/kateproject
+nodeny  ${HOME}/.local/share/kxmlgui5/katesearch
 
 include disable-common.inc
 # include disable-devel.inc
diff --git a/etc/profile-a-l/kazam.profile b/etc/profile-a-l/kazam.profile
index 9795cf168..a4e2e64f4 100644
--- a/etc/profile-a-l/kazam.profile
+++ b/etc/profile-a-l/kazam.profile
@@ -8,9 +8,9 @@ include globals.local
 
 ignore noexec ${HOME}
 
-noblacklist ${PICTURES}
-noblacklist ${VIDEOS}
-noblacklist ${HOME}/.config/kazam
+nodeny  ${PICTURES}
+nodeny  ${VIDEOS}
+nodeny  ${HOME}/.config/kazam
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -25,7 +25,7 @@ include disable-passwdmgr.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/kazam
+allow  /usr/share/kazam
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/kcalc.profile b/etc/profile-a-l/kcalc.profile
index e36ee5ed2..fcb168d4d 100644
--- a/etc/profile-a-l/kcalc.profile
+++ b/etc/profile-a-l/kcalc.profile
@@ -6,7 +6,7 @@ include kcalc.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/kxmlgui5/kcalc
+nodeny  ${HOME}/.local/share/kxmlgui5/kcalc
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,13 +21,13 @@ mkdir ${HOME}/.local/share/kxmlgui5/kcalc
 mkfile ${HOME}/.config/kcalcrc
 mkfile ${HOME}/.kde/share/config/kcalcrc
 mkfile ${HOME}/.kde4/share/config/kcalcrc
-whitelist ${HOME}/.config/kcalcrc
-whitelist ${HOME}/.kde/share/config/kcalcrc
-whitelist ${HOME}/.kde4/share/config/kcalcrc
-whitelist ${HOME}/.local/share/kxmlgui5/kcalc
-whitelist /usr/share/config.kcfg/kcalc.kcfg
-whitelist /usr/share/kcalc
-whitelist /usr/share/kconf_update/kcalcrc.upd
+allow  ${HOME}/.config/kcalcrc
+allow  ${HOME}/.kde/share/config/kcalcrc
+allow  ${HOME}/.kde4/share/config/kcalcrc
+allow  ${HOME}/.local/share/kxmlgui5/kcalc
+allow  /usr/share/config.kcfg/kcalc.kcfg
+allow  /usr/share/kcalc
+allow  /usr/share/kconf_update/kcalcrc.upd
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/kdenlive.profile b/etc/profile-a-l/kdenlive.profile
index d2a08a269..4acafbf2a 100644
--- a/etc/profile-a-l/kdenlive.profile
+++ b/etc/profile-a-l/kdenlive.profile
@@ -8,10 +8,10 @@ include globals.local
 
 ignore noexec ${HOME}
 
-noblacklist ${HOME}/.cache/kdenlive
-noblacklist ${HOME}/.config/kdenliverc
-noblacklist ${HOME}/.local/share/kdenlive
-noblacklist ${HOME}/.local/share/kxmlgui5/kdenlive
+nodeny  ${HOME}/.cache/kdenlive
+nodeny  ${HOME}/.config/kdenliverc
+nodeny  ${HOME}/.local/share/kdenlive
+nodeny  ${HOME}/.local/share/kxmlgui5/kdenlive
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kdiff3.profile b/etc/profile-a-l/kdiff3.profile
index 7c1cb2294..0c37f7968 100644
--- a/etc/profile-a-l/kdiff3.profile
+++ b/etc/profile-a-l/kdiff3.profile
@@ -6,14 +6,14 @@ include kdiff3.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/kdiff3fileitemactionrc
-noblacklist ${HOME}/.config/kdiff3rc
+nodeny  ${HOME}/.config/kdiff3fileitemactionrc
+nodeny  ${HOME}/.config/kdiff3rc
 
 # Add the next line to your kdiff3.local if you don't need to compare files in disable-common.inc.
 # By default we deny access only to .ssh and .gnupg.
 #include disable-common.inc
-blacklist ${HOME}/.ssh
-blacklist ${HOME}/.gnupg
+deny  ${HOME}/.ssh
+deny  ${HOME}/.gnupg
 
 include disable-devel.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/keepass.profile b/etc/profile-a-l/keepass.profile
index ae8971ab4..9c06962bc 100644
--- a/etc/profile-a-l/keepass.profile
+++ b/etc/profile-a-l/keepass.profile
@@ -6,14 +6,14 @@ include keepass.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/*.kdb
-noblacklist ${HOME}/*.kdbx
-noblacklist ${HOME}/.config/KeePass
-noblacklist ${HOME}/.config/keepass
-noblacklist ${HOME}/.keepass
-noblacklist ${HOME}/.local/share/KeePass
-noblacklist ${HOME}/.local/share/keepass
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/*.kdb
+nodeny  ${HOME}/*.kdbx
+nodeny  ${HOME}/.config/KeePass
+nodeny  ${HOME}/.config/keepass
+nodeny  ${HOME}/.keepass
+nodeny  ${HOME}/.local/share/KeePass
+nodeny  ${HOME}/.local/share/keepass
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/keepassx.profile b/etc/profile-a-l/keepassx.profile
index ac364986d..2772fa8bf 100644
--- a/etc/profile-a-l/keepassx.profile
+++ b/etc/profile-a-l/keepassx.profile
@@ -6,11 +6,11 @@ include keepassx.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/*.kdb
-noblacklist ${HOME}/*.kdbx
-noblacklist ${HOME}/.config/keepassx
-noblacklist ${HOME}/.keepassx
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/*.kdb
+nodeny  ${HOME}/*.kdbx
+nodeny  ${HOME}/.config/keepassx
+nodeny  ${HOME}/.keepassx
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile
index f71dcf82b..9c530b20d 100644
--- a/etc/profile-a-l/keepassxc.profile
+++ b/etc/profile-a-l/keepassxc.profile
@@ -6,23 +6,23 @@ include keepassxc.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/*.kdb
-noblacklist ${HOME}/*.kdbx
-noblacklist ${HOME}/.cache/keepassxc
-noblacklist ${HOME}/.config/keepassxc
-noblacklist ${HOME}/.config/KeePassXCrc
-noblacklist ${HOME}/.keepassxc
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/*.kdb
+nodeny  ${HOME}/*.kdbx
+nodeny  ${HOME}/.cache/keepassxc
+nodeny  ${HOME}/.config/keepassxc
+nodeny  ${HOME}/.config/KeePassXCrc
+nodeny  ${HOME}/.keepassxc
+nodeny  ${DOCUMENTS}
 
