automatically fixed all private-{bin,etc} lines

111 files changed, 130 insertions, 130 deletions

diff --git a/etc/QMediathekView.profile b/etc/QMediathekView.profile
index 7cc50da15..b750a135e 100644
--- a/etc/QMediathekView.profile
+++ b/etc/QMediathekView.profile
@@ -45,7 +45,7 @@ shell none
 tracelog
 
 disable-mnt
-private-bin QMediathekView,mplayer,mpv,smplayer,totem,vlc,xplayer
+private-bin mplayer,mpv,QMediathekView,smplayer,totem,vlc,xplayer
 private-cache
 private-dev
 # private-etc alternatives
diff --git a/etc/QOwnNotes.profile b/etc/QOwnNotes.profile
index 27ba00857..c774f3a60 100644
--- a/etc/QOwnNotes.profile
+++ b/etc/QOwnNotes.profile
@@ -47,8 +47,8 @@ shell none
 tracelog
 
 disable-mnt
-private-bin QOwnNotes,gio
+private-bin gio,QOwnNotes
 private-dev
-private-etc alternatives,fonts,ld.so.cache,pulse,resolv.conf,hosts,nsswitch.conf,host.conf,ca-certificates,ssl,pki,crypto-policies
+private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hosts,ld.so.cache,nsswitch.conf,pki,pulse,resolv.conf,ssl
 private-tmp
 
diff --git a/etc/Viber.profile b/etc/Viber.profile
index 40358aa87..ecc500769 100644
--- a/etc/Viber.profile
+++ b/etc/Viber.profile
@@ -32,8 +32,8 @@ seccomp
 shell none
 
 disable-mnt
-private-bin sh,bash,dig,awk,Viber
-private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf,pki,ca-certificates,crypto-policies,machine-id,asound.conf
+private-bin awk,bash,dig,sh,Viber
+private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hosts,localtime,machine-id,mailcap,nsswitch.conf,pki,proxychains.conf,pulse,resolv.conf,ssl,X11
 private-tmp
 
 env QTWEBENGINE_DISABLE_SANDBOX=1
diff --git a/etc/XMind.profile b/etc/XMind.profile
index a5b0a864e..7e7c0c3cd 100644
--- a/etc/XMind.profile
+++ b/etc/XMind.profile
@@ -32,7 +32,7 @@ seccomp
 shell none
 
 disable-mnt
-private-bin XMind,sh,cp
+private-bin cp,sh,XMind
 private-tmp
 private-dev
 
diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile
index 3580f8336..259077d86 100644
--- a/etc/Xvfb.profile
+++ b/etc/Xvfb.profile
@@ -40,5 +40,5 @@ private
 # private-bin Xvfb,sh,xkbcomp
 # private-bin Xvfb,sh,xkbcomp,strace,bash,cat,ls
 private-dev
-private-etc alternatives,ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname
+private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,nsswitch.conf,resolv.conf
 private-tmp
diff --git a/etc/akregator.profile b/etc/akregator.profile
index 2f35c55c0..466eff22d 100644
--- a/etc/akregator.profile
+++ b/etc/akregator.profile
@@ -40,7 +40,7 @@ seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@res
 shell none
 
 disable-mnt
-private-bin akregator,akregatorstorageexporter,dbus-launch,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper
+private-bin akregator,akregatorstorageexporter,dbus-launch,kdeinit4,kdeinit4_shutdown,kdeinit4_wrapper,kdeinit5,kdeinit5_shutdown,kdeinit5_wrapper,kshell4,kshell5
 private-dev
 private-tmp
 
diff --git a/etc/anki.profile b/etc/anki.profile
index d50c720f7..c349376ff 100644
--- a/etc/anki.profile
+++ b/etc/anki.profile
@@ -50,5 +50,5 @@ disable-mnt
 private-bin anki,python*
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,fonts,gtk-2.0,hostname,hosts,machine-id,pki,resolv.conf,Trolltech.conf,ssl
+private-etc alternatives,ca-certificates,fonts,gtk-2.0,hostname,hosts,machine-id,pki,resolv.conf,ssl,Trolltech.conf
 private-tmp
diff --git a/etc/apktool.profile b/etc/apktool.profile
index acddf010b..aeeb845ea 100644
--- a/etc/apktool.profile
+++ b/etc/apktool.profile
@@ -31,6 +31,6 @@ protocol unix
 seccomp
 shell none
 
-private-bin apktool,bash,java,dirname,basename,expr,sh
+private-bin apktool,basename,bash,dirname,expr,java,sh
 private-cache
 private-dev
diff --git a/etc/archaudit-report.profile b/etc/archaudit-report.profile
index 2f1715da1..bfd110bf2 100644
--- a/etc/archaudit-report.profile
+++ b/etc/archaudit-report.profile
@@ -36,7 +36,7 @@ shell none
 
 disable-mnt
 private
-private-bin archaudit-report,arch-audit,bash,cat,comm,cut,date,fold,grep,pacman,pactree,rm,sed,sort,whoneeds
+private-bin arch-audit,archaudit-report,bash,cat,comm,cut,date,fold,grep,pacman,pactree,rm,sed,sort,whoneeds
 #private-dev
 private-tmp
 
diff --git a/etc/aria2c.profile b/etc/aria2c.profile
index 68c83e573..583250983 100644
--- a/etc/aria2c.profile
+++ b/etc/aria2c.profile
@@ -37,7 +37,7 @@ shell none
 private-bin aria2c,gzip
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,ssl,resolv.conf
+private-etc alternatives,ca-certificates,resolv.conf,ssl
 private-lib libreadline.so.*
 private-tmp
 
diff --git a/etc/ark.profile b/etc/ark.profile
index 9214e96ff..ee0899b1d 100644
--- a/etc/ark.profile
+++ b/etc/ark.profile
@@ -34,7 +34,7 @@ protocol unix
 seccomp
 shell none
 
-private-bin ark,unrar,rar,unzip,zip,zipinfo,7z,p7zip,unar,lsar,lrzip,lzop,lz4,bash,sh,tclsh
+private-bin 7z,ark,bash,lrzip,lsar,lz4,lzop,p7zip,rar,sh,tclsh,unar,unrar,unzip,zip,zipinfo
 #private-etc alternatives,smb.conf,samba,mtab,fonts,drirc,kde5rc,passwd,group,xdg
 
 private-dev
diff --git a/etc/arm.profile b/etc/arm.profile
index dd3fa190a..51dad94d1 100644
--- a/etc/arm.profile
+++ b/etc/arm.profile
@@ -41,8 +41,8 @@ shell none
 tracelog
 
 disable-mnt
-private-bin arm,tor,sh,bash,python*,ps,lsof,ldconfig
+private-bin arm,bash,ldconfig,lsof,ps,python*,sh,tor
 private-dev
-private-etc alternatives,tor,passwd,ca-certificates,ssl,pki,crypto-policies
+private-etc alternatives,ca-certificates,crypto-policies,passwd,pki,ssl,tor
 private-tmp
 
diff --git a/etc/artha.profile b/etc/artha.profile
index 8ef5124de..2660c4e10 100644
--- a/etc/artha.profile
+++ b/etc/artha.profile
@@ -38,7 +38,7 @@ disable-mnt
 private-bin artha,enchant,notify-send
 private-cache
 private-dev
-private-etc alternatives,machine-id,fonts
+private-etc alternatives,fonts,machine-id
 private-lib libnotify.so.*
 private-tmp
 
diff --git a/etc/atool.profile b/etc/atool.profile
index 3df32baac..7bcfdb935 100644
--- a/etc/atool.profile
+++ b/etc/atool.profile
@@ -45,7 +45,7 @@ tracelog
 private-cache
 private-dev
 # without login.defs atool complains and uses UID/GID 1000 by default
-private-etc alternatives,passwd,group,login.defs
+private-etc alternatives,group,login.defs,passwd
 private-tmp
 
 memory-deny-write-execute
diff --git a/etc/bitwarden.profile b/etc/bitwarden.profile
index 609543e14..550830157 100644
--- a/etc/bitwarden.profile
+++ b/etc/bitwarden.profile
@@ -47,7 +47,7 @@ private-bin bitwarden
 private-cache
 ?HAS_APPIMAGE: ignore private-dev
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,hosts,nsswitch.conf,fonts,pki,resolv.conf,ssl
+private-etc alternatives,ca-certificates,crypto-policies,fonts,hosts,nsswitch.conf,pki,resolv.conf,ssl
 private-opt Bitwarden
 private-tmp
 
diff --git a/etc/bsdtar.profile b/etc/bsdtar.profile
index f964438bc..1f7a02c2b 100644
--- a/etc/bsdtar.profile
+++ b/etc/bsdtar.profile
@@ -37,9 +37,9 @@ shell none
 tracelog
 
 # support compressed archives
-private-bin sh,bash,bsdcat,bsdcpio,bsdtar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop,lz4,libarchive
+private-bin bash,bsdcat,bsdcpio,bsdtar,bzip2,compress,gtar,gzip,lbzip2,libarchive,lz4,lzip,lzma,lzop,sh,xz
 private-cache
 private-dev
-private-etc alternatives,passwd,group,localtime
+private-etc alternatives,group,localtime,passwd
 
 memory-deny-write-execute
diff --git a/etc/bzflag.profile b/etc/bzflag.profile
index 94cd40899..86ab73e0b 100644
--- a/etc/bzflag.profile
+++ b/etc/bzflag.profile
@@ -38,7 +38,7 @@ shell none
 tracelog
 
 disable-mnt
-private-bin bzflag,bzflag-wrapper,bzfs,bzadmin
+private-bin bzadmin,bzflag,bzflag-wrapper,bzfs
 private-cache
 private-dev
 private-tmp
diff --git a/etc/celluloid.profile b/etc/celluloid.profile
index 190a49588..89543d6cc 100644
--- a/etc/celluloid.profile
+++ b/etc/celluloid.profile
@@ -38,9 +38,9 @@ seccomp
 shell none
 tracelog
 
-private-bin celluloid,gnome-mpv,youtube-dl,python*,env
+private-bin celluloid,env,gnome-mpv,python*,youtube-dl
 private-cache
-private-etc alternatives,ca-certificates,ssl,pki,pkcs11,hosts,machine-id,localtime,libva.conf,drirc,fonts,gtk-3.0,dconf,crypto-policies,xdg,selinux,resolv.conf
+private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,libva.conf,localtime,machine-id,pkcs11,pki,resolv.conf,selinux,ssl,xdg
 private-dev
 private-tmp
 
diff --git a/etc/cheese.profile b/etc/cheese.profile
index e95a27da5..633928260 100644
--- a/etc/cheese.profile
+++ b/etc/cheese.profile
@@ -41,5 +41,5 @@ tracelog
 disable-mnt
 private-bin cheese
 private-cache
-private-etc alternatives,fonts,drirc,clutter-1.0,gtk-3.0,dconf
+private-etc alternatives,clutter-1.0,dconf,drirc,fonts,gtk-3.0
 private-tmp
diff --git a/etc/cmus.profile b/etc/cmus.profile
index e602c4e2a..7e12a06de 100644
--- a/etc/cmus.profile
+++ b/etc/cmus.profile
@@ -27,4 +27,4 @@ seccomp
 shell none
 
 private-bin cmus
-private-etc alternatives,group,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies
+private-etc alternatives,asound.conf,ca-certificates,crypto-policies,group,machine-id,pki,pulse,ssl
diff --git a/etc/crow.profile b/etc/crow.profile
index 8aa70a09c..755b6e9f8 100644
--- a/etc/crow.profile
+++ b/etc/crow.profile
@@ -38,7 +38,7 @@ shell none
 disable-mnt
 private-bin crow
 private-dev
-private-etc alternatives,ca-certificates,ssl,machine-id,dconf,nsswitch.conf,resolv.conf,fonts,asound.conf,pulse,pki,crypto-policies
+private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl
 private-opt none
 private-tmp
 private-srv none
diff --git a/etc/deluge.profile b/etc/deluge.profile
index e86255d22..8f4f9fbe9 100644
--- a/etc/deluge.profile
+++ b/etc/deluge.profile
@@ -39,6 +39,6 @@ seccomp
 shell none
 
 # deluge is using python on Debian
-private-bin deluge,deluge-console,deluged,deluge-gtk,deluge-web,sh,python*,uname
+private-bin deluge,deluge-console,deluge-gtk,deluge-web,deluged,python*,sh,uname
 private-dev
 private-tmp
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile
index a6fed6c78..e5f37b06a 100644
--- a/etc/dex2jar.profile
+++ b/etc/dex2jar.profile
@@ -35,7 +35,7 @@ protocol unix
 seccomp
 shell none
 
-private-bin dex2jar,java,sh,bash,expr,dirname,ls,uname,grep
+private-bin bash,dex2jar,dirname,expr,grep,java,ls,sh,uname
 private-cache
 private-dev
 
diff --git a/etc/dig.profile b/etc/dig.profile
index 1843f6e46..9bc4ee0ca 100644
--- a/etc/dig.profile
+++ b/etc/dig.profile
@@ -42,7 +42,7 @@ shell none
 
 disable-mnt
 private
-private-bin sh,bash,dig
+private-bin bash,dig,sh
 private-cache
 private-dev
 # private-etc alternatives,resolv.conf
diff --git a/etc/discord-common.profile b/etc/discord-common.profile
index a791c7a06..82dd0475c 100644
--- a/etc/discord-common.profile
+++ b/etc/discord-common.profile
@@ -27,9 +27,9 @@ novideo
 protocol unix,inet,inet6,netlink
 seccomp
 
-private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh
+private-bin bash,cut,echo,egrep,grep,head,sed,sh,tr,xdg-mime,xdg-open,zsh
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,group,machine-id,ld.so.cache,localtime,login.defs,password,pki,resolv.conf,ssl
+private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,resolv.conf,ssl
 private-tmp
 
 noexec /tmp
diff --git a/etc/electrum.profile b/etc/electrum.profile
index ab554b21f..42438977f 100644
--- a/etc/electrum.profile
+++ b/etc/electrum.profile
@@ -46,6 +46,6 @@ disable-mnt
 private-bin electrum,python*
 private-cache
 private-dev
-private-etc alternatives,fonts,dconf,ca-certificates,ssl,pki,crypto-policies,machine-id,resolv.conf
+private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,machine-id,pki,resolv.conf,ssl
 private-tmp
 
diff --git a/etc/enpass.profile b/etc/enpass.profile
index 4ac35bbd6..99d3eac85 100644
--- a/etc/enpass.profile
+++ b/etc/enpass.profile
@@ -53,7 +53,7 @@ seccomp
 shell none
 tracelog
 