 # Allow browser profiles, required for browser integration.
-noblacklist ${HOME}/.config/BraveSoftware
-noblacklist ${HOME}/.config/chromium
-noblacklist ${HOME}/.config/google-chrome
-noblacklist ${HOME}/.config/vivaldi
-noblacklist ${HOME}/.local/share/torbrowser
-noblacklist ${HOME}/.mozilla
+nodeny  ${HOME}/.config/BraveSoftware
+nodeny  ${HOME}/.config/chromium
+nodeny  ${HOME}/.config/google-chrome
+nodeny  ${HOME}/.config/vivaldi
+nodeny  ${HOME}/.local/share/torbrowser
+nodeny  ${HOME}/.mozilla
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -57,7 +57,7 @@ include disable-xdg.inc
 #whitelist ${HOME}/.config/KeePassXCrc
 #include whitelist-common.inc
 
-whitelist /usr/share/keepassxc
+allow  /usr/share/keepassxc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/kget.profile b/etc/profile-a-l/kget.profile
index 2c684504b..30c041cbc 100644
--- a/etc/profile-a-l/kget.profile
+++ b/etc/profile-a-l/kget.profile
@@ -6,13 +6,13 @@ include kget.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/kgetrc
-noblacklist ${HOME}/.kde/share/apps/kget
-noblacklist ${HOME}/.kde/share/config/kgetrc
-noblacklist ${HOME}/.kde4/share/apps/kget
-noblacklist ${HOME}/.kde4/share/config/kgetrc
-noblacklist ${HOME}/.local/share/kget
-noblacklist ${HOME}/.local/share/kxmlgui5/kget
+nodeny  ${HOME}/.config/kgetrc
+nodeny  ${HOME}/.kde/share/apps/kget
+nodeny  ${HOME}/.kde/share/config/kgetrc
+nodeny  ${HOME}/.kde4/share/apps/kget
+nodeny  ${HOME}/.kde4/share/config/kgetrc
+nodeny  ${HOME}/.local/share/kget
+nodeny  ${HOME}/.local/share/kxmlgui5/kget
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kid3-qt.profile b/etc/profile-a-l/kid3-qt.profile
index 9bcede077..84d135fc3 100644
--- a/etc/profile-a-l/kid3-qt.profile
+++ b/etc/profile-a-l/kid3-qt.profile
@@ -2,7 +2,7 @@
 # This file is overwritten after every install/update
 include kid3-qt.local
 
-noblacklist ${HOME}/.config/Kid3
+nodeny  ${HOME}/.config/Kid3
 
 # Redirect
 include kid3.profile
diff --git a/etc/profile-a-l/kid3.profile b/etc/profile-a-l/kid3.profile
index e18292e99..0ef2a7845 100644
--- a/etc/profile-a-l/kid3.profile
+++ b/etc/profile-a-l/kid3.profile
@@ -6,9 +6,9 @@ include kid3.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${MUSIC}
-noblacklist ${HOME}/.config/kid3rc
-noblacklist ${HOME}/.local/share/kxmlgui5/kid3
+nodeny  ${MUSIC}
+nodeny  ${HOME}/.config/kid3rc
+nodeny  ${HOME}/.local/share/kxmlgui5/kid3
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kino.profile b/etc/profile-a-l/kino.profile
index 74014ffe6..833c1d22a 100644
--- a/etc/profile-a-l/kino.profile
+++ b/etc/profile-a-l/kino.profile
@@ -6,8 +6,8 @@ include kino.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.kino-history
-noblacklist ${HOME}/.kinorc
+nodeny  ${HOME}/.kino-history
+nodeny  ${HOME}/.kinorc
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kiwix-desktop.profile b/etc/profile-a-l/kiwix-desktop.profile
index 40ee0bbc7..b188ba0e3 100644
--- a/etc/profile-a-l/kiwix-desktop.profile
+++ b/etc/profile-a-l/kiwix-desktop.profile
@@ -6,8 +6,8 @@ include kiwix-desktop.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/kiwix
-noblacklist ${HOME}/.local/share/kiwix-desktop
+nodeny  ${HOME}/.local/share/kiwix
+nodeny  ${HOME}/.local/share/kiwix-desktop
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/kiwix
 mkdir ${HOME}/.local/share/kiwix-desktop
-whitelist ${HOME}/.local/share/kiwix
-whitelist ${HOME}/.local/share/kiwix-desktop
+allow  ${HOME}/.local/share/kiwix
+allow  ${HOME}/.local/share/kiwix-desktop
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/klatexformula.profile b/etc/profile-a-l/klatexformula.profile
index c6a9023f1..e087e4973 100644
--- a/etc/profile-a-l/klatexformula.profile
+++ b/etc/profile-a-l/klatexformula.profile
@@ -6,8 +6,8 @@ include klatexformula.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.kde/share/apps/klatexformula
-noblacklist ${HOME}/.klatexformula
+nodeny  ${HOME}/.kde/share/apps/klatexformula
+nodeny  ${HOME}/.klatexformula
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/klavaro.profile b/etc/profile-a-l/klavaro.profile
index f5cd3a48c..ec3912419 100644
--- a/etc/profile-a-l/klavaro.profile
+++ b/etc/profile-a-l/klavaro.profile
@@ -6,8 +6,8 @@ include klavaro.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/klavaro
-noblacklist ${HOME}/.local/share/klavaro
+nodeny  ${HOME}/.config/klavaro
+nodeny  ${HOME}/.local/share/klavaro
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/klavaro
 mkdir ${HOME}/.config/klavaro
-whitelist ${HOME}/.local/share/klavaro
-whitelist ${HOME}/.config/klavaro
+allow  ${HOME}/.local/share/klavaro
+allow  ${HOME}/.config/klavaro
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile
index 95ae98e53..3c582c08c 100644
--- a/etc/profile-a-l/kmail.profile
+++ b/etc/profile-a-l/kmail.profile
@@ -9,27 +9,27 @@ include globals.local
 # kmail has problems launching akonadi in debian and ubuntu.
 # one solution is to have akonadi already running when kmail is started
 
-noblacklist ${HOME}/.cache/akonadi*
-noblacklist ${HOME}/.cache/kmail2
-noblacklist ${HOME}/.config/akonadi*
-noblacklist ${HOME}/.config/baloorc
-noblacklist ${HOME}/.config/emaildefaults
-noblacklist ${HOME}/.config/emailidentities
-noblacklist ${HOME}/.config/kmail2rc
-noblacklist ${HOME}/.config/kmailsearchindexingrc
-noblacklist ${HOME}/.config/mailtransports
-noblacklist ${HOME}/.config/specialmailcollectionsrc
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.local/share/akonadi*
-noblacklist ${HOME}/.local/share/apps/korganizer
-noblacklist ${HOME}/.local/share/contacts
-noblacklist ${HOME}/.local/share/emailidentities
-noblacklist ${HOME}/.local/share/kmail2
-noblacklist ${HOME}/.local/share/kxmlgui5/kmail
-noblacklist ${HOME}/.local/share/kxmlgui5/kmail2
-noblacklist ${HOME}/.local/share/local-mail
-noblacklist ${HOME}/.local/share/notes
-noblacklist /tmp/akonadi-*
+nodeny  ${HOME}/.cache/akonadi*
+nodeny  ${HOME}/.cache/kmail2
+nodeny  ${HOME}/.config/akonadi*
+nodeny  ${HOME}/.config/baloorc
+nodeny  ${HOME}/.config/emaildefaults
+nodeny  ${HOME}/.config/emailidentities
+nodeny  ${HOME}/.config/kmail2rc
+nodeny  ${HOME}/.config/kmailsearchindexingrc
+nodeny  ${HOME}/.config/mailtransports
+nodeny  ${HOME}/.config/specialmailcollectionsrc
+nodeny  ${HOME}/.gnupg
+nodeny  ${HOME}/.local/share/akonadi*
+nodeny  ${HOME}/.local/share/apps/korganizer
+nodeny  ${HOME}/.local/share/contacts
+nodeny  ${HOME}/.local/share/emailidentities
+nodeny  ${HOME}/.local/share/kmail2
+nodeny  ${HOME}/.local/share/kxmlgui5/kmail
+nodeny  ${HOME}/.local/share/kxmlgui5/kmail2
+nodeny  ${HOME}/.local/share/local-mail
+nodeny  ${HOME}/.local/share/notes
+nodeny  /tmp/akonadi-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kmplayer.profile b/etc/profile-a-l/kmplayer.profile
index e88b53499..d2ce14ab6 100644
--- a/etc/profile-a-l/kmplayer.profile
+++ b/etc/profile-a-l/kmplayer.profile
@@ -6,11 +6,11 @@ include kmplayer.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/kmplayerrc
-noblacklist ${HOME}/.kde/share/config/kmplayerrc
-noblacklist ${HOME}/.local/share/kmplayer
-noblacklist ${MUSIC}
-noblacklist ${VIDEOS}
+nodeny  ${HOME}/.config/kmplayerrc
+nodeny  ${HOME}/.kde/share/config/kmplayerrc
+nodeny  ${HOME}/.local/share/kmplayer
+nodeny  ${MUSIC}
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/knotes.profile b/etc/profile-a-l/knotes.profile
index f155d0ad6..5a9ac34da 100644
--- a/etc/profile-a-l/knotes.profile
+++ b/etc/profile-a-l/knotes.profile
@@ -10,9 +10,9 @@ include knotes.local
 # knotes has problems launching akonadi in debian and ubuntu.
 # one solution is to have akonadi already running when knotes is started
 
-noblacklist ${HOME}/.config/knotesrc
-noblacklist ${HOME}/.local/share/knotes
-noblacklist ${HOME}/.local/share/kxmlgui5/knotes
+nodeny  ${HOME}/.config/knotesrc
+nodeny  ${HOME}/.local/share/knotes
+nodeny  ${HOME}/.local/share/kxmlgui5/knotes
 