-private-bin dirname,Enpass,importer_enpass,sh,readlink
+private-bin dirname,Enpass,importer_enpass,readlink,sh
 ?HAS_APPIMAGE: ignore private-dev
 private-dev
 private-opt Enpass
diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile
index ee722bc54..9c1c5b7de 100644
--- a/etc/ffmpeg.profile
+++ b/etc/ffmpeg.profile
@@ -43,7 +43,7 @@ tracelog
 private-bin ffmpeg
 private-cache
 private-dev
-private-etc alternatives,pki,pkcs11,hosts,ssl,ca-certificates,resolv.conf
+private-etc alternatives,ca-certificates,hosts,pkcs11,pki,resolv.conf,ssl
 private-tmp
 
 # memory-deny-write-execute - it breaks old versions of ffmpeg
diff --git a/etc/file.profile b/etc/file.profile
index c304b4efe..2782960c8 100644
--- a/etc/file.profile
+++ b/etc/file.profile
@@ -38,7 +38,7 @@ x11 none
 #private-bin file
 private-cache
 private-dev
-private-etc alternatives,magic.mgc,magic,localtime
+private-etc alternatives,localtime,magic,magic.mgc
 private-lib libarchive.so.*,libfakeroot,libmagic.so.*
 
 memory-deny-write-execute
diff --git a/etc/filezilla.profile b/etc/filezilla.profile
index af535880d..d8d4c1746 100644
--- a/etc/filezilla.profile
+++ b/etc/filezilla.profile
@@ -33,6 +33,6 @@ seccomp
 shell none
 
 # private-bin breaks --join if the user has zsh set as $SHELL - adding zsh on private-bin
-private-bin filezilla,uname,sh,bash,zsh,python*,lsb_release,fzputtygen,fzsftp
+private-bin bash,filezilla,fzputtygen,fzsftp,lsb_release,python*,sh,uname,zsh
 private-dev
 private-tmp
diff --git a/etc/flameshot.profile b/etc/flameshot.profile
index cd3e07455..3aad9723b 100644
--- a/etc/flameshot.profile
+++ b/etc/flameshot.profile
@@ -37,7 +37,7 @@ shell none
 disable-mnt
 private-bin flameshot
 private-cache
-private-etc alternatives,fonts,ld.so.conf,resolv.conf,ca-certificates,ssl,pki,crypto-policies
+private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.conf,pki,resolv.conf,ssl
 private-dev
 private-tmp
 
diff --git a/etc/freeciv.profile b/etc/freeciv.profile
index 4813379a7..fa115d325 100644
--- a/etc/freeciv.profile
+++ b/etc/freeciv.profile
@@ -38,7 +38,7 @@ shell none
 tracelog
 
 disable-mnt
-private-bin freeciv-gtk3,freeciv-mp-gtk3,freeciv-server,freeciv-manual
+private-bin freeciv-gtk3,freeciv-manual,freeciv-mp-gtk3,freeciv-server
 private-cache
 private-dev
 private-tmp
diff --git a/etc/freemind.profile b/etc/freemind.profile
index 7ab4ae129..ba945c0fb 100644
--- a/etc/freemind.profile
+++ b/etc/freemind.profile
@@ -42,7 +42,7 @@ shell none
 tracelog
 
 disable-mnt
-private-bin freemind,java,bash,sed,sh,grep,mkdir,echo,cp,uname,which,lsb_release,rpm,dpkg,dirname,readlink
+private-bin bash,cp,dirname,dpkg,echo,freemind,grep,java,lsb_release,mkdir,readlink,rpm,sed,sh,uname,which
 private-cache
 private-dev
 #private-etc alternatives,fonts,java
diff --git a/etc/gajim.profile b/etc/gajim.profile
index 75d2f0774..74ab9f8b7 100644
--- a/etc/gajim.profile
+++ b/etc/gajim.profile
@@ -46,7 +46,7 @@ shell none
 tracelog
 
 disable-mnt
-private-bin python,python3,sh,gpg,gpg2,gajim,bash,zsh,paplay,gajim-history-manager
+private-bin bash,gajim,gajim-history-manager,gpg,gpg2,paplay,python,python3,sh,zsh
 private-dev
 private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl
 private-tmp
diff --git a/etc/gcloud.profile b/etc/gcloud.profile
index a08aebf2c..7ca99f420 100644
--- a/etc/gcloud.profile
+++ b/etc/gcloud.profile
@@ -36,5 +36,5 @@ tracelog
 
 disable-mnt
 private-dev
-private-etc alternatives,ca-certificates,ssl,hosts,localtime,nsswitch.conf,resolv.conf,pki,crypto-policies,ld.so.cache
+private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,localtime,nsswitch.conf,pki,resolv.conf,ssl
 private-tmp
diff --git a/etc/geekbench.profile b/etc/geekbench.profile
index 764c68131..a4c33b46f 100644
--- a/etc/geekbench.profile
+++ b/etc/geekbench.profile
@@ -41,7 +41,7 @@ disable-mnt
 private-bin bash,geekbenc*,sh
 private-cache
 private-dev
-private-etc alternatives,group,passwd,lsb-release
+private-etc alternatives,group,lsb-release,passwd
 private-lib libstdc++.so.*
 private-opt none
 private-tmp
diff --git a/etc/ghostwriter.profile b/etc/ghostwriter.profile
index 76011df19..48c02f195 100644
--- a/etc/ghostwriter.profile
+++ b/etc/ghostwriter.profile
@@ -49,7 +49,7 @@ tracelog
 #private-bin ghostwriter,pandoc
 private-cache
 private-dev
-private-etc alternatives,cups,crypto-policies,localtime,drirc,fonts,gtk-3.0,dconf,machine-id
+private-etc alternatives,crypto-policies,cups,dconf,drirc,fonts,gtk-3.0,localtime,machine-id
 # Breaks Translation
 #private-lib
 private-tmp
diff --git a/etc/gitg.profile b/etc/gitg.profile
index 656d5cfd8..f6f51ef6f 100644
--- a/etc/gitg.profile
+++ b/etc/gitg.profile
@@ -35,7 +35,7 @@ protocol unix,inet,inet6
 seccomp
 shell none
 
-private-bin gitg,git,ssh
+private-bin git,gitg,ssh
 private-cache
 private-dev
 private-tmp
diff --git a/etc/gitter.profile b/etc/gitter.profile
index 7d0831bc4..017b1765a 100644
--- a/etc/gitter.profile
+++ b/etc/gitter.profile
@@ -37,7 +37,7 @@ shell none
 
 disable-mnt
 private-bin bash,env,gitter
-private-etc alternatives,fonts,pulse,resolv.conf,ca-certificates,ssl,pki,crypto-policies
+private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,pulse,resolv.conf,ssl
 private-opt Gitter
 private-dev
 private-tmp
diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile
index 04409a5e4..e657293ac 100644
--- a/etc/gnome-chess.profile
+++ b/etc/gnome-chess.profile
@@ -37,7 +37,7 @@ shell none
 tracelog
 
 disable-mnt
-private-bin fairymax,gnome-chess,hoichess,gnuchess
+private-bin fairymax,gnome-chess,gnuchess,hoichess
 private-cache
 private-dev
 private-etc alternatives,dconf,fonts,gnome-chess,gtk-3.0
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile
index cb73a9477..2beee83e0 100644
--- a/etc/gnome-clocks.profile
+++ b/etc/gnome-clocks.profile
@@ -37,6 +37,6 @@ disable-mnt
 private-bin gnome-clocks,gsound-play
 private-cache
 private-dev
-private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies,machine-id,hosts,pkcs11,localtime,gtk-3.0,dconf
+private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hosts,localtime,machine-id,pkcs11,pki,ssl
 private-tmp
 