 # Redirect
 include kmail.profile
diff --git a/etc/profile-a-l/kodi.profile b/etc/profile-a-l/kodi.profile
index b7091f1fc..2725c87be 100644
--- a/etc/profile-a-l/kodi.profile
+++ b/etc/profile-a-l/kodi.profile
@@ -13,10 +13,10 @@ ignore noexec ${HOME}
 #ignore noroot
 #ignore private-dev
 
-noblacklist ${HOME}/.kodi
-noblacklist ${MUSIC}
-noblacklist ${PICTURES}
-noblacklist ${VIDEOS}
+nodeny  ${HOME}/.kodi
+nodeny  ${MUSIC}
+nodeny  ${PICTURES}
+nodeny  ${VIDEOS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/konversation.profile b/etc/profile-a-l/konversation.profile
index 5b5ed6e24..d8ce33838 100644
--- a/etc/profile-a-l/konversation.profile
+++ b/etc/profile-a-l/konversation.profile
@@ -6,11 +6,11 @@ include konversation.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/konversationrc
-noblacklist ${HOME}/.config/konversation.notifyrc
-noblacklist ${HOME}/.kde/share/config/konversationrc
-noblacklist ${HOME}/.kde4/share/config/konversationrc
-noblacklist ${HOME}/.local/share/kxmlgui5/konversation
+nodeny  ${HOME}/.config/konversationrc
+nodeny  ${HOME}/.config/konversation.notifyrc
+nodeny  ${HOME}/.kde/share/config/konversationrc
+nodeny  ${HOME}/.kde4/share/config/konversationrc
+nodeny  ${HOME}/.local/share/kxmlgui5/konversation
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kopete.profile b/etc/profile-a-l/kopete.profile
index 88f47d1bf..749591f32 100644
--- a/etc/profile-a-l/kopete.profile
+++ b/etc/profile-a-l/kopete.profile
@@ -6,11 +6,11 @@ include kopete.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.kde/share/apps/kopete
-noblacklist ${HOME}/.kde/share/config/kopeterc
-noblacklist ${HOME}/.kde4/share/apps/kopete
-noblacklist ${HOME}/.kde4/share/config/kopeterc
-noblacklist ${HOME}/.local/share/kxmlgui5/kopete
+nodeny  ${HOME}/.kde/share/apps/kopete
+nodeny  ${HOME}/.kde/share/config/kopeterc
+nodeny  ${HOME}/.kde4/share/apps/kopete
+nodeny  ${HOME}/.kde4/share/config/kopeterc
+nodeny  ${HOME}/.local/share/kxmlgui5/kopete
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-whitelist /var/lib/winpopup
+allow  /var/lib/winpopup
 include whitelist-var-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/krita.profile b/etc/profile-a-l/krita.profile
index 8604e63d0..950341def 100644
--- a/etc/profile-a-l/krita.profile
+++ b/etc/profile-a-l/krita.profile
@@ -9,10 +9,10 @@ include globals.local
 # noexec ${HOME} may break krita, see issue #1953
 ignore noexec ${HOME}
 
-noblacklist ${HOME}/.config/kritarc
-noblacklist ${HOME}/.local/share/krita
-noblacklist ${DOCUMENTS}
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.config/kritarc
+nodeny  ${HOME}/.local/share/krita
+nodeny  ${DOCUMENTS}
+nodeny  ${PICTURES}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/krunner.profile b/etc/profile-a-l/krunner.profile
index 9cb5eff87..7b325d273 100644
--- a/etc/profile-a-l/krunner.profile
+++ b/etc/profile-a-l/krunner.profile
@@ -13,9 +13,9 @@ include globals.local
 # noblacklist ${HOME}/.cache/krunner
 # noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite*
 # noblacklist ${HOME}/.config/chromium
-noblacklist ${HOME}/.config/krunnerrc
-noblacklist ${HOME}/.kde/share/config/krunnerrc
-noblacklist ${HOME}/.kde4/share/config/krunnerrc
+nodeny  ${HOME}/.config/krunnerrc
+nodeny  ${HOME}/.kde/share/config/krunnerrc
+nodeny  ${HOME}/.kde4/share/config/krunnerrc
 # noblacklist ${HOME}/.local/share/baloo
 # noblacklist ${HOME}/.mozilla
 
diff --git a/etc/profile-a-l/ktorrent.profile b/etc/profile-a-l/ktorrent.profile
index 5a85194e0..ac9fee585 100644
--- a/etc/profile-a-l/ktorrent.profile
+++ b/etc/profile-a-l/ktorrent.profile
@@ -6,13 +6,13 @@ include ktorrent.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/ktorrentrc
-noblacklist ${HOME}/.kde/share/apps/ktorrent
-noblacklist ${HOME}/.kde/share/config/ktorrentrc
-noblacklist ${HOME}/.kde4/share/apps/ktorrent
-noblacklist ${HOME}/.kde4/share/config/ktorrentrc
-noblacklist ${HOME}/.local/share/ktorrent
-noblacklist ${HOME}/.local/share/kxmlgui5/ktorrent
+nodeny  ${HOME}/.config/ktorrentrc
+nodeny  ${HOME}/.kde/share/apps/ktorrent
+nodeny  ${HOME}/.kde/share/config/ktorrentrc
+nodeny  ${HOME}/.kde4/share/apps/ktorrent
+nodeny  ${HOME}/.kde4/share/config/ktorrentrc
+nodeny  ${HOME}/.local/share/ktorrent
+nodeny  ${HOME}/.local/share/kxmlgui5/ktorrent
 
 include disable-common.inc
 include disable-devel.inc
@@ -29,14 +29,14 @@ mkdir ${HOME}/.local/share/kxmlgui5/ktorrent
 mkfile ${HOME}/.config/ktorrentrc
 mkfile ${HOME}/.kde/share/config/ktorrentrc
 mkfile ${HOME}/.kde4/share/config/ktorrentrc
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.config/ktorrentrc
-whitelist ${HOME}/.kde/share/apps/ktorrent
-whitelist ${HOME}/.kde/share/config/ktorrentrc
-whitelist ${HOME}/.kde4/share/apps/ktorrent
-whitelist ${HOME}/.kde4/share/config/ktorrentrc
-whitelist ${HOME}/.local/share/ktorrent
-whitelist ${HOME}/.local/share/kxmlgui5/ktorrent
+allow  ${DOWNLOADS}
+allow  ${HOME}/.config/ktorrentrc
+allow  ${HOME}/.kde/share/apps/ktorrent
+allow  ${HOME}/.kde/share/config/ktorrentrc
+allow  ${HOME}/.kde4/share/apps/ktorrent
+allow  ${HOME}/.kde4/share/config/ktorrentrc
+allow  ${HOME}/.local/share/ktorrent
+allow  ${HOME}/.local/share/kxmlgui5/ktorrent
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/ktouch.profile b/etc/profile-a-l/ktouch.profile
index 4cf72b74c..71f8e4977 100644
--- a/etc/profile-a-l/ktouch.profile
+++ b/etc/profile-a-l/ktouch.profile
@@ -6,8 +6,8 @@ include ktouch.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/ktouch2rc
-noblacklist ${HOME}/.local/share/ktouch
+nodeny  ${HOME}/.config/ktouch2rc
+nodeny  ${HOME}/.local/share/ktouch
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,8 +20,8 @@ include disable-xdg.inc
 
 mkfile ${HOME}/.config/ktouch2rc
 mkdir ${HOME}/.local/share/ktouch
-whitelist ${HOME}/.config/ktouch2rc
-whitelist ${HOME}/.local/share/ktouch
+allow  ${HOME}/.config/ktouch2rc
+allow  ${HOME}/.local/share/ktouch
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile
index 4e9a12e5f..74ffd1162 100644
--- a/etc/profile-a-l/kube.profile
+++ b/etc/profile-a-l/kube.profile
@@ -6,13 +6,13 @@ include kube.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.mozilla
-noblacklist ${HOME}/.cache/kube
-noblacklist ${HOME}/.config/kube
-noblacklist ${HOME}/.config/sink
-noblacklist ${HOME}/.local/share/kube
-noblacklist ${HOME}/.local/share/sink
+nodeny  ${HOME}/.gnupg
+nodeny  ${HOME}/.mozilla
+nodeny  ${HOME}/.cache/kube
+nodeny  ${HOME}/.config/kube
+nodeny  ${HOME}/.config/sink
+nodeny  ${HOME}/.local/share/kube
+nodeny  ${HOME}/.local/share/sink
 
 include disable-common.inc
 include disable-devel.inc
@@ -29,17 +29,17 @@ mkdir ${HOME}/.config/kube
 mkdir ${HOME}/.config/sink
 mkdir ${HOME}/.local/share/kube
 mkdir ${HOME}/.local/share/sink
-whitelist ${HOME}/.gnupg
-whitelist ${HOME}/.mozilla/firefox/profiles.ini
-whitelist ${HOME}/.cache/kube
-whitelist ${HOME}/.config/kube
-whitelist ${HOME}/.config/sink
-whitelist ${HOME}/.local/share/kube
-whitelist ${HOME}/.local/share/sink
-whitelist ${RUNUSER}/gnupg
-whitelist /usr/share/kube
-whitelist /usr/share/gnupg
-whitelist /usr/share/gnupg2
+allow  ${HOME}/.gnupg
+allow  ${HOME}/.mozilla/firefox/profiles.ini
+allow  ${HOME}/.cache/kube
+allow  ${HOME}/.config/kube
+allow  ${HOME}/.config/sink
+allow  ${HOME}/.local/share/kube
+allow  ${HOME}/.local/share/sink
+allow  ${RUNUSER}/gnupg
+allow  /usr/share/kube
+allow  /usr/share/gnupg
+allow  /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/kwin_x11.profile b/etc/profile-a-l/kwin_x11.profile
index 15e7ceb17..580f93736 100644
--- a/etc/profile-a-l/kwin_x11.profile
+++ b/etc/profile-a-l/kwin_x11.profile
@@ -8,10 +8,10 @@ include globals.local
 # fix automatical kwin_x11 sandboxing:
 # echo KDEWM=kwin_x11 >> ~/.pam_environment
 