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile
index f843452c9..ad3fa1753 100644
--- a/etc/gnome-music.profile
+++ b/etc/gnome-music.profile
@@ -37,8 +37,8 @@ seccomp
 shell none
 tracelog
 
-private-bin gnome-music,python*,env,gio-launch-desktop,yelp
+private-bin env,gio-launch-desktop,gnome-music,python*,yelp
 private-dev
-private-etc alternatives,fonts,machine-id,pulse,asound.conf
+private-etc alternatives,asound.conf,fonts,machine-id,pulse
 private-tmp
 
diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile
index 1a897a5d8..567fa262c 100644
--- a/etc/gnome-recipes.profile
+++ b/etc/gnome-recipes.profile
@@ -43,7 +43,7 @@ shell none
 disable-mnt
 private-bin gnome-recipes,tar
 private-dev
-private-etc alternatives,ca-certificates,fonts,ssl,crypto-policies,pki
+private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl
 private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,libgnutls.so.*,libjpeg.so.*,libp11-kit.so.*,libproxy.so.*,librsvg-2.so.*
 private-tmp
 
diff --git a/etc/godot.profile b/etc/godot.profile
index 596b825eb..f2b365455 100644
--- a/etc/godot.profile
+++ b/etc/godot.profile
@@ -39,5 +39,5 @@ disable-mnt
 private-bin godot
 private-cache
 private-dev
-private-etc ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl,fonts,alsa,asound.conf,machine-id,openal,pulse,alternatives,drirc
+private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,machine-id,nsswitch.conf,openal,pki,pulse,resolv.conf,ssl
 private-tmp
diff --git a/etc/google-earth.profile b/etc/google-earth.profile
index a29e0d563..447a895d7 100644
--- a/etc/google-earth.profile
+++ b/etc/google-earth.profile
@@ -45,7 +45,7 @@ seccomp
 shell none
 
 disable-mnt
-private-bin google-earth,sh,bash,grep,sed,ls,dirname
+private-bin bash,dirname,google-earth,grep,ls,sed,sh
 private-dev
 private-opt google
 
diff --git a/etc/gpredict.profile b/etc/gpredict.profile
index e6d37ee27..c1f1b53a0 100644
--- a/etc/gpredict.profile
+++ b/etc/gpredict.profile
@@ -35,6 +35,6 @@ tracelog
 
 private-bin gpredict
 private-dev
-private-etc alternatives,fonts,resolv.conf,ca-certificates,ssl,pki,crypto-policies
+private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,resolv.conf,ssl
 private-tmp
 
diff --git a/etc/gradio.profile b/etc/gradio.profile
index 75c793f61..82e2504b9 100644
--- a/etc/gradio.profile
+++ b/etc/gradio.profile
@@ -35,6 +35,6 @@ protocol unix,inet,inet6
 seccomp
 shell none
 
-private-etc alternatives,asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id
+private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,machine-id,pki,pulse,resolv.conf,ssl,xdg
 private-tmp
 
diff --git a/etc/gwenview.profile b/etc/gwenview.profile
index d4af3ed1a..489be3931 100644
--- a/etc/gwenview.profile
+++ b/etc/gwenview.profile
@@ -43,7 +43,7 @@ seccomp
 shell none
 # tracelog
 
-private-bin gwenview,gimp*,kbuildsycoca4,kdeinit4
+private-bin gimp*,gwenview,kbuildsycoca4,kdeinit4
 private-dev
 private-etc alternatives,fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg
 
diff --git a/etc/hugin.profile b/etc/hugin.profile
index 3d8921120..07a697c05 100644
--- a/etc/hugin.profile
+++ b/etc/hugin.profile
@@ -33,7 +33,7 @@ protocol unix
 seccomp
 shell none
 
-private-bin PTBatcherGUI,calibrate_lens_gui,hugin,hugin_stitch_project,align_image_stack,autooptimiser,celeste_standalone,checkpto,cpclean,cpfind,deghosting_mask,fulla,geocpset,hugin_executor,hugin_hdrmerge,hugin_lensdb,icpfind,linefind,nona,pano_modify,pano_trafo,pto_gen,pto_lensstack,pto_mask,pto_merge,pto_move,pto_template,pto_var,tca_correct,verdandi,vig_optimize,enblend
+private-bin align_image_stack,autooptimiser,calibrate_lens_gui,celeste_standalone,checkpto,cpclean,cpfind,deghosting_mask,enblend,fulla,geocpset,hugin,hugin_executor,hugin_hdrmerge,hugin_lensdb,hugin_stitch_project,icpfind,linefind,nona,pano_modify,pano_trafo,PTBatcherGUI,pto_gen,pto_lensstack,pto_mask,pto_merge,pto_move,pto_template,pto_var,tca_correct,verdandi,vig_optimize
 private-cache
 private-dev
 private-tmp
diff --git a/etc/imagej.profile b/etc/imagej.profile
index be656bafa..00ee115ed 100644
--- a/etc/imagej.profile
+++ b/etc/imagej.profile
@@ -34,7 +34,7 @@ protocol unix
 seccomp
 shell none
 
-private-bin imagej,bash,grep,sort,tail,tr,cut,whoami,hostname,uname,mkdir,ls,touch,free,awk,update-java-alternatives,basename,xprop,rm,ln
+private-bin awk,basename,bash,cut,free,grep,hostname,imagej,ln,ls,mkdir,rm,sort,tail,touch,tr,uname,update-java-alternatives,whoami,xprop
 private-dev
 private-tmp
 
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile
index 8442c6ed7..74fadb4a9 100644
--- a/etc/jd-gui.profile
+++ b/etc/jd-gui.profile
@@ -37,7 +37,7 @@ protocol unix
 seccomp
 shell none
 
-private-bin jd-gui,sh,bash
+private-bin bash,jd-gui,sh
 private-cache
 private-dev
 private-tmp
diff --git a/etc/kdeinit4.profile b/etc/kdeinit4.profile
index f786c78d5..082045c62 100644
--- a/etc/kdeinit4.profile
+++ b/etc/kdeinit4.profile
@@ -30,7 +30,7 @@ protocol unix,inet,inet6,netlink
 seccomp
 shell none
 
-private-bin kdeinit4,kbuildsycoca4,kded4,knotify4
+private-bin kbuildsycoca4,kded4,kdeinit4,knotify4
 private-dev
 private-tmp
 
diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile
index 82c8c6793..710c86e9a 100644
--- a/etc/kdenlive.profile
+++ b/etc/kdenlive.profile
@@ -33,6 +33,6 @@ protocol unix,netlink
 seccomp
 shell none
 
-private-bin kdenlive,kdenlive_render,dbus-launch,melt,ffmpeg,ffplay,ffprobe,dvdauthor,genisoimage,vlc,xine,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper,mlt-melt
+private-bin dbus-launch,dvdauthor,ffmpeg,ffplay,ffprobe,genisoimage,kdeinit4,kdeinit4_shutdown,kdeinit4_wrapper,kdeinit5,kdeinit5_shutdown,kdeinit5_wrapper,kdenlive,kdenlive_render,kshell4,kshell5,melt,mlt-melt,vlc,xine
 private-dev
 # private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,passwd,pulse,xdg,X11
diff --git a/etc/kid3.profile b/etc/kid3.profile
index 3171e94fe..e138bdec4 100644
--- a/etc/kid3.profile
+++ b/etc/kid3.profile
@@ -37,7 +37,7 @@ tracelog
 
 private-cache
 private-dev
-private-etc alternatives,drirc,fonts,kde5rc,gtk-3.0,dconf,machine-id,ca-certificates,ssl,pki,hostname,hosts,resolv.conf,pulse,,crypto-policies
+private-etc ,alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hostname,hosts,kde5rc,machine-id,pki,pulse,resolv.conf,ssl
 private-tmp
 private-opt none
 private-srv none
diff --git a/etc/konversation.profile b/etc/konversation.profile
index 19174459c..dd3e9617f 100644
--- a/etc/konversation.profile
+++ b/etc/konversation.profile
@@ -34,7 +34,7 @@ seccomp
 shell none
 tracelog
 
-private-bin konversation,kbuildsycoca4
+private-bin kbuildsycoca4,konversation
 private-cache
 private-dev
 private-tmp
diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile
index f30a1b7e6..2eb46a7e8 100644
--- a/etc/ktorrent.profile
+++ b/etc/ktorrent.profile
@@ -52,7 +52,7 @@ protocol unix,inet,inet6,netlink
 seccomp
 shell none
 
-private-bin ktorrent,kbuildsycoca4,kdeinit4
+private-bin kbuildsycoca4,kdeinit4,ktorrent
 private-dev
 # private-lib - problems on Arch
 private-tmp
diff --git a/etc/kwrite.profile b/etc/kwrite.profile
index 9b0640eab..31ac19039 100644
--- a/etc/kwrite.profile
+++ b/etc/kwrite.profile
@@ -43,7 +43,7 @@ seccomp
 shell none
 tracelog
 
-private-bin kwrite,kbuildsycoca4,kdeinit4
+private-bin kbuildsycoca4,kdeinit4,kwrite
 private-dev
 private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg
 private-tmp
diff --git a/etc/lollypop.profile b/etc/lollypop.profile
index 6667815b9..1ce83822d 100644
--- a/etc/lollypop.profile
+++ b/etc/lollypop.profile
@@ -37,6 +37,6 @@ seccomp
 shell none
 
 private-dev
-private-etc alternatives,asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id
+private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,machine-id,pki,pulse,resolv.conf,ssl,xdg
 private-tmp
 
diff --git a/etc/macrofusion.profile b/etc/macrofusion.profile
index f7a059f50..94d90780b 100644
--- a/etc/macrofusion.profile
+++ b/etc/macrofusion.profile
@@ -36,7 +36,7 @@ protocol unix
 seccomp
 shell none
 
-private-bin python*,macrofusion,env,enfuse,exiftool,align_image_stack
+private-bin align_image_stack,enfuse,env,exiftool,macrofusion,python*
 private-cache
 private-dev
 private-tmp
diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile
index d1dc76260..49a776766 100644
--- a/etc/mate-dictionary.profile
+++ b/etc/mate-dictionary.profile
@@ -35,7 +35,7 @@ shell none
 
 disable-mnt
 private-bin mate-dictionary
-private-etc alternatives,fonts,resolv.conf,ca-certificates,ssl,pki,crypto-policies
+private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,resolv.conf,ssl
 private-opt mate-dictionary
 private-dev
 private-tmp
diff --git a/etc/mcabber.profile b/etc/mcabber.profile
index c65a25edc..134a6ae63 100644
--- a/etc/mcabber.profile
+++ b/etc/mcabber.profile
@@ -30,4 +30,4 @@ shell none
 
 private-bin mcabber
 private-dev
-private-etc alternatives,ca-certificates,ssl,pki,crypto-policies
+private-etc alternatives,ca-certificates,crypto-policies,pki,ssl
diff --git a/etc/mendeleydesktop.profile b/etc/mendeleydesktop.profile
index ed6cc3ae0..1f02ff5c0 100644
--- a/etc/mendeleydesktop.profile
+++ b/etc/mendeleydesktop.profile
@@ -43,7 +43,7 @@ shell none
 tracelog
 
 disable-mnt
-private-bin mendeleydesktop,python*,env,gconftool-2,which,sh,ln,cat,update-desktop-database
+private-bin cat,env,gconftool-2,ln,mendeleydesktop,python*,sh,update-desktop-database,which
 private-dev
 private-tmp
 
diff --git a/etc/mp3splt-gtk.profile b/etc/mp3splt-gtk.profile
index d14006112..e0936476b 100644
--- a/etc/mp3splt-gtk.profile
+++ b/etc/mp3splt-gtk.profile
@@ -37,5 +37,5 @@ tracelog
 private-bin mp3splt-gtk
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,fonts,gtk-3.0,dconf,machine-id,openal,pulse
+private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-3.0,machine-id,openal,pulse
 private-tmp
diff --git a/etc/mpsyt.profile b/etc/mpsyt.profile
index 775e137bc..d87241070 100644
--- a/etc/mpsyt.profile
+++ b/etc/mpsyt.profile
@@ -50,7 +50,7 @@ seccomp
 shell none
 tracelog
 
-private-bin mpsyt,mplayer,mpv,youtube-dl,python*,env,ffmpeg
+private-bin env,ffmpeg,mplayer,mpsyt,mpv,python*,youtube-dl
 private-dev
 private-tmp
 
diff --git a/etc/mpv.profile b/etc/mpv.profile
index aa2335516..5aa9e7e74 100644
--- a/etc/mpv.profile
+++ b/etc/mpv.profile
@@ -40,6 +40,6 @@ seccomp
 shell none
 tracelog
 
-private-bin mpv,youtube-dl,python*,env
+private-bin env,mpv,python*,youtube-dl
 private-cache
 private-dev
diff --git a/etc/ms-office.profile b/etc/ms-office.profile
index 25b097d72..3bc674134 100644
--- a/etc/ms-office.profile
+++ b/etc/ms-office.profile
@@ -35,8 +35,8 @@ shell none
 tracelog
 
 disable-mnt
-private-bin bash,fonts,env,jak,ms-office,python*,sh
-private-etc alternatives,resolv.conf,ca-certificates,ssl,pki,crypto-policies
+private-bin bash,env,fonts,jak,ms-office,python*,sh
+private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl
 private-dev
 private-tmp
 
diff --git a/etc/musixmatch.profile b/etc/musixmatch.profile
index 727269a61..a6b85a8e4 100644
--- a/etc/musixmatch.profile
+++ b/etc/musixmatch.profile
@@ -32,5 +32,5 @@ seccomp
 
 disable-mnt
 private-dev
-private-etc alternatives,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies
+private-etc alternatives,asound.conf,ca-certificates,crypto-policies,machine-id,pki,pulse,ssl
 
diff --git a/etc/mypaint.profile b/etc/mypaint.profile
index 19643e749..d75651d78 100644
--- a/etc/mypaint.profile
+++ b/etc/mypaint.profile
@@ -44,6 +44,6 @@ tracelog
 
 private-cache
 private-dev
-private-etc alternatives,fonts,gtk-3.0,dconf
+private-etc alternatives,dconf,fonts,gtk-3.0
 private-tmp
 