-noblacklist ${HOME}/.cache/kwin
-noblacklist ${HOME}/.config/kwinrc
-noblacklist ${HOME}/.config/kwinrulesrc
-noblacklist ${HOME}/.local/share/kwin
+nodeny  ${HOME}/.cache/kwin
+nodeny  ${HOME}/.config/kwinrc
+nodeny  ${HOME}/.config/kwinrulesrc
+nodeny  ${HOME}/.local/share/kwin
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kwrite.profile b/etc/profile-a-l/kwrite.profile
index 804ffafeb..08b0e0224 100644
--- a/etc/profile-a-l/kwrite.profile
+++ b/etc/profile-a-l/kwrite.profile
@@ -6,15 +6,15 @@ include kwrite.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/katepartrc
-noblacklist ${HOME}/.config/katerc
-noblacklist ${HOME}/.config/kateschemarc
-noblacklist ${HOME}/.config/katesyntaxhighlightingrc
-noblacklist ${HOME}/.config/katevirc
-noblacklist ${HOME}/.config/kwriterc
-noblacklist ${HOME}/.local/share/kwrite
-noblacklist ${HOME}/.local/share/kxmlgui5/kwrite
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.config/katepartrc
+nodeny  ${HOME}/.config/katerc
+nodeny  ${HOME}/.config/kateschemarc
+nodeny  ${HOME}/.config/katesyntaxhighlightingrc
+nodeny  ${HOME}/.config/katevirc
+nodeny  ${HOME}/.config/kwriterc
+nodeny  ${HOME}/.local/share/kwrite
+nodeny  ${HOME}/.local/share/kxmlgui5/kwrite
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/latex-common.profile b/etc/profile-a-l/latex-common.profile
index ac1b8785d..91693bfc1 100644
--- a/etc/profile-a-l/latex-common.profile
+++ b/etc/profile-a-l/latex-common.profile
@@ -13,7 +13,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-whitelist /var/lib
+allow  /var/lib
 include whitelist-runuser-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/leafpad.profile b/etc/profile-a-l/leafpad.profile
index 4bbb0a86d..e154708eb 100644
--- a/etc/profile-a-l/leafpad.profile
+++ b/etc/profile-a-l/leafpad.profile
@@ -6,7 +6,7 @@ include leafpad.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/leafpad
+nodeny  ${HOME}/.config/leafpad
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/less.profile b/etc/profile-a-l/less.profile
index 8eb5ad0c2..abee392de 100644
--- a/etc/profile-a-l/less.profile
+++ b/etc/profile-a-l/less.profile
@@ -7,9 +7,9 @@ include less.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
+deny  ${RUNUSER}
 
-noblacklist ${HOME}/.lesshst
+nodeny  ${HOME}/.lesshst
 
 include disable-devel.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/librecad.profile b/etc/profile-a-l/librecad.profile
index c57eae73d..8ec41eee3 100644
--- a/etc/profile-a-l/librecad.profile
+++ b/etc/profile-a-l/librecad.profile
@@ -4,8 +4,8 @@ include librecad.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/LibreCAD
-noblacklist ${HOME}/.local/share/LibreCAD
+nodeny  ${HOME}/.config/LibreCAD
+nodeny  ${HOME}/.local/share/LibreCAD
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/librecad
+allow  /usr/share/librecad
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile
index b1a24888c..ae01d39b8 100644
--- a/etc/profile-a-l/libreoffice.profile
+++ b/etc/profile-a-l/libreoffice.profile
@@ -6,15 +6,15 @@ include libreoffice.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /usr/local/sbin
-noblacklist ${HOME}/.config/libreoffice
+nodeny  /usr/local/sbin
+nodeny  ${HOME}/.config/libreoffice
 
 # libreoffice uses java for some functionality.
 # Add 'ignore include allow-java.inc' to your libreoffice.local if you don't need that functionality.
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile
index da047357a..5c614ab8e 100644
--- a/etc/profile-a-l/librewolf.profile
+++ b/etc/profile-a-l/librewolf.profile
@@ -6,13 +6,13 @@ include librewolf.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/librewolf
-noblacklist ${HOME}/.librewolf
+nodeny  ${HOME}/.cache/librewolf
+nodeny  ${HOME}/.librewolf
 
 mkdir ${HOME}/.cache/librewolf
 mkdir ${HOME}/.librewolf
-whitelist ${HOME}/.cache/librewolf
-whitelist ${HOME}/.librewolf
+allow  ${HOME}/.cache/librewolf
+allow  ${HOME}/.librewolf
 
 # Add the next lines to your librewolf.local if you want to use the migration wizard.
 #noblacklist ${HOME}/.mozilla
@@ -23,10 +23,10 @@ whitelist ${HOME}/.librewolf
 #whitelist ${RUNUSER}/kpxc_server
 #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
 
-whitelist /usr/share/doc
-whitelist /usr/share/gtk-doc/html
-whitelist /usr/share/mozilla
-whitelist /usr/share/webext
+allow  /usr/share/doc
+allow  /usr/share/gtk-doc/html
+allow  /usr/share/mozilla
+allow  /usr/share/webext
 include whitelist-usr-share-common.inc
 
 # Add the next line to your librewolf.local to enable private-bin (Arch Linux).
diff --git a/etc/profile-a-l/liferea.profile b/etc/profile-a-l/liferea.profile
index 7afca1d5f..595ecc257 100644
--- a/etc/profile-a-l/liferea.profile
+++ b/etc/profile-a-l/liferea.profile
@@ -6,9 +6,9 @@ include liferea.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/liferea
-noblacklist ${HOME}/.config/liferea
-noblacklist ${HOME}/.local/share/liferea
+nodeny  ${HOME}/.cache/liferea
+nodeny  ${HOME}/.config/liferea
+nodeny  ${HOME}/.local/share/liferea
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -24,10 +24,10 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/liferea
 mkdir ${HOME}/.config/liferea
 mkdir ${HOME}/.local/share/liferea
-whitelist ${HOME}/.cache/liferea
-whitelist ${HOME}/.config/liferea
-whitelist ${HOME}/.local/share/liferea
-whitelist /usr/share/liferea
+allow  ${HOME}/.cache/liferea
+allow  ${HOME}/.config/liferea
+allow  ${HOME}/.local/share/liferea
+allow  /usr/share/liferea
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/lightsoff.profile b/etc/profile-a-l/lightsoff.profile
index c065c44a9..58d5bcd6d 100644
--- a/etc/profile-a-l/lightsoff.profile
+++ b/etc/profile-a-l/lightsoff.profile
@@ -6,7 +6,7 @@ include lightsoff.local
 # Persistent global definitions
 include globals.local
 