diff --git a/etc/nomacs.profile b/etc/nomacs.profile
index fd154b1c4..7a7ff504a 100644
--- a/etc/nomacs.profile
+++ b/etc/nomacs.profile
@@ -41,7 +41,7 @@ tracelog
 #private-bin nomacs
 private-cache
 private-dev
-private-etc alternatives,hosts,ca-certificates,ssl,pki,crypto-policies,resolv.conf,drirc,fonts,gtk-3.0,dconf,machine-id,login.defs
+private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,login.defs,machine-id,pki,resolv.conf,ssl
 private-tmp
 
 memory-deny-write-execute
diff --git a/etc/nyx.profile b/etc/nyx.profile
index 1ea33ac4d..c4475c75c 100644
--- a/etc/nyx.profile
+++ b/etc/nyx.profile
@@ -45,7 +45,7 @@ disable-mnt
 private-bin nyx,python*
 private-cache
 private-dev
-private-etc alternatives,passwd,tor,fonts
+private-etc alternatives,fonts,passwd,tor
 private-opt none
 private-srv none
 private-tmp
diff --git a/etc/okular.profile b/etc/okular.profile
index 48e45ca3f..99357934d 100644
--- a/etc/okular.profile
+++ b/etc/okular.profile
@@ -47,7 +47,7 @@ seccomp
 shell none
 tracelog
 
-private-bin okular,kbuildsycoca4,kdeinit4,lpr
+private-bin kbuildsycoca4,kdeinit4,lpr,okular
 private-dev
 private-etc alternatives,cups,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,xdg
 # private-tmp - on KDE we need access to the real /tmp for data exchange with email clients
diff --git a/etc/openclonk.profile b/etc/openclonk.profile
index 02663c2f4..da60006b3 100644
--- a/etc/openclonk.profile
+++ b/etc/openclonk.profile
@@ -38,7 +38,7 @@ shell none
 tracelog
 
 disable-mnt
-private-bin openclonk,c4group
+private-bin c4group,openclonk
 private-cache
 private-dev
 private-tmp
diff --git a/etc/parole.profile b/etc/parole.profile
index 69ed5a2ca..e7a0694ed 100644
--- a/etc/parole.profile
+++ b/etc/parole.profile
@@ -25,6 +25,6 @@ protocol unix,inet,inet6
 seccomp
 shell none
 
-private-bin parole,dbus-launch
+private-bin dbus-launch,parole
 private-cache
-private-etc alternatives,passwd,group,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies
+private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,machine-id,passwd,pki,pulse,ssl
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile
index bd3592f48..adff2af3e 100644
--- a/etc/pdfsam.profile
+++ b/etc/pdfsam.profile
@@ -37,7 +37,7 @@ protocol unix
 seccomp
 shell none
 
-private-bin pdfsam,sh,bash,java,archlinux-java,grep,awk,dirname,uname,which,sort,find,readlink,expr,ls,java-config
+private-bin archlinux-java,awk,bash,dirname,expr,find,grep,java,java-config,ls,pdfsam,readlink,sh,sort,uname,which
 private-cache
 private-dev
 private-tmp
diff --git a/etc/pioneer.profile b/etc/pioneer.profile
index a240aa5fc..c5b936617 100644
--- a/etc/pioneer.profile
+++ b/etc/pioneer.profile
@@ -38,7 +38,7 @@ shell none
 tracelog
 
 disable-mnt
-private-bin pioneer,modelcompiler,savegamedump
+private-bin modelcompiler,pioneer,savegamedump
 private-cache
 private-dev
 private-tmp
diff --git a/etc/pithos.profile b/etc/pithos.profile
index 62050eb55..ad56ce525 100644
--- a/etc/pithos.profile
+++ b/etc/pithos.profile
@@ -36,7 +36,7 @@ seccomp
 shell none
 
 disable-mnt
-private-bin pithos,env,python*
+private-bin env,pithos,python*
 private-dev
 private-tmp
 
diff --git a/etc/ppsspp.profile b/etc/ppsspp.profile
index 480a03e49..116698312 100644
--- a/etc/ppsspp.profile
+++ b/etc/ppsspp.profile
@@ -38,7 +38,7 @@ shell none
 
 # private-dev is disabled to allow controller support
 #private-dev
-private-etc alternatives,asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id
+private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl
 private-opt ppsspp
 private-tmp
 
diff --git a/etc/pragha.profile b/etc/pragha.profile
index 4e6840636..019c1a547 100644
--- a/etc/pragha.profile
+++ b/etc/pragha.profile
@@ -33,6 +33,6 @@ seccomp
 shell none
 
 private-dev
-private-etc alternatives,asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id
+private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,machine-id,pki,pulse,resolv.conf,ssl,xdg
 private-tmp
 
diff --git a/etc/pybitmessage.profile b/etc/pybitmessage.profile
index 3bce425d9..034c144c7 100644
--- a/etc/pybitmessage.profile
+++ b/etc/pybitmessage.profile
@@ -39,8 +39,8 @@ seccomp
 shell none
 
 disable-mnt
-private-bin pybitmessage,python*,sh,ldconfig,env,bash,stat
+private-bin bash,env,ldconfig,pybitmessage,python*,sh,stat
 private-dev
-private-etc alternatives,PyBitmessage,PyBitmessage.conf,Trolltech.conf,fonts,gtk-2.0,hosts,ld.so.cache,ld.so.preload,localtime,pki,resolv.conf,selinux,sni-qt.conf,system-fips,xdg,ca-certificates,ssl,pki,crypto-policies
+private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,hosts,ld.so.cache,ld.so.preload,localtime,pki,pki,PyBitmessage,PyBitmessage.conf,resolv.conf,selinux,sni-qt.conf,ssl,system-fips,Trolltech.conf,xdg
 private-tmp
 
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile
index 82e237d54..d5198ef61 100644
--- a/etc/qbittorrent.profile
+++ b/etc/qbittorrent.profile
@@ -51,7 +51,7 @@ protocol unix,inet,inet6,netlink
 seccomp
 shell none
 
-private-bin qbittorrent,python*
+private-bin python*,qbittorrent
 private-dev
 # private-etc alternatives,X11,fonts,xdg,resolv.conf,ca-certificates,ssl,pki,crypto-policies
 # private-lib - problems on Arch
diff --git a/etc/qgis.profile b/etc/qgis.profile
index 70788b207..15ef4c22a 100644
--- a/etc/qgis.profile
+++ b/etc/qgis.profile
@@ -53,5 +53,5 @@ tracelog
 disable-mnt
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl,QGIS,QGIS.conf,Trolltech.conf
+private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,QGIS,QGIS.conf,resolv.conf,ssl,Trolltech.conf
 private-tmp
diff --git a/etc/qmmp.profile b/etc/qmmp.profile
index f786e73b7..b69bbdef1 100644
--- a/etc/qmmp.profile
+++ b/etc/qmmp.profile
@@ -31,7 +31,7 @@ seccomp
 shell none
 tracelog
 
-private-bin qmmp,tar,unzip,bzip2,gzip
+private-bin bzip2,gzip,qmmp,tar,unzip
 private-dev
 private-tmp
 
diff --git a/etc/qtox.profile b/etc/qtox.profile
index 0ca5a5ef0..4a731b45a 100644
--- a/etc/qtox.profile
+++ b/etc/qtox.profile
@@ -42,7 +42,7 @@ disable-mnt
 private-bin qtox
 private-cache
 private-dev
-private-etc alternatives,fonts,resolv.conf,ld.so.cache,localtime,ca-certificates,ssl,pki,crypto-policies,machine-id,pulse
+private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,pulse,resolv.conf,ssl
 private-tmp
 
 memory-deny-write-execute
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile
index 176842c44..a367acad5 100644
--- a/etc/sdat2img.profile
+++ b/etc/sdat2img.profile
@@ -36,7 +36,7 @@ protocol unix
 seccomp
 shell none
 