-whitelist /usr/share/lightsoff
+allow  /usr/share/lightsoff
 
 private-bin lightsoff
 
diff --git a/etc/profile-a-l/lincity-ng.profile b/etc/profile-a-l/lincity-ng.profile
index 4254b7f33..e14c50d77 100644
--- a/etc/profile-a-l/lincity-ng.profile
+++ b/etc/profile-a-l/lincity-ng.profile
@@ -6,7 +6,7 @@ include lincity-ng.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.lincity-ng
+nodeny  ${HOME}/.lincity-ng
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.lincity-ng
-whitelist ${HOME}/.lincity-ng
+allow  ${HOME}/.lincity-ng
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/links-common.profile b/etc/profile-a-l/links-common.profile
index cd885b1d4..51e3d5b94 100644
--- a/etc/profile-a-l/links-common.profile
+++ b/etc/profile-a-l/links-common.profile
@@ -4,8 +4,8 @@ include links-common.local
 
 # common profile for links browsers
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist ${DOWNLOADS}
+allow  ${DOWNLOADS}
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/links.profile b/etc/profile-a-l/links.profile
index 8ce39cc7f..ae57601ca 100644
--- a/etc/profile-a-l/links.profile
+++ b/etc/profile-a-l/links.profile
@@ -7,10 +7,10 @@ include links.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.links
+nodeny  ${HOME}/.links
 
 mkdir ${HOME}/.links
-whitelist ${HOME}/.links
+allow  ${HOME}/.links
 
 private-bin links
 
diff --git a/etc/profile-a-l/links2.profile b/etc/profile-a-l/links2.profile
index 5f91dfcd2..eb349c73a 100644
--- a/etc/profile-a-l/links2.profile
+++ b/etc/profile-a-l/links2.profile
@@ -7,10 +7,10 @@ include links2.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.links2
+nodeny  ${HOME}/.links2
 
 mkdir ${HOME}/.links2
-whitelist ${HOME}/.links2
+allow  ${HOME}/.links2
 
 private-bin links2
 
diff --git a/etc/profile-a-l/linphone.profile b/etc/profile-a-l/linphone.profile
index 7ebdbef4c..dd1dac05b 100644
--- a/etc/profile-a-l/linphone.profile
+++ b/etc/profile-a-l/linphone.profile
@@ -6,10 +6,10 @@ include linphone.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/linphone
-noblacklist ${HOME}/.linphone-history.db
-noblacklist ${HOME}/.linphonerc
-noblacklist ${HOME}/.local/share/linphone
+nodeny  ${HOME}/.config/linphone
+nodeny  ${HOME}/.linphone-history.db
+nodeny  ${HOME}/.linphonerc
+nodeny  ${HOME}/.local/share/linphone
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,11 +23,11 @@ include disable-programs.inc
 # ${HOME}/.linphone-history.db and ${HOME}/.linphonerc but no longer mkfile.
 mkdir ${HOME}/.config/linphone
 mkdir ${HOME}/.local/share/linphone
-whitelist ${HOME}/.config/linphone
-whitelist ${HOME}/.linphone-history.db
-whitelist ${HOME}/.linphonerc
-whitelist ${HOME}/.local/share/linphone
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.config/linphone
+allow  ${HOME}/.linphone-history.db
+allow  ${HOME}/.linphonerc
+allow  ${HOME}/.local/share/linphone
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/lmms.profile b/etc/profile-a-l/lmms.profile
index 48b0e14dc..b22110fdc 100644
--- a/etc/profile-a-l/lmms.profile
+++ b/etc/profile-a-l/lmms.profile
@@ -6,9 +6,9 @@ include lmms.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.lmmsrc.xml
-noblacklist ${DOCUMENTS}
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.lmmsrc.xml
+nodeny  ${DOCUMENTS}
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lollypop.profile b/etc/profile-a-l/lollypop.profile
index f2676fec5..0a7ce86e8 100644
--- a/etc/profile-a-l/lollypop.profile
+++ b/etc/profile-a-l/lollypop.profile
@@ -6,8 +6,8 @@ include lollypop.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/lollypop
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.local/share/lollypop
+nodeny  ${MUSIC}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/lugaru.profile b/etc/profile-a-l/lugaru.profile
index 174c65a65..30802b3b7 100644
--- a/etc/profile-a-l/lugaru.profile
+++ b/etc/profile-a-l/lugaru.profile
@@ -8,8 +8,8 @@ include globals.local
 