-private-bin sdat2img,env,python*
+private-bin env,python*,sdat2img
 private-cache
 private-dev
 
diff --git a/etc/silentarmy.profile b/etc/silentarmy.profile
index 7aeb2909b..cfc33d074 100644
--- a/etc/silentarmy.profile
+++ b/etc/silentarmy.profile
@@ -32,7 +32,7 @@ shell none
 
 disable-mnt
 private
-private-bin silentarmy,sa-solver,python*
+private-bin python*,sa-solver,silentarmy
 private-dev
 private-opt none
 private-tmp
diff --git a/etc/slack.profile b/etc/slack.profile
index 53baf5f40..5c10ef0ba 100644
--- a/etc/slack.profile
+++ b/etc/slack.profile
@@ -33,7 +33,7 @@ seccomp
 shell none
 
 disable-mnt
-private-bin slack,locale
+private-bin locale,slack
 private-dev
-private-etc alternatives,asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime,pki,crypto-policies,machine-id
+private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.conf,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl
 private-tmp
diff --git a/etc/smplayer.profile b/etc/smplayer.profile
index 0363a2475..9b824604a 100644
--- a/etc/smplayer.profile
+++ b/etc/smplayer.profile
@@ -37,7 +37,7 @@ protocol unix,inet,inet6,netlink
 seccomp
 shell none
 
-private-bin smplayer,smtube,mplayer,mpv,youtube-dl,python*,env
+private-bin env,mplayer,mpv,python*,smplayer,smtube,youtube-dl
 private-dev
 private-tmp
 
diff --git a/etc/spotify.profile b/etc/spotify.profile
index 2d5c4a48f..09ed69afe 100644
--- a/etc/spotify.profile
+++ b/etc/spotify.profile
@@ -42,9 +42,9 @@ shell none
 tracelog
 
 disable-mnt
-private-bin spotify,bash,sh,zenity
+private-bin bash,sh,spotify,zenity
 private-dev
-private-etc alternatives,fonts,group,ld.so.cache,machine-id,pulse,resolv.conf,hosts,nsswitch.conf,host.conf,ca-certificates,ssl,pki,crypto-policies
+private-etc alternatives,ca-certificates,crypto-policies,fonts,group,host.conf,hosts,ld.so.cache,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl
 private-opt spotify
 private-srv none
 private-tmp
diff --git a/etc/standardnotes-desktop.profile b/etc/standardnotes-desktop.profile
index 5458120ef..297392b9a 100644
--- a/etc/standardnotes-desktop.profile
+++ b/etc/standardnotes-desktop.profile
@@ -39,5 +39,5 @@ seccomp
 disable-mnt
 private-dev
 private-tmp
-private-etc alternatives,ca-certificates,fonts,host.conf,hostname,hosts,resolv.conf,ssl,pki,crypto-policies,xdg
+private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,pki,resolv.conf,ssl,xdg
 
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile
index 8acf77349..0145f3de6 100644
--- a/etc/start-tor-browser.profile
+++ b/etc/start-tor-browser.profile
@@ -34,7 +34,7 @@ shell none
 #tracelog
 
 disable-mnt
-private-bin bash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf
+private-bin bash,cp,dirname,env,getconf,gpg,grep,id,ln,mkdir,readlink,rm,sed,sh,tail,test
 private-dev
-private-etc alternatives,fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache
+private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,machine-id,pki,pulse,resolv.conf,ssl
 private-tmp
diff --git a/etc/steam.profile b/etc/steam.profile
index 5ab600bfb..df7bfba85 100644
--- a/etc/steam.profile
+++ b/etc/steam.profile
@@ -69,5 +69,5 @@ shell none
 # private-dev should be commented for controllers
 private-dev
 # private-etc breaks a small selection of games on some systems, comment to support those
-private-etc alternatives,asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies,alternatives,bumblebee,nvidia,os-release
+private-etc alternatives,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,lsb-release,machine-id,mime.types,nvidia,os-release,passwd,pki,pulse,resolv.conf,services,ssl
 private-tmp
diff --git a/etc/supertuxkart.profile b/etc/supertuxkart.profile
index 60d80ecd4..2cd5ec3ad 100644
--- a/etc/supertuxkart.profile
+++ b/etc/supertuxkart.profile
@@ -47,7 +47,7 @@ disable-mnt
 private-bin supertuxkart
 private-cache
 private-dev
-private-etc alternatives,resolv.conf,ca-certificates,ssl,hosts,machine-id,xdg,openal,crypto-policies,pki,drirc,system-fips,selinux
+private-etc alternatives,ca-certificates,crypto-policies,drirc,hosts,machine-id,openal,pki,resolv.conf,selinux,ssl,system-fips,xdg
 private-tmp
 private-opt none
 private-srv none
diff --git a/etc/surf.profile b/etc/surf.profile
index 5f116fd0c..d4c6d9afc 100644
--- a/etc/surf.profile
+++ b/etc/surf.profile
@@ -32,8 +32,8 @@ shell none
 tracelog
 
 disable-mnt
-private-bin ls,surf,sh,bash,curl,dmenu,printf,sed,sleep,st,stterm,xargs,xprop
+private-bin bash,curl,dmenu,ls,printf,sed,sh,sleep,st,stterm,surf,xargs,xprop
 private-dev
-private-etc alternatives,passwd,group,hosts,resolv.conf,fonts,ssl,pki,ca-certificates,crypto-policies
+private-etc alternatives,ca-certificates,crypto-policies,fonts,group,hosts,passwd,pki,resolv.conf,ssl
 private-tmp
 
diff --git a/etc/tar.profile b/etc/tar.profile
index b6a874217..71f7414bc 100644
--- a/etc/tar.profile
+++ b/etc/tar.profile
@@ -38,10 +38,10 @@ shell none
 tracelog
 
 # support compressed archives
-private-bin sh,bash,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop
+private-bin bash,bzip2,compress,gtar,gzip,lbzip2,lzip,lzma,lzop,sh,tar,xz
 private-cache
 private-dev
-private-etc alternatives,passwd,group,localtime
+private-etc alternatives,group,localtime,passwd
 private-lib libfakeroot
 
 memory-deny-write-execute
diff --git a/etc/teams-for-linux.profile b/etc/teams-for-linux.profile
index 51a76bad4..d9e874be2 100644
--- a/etc/teams-for-linux.profile
+++ b/etc/teams-for-linux.profile
@@ -35,8 +35,8 @@ seccomp
 shell none
 
 disable-mnt
-private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh,teams-for-linux
+private-bin bash,cut,echo,egrep,grep,head,sed,sh,teams-for-linux,tr,xdg-mime,xdg-open,zsh
 private-cache
 private-dev
-private-etc fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies,resolv.conf
+private-etc ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,resolv.conf,ssl
 private-tmp
diff --git a/etc/terasology.profile b/etc/terasology.profile
index 2a7212395..7b273c23d 100644
--- a/etc/terasology.profile
+++ b/etc/terasology.profile
@@ -44,5 +44,5 @@ shell none
 
 disable-mnt
 private-dev
-private-etc alternatives,asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,java-8-openjdk,java-7-openjdk,pki,crypto-policies
+private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,java-7-openjdk,java-8-openjdk,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pki,pulse,resolv.conf,ssl
 private-tmp
diff --git a/etc/tor.profile b/etc/tor.profile
index e80fbadb0..4aebe0a1e 100644
--- a/etc/tor.profile
+++ b/etc/tor.profile
@@ -44,9 +44,9 @@ writable-var
 
 disable-mnt
 private
-private-bin tor,bash
+private-bin bash,tor
 private-cache
 private-dev
-private-etc alternatives,tor,passwd,ca-certificates,ssl,pki,crypto-policies
+private-etc alternatives,ca-certificates,crypto-policies,passwd,pki,ssl,tor
 private-tmp
 
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile
index ff4a85871..33e87e6a7 100644
--- a/etc/torbrowser-launcher.profile
+++ b/etc/torbrowser-launcher.profile
@@ -50,5 +50,5 @@ shell none
 disable-mnt
 private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,tar,tclsh,test,tor-browser-en,torbrowser-launcher,xz
 private-dev
-private-etc alternatives,fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache
+private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,machine-id,pki,pulse,resolv.conf,ssl
 private-tmp
diff --git a/etc/tremulous.profile b/etc/tremulous.profile
index a56ac2c07..e148298ae 100644
--- a/etc/tremulous.profile
+++ b/etc/tremulous.profile
@@ -38,7 +38,7 @@ shell none
 tracelog
 
 disable-mnt
-private-bin tremulous,tremulous-wrapper,tremded
+private-bin tremded,tremulous,tremulous-wrapper
 private-cache
 private-dev
 private-tmp
diff --git a/etc/unrar.profile b/etc/unrar.profile
index 5b55f30d2..a2e101a58 100644
--- a/etc/unrar.profile
+++ b/etc/unrar.profile
@@ -38,5 +38,5 @@ tracelog
 
 private-bin unrar
 private-dev
-private-etc alternatives,passwd,group,localtime
+private-etc alternatives,group,localtime,passwd
 private-tmp
diff --git a/etc/unzip.profile b/etc/unzip.profile
index 79b41f9d8..875fa6f98 100644
--- a/etc/unzip.profile
+++ b/etc/unzip.profile
@@ -42,4 +42,4 @@ tracelog
 private-bin unzip
 private-cache
 private-dev
-private-etc alternatives,passwd,group,localtime
+private-etc alternatives,group,localtime,passwd
diff --git a/etc/utox.profile b/etc/utox.profile
index 9216a6a05..454e3260b 100644
--- a/etc/utox.profile
+++ b/etc/utox.profile
@@ -41,7 +41,7 @@ disable-mnt
 private-bin utox
 private-cache
 private-dev
-private-etc alternatives,fonts,resolv.conf,ld.so.cache,localtime,ca-certificates,ssl,pki,crypto-policies,machine-id,pulse,openal
+private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,openal,pki,pulse,resolv.conf,ssl
 private-tmp
 
 memory-deny-write-execute
diff --git a/etc/vlc.profile b/etc/vlc.profile
index 64ac7a4f0..572758f28 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -34,7 +34,7 @@ protocol unix,inet,inet6,netlink
 seccomp
 shell none
 
-private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc
+private-bin cvlc,nvlc,qvlc,rvlc,svlc,vlc
 private-dev
 private-tmp
 
diff --git a/etc/w3m.profile b/etc/w3m.profile
index d577932e3..9b6cc8238 100644
--- a/etc/w3m.profile
+++ b/etc/w3m.profile
@@ -36,5 +36,5 @@ tracelog
 # private-bin w3m
 private-cache
 private-dev
-private-etc alternatives,resolv.conf,ssl,pki,ca-certificates,crypto-policies
+private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl
 private-tmp
diff --git a/etc/whois.profile b/etc/whois.profile
index cc2494f95..f101ee637 100644
--- a/etc/whois.profile
+++ b/etc/whois.profile
@@ -36,7 +36,7 @@ shell none
 
 disable-mnt
 private
-private-bin sh,bash,whois
+private-bin bash,sh,whois
 private-cache
 private-dev
 # private-etc alternatives,hosts,services,whois.conf
diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile
index 7c545d08f..f41453bf3 100644
--- a/etc/wire-desktop.profile
+++ b/etc/wire-desktop.profile
@@ -34,7 +34,7 @@ shell none
 # it is not in PATH. To use Wire with firejail, run "firejail /opt/wire-desktop/wire-desktop"
 
 disable-mnt
-private-bin wire-desktop,bash,sh,env,electron
+private-bin bash,electron,env,sh,wire-desktop
 private-dev
-private-etc alternatives,fonts,machine-id,resolv.conf,ca-certificates,ssl,pki,crypto-policies
+private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl
 private-tmp
diff --git a/etc/xfce4-mixer.profile b/etc/xfce4-mixer.profile
index 952625ef8..e6bbb4259 100644
--- a/etc/xfce4-mixer.profile
+++ b/etc/xfce4-mixer.profile
@@ -42,7 +42,7 @@ disable-mnt
 private-bin xfce4-mixer,xfconf-query
 private-cache
 private-dev
-private-etc alternatives,asound.conf,fonts,pulse,machine-id
+private-etc alternatives,asound.conf,fonts,machine-id,pulse
 private-tmp
 
 memory-deny-write-execute
diff --git a/etc/xiphos.profile b/etc/xiphos.profile
index 043e513bd..7114f0469 100644
--- a/etc/xiphos.profile
+++ b/etc/xiphos.profile
@@ -46,5 +46,5 @@ disable-mnt
 private-bin xiphos
 private-cache
 private-dev
-private-etc alternatives,fonts,resolv.conf,sword,ca-certificates,ssli,sword.conf,pki,crypto-policies
+private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,resolv.conf,ssli,sword,sword.conf
 private-tmp
diff --git a/etc/xonotic.profile b/etc/xonotic.profile
index 09c0639f8..f4f828eda 100644
--- a/etc/xonotic.profile
+++ b/etc/xonotic.profile
@@ -37,6 +37,6 @@ shell none
 disable-mnt
 private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl
 private-dev
-private-etc alternatives,asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id
+private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl
 private-tmp
 
diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile
index c88d63c01..190c972c0 100644
--- a/etc/youtube-dl.profile
+++ b/etc/youtube-dl.profile
@@ -49,10 +49,10 @@ shell none
 tracelog
 
 disable-mnt
-private-bin youtube-dl,python*,ffmpeg,env
+private-bin env,ffmpeg,python*,youtube-dl
 private-cache
 private-dev
-private-etc alternatives,ssl,pki,ca-certificates,hostname,hosts,resolv.conf,youtube-dl.conf,crypto-policies,mime.types
+private-etc alternatives,ca-certificates,crypto-policies,hostname,hosts,mime.types,pki,resolv.conf,ssl,youtube-dl.conf
 private-tmp
 
 # memory-deny-write-execute - breaks on Arch
diff --git a/etc/zart.profile b/etc/zart.profile
index f380e93f0..347bed8b6 100644
--- a/etc/zart.profile
+++ b/etc/zart.profile
@@ -31,6 +31,6 @@ protocol unix
 seccomp
 shell none
 
-private-bin zart,ffmpeg,melt,ffprobe,ffplay
+private-bin ffmpeg,ffplay,ffprobe,melt,zart
 private-dev