 # note: crashes after entering
 
-noblacklist ${HOME}/.config/lugaru
-noblacklist ${HOME}/.local/share/lugaru
+nodeny  ${HOME}/.config/lugaru
+nodeny  ${HOME}/.local/share/lugaru
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,8 +22,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/lugaru
 mkdir ${HOME}/.local/share/lugaru
-whitelist ${HOME}/.config/lugaru
-whitelist ${HOME}/.local/share/lugaru
+allow  ${HOME}/.config/lugaru
+allow  ${HOME}/.local/share/lugaru
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/luminance-hdr.profile b/etc/profile-a-l/luminance-hdr.profile
index 31067034e..73400dbd6 100644
--- a/etc/profile-a-l/luminance-hdr.profile
+++ b/etc/profile-a-l/luminance-hdr.profile
@@ -6,8 +6,8 @@ include luminance-hdr.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Luminance
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.config/Luminance
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lutris.profile b/etc/profile-a-l/lutris.profile
index 80a3aba86..9d5169b80 100644
--- a/etc/profile-a-l/lutris.profile
+++ b/etc/profile-a-l/lutris.profile
@@ -6,18 +6,18 @@ include lutris.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${PATH}/llvm*
-noblacklist ${HOME}/Games
-noblacklist ${HOME}/.cache/lutris
-noblacklist ${HOME}/.cache/winetricks
-noblacklist ${HOME}/.config/lutris
-noblacklist ${HOME}/.local/share/lutris
+nodeny  ${PATH}/llvm*
+nodeny  ${HOME}/Games
+nodeny  ${HOME}/.cache/lutris
+nodeny  ${HOME}/.cache/winetricks
+nodeny  ${HOME}/.config/lutris
+nodeny  ${HOME}/.local/share/lutris
 # noblacklist ${HOME}/.wine
-noblacklist /tmp/.wine-*
+nodeny  /tmp/.wine-*
 # Don't block access to /sbin and /usr/sbin to allow using ldconfig. Otherwise
 # Lutris won't even start.
-noblacklist /sbin
-noblacklist /usr/sbin
+nodeny  /sbin
+nodeny  /usr/sbin
 
 ignore noexec ${HOME}
 
@@ -39,15 +39,15 @@ mkdir ${HOME}/.cache/winetricks
 mkdir ${HOME}/.config/lutris
 mkdir ${HOME}/.local/share/lutris
 # mkdir ${HOME}/.wine
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/Games
-whitelist ${HOME}/.cache/lutris
-whitelist ${HOME}/.cache/winetricks
-whitelist ${HOME}/.config/lutris
-whitelist ${HOME}/.local/share/lutris
+allow  ${DOWNLOADS}
+allow  ${HOME}/Games
+allow  ${HOME}/.cache/lutris
+allow  ${HOME}/.cache/winetricks
+allow  ${HOME}/.config/lutris
+allow  ${HOME}/.local/share/lutris
 # whitelist ${HOME}/.wine
-whitelist /usr/share/lutris
-whitelist /usr/share/wine
+allow  /usr/share/lutris
+allow  /usr/share/wine
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/lximage-qt.profile b/etc/profile-a-l/lximage-qt.profile
index b2a56012e..43147211b 100644
--- a/etc/profile-a-l/lximage-qt.profile
+++ b/etc/profile-a-l/lximage-qt.profile
@@ -6,7 +6,7 @@ include lximage-qt.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/lximage-qt
+nodeny  ${HOME}/.config/lximage-qt
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lxmusic.profile b/etc/profile-a-l/lxmusic.profile
index cc4b95551..c849f2ad2 100644
--- a/etc/profile-a-l/lxmusic.profile
+++ b/etc/profile-a-l/lxmusic.profile
@@ -6,9 +6,9 @@ include lxmusic.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/xmms2
-noblacklist ${HOME}/.config/xmms2
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.cache/xmms2
+nodeny  ${HOME}/.config/xmms2
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lynx.profile b/etc/profile-a-l/lynx.profile
index a919e924b..15c8f1faa 100644
--- a/etc/profile-a-l/lynx.profile
+++ b/etc/profile-a-l/lynx.profile
@@ -7,8 +7,8 @@ include lynx.local
 # Persistent global definitions
 include globals.local
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lyx.profile b/etc/profile-a-l/lyx.profile
index fa69463d1..358dbf2f2 100644
--- a/etc/profile-a-l/lyx.profile
+++ b/etc/profile-a-l/lyx.profile
@@ -8,8 +8,8 @@ include globals.local
 
 ignore private-tmp
 
-noblacklist ${HOME}/.config/LyX
-noblacklist ${HOME}/.lyx
+nodeny  ${HOME}/.config/LyX
+nodeny  ${HOME}/.lyx
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -21,11 +21,11 @@ include allow-perl.inc
 include allow-python2.inc
 include allow-python3.inc
 
-whitelist /usr/share/lyx
-whitelist /usr/share/texinfo
-whitelist /usr/share/texlive
-whitelist /usr/share/texmf-dist
-whitelist /usr/share/tlpkg
+allow  /usr/share/lyx
+allow  /usr/share/texinfo
+allow  /usr/share/texlive
+allow  /usr/share/texmf-dist
+allow  /usr/share/tlpkg
 include whitelist-usr-share-common.inc
 
 apparmor
diff --git a/etc/profile-a-l/sway.profile b/etc/profile-a-l/sway.profile
index 4637419bf..3a4edcf69 100644
--- a/etc/profile-a-l/sway.profile
+++ b/etc/profile-a-l/sway.profile
@@ -7,9 +7,9 @@ include sway.local
 include globals.local
 
 # all applications started in sway will run in this profile
-noblacklist ${HOME}/.config/sway
+nodeny  ${HOME}/.config/sway
 # sway uses ~/.config/i3 as fallback if there is no ~/.config/sway
-noblacklist ${HOME}/.config/i3
+nodeny  ${HOME}/.config/i3
 include disable-common.inc
 
 caps.drop all